Black Energy18 - Russian botnet package analysis

Agenda ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Background ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What’s in the package? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What’s in the package? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Building the backdoor ,[object Object],[object Object]

Building the backdoor ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Infection Analysis ,[object Object],[object Object],[object Object],[object Object]

Infection Analysis - Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Infection Analysis – Dynamic/Static Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Dynamic Analysis – Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Dynamic Analysis – Windows Register ,[object Object],[object Object],[object Object],[object Object],[object Object]

Dynamic Analysis – File System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Dynamic Analysis – File System ,[object Object],[object Object]

Dynamic Analysis – Network/Processes ,[object Object],[object Object],[object Object],[object Object]

Dynamic Analysis – Network/Processes ,[object Object],[object Object]

Static Analysis – Reversing malware ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Static Analysis – Reversing malware ,[object Object],[object Object],[object Object],[object Object]

Static Analysis – Reversing malware ,[object Object]

Static Analysis – Reversing malware ,[object Object],[object Object]

Static Analysis – Reversing malware ,[object Object],Crypted _bot.exe is stored at 13112000 Crypted_.131111b9 decrypts _bot.exe to 00320000 Note that the different size: 6000 and 3000

C&C System Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

C&C System Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

C&C System Architecture ,[object Object]

C&C System Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

C&C System Architecture ,[object Object],[object Object]

C&C System Architecture ,[object Object],[object Object],[object Object]

C&C System Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

C&C System Architecture ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Botnet Communication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

DDoS Attacks Overview ,[object Object],[object Object],[object Object]

DDoS Attacks Overview ,[object Object],[object Object]

Defenses and Countermeasures ,[object Object],[object Object],[object Object],[object Object],[object Object]

Defenses and Countermeasures ,[object Object]

Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Demo ,[object Object],[object Object],[object Object],[object Object],[object Object]

References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

References ,[object Object],[object Object],[object Object]

Black Energy18 - Russian botnet package analysis

Black Energy18 - Russian botnet package analysis

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (12)

Similar to Black Energy18 - Russian botnet package analysis

Similar to Black Energy18 - Russian botnet package analysis (20)

More from Roberto Suggi Liverani

More from Roberto Suggi Liverani (13)

Recently uploaded

Recently uploaded (20)

Black Energy18 - Russian botnet package analysis

Report as inappropriate

0 likes

views