Submit Search
Upload
Tick group @avar2019 20191111 cha minseok_publish
•
1 like
•
582 views
Minseok(Jacky) Cha
Follow
Tick Group @AVAR 2019
Read less
Read more
Technology
Report
Share
Report
Share
1 of 74
Download now
Download to read offline
Recommended
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFE
Wasim Halani
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
Hacks in Taiwan (HITCON)
Setup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
Detection Rules Coverage
Detection Rules Coverage
Sunny Neo
Recommended
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFE
Wasim Halani
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
Chi En (Ashley) Shen
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
【HITCON FreeTalk 2018 - Spectre & Meltdown 漏洞的修補策略與 risk mitigation】
Hacks in Taiwan (HITCON)
Setup Your Personal Malware Lab
Setup Your Personal Malware Lab
Digit Oktavianto
Detection Rules Coverage
Detection Rules Coverage
Sunny Neo
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders88
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
grecsl
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
Rahul Mohandas
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
grecsl
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
EC-Council
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
grecsl
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Christopher Gerritz
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
Malware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
CODE BLUE
Threat hunting workshop
Threat hunting workshop
Megan Shippy
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
TI Safe
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
Lazarus talk tlp white
Lazarus talk tlp white
Christopher Doman
More Related Content
What's hot
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE - ATT&CKcon
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
chrissanders88
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
grecsl
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
Rahul Mohandas
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
grecsl
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
EC-Council
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE - ATT&CKcon
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Andrew Morris
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
North Texas Chapter of the ISSA
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
grecsl
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Christopher Gerritz
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
North Texas Chapter of the ISSA
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
Malware Analysis Made Simple
Malware Analysis Made Simple
Paul Melson
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
CanSecWest
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
CODE BLUE
Threat hunting workshop
Threat hunting workshop
Megan Shippy
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
TI Safe
What's hot
(19)
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
MITRE ATT&CKcon 2018: VCAF: Expanding the ATT&CK Framework to cover VERIS Thr...
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware Kits
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Lateral Movement: How attackers quietly traverse your Network
Lateral Movement: How attackers quietly traverse your Network
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
MITRE ATT&CKcon 2.0: The World's Most Dangerous ATT&CKers; Robert Lipovsky, ESET
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Identifying and Correlating Internet-wide Scan Traffic to Newsworthy Security...
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Networking 2016-05-24 - Topic 2 - The "Hack Back" - How Hacking Team Became t...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis Made Simple
Malware Analysis Made Simple
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Threat hunting workshop
Threat hunting workshop
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
[CLASS 2014] Palestra Técnica - Jonathan Knudsen
Similar to Tick group @avar2019 20191111 cha minseok_publish
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
Lazarus talk tlp white
Lazarus talk tlp white
Christopher Doman
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
Praetorian
The Role of Standards in IoT Security
The Role of Standards in IoT Security
Hannes Tschofenig
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Mobodexter
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Minseok(Jacky) Cha
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
Flash security past_present_future_final_en
Flash security past_present_future_final_en
Sunghun Kim
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
AI Frontiers
Shamoon
Shamoon
Shakacon
Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)
DataExchangeAgency
How Can We Answer the Really BIG Questions?
How Can We Answer the Really BIG Questions?
Amazon Web Services
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
JAKU Botnet Analysis
JAKU Botnet Analysis
Napier University
[AsiaCCS2019] A Pilot Study on Consumer IoT Device Vulnerability Disclosure a...
[AsiaCCS2019] A Pilot Study on Consumer IoT Device Vulnerability Disclosure a...
Asuka Nakajima
Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018
Scilab
Similar to Tick group @avar2019 20191111 cha minseok_publish
(20)
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Lazarus talk tlp white
Lazarus talk tlp white
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
STAAF, An Efficient Distributed Framework for Performing Large-Scale Android ...
The Role of Standards in IoT Security
The Role of Standards in IoT Security
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
NETSCOUT Threat Intelligence Report: Findings Summary 1st half of 2018
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
Flash security past_present_future_final_en
Flash security past_present_future_final_en
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Shamoon
Shamoon
Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)
How Can We Answer the Really BIG Questions?
How Can We Answer the Really BIG Questions?
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
JAKU Botnet Analysis
JAKU Botnet Analysis
[AsiaCCS2019] A Pilot Study on Consumer IoT Device Vulnerability Disclosure a...
[AsiaCCS2019] A Pilot Study on Consumer IoT Device Vulnerability Disclosure a...
Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018
More from Minseok(Jacky) Cha
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
Minseok(Jacky) Cha
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
Minseok(Jacky) Cha
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
Minseok(Jacky) Cha
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
Minseok(Jacky) Cha
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Minseok(Jacky) Cha
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
Minseok(Jacky) Cha
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
Minseok(Jacky) Cha
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
Minseok(Jacky) Cha
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
Minseok(Jacky) Cha
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
Minseok(Jacky) Cha
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
Minseok(Jacky) Cha
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
Minseok(Jacky) Cha
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
Minseok(Jacky) Cha
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
Minseok(Jacky) Cha
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
Minseok(Jacky) Cha
More from Minseok(Jacky) Cha
(15)
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
Recently uploaded
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
MarianaLemus7
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Recently uploaded
(20)
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
costume and set research powerpoint presentation
costume and set research powerpoint presentation
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Tick group @avar2019 20191111 cha minseok_publish
1.
CHA Minseok (Jacky
Cha, 車珉錫) Senior Principal Malware Researcher ASEC | Analysis Research Team AVAR 2019 Osaka (November 7, 2019)
2.
3.
© AhnLab, Inc.
All rights reserved. Activity ThreatActors in South Korea Lazarus © AhnLab, Inc. All rights reserved.
4.
5.
© AhnLab, Inc.
All rights reserved. 5 Tick (Bronze Butler, RedBaldKnight) Group • Tickcyberespionagegroup (2016) -Tick==BronzeButler==RedBaldKnight ==Nian * Source:https://www.symantec.com/connect/blogs/tick-cyberespionage-group-zeros-japan&https://www.lac.co.jp/english/report/2016/11/04_cgview_01.html
6.
© AhnLab, Inc.
All rights reserved. 6 Defense Industry MND Political Organization Energy Electronics Manufacturing Security Web hosting IT Service Spear Phishing Watering Hole USB Flash Driver Vulnerability in asset management program
7.
© AhnLab, Inc.
All rights reserved. 7 Cases of MajorAttack • Date Target Details Mar. 2014 Korea - Defense Industry Attacked with Netboy variant; Multiple infections by the same variant reported in Korea Jan. 2015 Korea - Major Company A Attacked with Bisodown variant Apr. 2015 Korea - ? Modified the EXE file in the USB Memory May 2015 Korea - Major Company B Attacked with Netboy variant Feb. 2016 Korea - Marine Industry Attacked with Daserf variant; Identical with Daserf malware found at the Korean telecommunications company in Jun. 2016 Jun. 2016 Korea - Telecommunications Company Attacked with Daserf variant Sep. 2016 Korea - Energy Industry Attacked with Datper variant
8.
© AhnLab, Inc.
All rights reserved. 8 Cases of MajorAttack • Date Target Details Apr. 2017 Korea - ? Attacked via a Korean secure USB reported by Palo Alto Unit 42 in 2018 May 2018 Korea - Supposedly National Defense Attacked with a variant of Bisodown With national defense documents shown as bait, national defense officials are assumed to have been the targets May 2018 Korea - Political Organization Attacked with Bisodown Aug. 2018 Korea - National Defense Attacked with Bisodown variant; Variant found with Keylogger, named Linkinfo.dll, on the infected system Sep. 2018 Korea - Political Organization Attacked with Datper variant Jan. 2019 Korea - Information Security Attacked with Datper variant reported by JPCERT in Feb. 2019 Jan. 2019 Korea - Web Hosting Identical with the malware found at a Korean information security compa ny in Jan. 2019 Feb. 2019 Korea - Electronic Components Attacked with Datper variant reported by JPCERT in Feb. 2019 Feb. 2019 Korea - IT Service Attacked with Datper variant; Identical to the malware that attacked a Korean electronic component manufacturer in Feb. 2019
9.
10.
© AhnLab, Inc.
All rights reserved. 10 Builder - NForce • Nforce11-02 v1.0 -MaliciousPDFcreated -CheCheCheChe2010Prototype
11.
© AhnLab, Inc.
All rights reserved. 11 Builder - AntiAV • Anti1.03 -AntiAV
12.
© AhnLab, Inc.
All rights reserved. 12 Controller - Netboy • NetBoy1.21 (2011) - Builder/Controller
13.
© AhnLab, Inc.
All rights reserved. 13 Controller - Xxmm • Xxmm v1.0 (2014) - Filename:gh0st.exe
14.
© AhnLab, Inc.
All rights reserved. 14 Controller - Xxmm • NetShadowv1.0 (2015) -
15.
© AhnLab, Inc.
All rights reserved. 15 Builder – Xxmm2 Steganography • xxmm2_steganography.exe(2015) -
16.
© AhnLab, Inc.
All rights reserved. 16 Builder – Xxmm2 • xxmm2_build(2015) -
17.
© AhnLab, Inc.
All rights reserved. 17 Builder - ShadowDawn • ShadowDawn(2016) - filename:wali_build.exe,shadowDawn.exe
18.
© AhnLab, Inc.
All rights reserved. 18 Controller - NetGhost • NetGhost v2.1 & v.2.41 (2017) -SomeVariantsProtectedwithPassword
19.
20.
© AhnLab, Inc.
All rights reserved.© AhnLab, Inc. All rights reserved. Malware related to Tick Group Stage 1 Stage 2 Stage 3
21.
© AhnLab, Inc.
All rights reserved. 21 Bisodown (Cpycat, HomamDownloader) • Bisodown(Cpycat, HomamDownloader) - DiscoveredbetweenApril2014–Feb.2019 - DownloaderUsedbyTontoGroup
22.
© AhnLab, Inc.
All rights reserved. 22 Ghostdown • GhostDown -DiscoveredbetweenFeb.2013–Feb.2018 -Encryptedstrings,suchasAPIaddress,C&Cdegreeetc.(GenerallyXOR0xDF)
23.
© AhnLab, Inc.
All rights reserved. 23 Ghostdown • Created Domainat CertainWebsites - dnseveretc. * Source:DNSEver.com
24.
© AhnLab, Inc.
All rights reserved. 24 Gofarer • Gofarer -Downloader -DigitalSignatureDetails :DoesHeruidaElectronicTechnologyExist? -InfectionfoundOnlyinJapan
25.
© AhnLab, Inc.
All rights reserved. 25 Daserf (Muirim, Nioupale, Postbot) • Daserf (Muirim,Nioupale,Postbot) -Firstdiscoveredin2009(inApr.2011inKorea) -Mostly30-40KB(Someare100KBormore.)VersionsexistinDelphiscriptinglanguageandClanguage -Mainfunctions:Viewfilelists,executecommandswithcmd.exe,Upload/Download/Delete/Execute/Uninstallfiles -C&Cinformationencryptedattheversioninformationandtheendofthefile
26.
© AhnLab, Inc.
All rights reserved. 26 Netboy (Domino, Invader, Kickesgo) • Netboy(Domino,Invader,Kickesgo) -Activelydiscoveredafter2010;InitialversionofDLLformatdiscoveredfromKoreain2008 -WritteninDelphilanguage -EncryptedmajorstringsintoXOR0x7C -Injectedwithintheprocess,suchasExplorer.exe -Conductfunctionsincludingkeylogging,screencapture,processlist,andprogramexecution -Codechange(2012) Disruptedanalysisbyaddinggarbagevalues(2013)
27.
© AhnLab, Inc.
All rights reserved. 27 Ninezero (9002) • Ninezero(9002) -Discoveredbetween2012-2013 -Dropper70KBBackdoorDLL33KB -DistinctiveexportfunctionexistsintheDLLfile -Netboyalsofoundinsomesystems
28.
© AhnLab, Inc.
All rights reserved. 28 Xxmm (KVNDM, Minzen, ShadowWali, Wali, Wrim) • Xxmm(KVNDM,Minzen,Murim,ShadowWali,Wali,Wrim) -Firstdiscoveredin2015,Activelyusedfrom2016(Initialversionincludesxxmm string) -InitialversionincludeadistinctivePDB ‘C:Users123DesktopshadowDoorReleaseloadSetup.pdb’->ExcludedafterDec.2015 -ConsistsofaDropper,Loader,andBackdoor -Createdfileslargerthan50MB -Encryptedcommunicationsviaone-timeAESandRC4key,activeonlyatspecifictimes
29.
© AhnLab, Inc.
All rights reserved. 29 Xxmm (KVNDM, Minzen, ShadowWali, Wali, Wrim) • Xxmm Dropper 1. Drop Loader Encrypted Data Gabarage Data (over 50 MB) 2. Drop Downloader / Backdoor Encrypted URL Data Downloader / Backdoor 4. Check Time 3. Execute in the Memory 5. Download
30.
© AhnLab, Inc.
All rights reserved. 30 Datper • Datper -Discoveredbetween2015–March2019 -WritteninDelphiscriptinglanguage -ActiveinKoreaandJapan -Garbagevaluesembeddedinthemiddleofthecode -Keylogger,Mimikatzfoundintheinfectedsystems
31.
© AhnLab, Inc.
All rights reserved. 31 Keylogger A (2011) • KeyloggerA(2011) -DiscoveredbetweenApril–May2011 -Filename:keyll.exe -Userinputkeycontentsavedinc:windowslog.txt -Daserffoundintheinfectedsystem
32.
© AhnLab, Inc.
All rights reserved. 32 Keylogger B (2017~2018) • KeyloggerB (2017~2018) -Discoveredbetween2017–2018 -Filename:apphelp.dll,k6.dll,linkinfo.dlletc(40-50KB) -Bisodown,Datperfoundininfectedsystem
33.
© AhnLab, Inc.
All rights reserved. 33 Keylogger C (2017~2018) • KeyloggerC (2017~2018) -DiscoveredbetweenApr.2017–Feb.2018MainlyfoundintheTickusb-infectedsystems -Filename:linkinfo.dll,netutils.dll -KeyinputcontentssavedatLogfile
34.
35.
© AhnLab, Inc.
All rights reserved. 35 Scanner • ScanLineby FoundStone -Filename:intelamt.tmp,l.dat,ls.tmp,msp.exe,sl-p.exe -
36.
© AhnLab, Inc.
All rights reserved. 36 Arpspoof - Hijack • Hijackv2.0 -DisguisedasHancomHangulfile(C:HNCHwp70hwp70.exe) -ArpspoofAttacker
37.
© AhnLab, Inc.
All rights reserved. 37 Credential dumping - WCE • WCE (WindowsCredentialsEditor) - FilesignedwithHeruidaElectroniccredentialfound(2016)
38.
© AhnLab, Inc.
All rights reserved. 38 Credential dumping - Mimikatz • Mimikatz -mi.exe, mi2.exe,m3.exe,m32.exe,m6.exe,mim6.exe,mimi32.exe
39.
© AhnLab, Inc.
All rights reserved. 39 NetTool • NetTool(1,051,648~ 4,168,192bytes) -InitiallydiscoveredinearlySeptember,2018 -Majorfilenames:comhost.exe,conh0st.exe,dllh0st.exe,dt.tmp,spoolsv.exe,taskh0st.exe,w3wp.exe -0.10alpha:32bit,1.34:64bit
40.
© AhnLab, Inc.
All rights reserved. 40 WinRAR • RAR v3.3Command-line -Filename:tmp.dat
41.
42.
© AhnLab, Inc.
All rights reserved. 42 Attacked using Korean Secure USB Flash Drive • AttackedusingKorean SecureUSBFlashDrive -Performsmalwareinfectionviavariant-installingprograms -PresumedtobeanattempttoattacknetisolationsystemsbyusingKoreanSecureUSBDrive * Source:https://unit42.paloaltonetworks.com/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/
43.
© AhnLab, Inc.
All rights reserved. 43 Tickusb (SysmonLoader) • Tickusb(SymonLoader) -Foundtobeactivefromspring2014toNov.2017 (possiblyevenbeforeSep.2012) -FirstanalysisdisclosedbyUnit42inJun.2018 -SavedinformationleakedanddatamodifiedwhenUSBFlashDrivewasconnected -SomevariantsfoundintheKoreanSecureUSBFlashDriveExecutebyreadingdatafromspecificareaExecutioncodeunchecked -ModifiedEXEfileandpatchedALYAC25.EXEfilewithinsomemodifiedUSBFlashDrive • Composition of Tickusb -ConsistsofEXEfileincludingtheessentialcodeforDLL,whichactsastheLoader -MainfunctionofDLL(Loader):ExecutesTickusbEXEwhenUSBFlashDriveisconnected,Downloadsadditionalfiles -MainfunctionsofEXEfile:CollectsinformationwithintheUSBFlashDrive,InfectsEXEfile,andPatchesALYAC25.EXE -ModifiedEXEwithinaUSBFlashDrive:ExecutesbycreatingDownloaderorTickusbvariants
44.
© AhnLab, Inc.
All rights reserved. 44 Dropper • Dropper - Modified(Infected)byTickusbCreateDownloader
45.
© AhnLab, Inc.
All rights reserved. … … Stage 1 Stage 2 Stage 3 45 Stages of Tickusb ARPSpoofer Keylogger Mimikatz Port Scanner DLL Legitimate EXE msupdata.ex e Tickusb EXE Downloader iff.exe Modified EXE
46.
© AhnLab, Inc.
All rights reserved. 46 Tickusb Discovered Date File Content Details 2014.03 ?.exe Disclosed by Unit42 in 2018. Standalone EXE. Presumed to be an earlier version before 2014 2015.04 CRYPTBASE.dll Assumed to have been created in December 2014. Independent DLL. Collect system information and file information within the USB flash drive. 2015.06 BrWeb.dll, wsmt.exe Loads “BrWeb.dll” by patching a Brother Printer-related file. Downloads files. ALYAC25.exe patch function. Scans *.hwp files. Infects EXE files. Additional malware is found. 2015.06 CRYPTBASE.dll, svcmgr.exe Bnb Solution comparison functions were added. The EXE modification function was added. 2015.07 ?.dll (Unconfirmed), ctfmon.exe 2015.07 CRYPTBASE.dll, svcmgr.exe (Not yet obtained) 2016.10 wincrypt.dll, wsmt.exe (Not yet obtained) Export functions similar to that of CRYPTBASE.dll 2017.01 wincrypt.dll 2017.11 wincrypt.dll
47.
© AhnLab, Inc.
All rights reserved. 47 2014.03 – Early Tickusb • EarlyTickusb -BuiltonSept27th,2012(!) -Reads data from a specific area when a Bnbsol secure USB flash drive is attached to the system the code is not yet confirmed
48.
© AhnLab, Inc.
All rights reserved. 48 2015.04 – Tickusb Independent DLL • CRYPTBASE.DLL(73,216 bytes) - Presumed to have been built on Dec. 29, 2014 - Independent DLL type (without EXE file execution function) • Function - Collectsfilelist withinUSBFlashDrive -Deletes‘C:WINDOWSsystem32CatRoot{375EA1F-1CD3-22D3-7602-00D04ED295CC}TAG’file -CheckstheURL(.co,.net,.kr,.kt,.co,www.) Checks‘peacenet.go.kr‘ CollectsSystemInformation -SearchesforVPNCliend.exe,IPPEManager.exeinprocesses CollectsSystemData
49.
© AhnLab, Inc.
All rights reserved. 49 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) BrWeb.dll wsmt.exe 6. Inserted USB Flash Drive ? 9. search files 4. Create a log file msupdata.exe 5. Download 7. Execute 11. modify(infect) EXE files BrStMonW.exe iff.exe Downloader, Backdoor ? 2. Patch 3. Load & Execute EXE Stage 1 Stage 2 Stage 3 8. Create a log file Brother Printer apihex.dat 10. read the data file 1. download / drop
50.
© AhnLab, Inc.
All rights reserved. 50 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • Patcher- iff.exe (24,576 bytes) - -b : Modifies and executes a specific EXE file (File size increases) - -l : Modifies an EXE file to load a specific DLL file (File size remains same) - Presumed to have been generated in a non-English speaking region, considering the awkward sentences and typos (“Suces” for “Success”)
51.
© AhnLab, Inc.
All rights reserved. 51 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • iff.exe -
52.
© AhnLab, Inc.
All rights reserved. 52 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • KeyMalware -EntryPoint GetAPIAddress CreateFile ReadFile WinExec 00404342>$E9884A0000 JMPmd5sum_m.00408DCF ;JUMPMalwareEntryPoint
53.
© AhnLab, Inc.
All rights reserved. 53 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • Patched– BrStMonW.exe(2,629,632bytes) -Patchedusingiff.exe–l -EntryPointcommandpatched(CALLcommand JMPcommand) -AddscodethatloadBrWeb.dlltoanemptysectionof BrStMonW.exe * Source:20150601_d536f5f929ddd2472a95f3356f7d835c_CO190430AACLH-000002_BrStMonW
54.
© AhnLab, Inc.
All rights reserved. 54 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • Loader– BrWeb.dll (79,360,78,848bytes) -DisguisedasBrotherPrinterDriver -KeepsaloginCredentials.csv -IfaUSBflashdriveisattachedtothesystem,C:WINDOWSSystem32migrationWSMTwsmt.exefileisexecuted - ReadsC:WindowsschemasAvailableNetworkbasev1.xsdfileFilenotyetobtained -OneveryMondayandThursday,downloadscodefromhttp://updata.saranmall.com/script/main.htmltocreateMSUPDATA.EXE
55.
© AhnLab, Inc.
All rights reserved. 55 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • Infector: wsmt.exe (25,088 bytes) - Keeps a log in FlashHistory.dat - Finds an EXE file in the USB flash drive and adds the data read from C:WindowsAppPatchCustomCustom64apihex.dat For ALYAC25.exe file, it patches a specific section
56.
© AhnLab, Inc.
All rights reserved. 56 2015.06 – Tickusb (Patcher + BrWeb.dll + wsmt.exe) • Modified(Infected)EXE - Malicious Code E9 xx xx xx xx Drop Code1. Jump EXE 2. Drop 3. Execute .texe Entry Point Malware 1. Write MZ
57.
© AhnLab, Inc.
All rights reserved. 57 2015.06 – Tickusb (Cryptbase.dll + svcmgr.exe) • Cryptbase.dll(51,712 bytes) - %ProgramFiles%commonfilesjavajavaupdatecryptbase.dll - InlcudesExportfunctioninCryptbase.dllfile
58.
© AhnLab, Inc.
All rights reserved. 58 2015.06 – Tickusb (Cryptbase.dll + svcmgr.exe) • Cryptbase.dll(51,712 bytes) - Maincodestrings
59.
© AhnLab, Inc.
All rights reserved. 59 2015.06 – Tickusb (Cryptbase.dll + svcmgr.exe) • svcmgr.exe(32,768 bytes) -EXEfileinfected -ALYAC25.exepatched
60.
© AhnLab, Inc.
All rights reserved. 60 2016.10 – Tickusb (wincrypt.dll + wsmt.exe) • wincrypt.dll(77,824 bytes ~ 1,589,760bytes) - Discoveredin2016.10~2017.11
61.
© AhnLab, Inc.
All rights reserved. 61 2016.10 – Tickusb (wincrypt.dll + wsmt.exe) • Tickusb– wincrypt.dll(2016.10) - Runwsmt.exe whenUSBFlashDriveisconnectedtothesystem(EXE filewasnotidentified)
62.
© AhnLab, Inc.
All rights reserved. 62 Stage 3 - Dropper vs Modified PE •Code comparison of a sample known as a Droppers with an infected sample - The sample appears to be a modified Tickusb file rather than a Dropper
63.
© AhnLab, Inc.
All rights reserved. 63 Stage 3 - Modified PE • Dropper -notonlyDropperbutalsoModifiedPE!
64.
65.
© AhnLab, Inc.
All rights reserved. 65
66.
© AhnLab, Inc.
All rights reserved. 66 Connections • Correlationswith C2 -amamihanahana.com:Xxmm,Datper -211.13.196.164:Datper,Emdivi(campaignBluetermite) * Source:https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html
67.
68.
© AhnLab, Inc.
All rights reserved. 68© AhnLab, Inc. All rights reserved. Incorrect operation or interruption of security software An executable file larger than 50 MB (Especially if written in Delphi) Suspicious file names System access to recently registered domain File names different from normal file names (WinRAR Console, Port Scanner, etc.)
69.
© AhnLab, Inc.
All rights reserved. 69 2019. 01 Registers www.eneygylakes.com (61.111.255.225 – Korea) 2019. 02 Attack
70.
© AhnLab, Inc.
All rights reserved. 70 Remaining Tasks •TickGroup isa threat actorthat has beenactiveinKorea and Japanfor the past ten years! •Question1.Are they the same group? - Existence of Malware Builder - Same code reused • Question2. ConnectiontoTontoTeam - Some malware are simultaneously used - Some infrastructures, such as C&C, are shared - What is the connection between these Groups? - Collaboration? Same Group? Coincidence?
71.
© AhnLab, Inc.
All rights reserved. 71 Attacker
72.
© AhnLab, Inc.
All rights reserved. 72 Collaboration • Necessityof Cooperationand Collaboration -CollaborationrequiredbetweentheresearchersofKoreaandJapan,whoareexperiencingsimilaractiveattacks. -It’simportanttodiscloseandshareinformation. -CooperatedwithJapaneseandTaiwaneseanalyst.(Thanks!) -AhnLabwillsharerelevantinformationwiththemembersofindustry
73.
73 CHA Minseok (Jacky) •
minseok.cha@ahnlab.com • mstoned7@gmail.com • @mstoned7 Thank you for your attention!
Download now