Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different...

• Different governmental uses for malware

• Law Enforcement

• Espionage

• Surveillance

• Sabotage

• Warfare

Protecting the irreplaceable | f-secure.com

CosmicDuke

Masking "file.scr"

• rcs.Заказ.doc

• rcs.18.jpg

• rcs.DSC_1365527283.jpg

CVE-2011-0611

CosmicDuke remnants• c:\botgenstudio\generations\8f1777b0\bin\Bot.pdb

• d:\production\nitro\sva\generations\809113dd\bin\Bot.pdb

• d:\sva\nitro\botgenstudio\interface\generations\80ddfcc1\bin\Bot.pdb

• D:\PRODUCTION\NITRO\KSK\Generations\70BCDEA1\bin\Bot.pdb

• C:\Projects\NEMESIS\nemesis-gemina\nemesis\bin\carriers\ezlzma_x86_exe.pdb

Agent.BTZ / Turla / Snake / Uroburos

Agent.BTZ

Developer Signatures

$Id: event.c 14097 2010-11-01 14:46:27Z gilg $

$Id: mime64.c 12892 2010-06-24 14:31:59Z vlad $

$Id: named_mutex.c 15594 2011-03-18 08:04:09Z gilg $

$Id: nt.c 20719 2012-12-05 12:31:20Z gilg $

$Id: ntsystem.c 19662 2012-07-09 13:17:17Z gilg $

$Id: snake_config.c 5204 2007-01-04 10:28:19Z vlad $

6es7-315-2 / 6es7-417

Protecting the irreplaceable | f-secure.com

"There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was the american band acdcthunderstruck. It was all very strange and happened very quickly. the attackers also managed to gain root access to the machine they entered from and removed all the logs."

Gauss encryptionmov ecx, (LENGTHOF tToCrypt)-1

mov edx, OFFSET tToCrypt

mov ebx, OFFSET tEncrypt

mov eax, [edx]

XOR eax, ACDCnot eax

mov [ebx], eax

inc edx

inc EBX

LOOP L1

mov edx, OFFSET tOutEncr

call WriteString

mov edx, OFFSET tEncrypt

call WriteString

call Crlf

FinFly

UAE, Bahrain, Saudi Arabia, Syria…

• Finfisher (Gamma)

• RCS (Hacking Team)

• DarkComet

• BlackShades

• Xtreme RAT

• Spynet

Image Source: When Governments Hack Opponents: A Look at Actors and Technology, Citizen Lab + ICSI

Hacker Units indside UKUSA intelligence agencies

THE EYES

• FIVE EYES: USA, UK, Canada, Australia, New Zealand

• NINE EYES: Five Eyes + Denmark, Norway, The Netherlands and France

• FOURTEEN EYES: Nine Eyes + Sweden, Germany, Belgium, Italy and Spain

• free brokep

FREE Peter Sunde

Geneva Convention

"Legitimate military targets are limited to those objects which by their nature make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage"

Please fill your feedback form if you havenice things to say. Otherwise, never mind.

Thank You

Different governmental uses for malware - Black Hat | Home · 2015-05-28 · •Different...

Documents

Windows Malware Firewall: Remove Windows Malware Firewall

Improving accuracy of malware detection by …...FFRI, Inc. Background – malware and its detection 4 Increasing malware Targeted Attack (Unknown malware) Malware generators Obfuscators

Malware & Anti-Malware

IronNet: Threat Intelligence Brief...project Ĕ Malware and infrastructure associated with the North Korea-linked Kimusky group targeting various think tanks, NGOs (non-governmental

· INTRODUCTION County Commissioners 5 Program Summary 7 Administration 11 Acknowledgements 17 County Wide Sources and Uses 19 GOVERNMENTAL Governmental Projects 23

Malware Analysis Without Looking At Assembly Codegauss.ececs.uc.edu/Courses/c5155/pdf/malware-analysis.pdf · 2015. 11. 20. · Malware Analysis Malware typically employs encryption:

Malware and anti-malware (fun with Trojans) - Z. …z.cliffe.schreuders.org/edu/FS/Malware and anti-malware... · 2014-04-02 · Malware and anti-malware (fun with Trojans) ... with

Android Malware Exposed-Evolution of Android Malware

Ch 12: Covert Malware Launching - samsclass.info · Practical Malware Analysis Ch 12: Covert Malware Launching Last revised: 4-10-17. Hiding Malware • Malware used to be visible

Affordable Housing Independent/Subsidized · Affordable/Subsidized housing uses governmental resources to supplement rental costs for residents. Forms of subsidies include direct

Reversing malware analysis trainingpart9 advanced malware analysis

Intrusion Detection and Malware Analysis - Malware collection

Malware Analysis Analysis.pdf · Definisi Malware Analysis • What is a malware? • Malware (malicious software) ... Malware Sinkronisasi Token • Pelaku: Zeus Banking Trojan •

Malware and Anti-Malware Seminar by Benny Czarny

Cuckoo Sandbox - University of Delawarecavazos/cisc850-spring2017/...CISC 850 : Cyber Analytics Cuckoo Sandbox • Automated malware analysis system. • Uses virtualization and supports

Computer Virology and Mobile Malware Detection · 2019-03-14 · Outline •Introduction •Computer Virology • Malware taxonomy • Encrypted malware •Malware Detection •Mobile

Reverse Engineering & Malware Analysis...Malware uses a year old privilege escalation vulnerability (CVE-2016-5195) known as Dirty COW, to gain root access on the mobile . It serves

Healthy foetus- A Global commitment. Role of Governmental and Role of Governmental and Non Governmental Non Governmental Organization in Organization

Analisis dan Deteksi Malware Menggunakan Metode Malware

procurement.cofc.eduprocurement.cofc.edu/solicitations/docs/CATO CENTER … · Web viewThe withholding requirement applies to every governmental entity that uses a contract ("Using