Presented at the VB2020 localhost conference, 30 September - October 2, 2020.
↓ Slides: https://vblocalhost.com/uploads/VB2020-66.pdf
→ Details: https://vblocalhost.com/presentations/tracking-rapid-evolution-copycat-of-an-apt-rat-in-asia/
✪ PRESENTED BY ✪
• Hiroshi Takeuchi (Macnica Networks)
✪ ABSTRACT ✪
RATs originate from many sources: open-source tools or cybercriminal marketplaces and they are sometimes created bespoke by cyber espionage groups. One RAT, called 'LODEINFO', caught our research team's attention. It was December 2019 when we first observed this RAT, which was delivered via a spear-phishing email. We shared our research of the RAT in an analysis paper published in May this year. At the time of writing the paper, we did not pay much attention to the RAT - its code was unknown, and we could not find any evidence of relationships with known threat actors. We thought this was a one-off piece of malware used in a cyber espionage case.
However, contrary to our expectations, LODEINFO has been used in many operations and still continues to be used. The threat actor using this RAT is very active and aggressively changing its TTPs including several new version releases in a very short timeframe (seven versions in six months!). Due to this, we started to track LODEINFO and found some interesting points. Until now this malware has only been found in Japan.
In the beginning of this presentation, we talk about target industries and TTP changes in delivery, initial compromise and infrastructure over the operations. The main attack vector is spear phishing and adding some tricks to surrogate security solutions, especially by sandbox. This is just one of several examples. After covering the threat actor's overall TTPs, we will proceed to deep dive into LODEINFO. We will present the details of the LODEINFO workflow and implementations (anti-analysis, encryption, C&C protocol and features). Finally, we compare LODEINFO with the TTPs of known threat actors (DarkHotel and APT10) and present possible attribution theories and future prospects for the LODEINFO.
✪ BIO: Hiroshi Takeuchi (Macnica Networks) ✪
Hiroshi Takeuchi is an analyst and member of the Security Research Center at Macnica Networks. He has been working in the security domain for over seven years. His main responsibilities are analysing malware, in particular that used in targeted attacks, and collecting threat intelligence. He has developed internal tools such as an intelligence platform, honey network, and python scripts to support analysis. He writes blog posts, publishes reports and has spoken at a number of security conferences including CONFidence, HITCON and JSAC (Japan Security Analyst Conference) to share his research.
↓ Slides: https://vblocalhost.com/uploads/VB2020-66.pdf
→ Details: https://vblocalhost.com/presentations/tracking-rapid-evolution-copycat-of-an-apt-rat-in-asia/
✪ PRESENTED BY ✪
• Hiroshi Takeuchi (Macnica Networks)
✪ ABSTRACT ✪
RATs originate from many sources: open-source tools or cybercriminal marketplaces and they are sometimes created bespoke by cyber espionage groups. One RAT, called 'LODEINFO', caught our research team's attention. It was December 2019 when we first observed this RAT, which was delivered via a spear-phishing email. We shared our research of the RAT in an analysis paper published in May this year. At the time of writing the paper, we did not pay much attention to the RAT - its code was unknown, and we could not find any evidence of relationships with known threat actors. We thought this was a one-off piece of malware used in a cyber espionage case.
However, contrary to our expectations, LODEINFO has been used in many operations and still continues to be used. The threat actor using this RAT is very active and aggressively changing its TTPs including several new version releases in a very short timeframe (seven versions in six months!). Due to this, we started to track LODEINFO and found some interesting points. Until now this malware has only been found in Japan.
In the beginning of this presentation, we talk about target industries and TTP changes in delivery, initial compromise and infrastructure over the operations. The main attack vector is spear phishing and adding some tricks to surrogate security solutions, especially by sandbox. This is just one of several examples. After covering the threat actor's overall TTPs, we will proceed to deep dive into LODEINFO. We will present the details of the LODEINFO workflow and implementations (anti-analysis, encryption, C&C protocol and features). Finally, we compare LODEINFO with the TTPs of known threat actors (DarkHotel and APT10) and present possible attribution theories and future prospects for the LODEINFO.
✪ BIO: Hiroshi Takeuchi (Macnica Networks) ✪
Hiroshi Takeuchi is an analyst and member of the Security Research Center at Macnica Networks. He has been working in the security domain for over seven years. His main responsibilities are analysing malware, in particular that used in targeted attacks, and collecting threat intelligence. He has developed internal tools such as an intelligence platform, honey network, and python scripts to support analysis. He writes blog posts, publishes reports and has spoken at a number of security conferences including CONFidence, HITCON and JSAC (Japan Security Analyst Conference) to share his research.
- Catégories
- Cours de Batterie & Percussions
Ajouter un commentaire
Up Next
Autoplay
-
00:53
Un petit rat , rat , rat de l'opéra , ra , ra (comptine phonologique avec percussions corporelles )
-
00:29
APT APT DANCE NEW CHALLENGE SLOW TUTORIAL #fyp #trending #apt
-
00:11
rat dance trend tutorial ???????? #ratdance #rat #dance #dancetrend #chesstypebeat #dancetutorial
-
00:16
Cours comme un rat, vole comme une mouette, non, comme un animal mi rat mi mouette, une rouette !
-
15:28
Rat noir VS rat d'égout se dispute le territoire !
-
05:01
Bryan.G - Les Couleurs De L'amour
-
06:07
Cours De Guitare - Gipsy Kings : Bamboleo (2/8) Rythmique
-
04:45
Démonstration De Fleurs Réalisées à La Peinture à L'huile Et Au Couteau, Par Catherine VICTOIRE
-
01:14
Générique TARATATA (Musique Composée Par Jean-Jacques Goldman)
-
04:12
Run Away With Me by Section C
Chargement...
Commentaires