Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware
نویسنده
چکیده
Nation State malware and tools are not magical. However, they are effective because they are developed in private, have a budget, and maybe teams of engineers. Whenever one of these digital weapons is released to the public, discovered via forensics or an information leak, it allows all interested parties to learn and improve either their defensive or offensive capabilities. This paper inspects the OnionDuke packer discovered by the author in October 2014; with the result of repurposing it in the author’s own tool set.
منابع مشابه
DeepAPT: Nation-State APT Attribution Using End-to-End Deep Neural Networks
In recent years numerous advanced malware, aka advanced persistent threats (APT) are allegedly developed by nation-states. The task of attributing an APT to a specific nation-state is extremely challenging for several reasons. Each nation-state has usually more than a single cyber unit that develops such advanced malware, rendering traditional authorship attribution algorithms useless. Furtherm...
متن کاملThe snooping dragon: social-malware surveillance of the Tibetan movement
In this note we document a case of malware-based electronic surveillance of a political organisation by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially f...
متن کاملA Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin
While most of the current research focus is rightfully put on finding and mitigating vulnerabilities in industrial control systems (ICS), the opposite angle, namely researching operational weaknesses or unintelligent decisions of ICS malware that make them susceptible to detection, defensive entrapment, and forensics at large, is lesser explored. In this paper we perform a quantitative evaluati...
متن کاملAn Investigation of the Android/badaccents Malware Which Exploits a New Android Tapjacking Attack an Investigation of the Android/badaccents Malware Which Exploits a New Android Tapjacking Attack
We report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via di↵erent channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family repres...
متن کاملHow Current Android Malware Seeks to Evade Automated Code Analysis
First we report on a new threat campaign, underway in Korea, which infected around 20,000 Android users within two months. The campaign attacked mobile users with malicious applications spread via different channels, such as email attachments or SMS spam. A detailed investigation of the Android malware resulted in the identification of a new Android malware family Android/BadAccents. The family...
متن کامل