• Home

  • Documents

  • Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System...
14
Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Tags:

Embed Size (px)

Citation preview

Page 1: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System empowering LECybercrime Investigation Division, SPO

Page 2: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System, THEMIS

The

Hacking

Evidence

Malware

Investigation

System

Page 3: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Background

Prevalence of Malware Crimes

Limited Expertise & Workforce

Loosing Connections

Page 4: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Goals

1 Automate & Normalize Analysis

2 Trace & Monitor Criminals

3 Comprehensive Management ofMalware Information

Page 5: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

System Concept

  

• Correlation & Trace

• Analysis • Collection

Malware Life-Cycle based Operation

DataBase

Page 6: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

1 Collection (internal input + external resources)

Mechanism

Page 7: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

2 Analysis

STATIC

DY-NAMIC

PE Structure, Hash, Ssdeep, Strings, Decompiling, class/meth-ods info.. Provider, Receiver, Ser-

vice, Permission, SMS/CALL

File/Registry/Network/Process Event Monitoring

Network Re-source

IP, E-Mail, Name

Mechanism

Page 8: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Malware Dis-tribution Site

Malware Down-load

DNS RecordIP Do-

main

MD5/SHA2

Compilier Informa-tion

Packing Info

File Creation Time

Digital Signature

IAT/EAT TimeDateS-tamp

EOP

File Size

PE Section

File Informa-tion

File Name

EntropyRe-source Section

C&C Server

Information Leakage Sites

File Access/Cre-ation/Edition/Delete

Registry Access/Cre-ation/Edition/Delete Network Comuni-

cation

Autorun

Name Server

Anti Virus

Antivirus Signature

Engine Version

Related Process/DLL

API

Registrant

CNAMEE-mail

Whois History

File Type File Ver-sion

PTRIP2Location

User

PE Header

Malicious Behavior

Mechanism

Page 9: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Mechanism

Page 10: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Mechanism

Page 11: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Results

1 Speed up Initial Investigation

See the Criminal Rings

Facilitate Collaboration

2

3

Page 12: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Case I

System Intrusion

to a major company

Analyze 41 malicious files, identify 10 C&C

servers

Monitor the C&Cs changing their IPs

Seize a C&C, identify additional victims

Page 13: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Case II

Cyber Threat

on a nuclear power

plant operator

Analyze more than 10,000 EML files

Detach 5,986 malicious files from the emails

Analyze the malicious files, clarify the function

1day

Page 14: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System empowering LECybercrime Investigation Division, SPO


Presented By: Brian Nienhaus. What is cybercrime? Running a cybercrime syndicate Cybercrime attacks Countermeasures Organization profiles

Presented By: Brian Nienhaus. What is cybercrime? Running a cybercrime syndicate Cybercrime attacks Countermeasures Organization profiles

Documents
Cyber Security Member Survey - ISPA · ddos hacking cybercrime cyber security phishing spying malware botnet ecrime partnership training cooperation cyber essentials antivirus firewalls

Cyber Security Member Survey - ISPA · ddos hacking cybercrime cyber security phishing spying malware botnet ecrime partnership training cooperation cyber essentials antivirus firewalls

Documents
The Business of Cybercrime A Complex Business Modella.trendmicro.com/media/wp/cybercrime-business-whitepaper-en.pdf · The Growth of Cybercrime Unfortunately for consumers, cybercrime

The Business of Cybercrime A Complex Business Modella.trendmicro.com/media/wp/cybercrime-business-whitepaper-en.pdf · The Growth of Cybercrime Unfortunately for consumers, cybercrime

Documents
Collaboration Key to Making Outcome Based Pathways and … · 2013. 10. 17. · SPO Training SPO Business Process SPO Communication SPO Billing Process SPO Evaluation & ... reduce

Collaboration Key to Making Outcome Based Pathways and … · 2013. 10. 17. · SPO Training SPO Business Process SPO Communication SPO Billing Process SPO Evaluation & ... reduce

Documents
THE CURRENT STATE OF CYBERCRIME 2014: … REPORT THE CURRENT STATE OF CYBERCRIME 2014: GLOBAL MALWARE OUTLOOK April 2014 APT ATTACKS REMAIN UNABATED AND POS MALWARE ATTACKS BECOME

THE CURRENT STATE OF CYBERCRIME 2014: … REPORT THE CURRENT STATE OF CYBERCRIME 2014: GLOBAL MALWARE OUTLOOK April 2014 APT ATTACKS REMAIN UNABATED AND POS MALWARE ATTACKS BECOME

Documents
Cybercrime Prevention Act Sponsorship Speech - "Quashing Cybercrime" (05.11.2011)

Cybercrime Prevention Act Sponsorship Speech - "Quashing Cybercrime" (05.11.2011)

Documents
Cybercrime Insurance

Cybercrime Insurance

Documents
Cybercrime & Security

Cybercrime & Security

Technology
[MS-SPO]: SharePoint Protocols Overviewinteroperability.blob.core.windows.net/files/MS-SPO/[MS-SPO]-16022… · Release: February 26, 2016 [MS-SPO]: SharePoint Protocols Overview

[MS-SPO]: SharePoint Protocols Overviewinteroperability.blob.core.windows.net/files/MS-SPO/[MS-SPO]-16022… · Release: February 26, 2016 [MS-SPO]: SharePoint Protocols Overview

Documents
Computer Crime and Cybercrimecs.armstrong.edu/rasheed/ITEC1050/Slides18.pdf · Computer Crime and Cybercrime ... • Tips to protect yourself from malware: ... • Boot sector viruses

Computer Crime and Cybercrimecs.armstrong.edu/rasheed/ITEC1050/Slides18.pdf · Computer Crime and Cybercrime ... • Tips to protect yourself from malware: ... • Boot sector viruses

Documents
resources.malwarebytes.com … · Malware Report Analysis of the latest cybercrime data is in and the numbers are clear; cybercriminals had a busy 2019, and it's only getting worse

resources.malwarebytes.com … · Malware Report Analysis of the latest cybercrime data is in and the numbers are clear; cybercriminals had a busy 2019, and it's only getting worse

Documents
Cybercrime Advisory

Cybercrime Advisory

Documents
Security trends in the financial services sector · cybercrime trends and nancial malware campaigns found that some countries experienced a marked increase in nancial cybercrime in

Security trends in the financial services sector · cybercrime trends and nancial malware campaigns found that some countries experienced a marked increase in nancial cybercrime in

Documents
Cybercrime Fighting cybercrime...Cybercrime Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 12 Fighting cybercrime Measuring cybercrime The cost

Cybercrime Fighting cybercrime...Cybercrime Part II Tyler Moore Computer Science & Engineering Department, SMU, Dallas, TX Lecture 12 Fighting cybercrime Measuring cybercrime The cost

Documents
Upwardly Mobile: Looking at Evolving Cybercrime … Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware ... Emerged following mobile banking ... Geographic and sector

Upwardly Mobile: Looking at Evolving Cybercrime … Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware ... Emerged following mobile banking ... Geographic and sector

Documents
4598 cybercrime

4598 cybercrime

Documents
Understanding Cybercrime - Microsoftenterprise.blob.core.windows.net/events/Cybercrime_Microsoft... · Understanding Cybercrime By Shawn ... Malware kits are software packages designed

Understanding Cybercrime - Microsoftenterprise.blob.core.windows.net/events/Cybercrime_Microsoft... · Understanding Cybercrime By Shawn ... Malware kits are software packages designed

Documents
Data Privacy: Hackers and Headlines - City of Phoenix Home · Target Breach – What We Know The malware used is nearly identical to a piece of malware sold on underground cybercrime

Data Privacy: Hackers and Headlines - City of Phoenix Home · Target Breach – What We Know The malware used is nearly identical to a piece of malware sold on underground cybercrime

Documents
Fighting Russian Cybercrime Mobsters - Black Hat is Online Cybercrime? Russian Justice System ... What is Online Cybercrime? Progression of Russian Cybercrime ... • Rise of Nationalism

Fighting Russian Cybercrime Mobsters - Black Hat is Online Cybercrime? Russian Justice System ... What is Online Cybercrime? Progression of Russian Cybercrime ... • Rise of Nationalism

Documents
Investigating Cybercrime

Investigating Cybercrime

Documents
The Economics of Cybercrime and the Law of Malware Probability

The Economics of Cybercrime and the Law of Malware Probability

Technology
Cybercrime Law

Cybercrime Law

Documents
Cybercrime Awareness

Cybercrime Awareness

Presentations & Public Speaking
Cybercrime Support Network · 2020-07-01 · Cybercrime Support Network Giving victims of cybercrime a voice. Cybercrime Support Network is a national nonprofit whose mission is to

Cybercrime Support Network · 2020-07-01 · Cybercrime Support Network Giving victims of cybercrime a voice. Cybercrime Support Network is a national nonprofit whose mission is to

Documents
Cybercrime - Grant Thornton Ireland · PDF file2 Types and characteristics of cybercrime Definition of cybercrime In assessing the current state of cybercrime, we need to consider

Cybercrime - Grant Thornton Ireland · PDF file2 Types and characteristics of cybercrime Definition of cybercrime In assessing the current state of cybercrime, we need to consider

Documents
European Cybercrime Centre EUROPOL - FIRST...&& cyberattacks && Money mule recruitment campaigns. • 20+ malware families. • 180+ countries affected. • €6M in monetary losses

European Cybercrime Centre EUROPOL - FIRST...&& cyberattacks && Money mule recruitment campaigns. • 20+ malware families. • 180+ countries affected. • €6M in monetary losses

Documents
SECURITY SERVICES AND CYBERCRIME TRENDS - …schd.ws/hosted_files/creditunioninfosecurityconf2017/b0/CyberCrime... · SECURITY SERVICES AND CYBERCRIME TRENDS ... Cerber (early March)

SECURITY SERVICES AND CYBERCRIME TRENDS - …schd.ws/hosted_files/creditunioninfosecurityconf2017/b0/CyberCrime... · SECURITY SERVICES AND CYBERCRIME TRENDS ... Cerber (early March)

Documents
Cybercrime convention

Cybercrime convention

Technology
cybercrime law.pdf

cybercrime law.pdf

Documents
Cybercrime tactics and techniques: 2017 state of malware · PDF fileDespite such a high-profile year of high-volume outbreaks, development of new ransomware families ... inclusion

Cybercrime tactics and techniques: 2017 state of malware · PDF fileDespite such a high-profile year of high-volume outbreaks, development of new ransomware families ... inclusion

Documents