Upload File

malware analysis system empowering le cybercrime investigation division, spo malware analysis system...

  • Home
  • Documents
  • Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO
14
Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Upload: audrey-rogers

Post on 19-Dec-2015

223 views

Category:

Documents


0 download

Report

Tags:

TRANSCRIPT

Page 1: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System empowering LECybercrime Investigation Division, SPO

Page 2: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System, THEMIS

The

Hacking

Evidence

Malware

Investigation

System

Page 3: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Background

Prevalence of Malware Crimes

Limited Expertise & Workforce

Loosing Connections

Page 4: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Goals

1 Automate & Normalize Analysis

2 Trace & Monitor Criminals

3 Comprehensive Management ofMalware Information

Page 5: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

System Concept

  

• Correlation & Trace

• Analysis • Collection

Malware Life-Cycle based Operation

DataBase

Page 6: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

1 Collection (internal input + external resources)

Mechanism

Page 7: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

2 Analysis

STATIC

DY-NAMIC

PE Structure, Hash, Ssdeep, Strings, Decompiling, class/meth-ods info.. Provider, Receiver, Ser-

vice, Permission, SMS/CALL

File/Registry/Network/Process Event Monitoring

Network Re-source

IP, E-Mail, Name

Mechanism

Page 8: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Malware Dis-tribution Site

Malware Down-load

DNS RecordIP Do-

main

MD5/SHA2

Compilier Informa-tion

Packing Info

File Creation Time

Digital Signature

IAT/EAT TimeDateS-tamp

EOP

File Size

PE Section

File Informa-tion

File Name

EntropyRe-source Section

C&C Server

Information Leakage Sites

File Access/Cre-ation/Edition/Delete

Registry Access/Cre-ation/Edition/Delete Network Comuni-

cation

Autorun

Name Server

Anti Virus

Antivirus Signature

Engine Version

Related Process/DLL

API

Registrant

CNAMEE-mail

Whois History

File Type File Ver-sion

PTRIP2Location

User

PE Header

Malicious Behavior

Mechanism

Page 9: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Mechanism

Page 10: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

3 Correlation & Trace

Mechanism

Page 11: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Results

1 Speed up Initial Investigation

See the Criminal Rings

Facilitate Collaboration

2

3

Page 12: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Case I

System Intrusion

to a major company

Analyze 41 malicious files, identify 10 C&C

servers

Monitor the C&Cs changing their IPs

Seize a C&C, identify additional victims

Page 13: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Case II

Cyber Threat

on a nuclear power

plant operator

Analyze more than 10,000 EML files

Detach 5,986 malicious files from the emails

Analyze the malicious files, clarify the function

1day

Page 14: Malware Analysis System empowering LE Cybercrime Investigation Division, SPO Malware Analysis System empowering LE Cybercrime Investigation Division, SPO

Malware Analysis System empowering LECybercrime Investigation Division, SPO


The Business of Cybercrime A Complex Business Modella.trendmicro.com/media/wp/cybercrime-business-whitepaper-en.pdf · The Growth of Cybercrime Unfortunately for consumers, cybercrime

resources.malwarebytes.com … · Malware Report Analysis of the latest cybercrime data is in and the numbers are clear; cybercriminals had a busy 2019, and it's only getting worse

Cybercrime convention

White-Collar Cybercrime: White-Collar Crime, Cybercrime ...sites.wp.odu.edu/.../sites/14757/2019/05/white-collar-cybercrime.pdf · White-Collar Cybercrime: White-Collar Crime, Cybercrime,

A CyberCrime Report - PRWebww1.prweb.com › prfiles › 2008 › 11 › 12 › 180371 › Malware... · 2009-03-06 · 4 CyberCrime – Spyware, Adware, and Malware Our reliance

CyberCrime Carding

More on: The Economics of Cybercrime and the Law of Malware Probability

THE CURRENT STATE OF CYBERCRIME 2014: … REPORT THE CURRENT STATE OF CYBERCRIME 2014: GLOBAL MALWARE OUTLOOK April 2014 APT ATTACKS REMAIN UNABATED AND POS MALWARE ATTACKS BECOME

Cyber battlefield Rebuilding the cyber domain Ahead of the ......NEW MALWARE SAMPLES* 46 2013 147 2014 482 2015 2509 2016 * Kaspersky Lab malware database . COST CYBERCRIME TO ECONOMY

Cyber Security Member Survey - ISPA · ddos hacking cybercrime cyber security phishing spying malware botnet ecrime partnership training cooperation cyber essentials antivirus firewalls

Makalah cybercrime

Upwardly Mobile: Looking at Evolving Cybercrime … Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware ... Emerged following mobile banking ... Geographic and sector

Cybercrime 1

Cybercrime 3

Class cybercrime

Investigating Cybercrime

Cybercrime Decision

Presented By: Brian Nienhaus. What is cybercrime? Running a cybercrime syndicate Cybercrime attacks Countermeasures Organization profiles

Fighting Russian Cybercrime Mobsters - Black Hat is Online Cybercrime? Russian Justice System ... What is Online Cybercrime? Progression of Russian Cybercrime ... • Rise of Nationalism

Spo Sistim Penomoran Spo

The Economics of Cybercrime and the Law of Malware Probability

CYBERCRIME & CYBERLAW

Cybercrime Insurance

Cybercrime ppt

Borderless Breaches and Migrating Malware: How Cybercrime is Breaking Down Barriers to your Data

Data Privacy: Hackers and Headlines - City of Phoenix Home · Target Breach – What We Know The malware used is nearly identical to a piece of malware sold on underground cybercrime

Cybercrime. IT gehackt. Gedeckt.€¦ · Helvetia Cyber-Versicherung "Cybercrime – Fahrlässig in den Ruin" Cybercrime. IT gehackt. Gedeckt

THE CURRENT STATE OF CYBERCRIME 2014: GLOBAL MALWARE OUTLOOK · THE CURRENT STATE OF CYBERCRIME 2014: GLOBAL MALWARE OUTLOOK ... Android phones located in China, ... the defender

European Cybercrime Centre EUROPOL - FIRST...&& cyberattacks && Money mule recruitment campaigns. • 20+ malware families. • 180+ countries affected. • €6M in monetary losses

CASHING IN ON CYBERCRIME - Trend Micro · 1 Threat Spotlight Cashing in on Cybercrime: New Malware Target Bitcoin ... Facebook. The said site hosts a .JPEG file that is actually an

Ministerstvo obrany SR - mod.gov.sk · SPO Hlohovec, SPO Trenín, SPO Nitra, SPO Zemianske Kostoľany, SPO Martin, SPO Prešov, SPO Michalovce. Miesta poskytnutia služby sú podrobne

Computer Crime and Cybercrimecs.armstrong.edu/rasheed/ITEC1050/Slides18.pdf · Computer Crime and Cybercrime ... • Tips to protect yourself from malware: ... • Boot sector viruses

Security trends in the financial services sector · cybercrime trends and nancial malware campaigns found that some countries experienced a marked increase in nancial cybercrime in

DDOS HACKING CYBERCRIME CYBER SECURITY PHISHING SPYING ... · SPYING MALWARE BOTNET ECRIME PARTNERSHIP TRAINING COOPERATION CYBER ESSENTIALS ANTIVIRUS FIREWALLS POLICE NCA DDOS HACKING

Cybercrime Law