当前位置:首页 > 报告详情

被遗忘的恶意软件 C2 的秘密生活.pdf

上传人: 可*** 编号:991895 2025-12-07 77页 8.78MB

1、Whoami CTI analyst Just finished my masters degree Certifications include CISSP GSEC GCTI Splunk CertsThe Pyramid of Pain The Pyramid of Pain Indicators Indicators of Compromise AKA“IOC”of Compromise AKA“IOC”https:/detect- fact:Published in 2013 by David BiancoBAGPIPES!BAGPIPES!Bagpipes the official

2、 CTI instrumentHow Long To Retain IOCs?Depends on many factors Opinions/hot takes Incident Response has taught me Where to keep IOCs?Platforms often referred to as“Threat Intelligence Platform”or“TIPs”Range for anywhere from Free-99 to six figures/year.Some onprem,some SAASNetworkDNS RequestsSIEM(SP

3、LUNK/ELASTIC)IOCs from FeedsThreat Intel PlatformIOC FeedsALERT!B detectedAnalyst Review/InvestigationTypical WorkflowWhere to get IOCs?Where to get IOCs?Wide array of IOC Wide array of IOC feeds available feeds available https:/ Lets buy old domainsLets buy old domainsSee whos contacting themSee wh

4、os contacting themSay definitively if old infections Say definitively if old infections are still calling home are still calling home July 24,2022July 24,2022Research time!Research time!AND THENAND THEN.nothing.nothingChallenge:I have an idea,but dont know how to do it,dont Challenge:I have an idea,

5、but dont know how to do it,dont have the time to go spend hours learning how to setup have the time to go spend hours learning how to setup servers servers November 22,2023(17 November 22,2023(17 months later)months later)Explained what I was doing Explained what I was doing They did not careThey di

6、d not careI suspected threat actor may be trying to reclaim old domainI suspected threat actor may be trying to reclaim old domainThey did not careThey did not careExplained I redirected traffic to my Explained I redirected traffic to my LinkedinLinkedin for for lulzlulzThey did not careThey did not

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要围绕威胁情报(CTI)和网络安全展开,以下为关键点: 1. **威胁情报平台(TIPs)**:介绍了TIPs的作用和价格范围,从免费到数万美元不等。 2. **IOCs的保留时间**:取决于多种因素,作者通过个人经历强调了保留IOCs的重要性。 3. **IOCs的获取**:提到了多种获取IOCs的途径,包括开源威胁情报源和购买旧域名追踪联系者。 4. **GPT的应用**:作者使用GPT工具进行数据分析,实现了类似Splunk的功能。 5. **APT29活动分析**:通过分析恶意软件Gozi的C2列表,揭示了APT29的活动。 6. **WastedLocker恶意软件**:探讨了WastedLocker恶意软件及其关联的EvilCorp组织。 7. **域名注册挑战**:作者尝试注册与WastedLocker相关的域名时遇到困难,揭示了域名注册的挑战。 8. **结论**:强调了IOCs的长期价值,以及AI在网络安全项目中的潜在作用。
"IOC保留时长之谜" "TIPs平台大揭秘" "APT30域名追踪记"
客服
商务合作
小程序
服务号
折叠