Explore the global landscape of command and control (C2) communications in malware ecosystems through this GrrCON 2014 conference talk. Dive into the LEVIATHAN project, examining worldwide malware signatures, tactics, and procedures across various industry verticals. Analyze callback patterns, including ebb and flow, targeted callbacks, and semantic signatures. Investigate how malware hides in plain sight and study the global C2 network map. Examine connectivity trends and malware distribution by country and industry vertical. Gain insights into geopolitical reflections, such as the Ukraine crisis and Israel-Gaza conflict, through unique callback analysis. Understand the USA's position as the top callback destination and explore traffic patterns in countries like Russia, Ukraine, and Israel.
Overview
Syllabus
FireEye
Whoami
Leviathan
Data
Worldwide malware ecosystem
C2 malware signatures
Tactics, techniques, and procedures
Every industry vertical owned
Callbacks: ebb and flow
Knock Knock
Hiding in Plain Site
Callback destinations from South Korea
Hiding in plain "site"
Targeted Callbacks
Semantic signatures
World C2 network map
Connectivity and malware
Callbacks by vertical / country
The king of malware
USA: the top callback destination
March in Russia/Ukraine
Geopolitical reflection: Ukraine crisis
Callbacks to Russia
RU-UA unique callbacks by country
Unique country callbacks
Israel: traffic analysis
Geopolitical reflection: Israel-Gaza crisis
Unique callbacks: CA to IL (2014)
Contact Info
