Top Banner
21

Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

Mar 15, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 2: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

Page 3: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 4: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 5: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 6: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

What about now?

Page 7: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 8: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

Sa

mp

le #

1

Page 9: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 10: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 11: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 12: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 13: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

Sa

mp

le #

2

Page 14: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 15: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 16: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

But let's try something different…

Page 17: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

So what else is there?

Malware – DOS Executable:Regex: ^TV(oA|pB|pQ|qA|qQ|ro)\w+

TVoA | TVpB | TVpQ |

TVqA | TVqQ | TVro

Dark web Domains:

find({'contents': /\.onion/})

Credentials dump: Threat Intel / IOC:

• API Keys • Certificates • Malicious Scripts • Database

Page 18: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

So How do you get started?❑ Scrapers and Bots:

❑ https://github.com/Critical-Start/pastebin_scraper

❑ https://github.com/kevthehermit/PasteHunter

❑ https://twitter.com/ScumBots

❑ https://twitter.com/dumpmon - Inactive

❑ Static Analysis tools:

❑ CyberChef - https://gchq.github.io/CyberChef/

❑ PE Studio - https://www.winitor.com/

❑ CFF Explorer - https://ntcore.com/?page_id=388

❑ dotPeek - https://www.jetbrains.com/decompiler/

❑ YARA - https://virustotal.github.io/yara/

Page 19: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

https://twitter.com/n3onli8

Chandra Majumdar

CTO – ElevatedPrompt Solutions Inc

chandra-at-elevatedprompt.com

Thank You

Page 20: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and
Page 21: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and

Related Documents
QM Bitty Blocks: July’s Bitty Boats

QM Bitty Blocks: July’s Bitty Boats

Category: Documents
The Not-So Itty-Bitty Spiders

The Not-So Itty-Bitty Spiders

Category: Documents
ITTY BITTY REACTIONS MathScience Innovation Center 2009.

ITTY BITTY REACTIONS MathScience Innovation Center 2009.

Category: Documents
QM Bitty Blocks - Quilting Daily

QM Bitty Blocks - Quilting Daily

Category: Documents
Series 80 “Mighty Mouse:” Awesome Performance, Itty-Bitty Package.

Series 80 “Mighty Mouse:” Awesome Performance,...

Category: Documents
Cybercriminals Utilize Social Engineering Techniques to Obtain

Cybercriminals Utilize Social Engineering Techniques to...

Category: Documents
Cybercriminals target online banking

Cybercriminals target online banking

Category: Documents
Cybercriminals target credit card processing: Best ...

Cybercriminals target credit card processing: Best ...

Category: Documents
TRACKING HOW CYBERCRIMINALS COMPROMISE WEBSITES TO SELL · 2016-02-01 · Tracking How Cybercriminals Compromise Websites to Sell Counterfeit Goods Advisor: Professor Tyler Moore

TRACKING HOW CYBERCRIMINALS COMPROMISE WEBSITES TO SELL ·....

Category: Documents
A Behind the Scenes Look at Cybercriminals - Their Methods ...vox.veritas.com/legacyfs/online/veritasdata/11am... · A Behind the Scenes Look at Cybercriminals - Their Methods and

A Behind the Scenes Look at Cybercriminals - Their Methods.....

Category: Documents
Little Bitty Bugs Vocabulary PowerPoint

Little Bitty Bugs Vocabulary PowerPoint

Category: Documents
Monday - Absolute Dance...Monday Monday 4:15- Bitty Tap Alice in Wonderland: “The Unbirthday Song” Miss Emily Monday 5:15- Bitty/Blooming Jazz Peter Pan: “I Won’t Grow Up”

Monday - Absolute Dance...Monday Monday 4:15- Bitty Tap...

Category: Documents