analysis, APT, Cyber Defense, cyber operations, cyberespionage, cyberthreat, Incident response, malware, network forensics, Threat Hunting

A Lustrum of Malware Network Communication: Evolution and Insights

Posted by Samuel Alonso on

I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection.

The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a new malware, domains used by the malware to connect to their C2 are active. This implies a delay in the detection between the time the malware is available for dynamic analysis and the time that the malware has been successfully deployed in the wild.

As a result the paper proposes a close look to passive DNS to be able to improve detection and reduce the time between the communication to  the C2  and the discovery of the malware.

In the past, I wrote some articles around threat dectection using passive dns if you want to understand this topic.

https://cyber-ir.com/2016/07/22/hunting-down-threat-infrastructure-with-precision1/

https://cyber-ir.com/2016/11/02/hunting-down-threat-infrastructure-2-with-passivetotal/

The white paper is the following,

https://www.ieee-security.org/TC/SP2017/papers/409.pdf

One Comment Add yours

  1. Pingback: Week 25 – 2017 – This Week In 4n6

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s