{"title":"GITCBot:下一代C&C恶意软件的新方法","authors":"Saeid Ghasemshirazi, Ghazaleh Shirvani","doi":"10.1109/CSICC52343.2021.9420590","DOIUrl":null,"url":null,"abstract":"Online Social Networks (OSNs) attracted millions of users in the world. OSNs made adversaries more passionate to create malware variants to subvert the cyber defence of OSNs. Through various threat vectors, adversaries persuasively lure OSN users into installing malware on their devices at an enormous scale. One of the most horrendous forms of named malware is OSNs' botnets that conceal C&C information using OSNs' accounts of unaware users. In this paper, we present GITC (Ghost In The Cloud), which uses Telegram as a C&C server to communicate with threat actors and access targets' information in an undetectable way. Furthermore, we present our implementation of GITC. We show how GITC uses the encrypted telegram Application Programming Interface (API) to cover up records of the adversary connections to the target, and we discuss why current intrusion detection systems cannot detect GITC. In the end, we run some sets of experiments that confirm the feasibility of GITC.","PeriodicalId":374593,"journal":{"name":"2021 26th International Computer Conference, Computer Society of Iran (CSICC)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"GITCBot: A Novel Approach for the Next Generation of C&C Malware\",\"authors\":\"Saeid Ghasemshirazi, Ghazaleh Shirvani\",\"doi\":\"10.1109/CSICC52343.2021.9420590\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Online Social Networks (OSNs) attracted millions of users in the world. OSNs made adversaries more passionate to create malware variants to subvert the cyber defence of OSNs. Through various threat vectors, adversaries persuasively lure OSN users into installing malware on their devices at an enormous scale. One of the most horrendous forms of named malware is OSNs' botnets that conceal C&C information using OSNs' accounts of unaware users. In this paper, we present GITC (Ghost In The Cloud), which uses Telegram as a C&C server to communicate with threat actors and access targets' information in an undetectable way. Furthermore, we present our implementation of GITC. We show how GITC uses the encrypted telegram Application Programming Interface (API) to cover up records of the adversary connections to the target, and we discuss why current intrusion detection systems cannot detect GITC. In the end, we run some sets of experiments that confirm the feasibility of GITC.\",\"PeriodicalId\":374593,\"journal\":{\"name\":\"2021 26th International Computer Conference, Computer Society of Iran (CSICC)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 26th International Computer Conference, Computer Society of Iran (CSICC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSICC52343.2021.9420590\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 26th International Computer Conference, Computer Society of Iran (CSICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSICC52343.2021.9420590","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
在线社交网络(Online Social Networks,简称osn)在全球吸引了数以百万计的用户。osn使得对手更有激情地创建恶意软件变体来破坏osn的网络防御。通过各种威胁载体,攻击者有说服力地引诱OSN用户在其设备上大规模安装恶意软件。命名恶意软件最可怕的形式之一是osn的僵尸网络,它利用不知情用户的osn帐户隐藏C&C信息。在本文中,我们提出了GITC (Ghost In The Cloud),它使用Telegram作为C&C服务器与威胁参与者进行通信,并以不可检测的方式访问目标的信息。此外,我们还介绍了GITC的实现。我们展示了GITC如何使用加密的电报应用程序编程接口(API)来掩盖对手与目标的连接记录,并讨论了为什么当前的入侵检测系统不能检测到GITC。最后,我们进行了几组实验,验证了GITC的可行性。
GITCBot: A Novel Approach for the Next Generation of C&C Malware
Online Social Networks (OSNs) attracted millions of users in the world. OSNs made adversaries more passionate to create malware variants to subvert the cyber defence of OSNs. Through various threat vectors, adversaries persuasively lure OSN users into installing malware on their devices at an enormous scale. One of the most horrendous forms of named malware is OSNs' botnets that conceal C&C information using OSNs' accounts of unaware users. In this paper, we present GITC (Ghost In The Cloud), which uses Telegram as a C&C server to communicate with threat actors and access targets' information in an undetectable way. Furthermore, we present our implementation of GITC. We show how GITC uses the encrypted telegram Application Programming Interface (API) to cover up records of the adversary connections to the target, and we discuss why current intrusion detection systems cannot detect GITC. In the end, we run some sets of experiments that confirm the feasibility of GITC.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
