跟上表情:跟踪多基础设施僵尸网络

Digital Threats: Research and Practice Pub Date : 2023-05-02 DOI:10.1145/3594554

Oleg Boyarchuk, Sebastiano Mariani, Stefano Ortolani, G. Vigna

{"title":"跟上表情:跟踪多基础设施僵尸网络","authors":"Oleg Boyarchuk, Sebastiano Mariani, Stefano Ortolani, G. Vigna","doi":"10.1145/3594554","DOIUrl":null,"url":null,"abstract":"Throughout its eight-year history, Emotet has caused substantial damage. This threat reappeared at the beginning of 2022 following a take-down by law enforcement in November 2021. Emotet is arguably one of the most notorious advanced persistent threats, causing substantial damage during its earlier phases and continuing to pose a danger to organizations everywhere. In this article, we present a longitudinal study of several waves of Emotet-based attacks that we observed in VMware’s customer telemetry. By analyzing Emotet’s software development life cycle, we were able to dissect how it quickly changes its command and control (C2) infrastructure, obfuscates its configuration, adapts and tests its evasive execution chains, deploys different attack vectors at different stages, laterally propagates, and continues to evolve using numerous tactics and techniques.","PeriodicalId":202552,"journal":{"name":"Digital Threats: Research and Practice","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Keeping Up with the Emotets: Tracking a Multi-infrastructure Botnet\",\"authors\":\"Oleg Boyarchuk, Sebastiano Mariani, Stefano Ortolani, G. Vigna\",\"doi\":\"10.1145/3594554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Throughout its eight-year history, Emotet has caused substantial damage. This threat reappeared at the beginning of 2022 following a take-down by law enforcement in November 2021. Emotet is arguably one of the most notorious advanced persistent threats, causing substantial damage during its earlier phases and continuing to pose a danger to organizations everywhere. In this article, we present a longitudinal study of several waves of Emotet-based attacks that we observed in VMware’s customer telemetry. By analyzing Emotet’s software development life cycle, we were able to dissect how it quickly changes its command and control (C2) infrastructure, obfuscates its configuration, adapts and tests its evasive execution chains, deploys different attack vectors at different stages, laterally propagates, and continues to evolve using numerous tactics and techniques.\",\"PeriodicalId\":202552,\"journal\":{\"name\":\"Digital Threats: Research and Practice\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-05-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Threats: Research and Practice\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3594554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Threats: Research and Practice","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3594554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

在其8年的历史中，Emotet造成了巨大的损害。这一威胁在2021年11月被执法部门取缔后，于2022年初再次出现。Emotet可以说是最臭名昭著的高级持续性威胁之一，在其早期阶段造成了巨大的破坏，并继续对各地的组织构成威胁。在本文中，我们对VMware客户遥测中观察到的几波基于表情符号的攻击进行了纵向研究。通过分析Emotet的软件开发生命周期，我们能够分析它如何快速改变其指挥和控制(C2)基础设施，模糊其配置，适应和测试其规避执行链，在不同阶段部署不同的攻击向量，横向传播，并使用多种战术和技术继续发展。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Keeping Up with the Emotets: Tracking a Multi-infrastructure Botnet

Throughout its eight-year history, Emotet has caused substantial damage. This threat reappeared at the beginning of 2022 following a take-down by law enforcement in November 2021. Emotet is arguably one of the most notorious advanced persistent threats, causing substantial damage during its earlier phases and continuing to pose a danger to organizations everywhere. In this article, we present a longitudinal study of several waves of Emotet-based attacks that we observed in VMware’s customer telemetry. By analyzing Emotet’s software development life cycle, we were able to dissect how it quickly changes its command and control (C2) infrastructure, obfuscates its configuration, adapts and tests its evasive execution chains, deploys different attack vectors at different stages, laterally propagates, and continues to evolve using numerous tactics and techniques.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Digital Threats: Research and Practice

自引率

0.00%

发文量