Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Operation emmental appsec

1

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Operation emmental appsec

  1. 1. Operation Emmental David Sancho FTR team 11/10/2014 Copyright 2014 Trend Micro Inc. 1
  2. 2. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  3. 3. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  4. 4. The Way In… 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  5. 5. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  6. 6. One more certificate on the list… 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  7. 7. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  8. 8. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  9. 9. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  10. 10. But what’s hhaappppeenniinngg iinn reality? 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  11. 11. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  12. 12. Attacker’s Infrastructure DNS servers C&C servers Windows Trojan Hosting servers SMS receiver 11/10/2014 Copyright 2014 Trend Micro Inc. 2 Android Trojan
  13. 13. Domains involved  hxxp://security-apps.net/Raiffeisen.apk  hhxxxxpp::////sseeccuurriittyy--aappppss..bbiizz//RRaaiiffffeeiisseenn..aappkk  hxxp://tc-zo.ch/security/ZKB.apk 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  14. 14. Who registered those? Oleg Makarov oleg_makarov555@yahoo.com 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  15. 15. Other domains from our friend Oleg  banking-security.net  certificate-security. com  chromeupd.pw safe-browser.biz safe-time.net security-apps.biz security-apps.net 11/10/2014 Copyright 2014 Trend Micro Inc. 2  ffupdate.pw  ieupdate.pw sfotware.pw softwareup.pw
  16. 16. openssl s_client –connect 5.39.219.212:443 | openssl x509 -text DNS:default, DNS:93.171.202.71, DNS:e-finance.postfinance.ch, DNS:banking.bekb.ch, DNS:cs.directnet.com, DNS:e-banking.gkb.ch, DNS:eb.akb.ch, DNS:ebanking-ch.ubs.com, DNS:ebanking-ch1.ubs.com, DNS:ebanking-ch2.ubs.com, DNS:ebanking.bkb.ch, DNS:inba.lukb.ch, DNS:netbanking.bcge.ch, DNS:onba.zkb.ch, DNS:tb.raiffeisendirect.ch, DNS:www.credit-suisse.com, DNS:credit-suisse.com, DNS:www.onba.ch, DNS:onba.ch, DNS:www.postfinance.ch, DNS:postfinance.ch, DNS:www.raiffeisen.ch, DNS:raiffeisen.ch, DNS:www.ubs.com, DDNNSS::uubbss..ccoomm,, DDNNSS::wwwwww..zzkkbb..cchh,, DDNNSS::zzkkbb..cchh,, DNS:wwwsec.ebanking.zugerkb.ch, DNS:banking.raiffeisen.at, DNS:online.bankaustria.at, DNS:ebanking.bawagpsk.com, DNS:netbanking.sparkasse.at, DNS:ebanking.easybank.at, DNS:banking.privatbank.at, DNS:bankaustria.at, DNS:www.bankaustria.at, DNS:raiffeisen.at, DNS:www.raiffeisen.at, DNS:privatbank.at, DNS:www.privatbank.at, DNS:sparkasse.at, DNS:www.sparkasse.at, DNS:bawagpsk.com, DNS:www.bawagpsk.com, DNS:easybank.at, DNS:www.easybank.at, DNS:*.google.com, DNS:*.android.com, DNS:*.google.de, DNS:*.google.nl, DNS:*.gstatic.com, DNS:*.youtube.com, DNS:google.com, DNS:youtube.com, DNS:facebook.com, DNS:*.facebook.com, DNS:gmx.com, DNS:gmx.de, DNS:*.gmx.com, DNS:*.gmx.de, DNS:*.gmx.ch, DNS:*.gmx.at, DNS:yahoo.com, DNS:www.yahoo.com, DNS:microsoft.com, DNS:www.microsoft.com, DNS:gmail.com, DNS:paypal.com, DNS:*.paypal.com, DNS:stats2.bekb.ch, DNS:sdc.credit-suisse.com, DNS:portal.privatbank.at, DNS:portal.raiffeisen.at, DNS:stat.swedbank.se, 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  17. 17. OObbnniilliimm rid 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  18. 18. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  19. 19. 11/10/2014 Copyright 2014 Trend Micro Inc. 2
  20. 20. TThhaannkk yyoouu!!

    Soyez le premier à commenter

    Identifiez-vous pour voir les commentaires

1

Vues

Nombre de vues

1 457

Sur Slideshare

0

À partir des intégrations

0

Nombre d'intégrations

6

Actions

Téléchargements

8

Partages

0

Commentaires

0

Mentions J'aime

0

×