Upload File

fyodor yarochkin - first · 2017-08-08 · level=warning don't bind on any ip address without...

  • Home
  • Documents
  • Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
43

Upload: others

Post on 21-May-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 2: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

Fyodor YarochkinVladimir KropotovTrend Micro FTR

Page 3: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 4: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 5: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 6: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 7: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 8: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 9: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 10: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 11: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

const feed_directory = "/usr/local/bro/feeds";redef Intel::read_files += { feed_directory + "/tor.intel", feed_directory + “/other.intel",};

@load frameworks/intel/seen@load frameworks/intel/do_notice

/usr/local/bro/share/bro/site/local.bro

Page 12: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

Whatever you see in the news, we probably

see it too :-)

Page 13: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 14: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 15: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

possibly compromised: 202.169.170.12

Page 16: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

Most of these samples are DDoS binaries.Some are UPX packed

Carry embedded Amplification point lists. Can do HTTP Floods.

Built with C++

Page 17: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 18: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 19: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 20: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 21: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

automated sample collection!! ;-)

Page 22: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 23: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 24: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 25: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 26: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 27: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 28: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 29: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 30: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 31: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 32: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 33: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 34: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 35: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 36: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 37: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 38: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"

DNS

Page 39: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 40: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 41: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 42: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
Page 43: Fyodor Yarochkin - FIRST · 2017-08-08 · level=warning DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING level-info for I-ITTP on tcp cø.Ø.ø.ø:4243)"
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]

Fyodor Yarochkin - Dissecting unlawful Internet activities

What Engineers Don't Learn and Why They Don't Learn It

Fyodor Yarochkin, Vladimir Kropotov, TrendMicro · Fyodor Yarochkin, Vladimir Kropotov, TrendMicro FTR ... •BPC or Business logic compromises 22. ... •This causes the OpenX script

US Army ERDC Energy Program Overvie · The Installation Technology Transition Program (ITTP) is a sustaining, OMA funded, ACSIM centrally directed initiative to ... •Building-Scale

Don't Read, Don't Succeed

Messing up with Kids playground: Eradicating easy targets ...index-of.co.uk/Various/D2T2 - Fyodor Yarochkin and... · Messing up with Kids playground: Eradicating easy targets Yarochkin

Tracking surreptitious malware distribution …2012.zeronights.org/includes/docs/Yarochkin, Kropotov, Chetvertakov...Tracking surreptitious malware distribution channels Case study

CERRITOS COLLEGE ITTP · ITTP Import Technician Training Program Cerritos College Automotive Department 11110 Alondra Blvd. Norwalk, California 90650 (562) 860

LURK – The Story about Five Years of Activity - Botconf … – The Story about Five Years of Activity VLADIMIR KROPOTOV TREND MICRO FYODOR YAROCHKIN ACADEMIA SINICA AND NATIONAL

The Road that KAIST Global Commercialization Center sees SMEs, Ventures, KAIST ITTP program , and developing countries • ... • Establishment of Global Commercialization Center,

Perth - Write it? Don't... Say it? Don't. Right it? YES

ITTP at ICU

mariyaschools.com Answer Key Term 2.pdf · nauqhty children Don't run. Q Don't touch the apples. Don't pluck the flowers. e Don't eat those sweets. C Don't play with the toys. Fill

Organization of Health Care Presentation to ITTP Class January 7, 2004 John E. Billi, M.D. Professor, Internal Medicine and Medical Education Associate

Ittp closing ceremony slide show

8/8/2021 i-GRACIAS | Integrated ITTP System (IGRACIAS)

Yarochkin, kropotov, chetvertakov tracking surreptitious malware distribution channels

Don't Give Out Personal Information · 2017-09-20 · Title: Don't Give Out Personal Information Author: LoveToKnow.com Subject: Don't Give Out Personal Information Keywords: Don't

"Don't Buy Stuff" "Don't Buy Stuff". Saving Strategies

Don't Take His Eye, Don't Take His Tooth, and Don't Cast

Prochaska - Why Don't Continents Move Why Don't People Change

Don't Cry, Little Girl, Don't Cry - University of Maine

Interventional Care Unit at the Northwest Campus Health ... website.pdf · ITTP Project: Downriver Campus VoIP Project Update Student Kiosk Update Currently, the student information

Don't Underfund Your SaaS Business Don't Underfund Your SaaS

If you don't see the bottom, don't wade

malicious campaigns of year 2013 .RU landscape - … of Cybercrime: malicious campaigns of year 2013.RU landscape Fyodor Yarochkin Vladimir Kropotov Chetvertakov Vitaliy Hack.lu 2013

School direct online seminar: partnership agreements and ... · the ITTP and arrangements for assessment, quality assurance, subject knowledge training and mentoring/mentor training

Don't Give Up! Don't EVER Give Up!

Don't Know

Don't panic

PERSONIFICATION DorothyDorothy: Dorothy Don't be silly, Toto. Scarecrows don't talk

IRQ89060 ARB - International Labour Organization...Page 7 ofS (29) . (30 (10000000) (20000000) (20) ittp://nahrain.eom/dnaw/i 58 .htntl

detrytmiskeselskab.dkdetrytmiskeselskab.dk/wordpress/wp-content/uploads/Dont-Stop-Me … · Cm 44 don't don't don't don't Cm stop stop stop stop me Cm now, ing a Cm don't stop me

Hacking techniques automation Yarochkin Fyodor. Guard-Info Meder Kydyraliev O0o.nu sec. Singapore

Don't Ask Don't Tell Injunction