Aposemat Project

Update april 2019

MALWARE EXEC. RESEARCH & DETECTION IN NET

1,3 years update

Team

Maria Jose Erquiaga

Simona Musilova

Yury Kasimov

Anna Shirokova

Sebastian Garcia

Thomas O'hara

ongoing research lines

• simona

  • telnet profiler & attack detector

  • analysis of attacks on devices

  • analysis of camera edimax firmware/traffic

• yury

  • separate webbots/humans.

• Anna

  • ssh encrypted login detection

  • mqtt from our honeypots to avast

  • geost botnet analysis

  • RESEARCH ON THE UNDERGROUND OF IOT BLACKMARKEt

• ​MARIA

  • IOT MALWARE INFECTION

  • IOT MALWARE ANALYSIS

  • GEOST BOTNET ANALYSIS​

• THOMAS

  • honeypots admin

  • SMTP ATTACKS ANALYSIS

  • RESEARCH ON THE UNDERGROUND OF IOT BLACKMARKET

• ​all

  • network class ​

iot underground. new

• use our external iot honeypots

• use real telnet/ssh servers so attacks are real

• profile attackers

• go to underground forums

• analyze the blackmarket of iot

  • how is attacking/selling/buying

  • structure of business

• 7 IOT rpi DEVICES, ~11 iot devices honeypots

  • 65 MALWARE FAMILIES executed

  • ~820 PCAP CAPTURES

• 11 IoT Honeypots (3 CAMERAS/ALEXA/PHILIPS HUE /Router /odroid/synology nas/mips router/avast router)

  • ~450 captures

so far ~550 GB IN 15 MONTHS

Summary

• EXTERNAL HONEYPOTS (CTU/AMAZON/ETC.)