Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware...
Transcript of Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware...
![Page 1: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/1.jpg)
![Page 2: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/2.jpg)
•
•
•
•
![Page 3: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/3.jpg)
![Page 4: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/4.jpg)
![Page 5: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/5.jpg)
![Page 6: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/6.jpg)
What about now?
![Page 7: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/7.jpg)
![Page 8: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/8.jpg)
Sa
mp
le #
1
![Page 9: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/9.jpg)
![Page 10: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/10.jpg)
![Page 11: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/11.jpg)
![Page 12: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/12.jpg)
![Page 13: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/13.jpg)
Sa
mp
le #
2
![Page 14: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/14.jpg)
![Page 15: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/15.jpg)
![Page 16: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/16.jpg)
But let's try something different…
![Page 17: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/17.jpg)
So what else is there?
Malware – DOS Executable:Regex: ^TV(oA|pB|pQ|qA|qQ|ro)\w+
TVoA | TVpB | TVpQ |
TVqA | TVqQ | TVro
Dark web Domains:
find({'contents': /\.onion/})
Credentials dump: Threat Intel / IOC:
• API Keys • Certificates • Malicious Scripts • Database
![Page 18: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/18.jpg)
So How do you get started?❑ Scrapers and Bots:
❑ https://github.com/Critical-Start/pastebin_scraper
❑ https://github.com/kevthehermit/PasteHunter
❑ https://twitter.com/ScumBots
❑ https://twitter.com/dumpmon - Inactive
❑ Static Analysis tools:
❑ CyberChef - https://gchq.github.io/CyberChef/
❑ PE Studio - https://www.winitor.com/
❑ CFF Explorer - https://ntcore.com/?page_id=388
❑ dotPeek - https://www.jetbrains.com/decompiler/
❑ YARA - https://virustotal.github.io/yara/
![Page 19: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/19.jpg)
https://twitter.com/n3onli8
Chandra Majumdar
CTO – ElevatedPrompt Solutions Inc
chandra-at-elevatedprompt.com
Thank You
![Page 20: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/20.jpg)
![Page 21: Digital Dumpster Diving · Pastebin a Convenient Way for Cybercriminals to Remotely Host Malware BLEEPINGCOMPUTER Home News Secwity RevengeRAT Distributed via Bitty, BlogSpot, and](https://reader035.fdocuments.in/reader035/viewer/2022062505/5e72572b41134b396b391e21/html5/thumbnails/21.jpg)