In this blog post, Stratosphere researcher Alya Gomaa, explains how to build, set up and deploy a TAXII Server using docker containers.
Dissecting a RAT. Analysis of the Saefko RAT.
This is the eighth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT06-Saefko [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT, HawkShaw, AhMyth and Command-line AndroRAT.
Dissecting a RAT. Analysis of the Command-line AndroRAT.
This is the seventh blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT08-command-line-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, SpyMax RAT, AhMyth RAT and HawkShaw RAT.
Dissecting a RAT. Analysis of the HawkShaw.
This is the sixth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT03-HawkShaw [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, SpyMax RAT, AndroRAT RAT and AhMyth RAT.
Dissecting a RAT. Analysis of the AhMyth.
This is the fifth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT07-AhMyth [download here]. The previous blogs analyzed Android Tester RAT, DroidJak RAT, AndroRAT RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the AndroRAT.
This is the fourth blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT05-AndroRAT [download here]. The previous blogs analyzed Android Tester RAT, DroidJack RAT, and SpyMax RAT.
Dissecting a RAT. Analysis of the SpyMAX.
This is the third blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT04-SpyMAX [download here].
Dissecting a RAT. Analysis of DroidJack v4.4 RAT network traffic.
This is the second blog of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset, a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide the analysis of the network traffic of the RAT02-DroidJack v4.4.
The Attacking Active Directory Game - Can you outsmart the Machine Learning model? Help us by playing the evasion game!
The “Attacking Active Directory Game” is part of a project where our researcher Ondrej Lukas developed a way to create fake Active Directory (AD) users as honey-tokens to detect attacks. His machine learning model was trained in real AD structures and can create a complete new fake user that is strategically placed in the structure of a company.
Stratosphere Datasets Update: Quickly Browse and Search!
We share with everyone the need for an easier way of searching through these datasets to find the appropriate data needed for specific research. As a small step in this direction, we are introducing a new dataset index: https://mcfp.felk.cvut.cz/publicDatasets/datasets.html .
Dissecting a RAT. Android Tester Trojan Analysis and Decoding.
This is the first blog post of a series analyzing the network traffic of Android RATs from our Android Mischief Dataset [more information here], a dataset of network traffic from Android phones infected with Remote Access Trojans (RAT). In this blog post we provide an analysis of the network traffic of the RAT01-Android Tester v6.4.6 [download here].
Deep Dive into an Obfuscation-as-a-Service for Android Malware
While confined in our homes studying the interactions of individuals involved in the spread of the Android banking Trojan botnet (known as Geost), we encountered a unique opportunity: investigate an automated obfuscation-as-a-service platform for Android malware authors.
Indeed, in a leaked chat log that involved Geost botnet operators, two individuals talked about an obfuscation service used to “protect” their malicious Android Applications (APKs) from being detected by antivirus engines. We visited the website related to the “protection” service (protection from antivirus engines -so basically obfuscation), which raised a lot of questions: How does this obfuscation service work? Is it automated? Does it really obfuscate applications well enough to avoid malicious applications being detected? How well is the service known in the underground community?
Android Mischief Dataset
In this blog, we introduce our new dataset called the Android Mischief Dataset for the benefit of the security research community. It contains the network traffic from mobile devices infected with Android Remote Access Trojans. This blog describes the structure and the content of our dataset, its creation methodology, and links to download it.
Installing and Running Slips in Docker
The Stratosphere Linux IPs, for short Slips, is a free software intrusion prevention system that uses machine learning. Slips allows analysts to quickly sift through large network captures as well as real live traffic, highlighting what is important to analyze. The analysis we do as part of the Emergency VPN service at Civilsphere relies heavily on Slips.
White Paper: Current State of IPv6 Security in IoT
This white paper explores what is the current state of IPv6 security in IoT, what is the global growth of IPv6 and how does this growth look like in a real network. If IPv6 is already being used, are attackers already attacking using this protocol? Is there already malware capable of attacking on IPv6? Read through as we aim to answer these questions.
A visual display of /etc/passwd and/etc/shadow
Data Exfiltration via IPv6
Within the Aposemat Team, we’ve been working on testing the capabilities of IPv6 and how malware could take advantage of it. One of the topics we explored was exfiltration of data via the IPv6 protocol. In this blog post we will share our study into this topic.
Installing T-Pot Honeypot Framework in the Cloud
In this short blog we will describe how to install the T-Pot honeypot framework [1] in a cloud server instance. In this occasion, we chose the cloud provider Digital Ocean [2], which offers a variety of cloud instances or droplets in eight different regions. This blog is divided in three parts: (i) how to create a new Digital Ocean instance, (ii) how to install T-Pot on it, and (iii) a walkthrough to some of the pre-built Kibana T-Pot dashboards.
What is Post-Modern Computational Propaganda?
This blog is the first in a series of blogs about computational propaganda. Post-Modern Computational Propaganda is the new targeted propaganda. Although we know that propaganda exist, it is not clear what it is. In this blog post we examine definitions of propaganda and we explore how to have an operational definition that may help us have a better detection.
