追捕认证冒名顶替者.pdf

《追捕认证冒名顶替者.pdf》由会员分享，可在线阅读，更多相关《追捕认证冒名顶替者.pdf（42页珍藏版）》请在三个皮匠报告上搜索。

1、#SECTORCA SecTorCAHunting Certified ImpostersSpence Hutchinson,eSentire#SECTORCA SecTorCAWHOAMISpence HutchinsonStaff Researcher,Threat Intelligence eSentirehttps:/ SecTorCAIMPORTANT DISCLAIMERThis presentation will mention organizations whose identity has been impersonated by threat actors.Unless s

2、tated otherwise,these organizations are not complicit in any malicious activity outlined in this presentation.#SECTORCA SecTorCAThe revocation of 6 certificates forces us to take a break for 3-5 days!We will,of course,make up for the time lost!We apologize for any inconvenience caused!FakeBat Telegr

3、am,April 2024MotivationsMy goal is to increase awareness and encourage reporting.#SECTORCA SecTorCAIncident Trends:Signed App Installer Packages MSI,MSIX,APPX,Inno Setup Distributed through Search Ads,Cracked Software Signed with valid certificate Availability of Malware-as-A-Service&Certificate ven

4、dors pushes capabilities down#SECTORCA SecTorCAMaaS Projects Mentioning Signed InstallersProjectLinked PersonaFirst KnownCostMantichoraDarkBLUPAugust 2024$500 p/mDoplhinD3MONMay 2024$5,000 p/mAmadeyInCreaseFebruary 2024$600 One TimeDefckLoaderNull14January 2024$1,400 p/wDanaBotJimmBeeJuly 2023$4,000

5、 p/mDarkGateRastaFarEyeJune 2023$15,000 p/mFakeBatEugenFestDecember 2022$5,000 p/mMatanbuchusBelialDemonFebruary 2021$10,000 p/mExploit ForumXSS Forum#SECTORCA SecTorCADolphin Malware-as-a-Service#SECTORCA SecTorCAFakeBat Signed App InstallerMarch 2023 Lumma/StealC InstallerOctober 2024 Signed App I

6、nstaller Packages#SECTORCA SecTorCADownload Cradle Used by RobotDropper,September 2024MD5:f8367598fb8f2ea6a161a9005fafe959Recipe for Success:Recipe for Success:Signed Packaged+Benign Resident Code+EncryptionSigned Installers 101#SECTORCA SecTorCAAvailability of Code Signing CertsSimple to Build and