Name: Nyetya Malware & MeDoc Connection
Start: 2017-12-08T11:10:00+0100
End: 2017-12-08T11:50:00+0100

Back To Schedule

Nyetya Malware & MeDoc Connection

The 27th of June 2017, a new wormable malware variant has surfaced. Talos is identifying this new malware variant as Nyetya. The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. The presentation will be divided in two parts:

the first part will describe Nyetya: how it works, the integrated exploits, Doublepulsar modifications, the “encryption” of the infected systems… This part will be focused on the analysis of the malware (reverse engineering)
the second part will describe the incident response performed by Cisco Advanced Services Incident Response in Ukraine focused on M.E.Doc software. This part will contains the techniques used by the attackers to massively compromised M.E.Doc users. A timeline will be exposed and detailed

Speakers

David Maynor

Cisco Talos

Paul Rascagnères

Security Researcher, CISCO Talos

Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has... Read More →

Friday December 8, 2017 11:10 - 11:50 CET
Corum

Presentation

Topic Botnet artefacts / traces / detection, Malware distribution (botnet related), Reverse engineering of malware (botnet related)

Botconf 2017

Log in to save this to your schedule, view media, leave feedback and see who's attending!

David Maynor

Paul Rascagnères