Botconf 2017 has ended
Back To Schedule
Friday, December 8 • 11:10 - 11:50
Nyetya Malware & MeDoc Connection

Log in to save this to your schedule, view media, leave feedback and see who's attending!

The 27th of June 2017, a new wormable malware variant has surfaced. Talos is identifying this new malware variant as Nyetya. The sample leverages EternalBlue, EternalRomance, WMI, and PsExec for lateral movement inside an affected network. The presentation will be divided in two parts:

the first part will describe Nyetya: how it works, the integrated exploits, Doublepulsar modifications, the “encryption” of the infected systems… This part will be focused on the analysis of the malware (reverse engineering)
the second part will describe the incident response performed by Cisco Advanced Services Incident Response in Ukraine focused on M.E.Doc software. This part will contains the techniques used by the attackers to massively compromised M.E.Doc users. A timeline will be exposed and detailed

avatar for David Maynor

David Maynor

Cisco Talos

Paul Rascagnères

Security Researcher, CISCO Talos
Paul is a security researcher within Talos, Cisco’s threat intelligence and research organization. As a researcher, he performs investigations to identify new threats and presents his findings as publications and at international security conferences throughout the world. He has... Read More →

Friday December 8, 2017 11:10 - 11:50 CET