Forums
Main Category
General (Technical,...
CrptoLocker
 
Notifications
Clear all

CrptoLocker

 
Page 2 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 9 years ago
16 Posts
13 Users
0 Reactions
1,419 Views
RSS
 sgreene2991
(@sgreene2991)
Trusted Member
Joined: 14 years ago
Posts: 77
01/01/2016 4:11 am  

If you got infected, you should be more patient and keep the original hard drive. Maybe some other day FBI will again got those bad guys caught and seize those servers. FBI will release those encryption keys and you could get your data back.

I certainly won't be holding my breath for that, and neither should you. IF these guys are caught (slim to zero chance of that happening) they have no incentive to release your data.


   
ReplyQuote
 S3cureMe
(@s3cureme)
New Member
Joined: 10 years ago
Posts: 1
06/01/2016 12:08 pm  

Hello All.

Does anyone know the best way to analyse / discover PC > C&C traffic using only the hard drive as a source of information?

Specifically which C&C web sites the "virus" communicated to.

I presume there will be reg entries with C&C details. Where would I be able to find this information.

Thanks in advance.


   
ReplyQuote
 dacorr
(@dacorr)
Active Member
Joined: 10 years ago
Posts: 8
14/02/2016 4:32 pm  

Hello All.

Does anyone know the best way to analyse / discover PC > C&C traffic using only the hard drive as a source of information?

Specifically which C&C web sites the "virus" communicated to.

I presume there will be reg entries with C&C details. Where would I be able to find this information.

Thanks in advance.

This depends a great deal on the situation surrounding the device and the malware. Assuming malware has been confirmed on the device it depends on what type of malware and if there is just a single type as well as how long it has been there.

Also how the machine was obtained can also impact this as if the power was cut some memory resident samples may be lost.

C2C details are often stored in memory and can be harvested that way although some samples are hard coded into the malware to obtain configuration details. If you only have a HDD of a possibly infected machine you best bet would be to locate the malicious samples and construct a time line.

Once located I would conduct behavioural analysis on the malware in a suitable environment to identify the IOC details you need. I would also consider network logs and any monitoring tools if available.

Dac


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
14/02/2016 7:46 pm  

Hmmm. ?

http//www.acronymfinder.com/C%26C.html
http//www.acronymfinder.com/C2C.html

I am in doubt between
Command and Conquer Coast to Coast
and
Cash and Carry Cash to Cash

With IOC is easy
http//www.acronymfinder.com/IOC.html
it must be Indirect Operating Costs …

For NO apparent reason
http//www.forensicfocus.com/Forums/viewtopic/p=6561872/

jaclaz


   
ReplyQuote
RolfGutmann
 RolfGutmann
(@rolfgutmann)
Noble Member
Joined: 10 years ago
Posts: 1185
14/02/2016 8:10 pm  

IOC = Indicator Of Compromise


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
14/02/2016 11:16 pm  

IOC = Indicator Of Compromise

SWUBUND = Sarcasm Was Used But Unfortunately Not Detected

jaclaz


   
ReplyQuote
Page 2 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: