Threat Hunting of CrimsonRAT from APT36/Transparent Tribe group
As part of my research among new malware and widespread active vulnerabilities it was interesting to work on actives of Crimson RAT which was active and prominent in some countries in Asian region.
This trojan was actively used by APT36 (aka Transparent Tribe) among some other tools. The malware/group was targeting various government entities as well as high profile educational institutes like IITs, that made it more interesting to conduct a deep dive in this RAT.
This presentation will cover various aspects about CrimsonRAT Malware Analysis & Threat Hunting.
- Types of issues faced during the Reverse Engineering of the malware.
- Points like basic analysis, issues with sandbox executions, sandbox evasion capabilities, persistence methods.
- Type of payloads and different secondary payloads analysis, behavioural indicators, threat hunting process,
- How threat hunting queries are created,
- How threat hunting output is further used and prevention against the malware.
Amey Gat
- Currently working as a Threat Researcher by Day 😉 Working from 17+ years in industry, previously worked as Threat Intelligence Researcher, Information Security consultant, Developer of Firewall/IDS/IPS devices.
- Worked in various aspects of Threat Intelligence like Darknet coverage, OSINT, Building & deploying Honeypots, Automation of Darknet data collection,
- Moderator and Core Team member of hackers group www.Garage4Hackers.com , one of the leet hacker groups of India.
- Python programmer, official programmer in the past and Now for automation and fun and the love of python.
- Lock picking enthusiastic, done lock picking workshop at Garage4Hackers meet. Also conducted the first Lock picking workshop in India at NullCon 2015.
- Hardware and Electronics enthusiastic, works with AVR and other embedded devices as a hobby. Created first ever hardware badge of Nullcon conference in 2014.