More Related Content
Similar to Operation emmental appsec
Similar to Operation emmental appsec (20)
More from Cyber Security Alliance
More from Cyber Security Alliance (20)
Operation emmental appsec
- 4. The Way In…
11/10/2014 Copyright 2014 Trend Micro Inc.
2
- 12. Attacker’s Infrastructure
DNS servers
C&C servers Windows Trojan
Hosting servers
SMS receiver
11/10/2014 Copyright 2014 Trend Micro Inc.
2
Android Trojan
- 13. Domains involved
hxxp://security-apps.net/Raiffeisen.apk
hhxxxxpp::////sseeccuurriittyy--aappppss..bbiizz//RRaaiiffffeeiisseenn..aappkk
hxxp://tc-zo.ch/security/ZKB.apk
11/10/2014 Copyright 2014 Trend Micro Inc.
2
- 14. Who registered those?
Oleg Makarov
oleg_makarov555@yahoo.com
11/10/2014 Copyright 2014 Trend Micro Inc.
2
- 15. Other domains from our friend Oleg
banking-security.net
certificate-security.
com
chromeupd.pw
safe-browser.biz
safe-time.net
security-apps.biz
security-apps.net
11/10/2014 Copyright 2014 Trend Micro Inc.
2
ffupdate.pw
ieupdate.pw
sfotware.pw
softwareup.pw
- 16. openssl s_client –connect
5.39.219.212:443 | openssl x509 -text
DNS:default, DNS:93.171.202.71, DNS:e-finance.postfinance.ch, DNS:banking.bekb.ch,
DNS:cs.directnet.com, DNS:e-banking.gkb.ch, DNS:eb.akb.ch, DNS:ebanking-ch.ubs.com,
DNS:ebanking-ch1.ubs.com, DNS:ebanking-ch2.ubs.com, DNS:ebanking.bkb.ch,
DNS:inba.lukb.ch, DNS:netbanking.bcge.ch, DNS:onba.zkb.ch, DNS:tb.raiffeisendirect.ch,
DNS:www.credit-suisse.com, DNS:credit-suisse.com, DNS:www.onba.ch, DNS:onba.ch,
DNS:www.postfinance.ch, DNS:postfinance.ch, DNS:www.raiffeisen.ch,
DNS:raiffeisen.ch, DNS:www.ubs.com, DDNNSS::uubbss..ccoomm,, DDNNSS::wwwwww..zzkkbb..cchh,, DDNNSS::zzkkbb..cchh,,
DNS:wwwsec.ebanking.zugerkb.ch, DNS:banking.raiffeisen.at,
DNS:online.bankaustria.at, DNS:ebanking.bawagpsk.com, DNS:netbanking.sparkasse.at,
DNS:ebanking.easybank.at, DNS:banking.privatbank.at, DNS:bankaustria.at,
DNS:www.bankaustria.at, DNS:raiffeisen.at, DNS:www.raiffeisen.at, DNS:privatbank.at,
DNS:www.privatbank.at, DNS:sparkasse.at, DNS:www.sparkasse.at, DNS:bawagpsk.com,
DNS:www.bawagpsk.com, DNS:easybank.at, DNS:www.easybank.at, DNS:*.google.com,
DNS:*.android.com, DNS:*.google.de, DNS:*.google.nl, DNS:*.gstatic.com,
DNS:*.youtube.com, DNS:google.com, DNS:youtube.com, DNS:facebook.com,
DNS:*.facebook.com, DNS:gmx.com, DNS:gmx.de, DNS:*.gmx.com, DNS:*.gmx.de,
DNS:*.gmx.ch, DNS:*.gmx.at, DNS:yahoo.com, DNS:www.yahoo.com,
DNS:microsoft.com, DNS:www.microsoft.com, DNS:gmail.com, DNS:paypal.com,
DNS:*.paypal.com, DNS:stats2.bekb.ch, DNS:sdc.credit-suisse.com,
DNS:portal.privatbank.at, DNS:portal.raiffeisen.at, DNS:stat.swedbank.se,
11/10/2014 Copyright 2014 Trend Micro Inc.
2