VB2019 preview: Problem child: common patterns in malicious parent-child relationships

Posted by   Martijn Grooten on   Sep 2, 2019

Living-off-the-land binaries, often referred to as LOLbins, are legitimate (Windows) binaries used for malicious purposes. Their use has increased in malware campaigns in recent years and serves as a reminder that a defensive approach focused purely on detecting malicious binaries is outdated.

Thus rather than focus on the binaries itself, it is important to study the parent-child process that leads to a binary being executed to determine whether its use is likely malicious.

This is the premise of a paper to be presented at VB2019 by Endgame researcher Bobby Filar, who will discuss Problem Child, a graph-based framework designed to address these issues. In his research he also used the framework against activities by two known APT actors: OceanLotus and APT3.

With VB2019 just one month away, it is time to book your ticket for the most international threat intelligence event of the year!

vb2019-register-now-2.jpg

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New Emotet spam campaign continues to bypass email security products

On Monday, the infamous Emotet malware resumed its spam campaign to spread the latest version of the malware. As before, the malware successfully bypasses many email security products.

Book review: Cyberdanger: Understanding and Guarding Against Cybercrime

Security researcher Paul Baccas reviews Eddy Willems' book 'Cyberdanger'.

Programme for VB2019 Threat Intelligence Practitioners' Summit announced

In the mini-summit, which forms part of VB2019 (the 29th Virus Bulletin International Conference), eight sessions will focus on all aspects of threat intelligence collecting, using and sharing.

Guest blog: TotalAV uncovers the world’s first ransomware

In a guest blog post by VB2019 Silver partner TotalAV, Matthew Curd, the software’s Technical Expert, considers the changes in the cybersecurity landscape.

Guest blog: Targeted attacks with public tools

Over the last few years SE Labs has tested more than 50 different security products against over 5,000 targeted attacks. In this guest blog post Stefan Dumitrascu, Chief Technical Officer at SE Labs, looks at the different attack tools available, how…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.