Daniel Plohmann daniel.plohmann@fkie.fraunhofer.de @push_pnx @malpedia
e4kWdgu
e4kWdgu
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The Malware Knowledge Archipelago<br />
How I feel about the malware research community<br />
• Malware „knowledge“ is heavily based on personal<br />
experience but also fragmented in the community<br />
• Information frequency is potentially too high to<br />
comfortably keep up<br />
• The outlined i<strong>de</strong>ntification journey might have been shortened by e.g.<br />
• Being familiar with its various names: Trickster == TrickLoa<strong>de</strong>r == TrickBot<br />
• Knowing u„BotLoa<strong>de</strong>r“ is a stable string and also unique string for this malware family<br />
• Knowing u“Xmaker“ replaced u„BotLoa<strong>de</strong>r“ as user agent in the most recent version<br />
[1] https://grethascholtz.wordpress.com/2011/12/19/life-in-the-finnish-archipelago/<br />
14<br />
© Cyber Analysis and Defense Department, Fraunhofer FKIE