Rustam Mirkasymov
Last known affiliation: Group-IB
Bio: Rustam Mirkasymov has been working with Group-IB for the last seven years and now is leading Cyber Threat Research in the company’s European HQ. Having background in software development he started as junior malware analyst, then got more experience in incident response, threat hunting and threat intelligence. Over some time Rustam has built his own team and published a number of reports on APTs as author or co-author (including Lazarus, Silence, Cobalt, RedCurl). He is a frequent speaker at cybersecurity conferences, and is involved in threat intel sharing groups, globally.
Rustam Mirkasymov 🗣 | Semyon Rogachev 🗣
Abstract (click to view)
This talk is about how we found the flaw in C&C calculation algorithm in RTM botnet. And used that logical weakness to sinkhole the botnet. This gave us as a result a list of compromised machines and an ability to shutdown disrupt the whole botnet.
Rustam Mirkasymov 🗣
Abstract (click to view)
During my researches at Group-IB on hacking groups activity I noticed that some trojan families use templates in communication processes and infrastructure used in attacks. The idea is to identify such templates and use them to predict attacks on the initial stage when Threat Actors set up their infrastructure. The following information should be processed to do such things:
- Opened ports
- Available services on ports (fingerprints)
- Answers on opened ports
- SSL certificates on opened ports
Using this information you can predict attacks on preparation stage (sometimes before the attack conducted). This type of intelligence more useful than intel collected after the attack happened.
