Unveiling the Attack Chain of Russian-Speaking Cybercriminals

Delve into a comprehensive analysis of the Asprox cybercriminal group's attack chain in this 39-minute Hack.lu 2016 presentation by Wayne Huang and Sun Huang. Explore the evolution of the Asprox gang's sophisticated infection infrastructure since 2007, including their vast network of compromised assets, multi-layered distribution and command-and-control servers, and advanced malware obfuscation techniques. Gain insights into their methods for infecting endpoints, compromising websites at scale, and expansion into Android malware. Examine statistics on daily downloads, conversion rates, and monetization strategies within underground economies. Learn about the presenters' data collection and analysis methodologies, as well as tracking techniques used to study this threat actor. The talk covers topics such as spam campaigns, mass-scale getshell methodology, PHP redirector code, the Asprox TDS, Android C&C server panels, and stolen data statistics, providing a rare and in-depth look at the operations of Russian-speaking cybercriminals.

Intro
Asprox Campaign Overview
Attack chain analysis
Sending out spam
Spamming methods
Underground marketplace
Mass-scale getshell methodology
PHP redirector code
The Asprox TDS
Bash Nginx installation script
Decoy IP in Nginx installation script
Advertising service C2 server
Asprox Android C&C server panel
Android C2 servers
Data stolen (during 4 months)
Android bot rental service panel
Click statistics
Clicks geodistribution
Conclusion