Barncat - Using MISP for Bulk Surveillance of Malware

Learn about using MISP (Malware Information Sharing Platform) for bulk surveillance of malware in this conference talk from the MISP Summit 2017. Explore the benefits of malware config ripping as an alternative to resource-intensive dynamic analysis. Discover the tools needed to get started and understand the potential applications of malware configurations, including sinkholing for victim notification. Examine sample data from DarkComet malware and analyze example configurations to gain deeper insights. Follow along as the speaker demonstrates how to dig deeper into malware campaigns and access the Barncat platform for enhanced threat intelligence. Gain valuable knowledge on leveraging MISP for more effective malware analysis and threat detection.

Barncat: Using MISP for Bulk Surveillance of Malware
Introduction • Manager of Threat Systems with Fidelis Cybersecurity
Malware Config Ripping - Dynamic analysis is good, but bin may not run correctly and is resource intensive
Your Starter Kit
What can you do with malware configs? • Sinkholing for victim notification is a possibility
Sample DarkComet Data
Example Config
What can you do with this?
Digging deeper
Dark Comet Campaign
Barncat Access