Chats, Cheats and Cracks - Abuse of Collaboration Platforms in Malware Campaigns

Explore a conference talk from OISF 2021 examining the exploitation of collaboration platforms like Discord and Slack in malware campaigns. Delve into the methods used for malware distribution, delivery, and command and control through these platforms. Learn about specific malware campaigns, including email examples, component retrieval, and persistence techniques. Investigate the use of webhooks, access tokens, and other platform-specific features for malicious purposes. Gain insights into business protections and Cisco Talos' findings on these threats. Conclude with audience questions and a discussion on CPEC use in this context.

Introduction
Presentation Overview
Background
Discord and Slack
Malware Distribution
Malware Delivery
Slack File Access
VirusTotal
Volume Increase
Malware Fan Campaigns
Email Example
Email Source Code
Component Retrieval
Stage Retrieval
Persistence
Async Rap
PDF
Discord CD
Command and Control
Webhooks
Discord Webhook
Slack Webhook
Initial Beacon
Portmap
Discord Send Webhook
Command Output
Ransomware
Access Tokens
Main Crack
Growtopia
Slack Cookies
Slack Pirate
Business Protections
Cisco Talos
Audience Questions
CPEC Use