for DFRWS 2024-APAC

• A Study on the Defense Techniques of Offensive Perspective Exploiting the Characteristics of RAT Malware

Author

• Se-Yeong Lee
• Dong-Hyeon Kim
  
  

Case : not Applied Defensive Technique to RAT

• Target : Nanocore 1.2.2.0
  
• Bypass : Possible
  
• PoC Video : https://youtu.be/z-mWmdS81yE
  
  
  

Case : Apply Defensive Technique to RAT

• Case : Defensive technology using values that change per connect to client

  • Target : BitRat 1.39
    
  • Bypass : Possible
    
  • PoC Video : https://youtu.be/c_7rxPIEUc0
    
    
    

• Case : Defensive techniques that use values that change per command

  • Target : Async 0.5.7B, DcRAT 1.0.7
    
  • Bypass : Conditionally Possible
    
  • PoC Video : https://youtu.be/89KkOmI3q9s
    
    
    

• Case : Defensive technology using static path for file download from client

  • Target : Quasar 1.4.0
    
  • Bypass : Impossible