Skip to main content
SpringerLink
Log in

Approach of an Active Defense Protocol to Deal with RAT Malware

A Colombian Case Study Against njRAT Campaigns

  • Conference paper
  • First Online:
Applied Computer Sciences in Engineering (WEA 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 915))

Included in the following conference series:

Abstract

Organizations have become infrastructure and information dependent, and any problem that affects those assets can compromise the organization’s operations. Incident handling and malware research requires new strategies focusing on cyber defense in a way that allows researchers, incident responders and authorities to react preventively to mitigate high damaging attacks. The results of this research are a guideline of an active defense protocol to contain Remote Access Trojan (RAT) malware attacks, identifying proactively weaknesses on generic, open source or leaked code used for Trojan infection campaigns, and thus developing an effective response protocol to contain and stop the threat with a limited resource investment. This protocol does not replace traditional national protocols required by local authorities to report cyber security incidents; however, some mechanisms to deactivate Command and Control (C2) servers, can reduce effectiveness of operations based on malware related threats faced in Colombian and other countries around the globe.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.hybrid-analysis.com/.

  2. 2.

    https://app.any.run/.

  3. 3.

    https://live.sysinternals.com/.

  4. 4.

    https://www.wireshark.org/.

  5. 5.

    https://github.com/csieteco/njRatActiveDefense.

References

  1. Monsalve-Pulido, J.A., Aponte-Novoa, F.A., Chaves-Tamayo, D.F.: Estudio y gestión de vulnerabilidades informáticas para una empresa privada en el departamento de Boyacá (Colombia). Fac. Ing. 23(37), 65–72 (2014)

    Article  Google Scholar 

  2. Organización de Estados Americanos: MINTIC y BID, Impacto de los Incidentes de seguridad digital en Colombia (2017). https://publications.iadb.org/bitstream/handle/11319/8552/Impacto_de_los_incidentes_de_seguridad_digital.pdf

  3. Correa, C.A.P., Díaz, H.P.: Las amenazas informáticas: peligro latente para las organizaciones actuales. Rev. GTI 6(16), 85–97 (2007)

    Google Scholar 

  4. Kaspersky: 33 ataques por segundo: Kaspersky Lab registra un aumento de 59% en ataques de malware en América Latina, 12 Septiembre 2017. https://latam.kaspersky.com/blog/33-ataques-por-segundo-kaspersky-lab-registra-un-aumento-de-59-en-ataques-de-malware-en-america-latina/11265/

  5. Vidal Londoño, J.H.: Una nueva experiencia en seguridad hacking ético, Bachelor’s thesis, Universidad Militar Nueva Granada (2017)

    Google Scholar 

  6. Bettany, A., Halsey, M.: What is malware? In: Bettany, A., Halsey, M. (eds.) Windows Virus and Malware Troubleshooting, pp. 1–8. Apress, Berkeley, CA (2017). https://doi.org/10.1007/978-1-4842-2607-0_1

    Chapter  Google Scholar 

  7. Amenazas del cibercrimen en Colombia 2016–2017. Centro cibernético Policial. Policía Nacional de Colombia. https://caivirtual.policia.gov.co/sites/default/files/informe_amenazas_de_cibercrimen_en_colombia_2016_-_2017.pdf

  8. NjRAT Source Code. https://github.com/AliBawazeEer/RAT-NjRat-0.7d-modded-source-code. Accessed 16 July 2018

  9. Mattica, Colombia. https://mattica.com/colombia-los-seis-pasos-a-seguir-cuando-es-victima-de-un-delito-informatico/. Accessed 16 July 2018

  10. John, S.: Offensive Countermeasures – The Art of Active Defense. 2nd edn (2017)

    Google Scholar 

  11. Center for Cyber and Homeland Security (CCHS) George Washington University: Ìnto the Gray Zone, The Private Sector and Active Defense Against Cyber Threats, October 2016. https://cchs.gwu.edu/sites/g/files/zaxdzs2371/f/downloads/CCHS-ActiveDefenseReportFINAL.pdf

  12. Díaz, F.: Hispasec Una al día, Continuos ataques a usuarios colombianos por XtremeRAT. https://unaaldia.hispasec.com/2017/05/continuos-ataques-usuarios-colombianos.html

  13. Valeros, V.: The 300 most well known RATs of the last 30 years, March 2018. https://www.veronicavaleros.com/blog/2018/3/12/a-study-of-rats-third-timeline-iteration

  14. Suignard, M.: Unicode Technical report #36, Unicode Security Considerations, 19 September 2014. http://unicode.org/reports/tr36/#Bidirectional_Text_Spoofing

Download references

Author information

Authors and Affiliations

  1. CSIETE - Corporación para la Investigación en Seguridad de la Información en Tecnologías Emergentes, Medellín, Colombia

    Fernando Quintero, Eduardo Chavarro, Giovanni Cruz & Carlos Fernández

Authors
  1. Fernando Quintero
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduardo Chavarro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giovanni Cruz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Carlos Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Fernando Quintero , Eduardo Chavarro , Giovanni Cruz or Carlos Fernández .

Editor information

Editors and Affiliations

  1. Department of Industrial Engineering, Universidad Distrital Francisco José de Caldas, Bogotá, Colombia

    Juan Carlos Figueroa-García

  2. Industrial Engineering Department, Univ. Distrital Francisco José de Caldas, Bogotá, Colombia

    Eduyn Ramiro López-Santana

  3. Department of Industrial Engineering, Universidad Distrital Francisco José de Caldas, Bogotá, Colombia

    José Ignacio Rodriguez-Molano

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Quintero, F., Chavarro, E., Cruz, G., Fernández, C. (2018). Approach of an Active Defense Protocol to Deal with RAT Malware. In: Figueroa-García, J., López-Santana, E., Rodriguez-Molano, J. (eds) Applied Computer Sciences in Engineering. WEA 2018. Communications in Computer and Information Science, vol 915. Springer, Cham. https://doi.org/10.1007/978-3-030-00350-0_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00350-0_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00349-4

  • Online ISBN: 978-3-030-00350-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation