Overview
This course aims to unveil the attack chain of Russian-speaking cybercriminals known as the Asprox actor. By delving into their operations and malware distribution methods, participants will learn about the evolution of the Asprox gang's infection infrastructure, including their sophisticated tools and techniques. The course covers topics such as spamming methods, PHP redirector code, Android malware, and monetization strategies within underground economies. The teaching method involves in-depth analysis, statistics, and real-world examples to provide insights into tracking and understanding this cybercriminal group. This course is intended for individuals interested in cybersecurity, threat intelligence, malware analysis, and cybercrime research.
Syllabus
Intro
Asprox Campaign Overview
Attack chain analysis
Sending out spam
Spamming methods
Underground marketplace
Mass-scale getshell methodology
PHP redirector code
The Asprox TDS
Bash Nginx installation script
Decoy IP in Nginx installation script
Advertising service C2 server
Asprox Android C&C server panel
Android C2 servers
Data stolen (during 4 months)
Android bot rental service panel
Click statistics
Clicks geodistribution
Conclusion
Taught by
Cooper