| Paper Abstract and Keywords |
| Presentation |
2021-03-02 10:25
Proof of concept of sandbox evasion attack using email address stored in target machine Yuta Inoue, Rui Tanabe (YNU), Takahiro Kasama, Daisuke Inoue (NICT), Katsunari Yoshioka, Tsutomu Matsumoto (YNU) ICSS2020-57 |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
In recent years, malware sandbox appliances that dynamically analyze target files are becoming popular. However, malware that reveal malicious activities only on the target machine are emerging. Previous studies have shown attacks that evade sandbox analysis by first implanting identifiers into the target machine and later sending malware that works only in environments where identifiers exists. In this study, we envision a new threat where attackers abuse Email address stored in the target machine.
We demonstrate that 13 famous desktop applications store Email address in 17 different configuration and/or log file.
We further test dummy samples that search for Email address with commercial sandbox appliances and explain that sandbox evasion is successful. Therefore, we informed security vendors with details of the attack scenario, in order to protect against potential adversaries in the future. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
Security Appliance / Sandbox Evasion / Advanced Persistent Threat / / / / / |
| Reference Info. |
IEICE Tech. Rep., vol. 120, no. 384, ICSS2020-57, pp. 184-189, March 2021. |
| Paper # |
ICSS2020-57 |
| Date of Issue |
2021-02-22 (ICSS) |
| ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
| Download PDF |
ICSS2020-57 |
| Conference Information |
| Committee |
ICSS IPSJ-SPT |
| Conference Date |
2021-03-01 - 2021-03-02 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Online |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
Security, Trust, etc. |
| Paper Information |
| Registration To |
ICSS |
| Conference Code |
2021-03-ICSS-SPT |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Proof of concept of sandbox evasion attack using email address stored in target machine |
| Sub Title (in English) |
|
| Keyword(1) |
Security Appliance |
| Keyword(2) |
Sandbox Evasion |
| Keyword(3) |
Advanced Persistent Threat |
| Keyword(4) |
|
| Keyword(5) |
|
| Keyword(6) |
|
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Yuta Inoue |
| 1st Author's Affiliation |
Yokohama National University (YNU) |
| 2nd Author's Name |
Rui Tanabe |
| 2nd Author's Affiliation |
Yokohama National University (YNU) |
| 3rd Author's Name |
Takahiro Kasama |
| 3rd Author's Affiliation |
National Institute of Information and Communications Technology (NICT) |
| 4th Author's Name |
Daisuke Inoue |
| 4th Author's Affiliation |
National Institute of Information and Communications Technology (NICT) |
| 5th Author's Name |
Katsunari Yoshioka |
| 5th Author's Affiliation |
Yokohama National University (YNU) |
| 6th Author's Name |
Tsutomu Matsumoto |
| 6th Author's Affiliation |
Yokohama National University (YNU) |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| 21st Author's Name |
|
| 21st Author's Affiliation |
() |
| 22nd Author's Name |
|
| 22nd Author's Affiliation |
() |
| 23rd Author's Name |
|
| 23rd Author's Affiliation |
() |
| 24th Author's Name |
|
| 24th Author's Affiliation |
() |
| 25th Author's Name |
|
| 25th Author's Affiliation |
() |
| 26th Author's Name |
/ / |
| 26th Author's Affiliation |
()
() |
| 27th Author's Name |
/ / |
| 27th Author's Affiliation |
()
() |
| 28th Author's Name |
/ / |
| 28th Author's Affiliation |
()
() |
| 29th Author's Name |
/ / |
| 29th Author's Affiliation |
()
() |
| 30th Author's Name |
/ / |
| 30th Author's Affiliation |
()
() |
| 31st Author's Name |
/ / |
| 31st Author's Affiliation |
()
() |
| 32nd Author's Name |
/ / |
| 32nd Author's Affiliation |
()
() |
| 33rd Author's Name |
/ / |
| 33rd Author's Affiliation |
()
() |
| 34th Author's Name |
/ / |
| 34th Author's Affiliation |
()
() |
| 35th Author's Name |
/ / |
| 35th Author's Affiliation |
()
() |
| 36th Author's Name |
/ / |
| 36th Author's Affiliation |
()
() |
| Speaker |
Author-1 |
| Date Time |
2021-03-02 10:25:00 |
| Presentation Time |
25 minutes |
| Registration for |
ICSS |
| Paper # |
ICSS2020-57 |
| Volume (vol) |
vol.120 |
| Number (no) |
no.384 |
| Page |
pp.184-189 |
| #Pages |
6 |
| Date of Issue |
2021-02-22 (ICSS) |