| Presentation | 2021-03-02 Proof of concept of sandbox evasion attack using email address stored in target machine Yuta Inoue, Rui Tanabe, Takahiro Kasama, Daisuke Inoue, Katsunari Yoshioka, Tsutomu Matsumoto, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In recent years, malware sandbox appliances that dynamically analyze target files are becoming popular. However, malware that reveal malicious activities only on the target machine are emerging. Previous studies have shown attacks that evade sandbox analysis by first implanting identifiers into the target machine and later sending malware that works only in environments where identifiers exists. In this study, we envision a new threat where attackers abuse Email address stored in the target machine. We demonstrate that 13 famous desktop applications store Email address in 17 different configuration and/or log file. We further test dummy samples that search for Email address with commercial sandbox appliances and explain that sandbox evasion is successful. Therefore, we informed security vendors with details of the attack scenario, in order to protect against potential adversaries in the future. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Security Appliance / Sandbox Evasion / Advanced Persistent Threat |
| Paper # | ICSS2020-57 |
| Date of Issue | 2021-02-22 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2021/3/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Proof of concept of sandbox evasion attack using email address stored in target machine |
| Sub Title (in English) | |
| Keyword(1) | Security Appliance |
| Keyword(2) | Sandbox Evasion |
| Keyword(3) | Advanced Persistent Threat |
| 1st Author's Name | Yuta Inoue |
| 1st Author's Affiliation | Yokohama National University(YNU) |
| 2nd Author's Name | Rui Tanabe |
| 2nd Author's Affiliation | Yokohama National University(YNU) |
| 3rd Author's Name | Takahiro Kasama |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 4th Author's Name | Daisuke Inoue |
| 4th Author's Affiliation | National Institute of Information and Communications Technology(NICT) |
| 5th Author's Name | Katsunari Yoshioka |
| 5th Author's Affiliation | Yokohama National University(YNU) |
| 6th Author's Name | Tsutomu Matsumoto |
| 6th Author's Affiliation | Yokohama National University(YNU) |
| Date | 2021-03-02 |
| Paper # | ICSS2020-57 |
| Volume (vol) | vol.120 |
| Number (no) | ICSS-384 |
| Page | pp.pp.184-189(ICSS), |
| #Pages | 6 |
| Date of Issue | 2021-02-22 (ICSS) |