AlyaGomaa
commented
2 months ago https://blog.cyberproof.com/blog/blackmatter-cyber-attack-in-depth-analysis-2022
The idea is to work on some behavioral technique. like the stratosphere letters We need to detect this with behavior instead of protocol only. So SSH and HTTPS is good, maybe we should check that both are happeing? (or only one can happen at the same time?).
We need real traffic to analyze. Or we download or we execute
Then we should execute it and see how it works. But executing can be hard maybe download pcap from here: https://www.joesandbox.com/analysis/936186
Created by Alya Gomaa via monday.com integration. 🎉