Data Insights in Cybersecurity Part 1: Intro to ssdeep and XOR.DDoS Case Study

Introduction

Problem Statement

Why Fuzzy Hash?

Fuzzy Hashing to the Rescue: ssdeep

Sitting on the Pile of Data

Connecting It All Together

XOR.DDoS

MD5:     d6a6dee6afa6879b729a0af3cde7ff33
SHA1: 47ed693d195558507e4258527f7d4d 4968d34f38
SHA256: dba757c20fbc1d81566ef2877a9bfca9
b3ddb84b9f04c0ca5ae668b7f40ea8c3
Ssdeep: 6144:3SDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCEqPdf/
mqYG:2ZRgUY/fsJcO1KOiXfqPdeG
/usr/bin/gsqykkwuag
/usr/bin/tldpjssjet
/usr/bin/nrhfapuwjp
/usr/bin/kgpeplprzq
/usr/bin/uhflpmyerd
XOR.DDoS binary similarity graphs with 10,000 samples. Larger circles indicate more connections to particular variants.
XOR.DDoS binary similarity graph, a different view.
192:vbOzawOs81elJHsc45CcRZOgtShcWaOT2QLrCqw+45Y04/CFxyNhoy5t:vbLwOs8AHsc4sMfwhKQLro/L4/CFsrd

Conclusion

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com