Aposemat Project

Malware on IoT

A project to help to better detect IoT attacks

Aposemat is a project that was born in the Stratosphere Laboratory at the Czech Technical University in Prague and is funded by Avast Software

Goal

To protect IoT devices by analyzing, executing, and detecting attacks and malware

Motivation

Protect the community from treats in the IoT ecosystem

How

Creating and maintaining a laboratory not only to execute malware but also honeypots and exposed devices. This allow us to analyze malware and real attacks.
Sharing results continuously with the community through conferences talks, papers, blogpost, sharing twitter feeds and replying any inquiry related to IoT security.
Following different research lines to tackle the IoT Security from different angles and perspectives.
Developing open-source tools with the community

Our Team

Sebastian García

Sebastian García

María José Erquiaga

María José Erquiaga

Thomas O'Hara

Anna Shirokova

Lisandro Ubiedo

Lisandro Ubiedo

Masarah Paquet-Clouston

Masarah Paquet-Clouston

Ondřej Preněk

Our Laboratory

Our IoT Laboratory have real IoT devices that are infected and attacked constantly, Some of the devices are RaspberryPi's, Alexa, NAS, IP cameras, Philips hue lamps, SmartLock, Routers, etc.

In our laboratory we execute real malware and capture the network traffic to analyze it.

Screen Shot 2020-04-15 at 12.17.00.png

Screen Shot 2020-04-15 at 12.17.10.png

Screen Shot 2020-04-15 at 12.17.21.png

Screen Shot 2020-04-15 at 12.17.33.png

Aposemat Research Lines

IoT Malware Analysis

Geost botnet research

Attacker IP Prioritizer (AIP)

Polonium in my IoT (PIMI)

Network Detection

IoT IRC Malware Detection

Previous Research Lines

Telnet protocol profiling

iot Vulnerability analysis

Tools

Hexa Payload Decoder

Zeek Package: IRC Feature Extractor

Publications of the Aposemat Project

Stratosphere IPS Research Blog

Use Case: UptimeRobot & Stratosphere IoT Laboratory

Oct 9, 2023

Use Case: UptimeRobot & Stratosphere IoT Laboratory

Oct 9, 2023

Oct 9, 2023

The prevalence of DNS over HTTPS By Karel Hynek

Sep 20, 2021

The prevalence of DNS over HTTPS By Karel Hynek

Sep 20, 2021

Sep 20, 2021

White Paper: Current State of IPv6 Security in IoT

Nov 4, 2020

White Paper: Current State of IPv6 Security in IoT

Nov 4, 2020

Nov 4, 2020

Data Exfiltration via IPv6

Oct 16, 2020

Data Exfiltration via IPv6

Oct 16, 2020

Oct 16, 2020

Oct 2, 2020

CVE search tool

Oct 2, 2020

Oct 2, 2020

Jun 8, 2020

Dark Nexus: the old, the new and the ugly

Jun 8, 2020

Jun 8, 2020

Apr 29, 2020

RHOMBUS: a new IoT Malware

Apr 29, 2020

Apr 29, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-1-1

Mar 19, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-1-1

Mar 19, 2020

Mar 19, 2020

Mar 9, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-60-1

Mar 9, 2020

Mar 9, 2020

Swiss Cyber Security Days: Conference Wrap-Up

Mar 6, 2020

Swiss Cyber Security Days: Conference Wrap-Up

Mar 6, 2020

Mar 6, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-8-1

Feb 25, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-8-1

Feb 25, 2020

Feb 25, 2020

Feb 17, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-3-1

Feb 17, 2020

Feb 17, 2020

Feb 13, 2020

Zeek: New IRC Feature Extractor Package

Feb 13, 2020

Feb 13, 2020

Feb 4, 2020

IoT-23 In Depth: CTU-IoT-Malware-Capture-9-1

Feb 4, 2020

Feb 4, 2020

Jan 22, 2020

Aposemat IoT-23: A Labeled Dataset With Malicious And Benign IoT Network Traffic

Jan 22, 2020

Jan 22, 2020