Rock appround the clock, our research in DEFCON

Wednesday, August 29, 2018

In the world of Threat Intelligence, determining the attacker’s geographical location of is one of the most valuable data for attribution techniques, even if not perceived like that, this information may lead a research one way or another. One of the most wanted information is where the author comes from, where he lives in or where the computer was located at the time of an attack.

We focused our research in taking advantage of this kind of “time zone” bugs for tracking Android malware developers. We will describe two very effective ways to find out the developer's time zone. We have also calculated if these circumstances has some real relation with malware, diving in our 10 million APKs database.