<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2024-51-1-79-86</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1457</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Обнаружение вируса «Telegram Rat»</article-title><trans-title-group xml:lang="en"><trans-title>Detection of «Telegram Rat» virus</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Дубровина</surname><given-names>А. И.</given-names></name><name name-style="western" xml:lang="en"><surname>Dubrovina</surname><given-names>A. I.</given-names></name></name-alternatives><bio xml:lang="ru"><p> Дубровина Ангелина Игоревна, ассистент, кафедра «Вычислительные системы и информационная безопасность»  </p><p>344000, г. Ростов-на-Дону, пл. Гагарина, 1, Россия</p><p>344000, г. Ростов-на-Дону, ул. Мечникова, 130, Россия  </p></bio><bio xml:lang="en"><p>Angelina I. Dubrovina, Assistant, Department of Computer Systems and Information Security </p><p>1 Gagarin Square, Rostov-on-Don 344000, Russia </p><p>130 Mechnikova St., Rostov-on-Don 344000, Russia </p></bio><email xlink:type="simple">adubrovina@yug.gkovd.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Алкорди</surname><given-names>М. Х.</given-names></name><name name-style="western" xml:lang="en"><surname>Alkordi</surname><given-names>M. H.</given-names></name></name-alternatives><bio xml:lang="ru"><p> Алкорди Мустафа Хельми Муса, студент, кафедра «Вычислительные системы и информационнаябезопасность» </p><p> 344000, г. Ростов-на-Дону, пл. Гагарина, 1, Россия </p></bio><bio xml:lang="en"><p>Mustafa Helmi Musa Alkordi, Student, Department of Computer Systems and Information Security</p><p> 1 Gagarin Square, Rostov-on-Don 344000, Russia </p></bio><email xlink:type="simple">ministrelia69@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Донской государственный технический университет;&#13;
Частное образовательное учреждение высшего образования «Южный университет» (Институт управления, бизнеса и права)</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Don State Technical University;&#13;
Southern University (Institute of Management, Business and Law)</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Донской государственный технический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Don State Technical University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2024</year></pub-date><pub-date pub-type="epub"><day>16</day><month>04</month><year>2024</year></pub-date><volume>51</volume><issue>1</issue><fpage>79</fpage><lpage>86</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Дубровина А.И., Алкорди М.Х., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Дубровина А.И., Алкорди М.Х.</copyright-holder><copyright-holder xml:lang="en">Dubrovina A.I., Alkordi M.H.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1457">https://vestnik.dgtu.ru/jour/article/view/1457</self-uri><abstract><sec><title>Цель</title><p>Цель. Целью исследования является анализ вируса «Telegram Rat», подчеркивая важность информирования для эффективной борьбы с киберугрозами и обеспечения безопасности в цифровой эпохе.</p></sec><sec><title>Методы</title><p>Методы. В статье использовался анализ характеристик и распространения вирусов «Telegram Rat». Приведен пример анализа технических механизмов вымогательства на примере «WAGNER GROUP» и сформулированы этапы ликвидации вируса.</p></sec><sec><title>Результаты</title><p>Результаты. Рассмотрена акуальность проблемы вируса «Telegram Rat» и пути его передачи. Представлены практические методы выявления и нейтрализации угрозы. Метод обнаружения угроз вируса «Telegram Rat» основан на анализе активных процессов, сетевой активности и файловой системы. Выявлено, что основным уязвимым местом на устройствах, зараженных вирусом, является неосторожное поведение пользователей.</p></sec><sec><title>Вывод</title><p>Вывод. В содержании настоящей работы подчеркивается важность бдительности при скачивании файлов и переходах по неизвестным ссылкам. Недостаточная осторожность может привести к утрате данных и утечке информации, подчеркивая необходимость сознательного поведения в цифровой среде.</p></sec></abstract><trans-abstract xml:lang="en"><sec><title>Objective</title><p>Objective. The aim of this study is to analyze the «Telegram Rat» virus, emphasizing the importance of awareness to effectively combat cyber threats and ensure security in the digital age.</p></sec><sec><title>Methods</title><p>Methods. This paper used an analysis of the characteristics and distribution of «Telegram Rat» viruses. An example of analyzing the technical mechanisms of extortion on the example of «WAGNER GROUP» was given and the steps of virus elimination were formulated.</p></sec><sec><title>Results</title><p>Results. The acuality of the «Telegram Rat» virus problem and ways of its transmission are considered. Practical methods of threat detection and neutralization are stipulated. The method of «Telegram Rat» virus threat detection is based on the analysis of active processes, network activity and file system. It is revealed that the main vulnerability on devices infected with the virus is careless user behavior.</p></sec><sec><title>Conclusion</title><p>Conclusion. The contents of this paper emphasize the importance of vigilance when downloading files and clicking on links. Lack of caution can lead to data loss and information leakage, emphasizing the need for conscious behavior in the digital environment.</p></sec></trans-abstract><kwd-group xml:lang="ru"><kwd>«Telegram Rat»</kwd><kwd>киберугрозы</kwd><kwd>информационная безопасность</kwd></kwd-group><kwd-group xml:lang="en"><kwd>«Telegram Rat»</kwd><kwd>cyber threats</kwd><kwd>information security</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">DrKLO. 2013. Telegram messenger for Android. (Oct. 2013). https://github.com/DrKLO/Telegram.</mixed-citation><mixed-citation xml:lang="en">DrKLO. 2013. Telegram messenger for Android. (Oct. 2013). https://github.com/DrKLO/Telegram.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Кара И., Айдос М. Призрак в системе: технический анализ трояна удаленного доступа //International Journal on Information Technologies &amp; Security. – 2019. – Т. 11. – No 1. – С. 73-84.</mixed-citation><mixed-citation xml:lang="en">Kara I., Aidos M. A ghost in the system: technical analysis of a remote access Trojan. International Journal on Information Technologies &amp; Security. 2019; 11(1): 73-84.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Li X. et al. An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain//Security and Communication Networks. – 2022. – Т. 2022. https://www.hindawi.com/journals/scn/2022/3111540/</mixed-citation><mixed-citation xml:lang="en">Li X. et al. An Android Malicious Application Detection Method with Decision Mechanism in the Operating Environment of Blockchain. Security and Communication Networks. 2022;2022.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Luo X. et al. Social engineering: The neglected human factor for information security management //Information Resources Management Journal (IRMJ). – 2011. – Т. 24. – №. 3. – С. 1-8.</mixed-citation><mixed-citation xml:lang="en">https://www.hindawi.com/journals/scn/2022/3111540/</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Chislova O., Sokolova M. Cybersecurity in Russia //International Cybersecurity Law Review. – 2021. – Т. 2. – №. 2. – С. 245-251.</mixed-citation><mixed-citation xml:lang="en">Luo X. et al. Social engineering: The neglected human factor for information security management. Information Resources Management Journal (IRMJ). 2011; 24(3):1-8.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Govender I., Watson B. W. W., Amra J. Global virus lockdown and cybercrime rate trends: A routine activity approach //Journal of Physics: Conference Series. – IOP Publishing, 2021. – Т. 1828. – №. 1. – С. 012107.</mixed-citation><mixed-citation xml:lang="en">Chislova O., Sokolova M. Cybersecurity in Russia. International Cybersecurity Law Review. 2021; 2(2): 245-251.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Peeters S., Willaert T. Telegram and digital methods: Mapping networked conspiracy theories through platform affordances //M/C Journal.–2022.–Т.25.–№.1 https://journal.mediaculture.org.au/index.php/mcjournal/article/view/2878.</mixed-citation><mixed-citation xml:lang="en">Govender I., Watson B. W. W., Amra J. Global virus lockdown and cybercrime rate trends: A routine activity approach. Journal of Physics: Conference Series. IOP Publishing, 2021; 1828 (1): 012107.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Koutsokostas V. et al. Invoice# 31415 attached: Automated analysis of malicious Microsoft Office documents //Computers &amp; Security. – 2022. – Т. 114. – С. 102582. https://www.mdpi.com/2076-3417/12/8/4088</mixed-citation><mixed-citation xml:lang="en">Peeters S., Willaert T. Telegram and digital methods: Mapping networked conspiracy theories through platform affordances. M/C Journal. 2022;25(1): https://journal.mediaculture.org.au/index.php/mcjournal/article/view/2878.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Dubin R. Content Disarm and Reconstruction of RTF Files a Zero File Trust Methodology //IEEE Transactions on Information Forensics and Security. – 2023. – Т. 18. – С. 1461-1472. https://ieeexplore.ieee.org/abstract/document/10034674/</mixed-citation><mixed-citation xml:lang="en">Koutsokostas V. et al. Invoice# 31415 attached: Automated analysis of malicious Microsoft Office documents. Computers &amp; Security. 2022;114:102582. https://www.mdpi.com/2076-3417/12/8/4088</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Balikcioglu P. G. et al. Malicious code detection in android: the role of sequence characteristics and disassembling methods //International Journal of Information Security. – 2023. – Т. 22. – №. 1. – С. 107-118. https://link.springer.com/article/10.1007/s10207-022-00626-2</mixed-citation><mixed-citation xml:lang="en">Dubin R. Content Disarm and Reconstruction of RTF Files a Zero File Trust Methodology. IEEE Transactions on Information Forensics and Security.2023;18:1461-1472. https://ieeexplore.ieee.org/abstract/document/10034674/</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Acharya S., Rawat U., Bhatnagar R. A comprehensive review of android security: Threats, vulnerabilities, malware detection, and analysis //Security and Communication Networks. – 2022. – Т. 2022. https://www.hindawi.com/journals/scn/2022/7775917/</mixed-citation><mixed-citation xml:lang="en">Balikcioglu P. G. et al. Malicious code detection in android: the role of sequence characteristics and disassembling methods. International Journal of Information Security. 2023; 22 (1):107-118. https://link.springer.com/article/10.1007/s10207-022-00626-2</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">https://www.mdpi.com/2075-4698/12/6/164 Herrero-Solana V., Castro-Castro C. Telegram channels and bots: A ranking of media outlets based in Spain //Societies. – 2022. – Т. 12. – №. 6. – С. 164.</mixed-citation><mixed-citation xml:lang="en">Acharya S., Rawat U., Bhatnagar R. A comprehensive review of android security: Threats, vulnerabilities, malware detection, and analysis. Security and Communication Networks. 2022;2022. https://www.hindawi.com/journals/scn/2022/7775917/</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Haagman D., Ghavalas B. Trojan defence: A forensic view //Digital Investigation. – 2005. – Т. 2. – №. 1. – С. 23-30.</mixed-citation><mixed-citation xml:lang="en">https://www.mdpi.com/2075-4698/12/6/164 Herrero-Solana V., Castro-Castro C. Telegram channels and bots: A ranking of media outlets based in Spain. Societies. 2022; 12(6):164.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Warrender C., Forrest S., Pearlmutter B. Detecting intrusions using system calls: Alternative data models //Proceedings of the 1999 IEEE symposium on security and privacy (Cat. No. 99CB36344). – IEEE, 1999. – С. 133-145.</mixed-citation><mixed-citation xml:lang="en">Haagman D., Ghavalas B. Trojan defence: A forensic view. Digital Investigation. 2005; 2(1): 23-30.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Wu N., Qian Y., Chen G. A novel approach to trojan horse detection by process tracing //2006 IEEE International Conference on Networking, Sensing and Control. – IEEE, 2006. – С. 721-726.</mixed-citation><mixed-citation xml:lang="en">Warrender C., Forrest S., Pearlmutter B. Detecting intrusions using system calls: Alternative data models. Proceedings of the 1999 IEEE symposium on security and privacy (Cat. No. 99CB36344). IEEE, 1999; 133-145.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Ciubotariu M. What next? trojan. linkoptimizer //Virus Bulletin. – 2006. – С. 6-10.</mixed-citation><mixed-citation xml:lang="en">Wu N., Qian Y., Chen G. A novel approach to trojan horse detection by process tracing. 2006 IEEE International Conference on Networking, Sensing and Control. IEEE, 2006: 721-726.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Mustafa Alkordi (2023). Ransomware Campaign Urges Resistance Against Russian Officials. URL: https://www.linkedin.com/pulse/ransomware-campaign-urges-resistance-against-russian-alkordi.</mixed-citation><mixed-citation xml:lang="en">Ciubotariu M. What next? trojan. Linkoptimizer.Virus Bulletin. 2006: 6-10.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Kok S. et al. Ransomware, threat and detection techniques: A review //Int. J. Comput. Sci. Netw. Secur. – 2019. – Т. 19. – №. 2. – С. 136. https://seap.taylors.edu.my/file/rems/publication/105055_5256_1.pdf.</mixed-citation><mixed-citation xml:lang="en">Mustafa Alkordi (2023). Ransomware Campaign Urges Resistance Against Russian Officials. URL: https://www.linkedin.com/pulse/ransomware-campaign-urges-resistance-against-russian-alkordi.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Tuma K., Calikli G., Scandariato R. Threat analysis of software systems: A systematic literature review // Journal of Systems and Software. – 2018. – Т. 144. – С. 275-294.</mixed-citation><mixed-citation xml:lang="en">Kok S. et al. Ransomware, threat and detection techniques: A review //Int. J. Comput. Sci. Netw. Secur. – 2019;19(2): 136.https://seap.taylors.edu.my/file/rems/publication/105055_5256_1.pdf.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">https://www.sciencedirect.com/science/article/abs/pii/S0164121218301304</mixed-citation><mixed-citation xml:lang="en">Tuma K., Calikli G., Scandariato R. Threat analysis of software systems: A systematic literature review. Journal of Systems and Software. 2018; 144: 275-294. https://www.sciencedirect.com/science/article/abs/pii/S0164121218301304</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Zengy J. et al. Shadewatcher: Recommendation-guided cyber threat analysis using system audit records // 2022 IEEE Symposium on Security and Privacy (SP). – IEEE, 2022. – С. 489-506. https://www.sciencedirect.com/science/article/pii/S1319157821003621.</mixed-citation><mixed-citation xml:lang="en">Zengy J. et al. Shadewatcher: Recommendation-guided cyber threat analysis using system audit records // 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022;489-506. https://www.sciencedirect.com/science/article/pii/S1319157821003621.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
