{"id":"https://openalex.org/W2885931936","doi":"https://doi.org/10.1109/cns.2018.8433199","title":"Malware Coordination using the Blockchain: An Analysis of the Cerber Ransomware","display_name":"Malware Coordination using the Blockchain: An Analysis of the Cerber Ransomware","publication_year":2018,"publication_date":"2018-05-01","ids":{"openalex":"https://openalex.org/W2885931936","doi":"https://doi.org/10.1109/cns.2018.8433199","mag":"2885931936"},"language":"en","primary_location":{"id":"doi:10.1109/cns.2018.8433199","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2018.8433199","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5021158978","display_name":"Stijn Pletinckx","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Stijn Pletinckx","raw_affiliation_strings":["TU Delft Cyber Security Group, Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft Cyber Security Group, Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017148143","display_name":"Cyril Trap","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Cyril Trap","raw_affiliation_strings":["TU Delft Cyber Security Group, Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft Cyber Security Group, Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000335949","display_name":"Christian Doerr","orcid":null},"institutions":[{"id":"https://openalex.org/I98358874","display_name":"Delft University of Technology","ror":"https://ror.org/02e2c7k09","country_code":"NL","type":"education","lineage":["https://openalex.org/I98358874"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Christian Doerr","raw_affiliation_strings":["TU Delft Cyber Security Group, Delft, The Netherlands"],"affiliations":[{"raw_affiliation_string":"TU Delft Cyber Security Group, Delft, The Netherlands","institution_ids":["https://openalex.org/I98358874"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5021158978"],"corresponding_institution_ids":["https://openalex.org/I98358874"],"apc_list":null,"apc_paid":null,"fwci":2.6605,"has_fulltext":false,"cited_by_count":39,"citation_normalized_percentile":{"value":0.91162212,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.9270843863487244},{"id":"https://openalex.org/keywords/ransomware","display_name":"Ransomware","score":0.8956243991851807},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.826490044593811},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.7511687874794006},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5573642253875732},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5329184532165527},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5253716707229614},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.4754702150821686},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.4590410888195038},{"id":"https://openalex.org/keywords/database-transaction","display_name":"Database transaction","score":0.4423196017742157},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.33000314235687256},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.18206608295440674},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1282375454902649}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.9270843863487244},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.8956243991851807},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.826490044593811},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.7511687874794006},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5573642253875732},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5329184532165527},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5253716707229614},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.4754702150821686},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.4590410888195038},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.4423196017742157},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.33000314235687256},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.18206608295440674},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1282375454902649},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cns.2018.8433199","is_oa":false,"landing_page_url":"https://doi.org/10.1109/cns.2018.8433199","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2018 IEEE Conference on Communications and Network Security (CNS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W4861383","https://openalex.org/W187875600","https://openalex.org/W1561983441","https://openalex.org/W2100307718","https://openalex.org/W2105769368","https://openalex.org/W2120960514","https://openalex.org/W2136495567","https://openalex.org/W2280775762","https://openalex.org/W2464432954","https://openalex.org/W2742673065","https://openalex.org/W6633578641","https://openalex.org/W6678025569","https://openalex.org/W6719105664"],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W3022706011","https://openalex.org/W2768892939","https://openalex.org/W2160963033","https://openalex.org/W2909615516","https://openalex.org/W2249256574","https://openalex.org/W2397240470","https://openalex.org/W3128265165","https://openalex.org/W4210907385"],"abstract_inverted_index":{"In":[0,121],"order":[1],"for":[2,58,69],"malicious":[3],"software":[4],"to":[5,13,16,20,28,41,159,175],"receive":[6],"configuration":[7],"information":[8,149],"or":[9,90],"commands,":[10],"malware":[11,34,37,66,157,172],"needs":[12],"be":[14,118],"able":[15],"locate":[17],"and":[18,30,112,141,169,196],"connect":[19],"its":[21,70,144],"owner.":[22],"As":[23,76],"hard-coded":[24],"addresses":[25],"are":[26],"easy":[27],"block":[29],"thus":[31],"render":[32],"the":[33,65,110,136,151,156,162,165,171,176,189,194,204,208],"installation":[35,67],"inoperable,":[36],"writers":[38],"have":[39],"turned":[40],"dynamically":[42,160],"generated":[43],"addresses.":[44],"Domain":[45],"generation":[46],"algorithms":[47],"(DGA)":[48],"generate":[49,78],"a":[50,60,79,91,100,182,200],"list":[51,81],"of":[52,82,87,103,130,164,184,191,203],"candidate":[53],"domain":[54,131],"names,":[55],"each":[56],"valid":[57],"only":[59],"short":[61],"time,":[62],"at":[63],"which":[64,88,139],"searches":[68],"command":[71],"&":[72],"control":[73],"(C&C)":[74],"server.":[75],"DGAs":[77,116],"large":[80],"potential":[83],"domains":[84],"-":[85],"out":[86],"one":[89],"few":[92],"is":[93],"actually":[94],"in":[95,109,113,135,150,167,207],"use":[96],"-,":[97],"they":[98],"leave":[99],"characteristic":[101],"trace":[102],"many":[104],"failed":[105],"DNS":[106],"lookups":[107],"(NXDomain)":[108],"network,":[111],"result":[114],"most":[115],"can":[117],"efficiently":[119],"detected.":[120],"this":[122],"paper":[123],"we":[124],"describe":[125,188],"an":[126],"entirely":[127],"new":[128],"principle":[129],"generation,":[132],"actively":[133],"deployed":[134],"Cerber":[137,209],"ransomware,":[138],"finds":[140],"coordinates":[142],"with":[143],"owner":[145],"based":[146],"on":[147,199],"transaction":[148],"bitcoin":[152],"blockchain.":[153],"This":[154],"allows":[155],"author":[158],"update":[161],"location":[163,178],"server":[166],"realtime,":[168],"as":[170],"directly":[173],"goes":[174],"right":[177],"no":[179],"longer":[180],"generates":[181],"sequence":[183],"NXDomain":[185],"responses.":[186],"We":[187],"concept":[190],"coordination":[192],"via":[193],"blockchain,":[195],"report":[197],"results":[198],"year-long":[201],"observation":[202],"assets":[205],"used":[206],"campaign.":[210]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":12},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":7}],"updated_date":"2026-03-07T13:37:22.277990","created_date":"2025-10-10T00:00:00"}