Evolution of the Sysrv mining botnet Botconf 2022 Wednesday | 17:39 – 18:30 György Lupták 🗣 | Dorka Palotay 🗣 | Albert Zsigovits Sysrv-hello, or shortly Sysrv, is a botnet, which was first discovered in late December of 2020. The malware is written in Golang and targets both Linux and Windows endpoints. Based on its propagation style, it is […]
Evolution of the Sysrv mining botnet Read More »
Identifying malware campaigns on a budget Botconf 2022 Thursday | 09:05 – 09:25 Max ‘Libra’ Kersten 🗣 | Rens van der Linden 🗣 Malware campaigns plague enterprises, entrepreneurs, and individuals. Platforms and tools have been deployed to gain insight into the ongoing situation. Unfortunately, many of these platforms are rather pricey, which is a problem for me,
Identifying malware campaigns on a budget Read More »
See ya Sharp: A Loader’s Tale Botconf 2022 Thursday | 09:30 – 10:00 Max ‘Libra’ Kersten 🗣 Simply distributing malware is not a viable strategy anymore for criminal actors. To combat the ever increasing defense mechanisms, malicious loaders are used. These loaders are meant to conceal the final payload from the prying eyes of anti-virus
See ya Sharp: A Loader’s Tale Read More »
Into The Silent Night Botconf 2022 Thursday | 10:35 – 11:00 Yuta Sawabe 🗣 | Ryuichi Tanabe 🗣 | Fumio Ozawa | Rintaro Koike Since December 2019, Zloader had revived as “Silent Night”, and it has been used various attack campaigns. It has especially been used in two attack campaigns (PseudoGate and Malsmoke). These attack campaigns are aimed at users in
Into The Silent Night Read More »
A fresh look into the underground card shop ecosystem Botconf 2022 Thursday | 11:00 – 11:30 Beatriz Pimenta Klein 🗣 | Lidia López Sanz 🗣 Law enforcement has seized multiple card shops during recent years. However, every time there is a gap in the card shop business due to law enforcement countermeasures, exit scam from the market
A fresh look into the underground card shop ecosystem Read More »
Botconf 2023 Wednesday | 17:05 – 17:35 Long presentation Syslogk Linux Kernel Rootkit – Executing Bots via “Magic Packets” David Álvarez Pérez 🗣 In November 2022, we discovered a new version of the Syslogk Linux kernel rootkit affecting x86 and x86_64 processor architectures (udis86 disassembler dependency). We were not surprised, as the first version we
Syslogk Linux Kernel Rootkit – Executing Bots via “Magic Packets” Read More »
Botconf 2023 Wednesday | 17:40 – 18:10 Long presentation Read The Manual Locker: A Private RaaS Provider Max ‘Libra’ Kersten 🗣 Another day, another ransomware-as-a-service provider, or so it seems. The “Read The Manual” (RTM) Locker gang targets corporate environments, forcing their affiliates to follow a strict ruleset. Is this yet another ransomware gang, or
Read The Manual Locker: A Private RaaS Provider Read More »
Botconf 2023 Wednesday | 18:10 – 18:35 Short presentation The Fodcha Botnets We Watched Lingming Tu 🗣 | Wenji Qu | Ya Liu Fodcha is a new DDoS botnet family targeted Linux IoT devices. After it was firstly detected in January 2022, 4 versions of 250+ samples have been observed by us, from which over 140 C&C domains were
The Fodcha Botnets We Watched Read More »
Botconf 2023 Thursday | 15:25 – 15:45 Short presentation The Case For Real Time Detection of Data Exchange Over the DNS Protocol Yarin Ozery 🗣 Data exfiltration and detection has been the subject of lots of research in recent years. DNS exfiltration is the process of abusing the DNS protocol, originally designed for hostname resolving,
The Case For Real Time Detection of Data Exchange Over the DNS Protocol Read More »
Botconf 2023 Thursday | 16:15 – 16:40 Short presentation Tracking Bumblebee’s Development Suweera De Souza 🗣 In March 2022, a new buzz called Bumblebee appeared in the eCrime scene. This loader is built to execute tasks from its command-and-control (C2), and deliver payloads such as CobaltStrike. But its development doesn’t stop there. In the span
Tracking Bumblebee’s Development Read More »