Tracking Samples on a Budget Botconf 2019 Thursday | 12:15 – 12:35 Alexandre Holzer 🗣 I would like to present a feedback on my own experience developing and running a malware tracker (feeds, development choices, architectures, methodologies, crawling heuristics, data pivots, special cases, deception and results) to make a collection from open source data and […]
Tracking Samples on a Budget Read More »
Botnet Tracking Story : from Spam Mail to Money Laundering Botconf 2019 Thursday | 14:00 – 14:50 Thomas Dubier 🗣 | Christophe Rieunier 🗣 …/… Edit
Botnet Tracking Story : from Spam Mail to Money Laundering Read More »
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Botconf 2019 Thursday | 14:55 – 15:20 Kirill Shipulin 🗣 | Alexey Goncharov 🗣 In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Read More »
BackSwap Malware Campaign Evolution Botconf 2019 Thursday | 15:20 – 15:40 Carlos Rubio Ricote 🗣 | David Pastor Sanz 🗣 This article will explain in detail the follow-up since the BackSwap malware was discovered in May 2018, as well as the different campaigns that the group behind BackSwap has carried out towards financial institutions from different countries,
BackSwap Malware Campaign Evolution Read More »
Winnti Arsenal: Brand-new Supplies Botconf 2019 Thursday | 16:10 – 16:50 Mathieu Tartare 🗣 | Marc-Étienne Léveillé 🗣 This presentation is the result of a long-term research uncovering new unpublished details on the arsenal of the Winnti umbrella. The Winnti umbrella consists in multiple threat actors having in common the use of a custom backdoor for their
Winnti Arsenal: Brand-new Supplies Read More »
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Botconf 2019 Thursday | 16:55 – 17:45 Vincent Nguyen 🗣 | Jean Marsault 🗣 | Antoine Vallée 🗣 This presentation aims to summarize the best wins & fails of crisis management based on our field experience. We will cover different phases of a crisis
DFIR & Crisis Management – Post-mortems & Lessons Learned in the Pain from the Field Read More »
End-to-end Botnet Monitoring with Automated Config Extraction and Emulated Network Participation Botconf 2019 Friday | 09:30 – 10:10 Kevin O’Reilly 🗣 | Keith Jarvis 🗣 With the quantity and sophistication of bots and botnets ever increasing, automation is key in gathering threat intelligence, and disseminating it to defence systems. With botnets’ rapid flux in nodes and update
Roaming Mantis: A Melting Pot of Android Bots Botconf 2019 Friday | 10:15 – 10:45 Suguru Ishimaru 🗣 | Manabu Niseki 🗣 | Hiroaki Ogawa 🗣 In March 2018, thousands of home routers were potentially compromised by a criminal campaign called “Roaming Mantis” in Japan to overwrite DNS settings to use a rogue DNS. This criminal has strong financial
Roaming Mantis: A Melting Pot of Android Bots Read More »
The Cereals Botnet Botconf 2019 Friday | 11:15 – 11:55 Robert Neumann 🗣 | Gergely Eberhardt 🗣 A new under-the-radar botnet targeting Network Access Storage (NAS) and Network Video Recorder (NVR) devices, has been discovered. The botnet originates back to 2013, uses a known vulnerability for infection, and is still active as of today. Our research shows
The Cereals Botnet Read More »
YARA-Signator: Automated Generation of Code-based YARA Rules Botconf 2019 Friday | 12:00 – 12:30 Felix Bilstein 🗣 | Daniel Plohmann 🗣 Composing YARA rules based on these feats requires a lot of experience and is typically done manually or at best tool-assisted, which still is a tedious and time-consuming process. In this presentation, we introduce YARA-Signator, an
YARA-Signator: Automated Generation of Code-based YARA Rules Read More »