Insights and Experiences from Monitoring Multiple P2P Botnets Botconf 2022 Wednesday | 14:00 – 14:30 Leon Böck 🗣 | Shankar Karuppayah 🗣 | Dave Levin | Max Mühlhäuser To this date P2P overlays remain a popular choice for botnet command and control. With the rise of recent IoT botnets, we aimed to monitor multiple IoT P2P botnets at the same time, […]
Insights and Experiences from Monitoring Multiple P2P Botnets Read More »
TA410: APT10’s distant cousin Botconf 2022 Wednesday | 14:35 – 15:05 Alexandre Côté Cyr 🗣 | Matthieu Faou 🗣 TA410 is a cyber-espionage group that was first described in August 2019 by fellow researchers at Proofpoint. The threat actor shows interesting technical capabilities, with the use of complex implants, but has not received the same level of
TA410: APT10’s distant cousin Read More »
Operation GamblingPuppet: Analysis of a multivector and multiplatform campaign targeting online gambling customers Botconf 2022 Wednesday | 15:00 – 15:30 Jaromír Hořejší 🗣 | Daniel Lunghi 🗣 Despite being illegal in some countries, global online gambling industry growths steadily year after year, flourishing in current environment dominated by the global pandemic. This trend was not surprisingly noticed
Fingerprinting Bot Shops: Venues, Stealers, Sellers Botconf 2022 Wednesday | 16:00 – 16:50 Bryan Oliver 🗣 | Austin Turecek 🗣 | Ian Gray Carding is one of the earliest forms of cybercrime. Since the 1980s, cybercriminals have developed various fraud tactics to steal and monetize credit card information. To prevent these types of attacks, financial institutions have developed anti-fraud
Fingerprinting Bot Shops: Venues, Stealers, Sellers Read More »
How to Eavesdrop on Winnti in a Live Environment Using Virtual Machine Introspection (VMI) Botconf 2022 Wednesday | 16:55 – 17:35 Philipp Barthel 🗣 | Sebastian Eydam 🗣 | Werner Haas | Sebastian Manns This paper explains how we used VMI to detect an infection with the remote access trojan Winnti, specifically version 3.0, and how to extract and decrypt its
Evolution of the Sysrv mining botnet Botconf 2022 Wednesday | 17:39 – 18:30 György Lupták 🗣 | Dorka Palotay 🗣 | Albert Zsigovits Sysrv-hello, or shortly Sysrv, is a botnet, which was first discovered in late December of 2020. The malware is written in Golang and targets both Linux and Windows endpoints. Based on its propagation style, it is
Evolution of the Sysrv mining botnet Read More »
Identifying malware campaigns on a budget Botconf 2022 Thursday | 09:05 – 09:25 Max ‘Libra’ Kersten 🗣 | Rens van der Linden 🗣 Malware campaigns plague enterprises, entrepreneurs, and individuals. Platforms and tools have been deployed to gain insight into the ongoing situation. Unfortunately, many of these platforms are rather pricey, which is a problem for me,
Identifying malware campaigns on a budget Read More »
See ya Sharp: A Loader’s Tale Botconf 2022 Thursday | 09:30 – 10:00 Max ‘Libra’ Kersten 🗣 Simply distributing malware is not a viable strategy anymore for criminal actors. To combat the ever increasing defense mechanisms, malicious loaders are used. These loaders are meant to conceal the final payload from the prying eyes of anti-virus
See ya Sharp: A Loader’s Tale Read More »
Into The Silent Night Botconf 2022 Thursday | 10:35 – 11:00 Yuta Sawabe 🗣 | Ryuichi Tanabe 🗣 | Fumio Ozawa | Rintaro Koike Since December 2019, Zloader had revived as “Silent Night”, and it has been used various attack campaigns. It has especially been used in two attack campaigns (PseudoGate and Malsmoke). These attack campaigns are aimed at users in
Into The Silent Night Read More »
A fresh look into the underground card shop ecosystem Botconf 2022 Thursday | 11:00 – 11:30 Beatriz Pimenta Klein 🗣 | Lidia López Sanz 🗣 Law enforcement has seized multiple card shops during recent years. However, every time there is a gap in the card shop business due to law enforcement countermeasures, exit scam from the market
A fresh look into the underground card shop ecosystem Read More »