Editorial team

A Taxonomic Overview of Prevalent Malware Communication Strategies Botconf 2024 Friday2024-04-26 | 13:40 – 14:10 Steffen Enders 🗣 | Daniel Plohmann 🗣 | Manuel Blatt The consistently large volume and diversity of malware poses a substantial threat to network security. In response, it is crucial to develop systematic strategies and countermeasures. This involves not only detecting and identifying malware […]

Evasive Panda touring in Asia: AitM opening act followed by a duet of MgBot and Nightdoor Botconf 2024 Friday2024-04-26 | 14:10 – 14:50 Facundo Munoz 🗣 | Anh Ho 🗣 Evasive Panda, a China-aligned APT group engaged in cyberespionage since 2012, has recently introduced a not yet publicly documented backdoor, which we’ve named Nightdoor. Prior to this

Pikabot’s Sophisticated Evasion: We Catch Em All Botconf 2024 Friday2024-04-26 | 14:50 – 15:30 Kelsey Merriman 🗣 | Pim Trouerbach 🗣 The proliferation of sophisticated malware has posed exceptional challenges to the cybersecurity landscape with Pikabot emerging as a notable and evasive malware. We endeavor to provide a comprehensive and consumable analysis of the Pikabot malware. Utilizing

Into the Vapor to Tracking Down Unknown Panda’s Claw Marks Botconf 2024 Friday2024-04-26 | 15:30 – 16:10 Suguru Ishimaru 🗣 | Yusuke Niwa 🗣 | Motohiko Sato In August 2023, TrendMicro published a blog post announcing a new sophisticated Advanced Persistent Threat (APT) campaign known as “Earth Estries.” The campaign specifically targeted government-related organizations and technology companies in the

IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen Botconf 2024 Friday2024-04-26 | 11:35 – 12:10 Duy Phuc Pham 🗣 | Damien Marion 🗣 | Annelie Heuser The Internet of Things (IoT) is a network of interconnected devices, becoming increasingly complicated and suffering from inadequate security measures. Cybercriminals, especially those who specialise in malware and rootkits, recently

Unplugging PlugX: Sinkholing the PlugX USB worm botnet Botconf 2024 Thursday2024-04-25 | 09:00 – 09:30 Félix Aimé 🗣 | Charles Meslay 🗣 In March 2023, Sophos published an article entitled “A border-hopping PlugX USB worm takes its act on the road” putting the light on a PlugX variant with worming capabilities. According to the Sophos blogspot, all

Eastern Asian Android Assault – FluHorse. Botconf 2024 Thursday2024-04-25 | 09:35 – 10:05 Alexandr Shamshur 🗣 | Raman Ladutska 🗣 The FluHorse malware features several malicious Android applications that mimic legitimate applications each with more than 100,000 installs. These malicious apps steal the victims’ credentials and Two-Factor Authentication (2FA) codes. FluHorse targets different sectors of Eastern Asian

Evasions Fest of Korean Android Financial Menace – FakeCalls Botconf 2024 Thursday2024-04-25 | 10:10 – 10:40 Raman Ladutska 🗣 | Bohdan Melnykov When malware actors want to enter the business, they can choose markets where their profit is almost guaranteed to be worth the effort – according to past results. The malware does not need to be

LightSpy2: feature-rich mobile surveillance tool set Botconf 2024 Thursday2024-04-25 | 11:00 – 11:30 Victor Chebyshev 🗣 Mobile malware poses a significant threat to user privacy and security, with the potential to carry out a wide range of malicious actions on infected devices. Beyond the familiar capabilities such as SMS message theft, call log recording, and

The Supershell and its widespread Botnet Botconf 2024 Thursday2024-04-25 | 11:35 – 12:05 Chetan Raghuprasad 🗣 This presentation details the Supershell C2 framework. Threat actors are using this framework massively and creating botnets with the Supershell implants. Supershell is a relatively new C2 framework with a WEB-based command and control (C2) server written in Python