Botconf Author Listing

Alexandre Côté Cyr

Last known affiliation: ESET
Bio: Alexandre Côté Cyr is a malware researcher at ESET. He completed his Bachelor’s degree in computer science at UQAM in 2021. Alexandre has previously presented at Botconf, CARO Workshop and BSidesMTL. He is an active member of Montreal’s Infosec community and is involved in mentoring students getting started in the security field. His interests include operating systems fundamentals and writing shell scripts to automate tasks that don’t always need to be automated.
Date: 2023-04-14
Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend
Alexandre Côté Cyr 🗣 | Mathieu Lavoie 🗣

Abstract (click to view)

RedLine Stealer, first observed in 2020, is one of the most widely known infostealer malware. It operates on a Malware-As-A-Service (MaaS) model and is sold via forums and Telegram where affiliates can buy an all-in-one Control Panel. This panel can generate stealer samples, function as a C&C (Command and Control) server for these samples, and manage the stolen information. Many of these affiliates then sell the collected logs on dedicated marketplaces and Telegram channels.

Date: 2022-04-27
TA410: APT10’s distant cousin
Alexandre Côté Cyr 🗣 | Matthieu Faou 🗣

Abstract (click to view)

TA410 is a cyber-espionage group that was first described in August 2019 by fellow researchers at Proofpoint. The threat actor shows interesting technical capabilities, with the use of complex implants, but has not received the same level of attention from the threat intelligence community as most major APTs.

TA410’s activity shares some characteristics, such as similar VBA macros, with past APT10 operations, but these are not sufficient to link them as a single entity. As such, some public reports have mis-attributed TA410 activities to APT10. In this presentation, we will clarify what is TA410 and how its activities differ from the current activities of APT10.

Slides Icon
Scroll to Top