Botconf Author Listing

The Panda Banker malware was first spotted in the wild in early 2016. It has since seen consistent development, gained a significant threat actor user base, and has become one of the most advanced and persistent banking malwares in the current threat landscape. This presentation compiles together the author’s research and tracking of Panda Banker complemented with the prior work of other malware researchers studying the threat. Its aim is to provide a detailed survey of everything Panda Banker: what it is, where did it come from, what it does, how it works, who’s using it, how effective they are, who is being targeted, and where is it going. The hope is for researchers and defenders to walk away with a better understanding of Panda Banker and maybe some ideas on how to better detect and mitigate it.

The Russian DDoS One or RD1 is an informal grouping of threat actors that focus on providing DDoS booter services on Russian language underground forums.

Besides the advertising, contact information, and the occasional drama, most of the business of Russian DDoS booters is done in private and difficult to attribute. This includes the back-end infrastructure that performs the DDoS attacks. To shed some light on the latter, this presentation will take a closer look at some of these RD1 threat actors, their booters, and their supporting DDoS botnets.