“DESKTOP-Group” – Tracking a Persistent Threat Group (using Email Headers)

Botconf 2019
2023-04-24 | 11:10 – 11:40

Tom Ueltschi 🗣

At BotConf 2015, I presented a lightning talk “Creating your own CTI in 3 minutes”. This presentation is building on that capability to do semi-automated malware analysis based on a commercial sandbox solution. I will discuss a malware campaign analysis from a persistent threat actor (or group) over the past 18 months and still ongoing. The attacks are linked by email headers, targeting, and malware C&C infrastructure…

Scroll to Top