Finding Neutrino Botnet: from Web Scans to Botnet Architecture

Botconf 2019
2023-04-24 | 14:55 – 15:20

Kirill Shipulin 🗣 | Alexey Goncharov 🗣

In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our investigation. Step by step, me and my colleagues have uncovered the whole chain of events and ultimately discovered 2 large malware campaigns ongoing since 2013. In my presentation I will give the details of this notable botnet and the whole story, from start to finish.

Slides Icon

Scroll to Top