Evasive Panda touring in Asia: AitM opening act followed by a duet of MgBot and Nightdoor Botconf 2024 Friday2024-04-26 | 14:10 – 14:50 Facundo Munoz 🗣 | Anh Ho 🗣 Evasive Panda, a China-aligned APT group engaged in cyberespionage since 2012, has recently introduced a not yet publicly documented backdoor, which we’ve named Nightdoor. Prior to this […]
Pikabot’s Sophisticated Evasion: We Catch Em All Botconf 2024 Friday2024-04-26 | 14:50 – 15:30 Kelsey Merriman 🗣 | Pim Trouerbach 🗣 The proliferation of sophisticated malware has posed exceptional challenges to the cybersecurity landscape with Pikabot emerging as a notable and evasive malware. We endeavor to provide a comprehensive and consumable analysis of the Pikabot malware. Utilizing
Pikabot’s Sophisticated Evasion: We Catch Em All Read More »
LightSpy2: feature-rich mobile surveillance tool set Botconf 2024 Thursday2024-04-25 | 11:00 – 11:30 Victor Chebyshev 🗣 Mobile malware poses a significant threat to user privacy and security, with the potential to carry out a wide range of malicious actions on infected devices. Beyond the familiar capabilities such as SMS message theft, call log recording, and
LightSpy2: feature-rich mobile surveillance tool set Read More »
The Supershell and its widespread Botnet Botconf 2024 Thursday2024-04-25 | 11:35 – 12:05 Chetan Raghuprasad 🗣 This presentation details the Supershell C2 framework. Threat actors are using this framework massively and creating botnets with the Supershell implants. Supershell is a relatively new C2 framework with a WEB-based command and control (C2) server written in Python
The Supershell and its widespread Botnet Read More »
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos Botconf 2024 Thursday2024-04-25 | 12:05 – 12:35 Alexey Bukhteyev 🗣 | Arie Olshtein In the ever-evolving landscape of cyber threats, seemingly legitimate tools have taken a dark turn, emerging as potent weapons in the hands of cybercriminals. Notable examples include the Remcos RAT and GuLoader (also known
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos Read More »
Gozi ISFB – Memoirs of a banking trojan Botconf 2024 Thursday2024-04-25 | 13:50 – 14:30 Fred Harrison 🗣 Gozi ISFB has been a persistent banking trojan that has gone through many changes over its lifetime. Being observed for generic and banking fraud campaigns but also now slowly pivoting into the ransomware as a service world
Gozi ISFB – Memoirs of a banking trojan Read More »
GenRex Demonstration: Level Up Your Regex Game Botconf 2024 Thursday2024-04-25 | 14:35 – 15:15 Dominika Regéciová 🗣 GenRex is a unique tool for detecting similarities in artifacts from executable files and the generation of regular expressions. This paper demonstrates how to use GenRex to maximize the usage of regular expressions automatically created from behavioral reports
GenRex Demonstration: Level Up Your Regex Game Read More »
Telegram-as-a-C2 or a Fourfold Tale of Bad OPSEC Botconf 2024 Thursday2024-04-25 | 15:40 – 16:10 Pol Thill 🗣 In recent times, Telegram Bots have emerged as a prominent Command and Control (C2) mechanism, gaining popularity among threat actors for their resilience against takedowns, user-friendly setup, and versatile configuration options. Both Advanced Persistent Threats (APTs) and
Telegram-as-a-C2 or a Fourfold Tale of Bad OPSEC Read More »
Caviar Scammers: Uncovering the SturgeonPhisher APT Group Botconf 2024 Thursday2024-04-25 | 16:15 – 16:55 Damien Schaeffer 🗣 SturgeonPhisher is a cyberespionage group active since at least October 2021 and that is also known as YoroTrooper. The group targets government officials, think-tanks, and employees of state-owned companies mostly in countries bordering the Caspian Sea – the
Caviar Scammers: Uncovering the SturgeonPhisher APT Group Read More »