Botconf presentation or article

Botconf 2023 Friday  | 11:30 – 12:10 Long presentation When a botnet cries: detecting botnets infection chains Erwan Chevalier 🗣 | Guillaume Couchard 🗣 Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently […]

Botconf 2023 Friday  | 12:15 – 12:45 Long presentation Tracking residential proxies (for fun and profit) Paweł Srokosz 🗣 | Michał Praszmo 🗣 Responding to the incidents as a Polish national CERT, we very often come across attackers using proxies and/or VPNs to hide their identity. While distinguishing well-known IP sources such as NordVPN or TOR has

Botconf 2023 Friday  | 13:45 – 14:25 Long presentation Bohemian IcedID Josh Hopkins 🗣 | Thibault Seret 🗣 This talk provides an insight into Team Cymru’s tracking of IcedID over the past 24 months, following its transition from banking trojan to all-round loader malware. We will demonstrate how we identify potential bot and loader C2 infrastructure through

Botconf 2023 Friday  | 14:30 – 15:00 Long presentation Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend Alexandre Côté Cyr 🗣 | Mathieu Lavoie 🗣 RedLine Stealer, first observed in 2020, is one of the most widely known infostealer malware. It operates on a Malware-As-A-Service (MaaS) model and is sold via forums and Telegram where

Botconf 2023 Thursday  | 09:00 – 09:40 Long presentation From GhostNet to PseudoManuscrypt – The evolution of Gh0st RAT Jorge Rodriguez 🗣 | Souhail Hammou 🗣 The Gh0st Remote Access Trojan is a long-standing threat dating back to 2001 that is still active to this day. Following its release to the public in 2008 as version 3.6

Botconf 2023 Thursday  | 09:45 – 10:15 Long presentation Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users Daniel Lunghi 🗣 Iron Tiger, also known as APT27 or Emissary Panda, is an advanced threat actor that has been doing espionage for more than a decade, targeting multiple sensitive industries worldwide. In the past

Botconf 2023 Thursday  | 11:10 – 11:55 Long presentation Yara Studies: A Deep Dive into Scanning Performance Dominika Regéciová 🗣 You probably know this scenario – you spent a while analyzing new samples, which was not easy, but you’re finally done. You also created a neat Yara rule to match the samples, and you’re ready

Botconf 2023 Thursday  | 12:00 – 12:40 Long presentation MCRIT: The MinHash-based Code Relationship & Investigation Toolkit Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and