Malware distribution at scale – The ecosystem of TA577 Botconf 2024 Friday2024-04-26 | 12:10 – 12:40 Fabian Marquardt 🗣 TA577, also known as Tramp or TR is a prolific cybercrime actor that has specialized in distributing initial access malware to conduct ransomware attacks. Our talk at Botconf will be structured as follows. First, we give […]
Malware distribution at scale – The ecosystem of TA577 Read More »
A Taxonomic Overview of Prevalent Malware Communication Strategies Botconf 2024 Friday2024-04-26 | 13:40 – 14:10 Steffen Enders 🗣 | Daniel Plohmann 🗣 | Manuel Blatt The consistently large volume and diversity of malware poses a substantial threat to network security. In response, it is crucial to develop systematic strategies and countermeasures. This involves not only detecting and identifying malware
A Taxonomic Overview of Prevalent Malware Communication Strategies Read More »
Evasive Panda touring in Asia: AitM opening act followed by a duet of MgBot and Nightdoor Botconf 2024 Friday2024-04-26 | 14:10 – 14:50 Facundo Munoz 🗣 | Anh Ho 🗣 Evasive Panda, a China-aligned APT group engaged in cyberespionage since 2012, has recently introduced a not yet publicly documented backdoor, which we’ve named Nightdoor. Prior to this
Pikabot’s Sophisticated Evasion: We Catch Em All Botconf 2024 Friday2024-04-26 | 14:50 – 15:30 Kelsey Merriman 🗣 | Pim Trouerbach 🗣 The proliferation of sophisticated malware has posed exceptional challenges to the cybersecurity landscape with Pikabot emerging as a notable and evasive malware. We endeavor to provide a comprehensive and consumable analysis of the Pikabot malware. Utilizing
Pikabot’s Sophisticated Evasion: We Catch Em All Read More »
Into the Vapor to Tracking Down Unknown Panda’s Claw Marks Botconf 2024 Friday2024-04-26 | 15:30 – 16:10 Suguru Ishimaru 🗣 | Yusuke Niwa 🗣 | Motohiko Sato In August 2023, TrendMicro published a blog post announcing a new sophisticated Advanced Persistent Threat (APT) campaign known as “Earth Estries.” The campaign specifically targeted government-related organizations and technology companies in the
Into the Vapor to Tracking Down Unknown Panda’s Claw Marks Read More »
IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen Botconf 2024 Friday2024-04-26 | 11:35 – 12:10 Duy Phuc Pham 🗣 | Damien Marion 🗣 | Annelie Heuser The Internet of Things (IoT) is a network of interconnected devices, becoming increasingly complicated and suffering from inadequate security measures. Cybercriminals, especially those who specialise in malware and rootkits, recently
IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen Read More »
Streamlining Memory Forensics with VolWeb Botconf 2024 Additional papers2024-04-26 🗣 | Félix Guyard While open-source memory forensics tools have become more prevalent in recent years, there are still a lot of challenges associated with its use. Current opensource memory forensics tools lack of consistency in terms of automation, user interface, data visualization and collaboration. As criminals and
Streamlining Memory Forensics with VolWeb Read More »
Closing speech – Announcement of next year’s location 🙂 Botconf 2024 Friday2024-04-26 | 16:10 – 16:15 Éric Freyssinet 🗣 Edit
Closing speech – Announcement of next year’s location :) Read More »
Unplugging PlugX: Sinkholing the PlugX USB worm botnet Botconf 2024 Thursday2024-04-25 | 09:00 – 09:30 Félix Aimé 🗣 | Charles Meslay 🗣 In March 2023, Sophos published an article entitled “A border-hopping PlugX USB worm takes its act on the road” putting the light on a PlugX variant with worming capabilities. According to the Sophos blogspot, all
Unplugging PlugX: Sinkholing the PlugX USB worm botnet Read More »
Eastern Asian Android Assault – FluHorse. Botconf 2024 Thursday2024-04-25 | 09:35 – 10:05 Alexandr Shamshur 🗣 | Raman Ladutska 🗣 The FluHorse malware features several malicious Android applications that mimic legitimate applications each with more than 100,000 installs. These malicious apps steal the victims’ credentials and Two-Factor Authentication (2FA) codes. FluHorse targets different sectors of Eastern Asian
Eastern Asian Android Assault – FluHorse. Read More »