Demystifying Banking Trojans from Latin America Botconf 2019 Friday | 16:30 – 17:00 Juraj Horňák 🗣 | Jakub Souček 🗣 | Martin Jirkal 🗣 At the end of 2018, it has been reported that Latin America suffers approximately 3.7 million cyber-attacks per day. Even the most well-known pieces of malware, such as TrickBot or Emotet, have their eyes set […]
Demystifying Banking Trojans from Latin America Read More »
Malspam is different spam Botconf 2019 Friday | 15:55 – 16:25 Martijn Grooten 🗣 Malspam’ (an umbrella term for spam campaigns that deliver malware or send users to phishing sites) has long been the prominent way for individuals and organisations to get themselves infected. These campaigns are opportunistic (i.e. non targeted), which distinguishes them from
Malspam is different spam Read More »
Zen: a Complex Campaign of Harmful Android Apps Botconf 2019 Friday | 15:10 – 15:50 Łukasz Siewierski 🗣 Android malware authors go to great lengths to come up with increasingly clever ways to monetise their apps. The author (or a group) presented during my talk shows quite the range, from simply repacking apps with a
Zen: a Complex Campaign of Harmful Android Apps Read More »
Emotet : WordPress Compromises at Scale Botconf 2019 Friday | 14:35 – 15:05 Sébastien Mériot 🗣 The Emotet banking trojan has been studied by many researchers since it was first discovered in 2014. In particular, the infection scheme and the Command & Control architecture are both pretty well documented. However, few researchers investigated the way
Emotet : WordPress Compromises at Scale Read More »
Using a Cryptographic Weakness for Malware Traffic Clustering and IDS Rule Generation Botconf 2019 Friday | 14:00 – 14:30 Matthijs Bomhoff 🗣 | Saskia Hoogma 🗣 Encrypted C&C data can make the life of malware analysts and incident handlers a lot harder, as it can make C&C traffic a lot harder to recognise, when done right. Fortunately,
Using a Cryptographic Weakness for Malware Traffic Clustering and IDS Rule Generation Read More »
YARA-Signator: Automated Generation of Code-based YARA Rules Botconf 2019 Friday | 12:00 – 12:30 Felix Bilstein 🗣 | Daniel Plohmann 🗣 Composing YARA rules based on these feats requires a lot of experience and is typically done manually or at best tool-assisted, which still is a tedious and time-consuming process. In this presentation, we introduce YARA-Signator, an
YARA-Signator: Automated Generation of Code-based YARA Rules Read More »
Roaming Mantis: A Melting Pot of Android Bots Botconf 2019 Friday | 10:15 – 10:45 Suguru Ishimaru 🗣 | Manabu Niseki 🗣 | Hiroaki Ogawa 🗣 In March 2018, thousands of home routers were potentially compromised by a criminal campaign called “Roaming Mantis” in Japan to overwrite DNS settings to use a rogue DNS. This criminal has strong financial
Roaming Mantis: A Melting Pot of Android Bots Read More »
Tracking Samples on a Budget Botconf 2019 Thursday | 12:15 – 12:35 Alexandre Holzer 🗣 I would like to present a feedback on my own experience developing and running a malware tracker (feeds, development choices, architectures, methodologies, crawling heuristics, data pivots, special cases, deception and results) to make a collection from open source data and
Tracking Samples on a Budget Read More »
Botnet Tracking Story : from Spam Mail to Money Laundering Botconf 2019 Thursday | 14:00 – 14:50 Thomas Dubier 🗣 | Christophe Rieunier 🗣 …/… Edit
Botnet Tracking Story : from Spam Mail to Money Laundering Read More »
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Botconf 2019 Thursday | 14:55 – 15:20 Kirill Shipulin 🗣 | Alexey Goncharov 🗣 In August 2018, we began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command die(md5(Ch3ck1ng)). This information became the starting point of our
Finding Neutrino Botnet: from Web Scans to Botnet Architecture Read More »