Botconf 2020

Global threat hunting: how to predict attacks at preparation stage Botconf 2020 Tuesday | 15:30 – 16:00 Rustam Mirkasymov 🗣 During my researches at Group-IB on hacking groups activity I noticed that some trojan families use templates in communication processes and infrastructure used in attacks. The idea is to identify such templates and use them […]

xOSSig : Leveraging OS Diversity to Automatically Extract Malware Code Signatures Botconf 2020 Thursday | 14:50 – 16:20 Michael Brengel 🗣 | Christian Rossow 🗣 We present an automated approach to extract code signatures that serve as the forensic fingerprint of a given malware program. Our high-level idea is to compare the memory contents of a sandbox

The fall of Domino – a preinstalled hostile downloader Botconf 2020 Wednesday | 14:20 – 14:50 Łukasz Siewierski 🗣 Android is an open-source operating system which allows OEMs and their subcontractors certain flexibility in adding components to the system. These add-ons may contain new and exciting features, but sometimes they also hide complex malware. This

Turla operations from a front row seat Botconf 2020 Wednesday | 14:50 – 15:20 Matthieu Faou 🗣 Our research team at ESET has tracked the infamous Turla espionage group for many years. By leveraging unique telemetry data, forensic analysis of infected machines and in-depth malware reverse-engineering, we gained a quite comprehensive knowledge of their operations.

The dark industry’s recourse to money under the COVID-19 Botconf 2020 Friday | 13:00 – 13:30 Guangyuan Zhao 🗣 | Tiejun Wu 🗣 When the COVID-19 virus is spreading in China, people take the initiative to isolate themselves at home to fight the virus. Internet application traffic has soared, and most people pass their time through apps

Fluxxy Dissection Botconf 2020 Tuesday | 13:30 – 14:00 Matthieu Kaczmarek 🗣 The first reference to Fluxxy is due to N. Summerlin and B. Porter in 2013 [1]. They describe a network of proxy dedicated to cybercrime operations. While this rogue hosting service has been running for nine years, its intelligence coverage remains low. Fluxxy

NanoCore hunter: tracking NanoCore servers and watching behavior of RAT operators for 180 days Botconf 2020 Friday | 13:30 – 14:00 Takashi Matsumoto 🗣 | Yu Tsuda 🗣 | Nobuyuki Kanaya 🗣 | Masaki Kubo | Daisuke Inoue NanoCore RAT, which first appeared in 2013, is still actively used in 2020 for its highly functional and user-friendly interace. Around Feburary to March in

Inline Detection of Copy-Paste Botnet C&C Botconf 2020 Tuesday | 14:00 – 14:30 Jordan Garzon 🗣 | Asaf Nadler 🗣 The source code of botnets is often leaked online and re-used by new botnets. The re-use of source code assists bot-owners in quickly setting up their botnets, but it also inherits similarities to known botnets that can

An overview of the Botnet Simulation Framework Botconf 2020 Tuesday | 14:30 – 15:00 Leon Böck 🗣 | Shankar Karuppayah | Max Mühlhäuser | Emmanouil Vasilomanolakis Conducting botnet research is oftentimes limited to the anal-ysis of active botnets. This prevents researchers from testing detectionand tracking mechanisms on potential future threats. Specifically in thedomain of P2P botnets, the configuration parameters, network churnand

Your *aaS is on fire, or how threat actors (ab)use cloud providers Botconf 2020 Tuesday | 15:00 – 15:30 Maciej Kotowicz 🗣 In order to make a successful espionage campaign we need a couple things, one of them is infrastructure for both infection and exfiltration. Nowadays everyone was, is or will be moving their infra