Botconf 2024

IcedID’s Icy Depths: A Year in Infrastructure and Trends Botconf 2024 Friday2024-04-26 | 09:30 – 10:10 Rachelle Goddin 🗣 | Josh Hopkins 🗣 This talk is a continuation on the subject of IcedID, which we presented at Botconf 2023. In our previous talk we covered methodologies for hunting IcedID infrastructure, subsequently explaining how we use these findings

Monitoring 1st stage samples used by APTs and crime actors using images Botconf 2024 Friday2024-04-26 | 11:00 – 11:35 Jose Luis Sanchez Martinez 🗣 Images are a common feature of documents, but they can also be a valuable source of intelligence for security analysts. By tracking the images that threat actors use in their documents

Malware distribution at scale – The ecosystem of TA577 Botconf 2024 Friday2024-04-26 | 12:10 – 12:40 Fabian Marquardt 🗣 TA577, also known as Tramp or TR is a prolific cybercrime actor that has specialized in distributing initial access malware to conduct ransomware attacks. Our talk at Botconf will be structured as follows. First, we give

A Taxonomic Overview of Prevalent Malware Communication Strategies Botconf 2024 Friday2024-04-26 | 13:40 – 14:10 Steffen Enders 🗣 | Daniel Plohmann 🗣 | Manuel Blatt The consistently large volume and diversity of malware poses a substantial threat to network security. In response, it is crucial to develop systematic strategies and countermeasures. This involves not only detecting and identifying malware

Evasive Panda touring in Asia: AitM opening act followed by a duet of MgBot and Nightdoor Botconf 2024 Friday2024-04-26 | 14:10 – 14:50 Facundo Munoz 🗣 | Anh Ho 🗣 Evasive Panda, a China-aligned APT group engaged in cyberespionage since 2012, has recently introduced a not yet publicly documented backdoor, which we’ve named Nightdoor. Prior to this

Pikabot’s Sophisticated Evasion: We Catch Em All Botconf 2024 Friday2024-04-26 | 14:50 – 15:30 Kelsey Merriman 🗣 | Pim Trouerbach 🗣 The proliferation of sophisticated malware has posed exceptional challenges to the cybersecurity landscape with Pikabot emerging as a notable and evasive malware. We endeavor to provide a comprehensive and consumable analysis of the Pikabot malware. Utilizing

Into the Vapor to Tracking Down Unknown Panda’s Claw Marks Botconf 2024 Friday2024-04-26 | 15:30 – 16:10 Suguru Ishimaru 🗣 | Yusuke Niwa 🗣 | Motohiko Sato In August 2023, TrendMicro published a blog post announcing a new sophisticated Advanced Persistent Threat (APT) campaign known as “Earth Estries.” The campaign specifically targeted government-related organizations and technology companies in the

IoT Malware and Rookit Detections Using Electromagnetic Insights: Unveiling the Unseen Botconf 2024 Friday2024-04-26 | 11:35 – 12:10 Duy Phuc Pham 🗣 | Damien Marion 🗣 | Annelie Heuser The Internet of Things (IoT) is a network of interconnected devices, becoming increasingly complicated and suffering from inadequate security measures. Cybercriminals, especially those who specialise in malware and rootkits, recently