Botconf 2025

No Endgame in sight – Pivoting from previous dropper malwares to current Latrodectus campaigns Botconf 2025 Thursday2025-05-22 | 11:35 – 12:05 Fabian Marquardt 🗣 | Andreas Petker 🗣 Our work focuses not on the malware itself, but on the infrastructure and methodology used to orchestrate the malware distribution and operation. We show through correlation of both TTPs […]

Bigpanzi: The Cybercrime Syndicate Behind Million-device Botnets Botconf 2025 Thursday2025-05-22 | 13:55 – 14:40 Alex Turing 🗣 With the rapid proliferation of internet-connected devices, cybercrime groups have expanded their reach to increasingly diverse targets. While IoT-based botnets are common, large-scale infections involving set-top boxes (STBs), TV remain rare, especially at the scale of millions of

Unpacking WIZARD SPIDER’s Crypters: Attribution Challenges in a Tangled Web of Adversaries Botconf 2025 Thursday2025-05-22 | 14:40 – 15:20 Bea Venzon 🗣 | Suweera De Souza 🗣 In the era of law enforcement crackdowns, cybercriminals continue to find ways to adapt, persist and confuse. This is the case with WIZARD SPIDER—a Russian-based cybercrime group known for operating

Stronger Together – Disrupting The Ngioweb Botnet Powering The NSOCKS Proxy Service Botconf 2025 Thursday2025-05-22 | 09:40 – 10:25 Chris Formosa 🗣 Proxy services have become a primary tool for many threat actors to obfuscate their tracks, due to their low prices and access to clean residential IPs in many locations. Although the “ngioweb” botnet

Arming WinRAR: Deep dive into clusters of SideCopy APT and its correlation with Transparent Tribe Botconf 2025 Thursday2025-05-22 | 09:00 – 09:40 Sathwik Ram Prakki 🗣 | Kartik Jivani 🗣 In the aftermath of the disclosure of vulnerabilities within WinRAR, a concerning trend has emerged wherein multiple advanced persistent threat (APT) groups and malicious actors have leveraged

Combining ChatGPT to Monitor the Ecosystem of DDoS Botnets on Telegram Botconf 2025 Thursday2025-05-22 | 15:50 – 16:30 Daji Ren 🗣 DDoS botnet attackers have consistently been in the spotlight of cyber threats, generating significant headlines over the past year. Telegram’s lenient content regulation has facilitated the growth of numerous related criminal groups. Meanwhile, the

The Evolution of Malware Distribution Through Ghost Networks Botconf 2025 Thursday2025-05-22 | 16:30 – 17:00 Antonis Terefos 🗣 A new era of malware distribution is here, where “ghost”/bot accounts spread malicious links across multiple platforms. The Ghost Network is a sophisticated operation using fake and compromised accounts to act in a legitimate way while spreading

Executing RATs in a Long-Term Observable Customized Online Sandbox Botconf 2025 Wednesday2025-05-21 | 11:10 – 11:40 Shohei Hiruta 🗣 | Yuki Umemura | Masaki Kubo | Nobuyuki Kanaya | Takahiro Kasama Malware sandboxes are essential tools for malware analysis, allowing researchers to execute malware in controlled environments to reveal its behavior, communication destinations, and configuration settings. Due to their convenience, a wide variety

Unmasking Styx Stealer: How a Hacker’s Slip led to an Intelligence Treasure Trove Botconf 2025 Wednesday2025-05-21 | 14:00 – 14:30 Alexey Bukhteyev 🗣 Careful monitoring of malicious campaigns can sometimes uncover surprising discoveries. Our latest research revealed that even skilled cybercriminals, despite their meticulous efforts to stay in the shadows, can commit critical security blunders.