When a botnet cries: detecting botnets infection chains
Erwan Chevalier 🗣 | Guillaume Couchard 🗣
Infection chains used by commodity malware are frequently evolving and are using various tricks to bypass security measures and/or user awareness. BumbleBee, QNAPWorm, IcedID, and Qakbot, all of these wicked threats are frequently used as a first stage malicious code allowing to drop other more specific payloads.
This presentation will be in three parts, an overview of the infection chains and common detection methods used against them, how generic detection rules on these infection chains can help in the fight against botnets and finally how threat intelligence at scale combined with the rest creates a solid defense.