End-to-end Botnet Monitoring with Automated Config Extraction and Emulated Network Participation Botconf 2019 Friday | 09:30 – 10:10 Kevin O’Reilly 🗣 | Keith Jarvis 🗣 With the quantity and sophistication of bots and botnets ever increasing, automation is key in gathering threat intelligence, and disseminating it to defence systems. With botnets’ rapid flux in nodes and update […]
Roaming Mantis: A Melting Pot of Android Bots Botconf 2019 Friday | 10:15 – 10:45 Suguru Ishimaru 🗣 | Manabu Niseki 🗣 | Hiroaki Ogawa 🗣 In March 2018, thousands of home routers were potentially compromised by a criminal campaign called “Roaming Mantis” in Japan to overwrite DNS settings to use a rogue DNS. This criminal has strong financial
Roaming Mantis: A Melting Pot of Android Bots Read More »
The Cereals Botnet Botconf 2019 Friday | 11:15 – 11:55 Robert Neumann 🗣 | Gergely Eberhardt 🗣 A new under-the-radar botnet targeting Network Access Storage (NAS) and Network Video Recorder (NVR) devices, has been discovered. The botnet originates back to 2013, uses a known vulnerability for infection, and is still active as of today. Our research shows
The Cereals Botnet Read More »
YARA-Signator: Automated Generation of Code-based YARA Rules Botconf 2019 Friday | 12:00 – 12:30 Felix Bilstein 🗣 | Daniel Plohmann 🗣 Composing YARA rules based on these feats requires a lot of experience and is typically done manually or at best tool-assisted, which still is a tedious and time-consuming process. In this presentation, we introduce YARA-Signator, an
YARA-Signator: Automated Generation of Code-based YARA Rules Read More »
Using a Cryptographic Weakness for Malware Traffic Clustering and IDS Rule Generation Botconf 2019 Friday | 14:00 – 14:30 Matthijs Bomhoff 🗣 | Saskia Hoogma 🗣 Encrypted C&C data can make the life of malware analysts and incident handlers a lot harder, as it can make C&C traffic a lot harder to recognise, when done right. Fortunately,
Using a Cryptographic Weakness for Malware Traffic Clustering and IDS Rule Generation Read More »
Emotet : WordPress Compromises at Scale Botconf 2019 Friday | 14:35 – 15:05 Sébastien Mériot 🗣 The Emotet banking trojan has been studied by many researchers since it was first discovered in 2014. In particular, the infection scheme and the Command & Control architecture are both pretty well documented. However, few researchers investigated the way
Emotet : WordPress Compromises at Scale Read More »
Zen: a Complex Campaign of Harmful Android Apps Botconf 2019 Friday | 15:10 – 15:50 Łukasz Siewierski 🗣 Android malware authors go to great lengths to come up with increasingly clever ways to monetise their apps. The author (or a group) presented during my talk shows quite the range, from simply repacking apps with a
Zen: a Complex Campaign of Harmful Android Apps Read More »
Malspam is different spam Botconf 2019 Friday | 15:55 – 16:25 Martijn Grooten 🗣 Malspam’ (an umbrella term for spam campaigns that deliver malware or send users to phishing sites) has long been the prominent way for individuals and organisations to get themselves infected. These campaigns are opportunistic (i.e. non targeted), which distinguishes them from
Malspam is different spam Read More »
Demystifying Banking Trojans from Latin America Botconf 2019 Friday | 16:30 – 17:00 Juraj Horňák 🗣 | Jakub Souček 🗣 | Martin Jirkal 🗣 At the end of 2018, it has been reported that Latin America suffers approximately 3.7 million cyber-attacks per day. Even the most well-known pieces of malware, such as TrickBot or Emotet, have their eyes set
Demystifying Banking Trojans from Latin America Read More »
Suricata for bot hunting and classification Botconf 2019 Tuesday | 14:00 – 17:30 Tatyana Shishkova 🗣 One of the distinguishing features of botnets is communication between the bot and the C&C server. Analyzing network traffic is a part of researching a botnet. Suricata, an open-source network threat detection engine, is a powerful tool not only
Suricata for bot hunting and classification Read More »