Botconf Author Listing

In March 2022, a new buzz called Bumblebee appeared in the eCrime scene. This loader is built to execute tasks from its command-and-control (C2), and deliver payloads such as CobaltStrike. But its development doesn’t stop there. In the span of less than a year, Bumblebee has been through several incremental updates, to such an extent, that this malware may be one of the most actively maintained malware families out there.

This presentation aims to get a sense of the operator’s development process behind Bumbleebee – how it changes and adapts in response to current endpoint defense efforts– and how its techniques compare to other botnet families.

In the era of law enforcement crackdowns, cybercriminals continue to find ways to adapt, persist and confuse.

This is the case with WIZARD SPIDER—a Russian-based cybercrime group known for operating TrickBot and Conti—whose former members likely continue to run a private crypting service that has been in operation since before the Conti leaks in 2022. These crypters are critical tools that enable threat actors to obfuscate malware and evade detection. This talk unravels the crypters’ role within WIZARD SPIDER’s infrastructure revealing hidden webs connecting seemingly disparate cybercrime groups—including existing adversaries such as LUNAR SPIDER and WANDERING SPIDER, and relatively newer adversaries such as VICE SPIDER.

Through case studies and technical breakdowns, we will highlight how tracking crypters offer a new lens for identifying and mapping cybercriminal activity, especially in an era where shared infrastructure and tooling blur the lines between threat actors.