Botconf Author Listing

Our work focuses not on the malware itself, but on the infrastructure and methodology used to orchestrate the malware distribution and operation. We show through correlation of both TTPs and infrastructure that there exist strong ties between current activities involving Latrodectus malware and past campaigns spreading malwares such as Bumblebee and IcedID, which were recently subject to a coordinated law enforcement operation named “Operation Endgame”. Our work suggests that key actors involved in dropper malware distribution such as TA577 remain largely unaffected by these operations and continue to spread similar malware with only minor infrastructure and TTP changes.