Botconf 2023 Friday | 13:45 – 14:25 Long presentation Bohemian IcedID Josh Hopkins 🗣 | Thibault Seret 🗣 This talk provides an insight into Team Cymru’s tracking of IcedID over the past 24 months, following its transition from banking trojan to all-round loader malware. We will demonstrate how we identify potential bot and loader C2 infrastructure through […]
Botconf 2023 Friday | 14:30 – 15:00 Long presentation Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend Alexandre Côté Cyr 🗣 | Mathieu Lavoie 🗣 RedLine Stealer, first observed in 2020, is one of the most widely known infostealer malware. It operates on a Malware-As-A-Service (MaaS) model and is sold via forums and Telegram where
Life on a Crooked RedLine: Analyzing the Infamous InfoStealer’s Backend Read More »
Botconf 2023 Friday | 15:05 – 15:30 Short presentation The Plague of Advanced Bad Bots : Deconstructing the Malicious Bot Problem Yohann Sillam 🗣 Nowadays, advanced bad bots constitute a plague on the Internet. Their threat landscape is very diverse, ranging from massive account creation aimed at influencing state elections to DDoS bots. Advanced bots
The Plague of Advanced Bad Bots : Deconstructing the Malicious Bot Problem Read More »
Botconf 2023 Thursday | 09:00 – 09:40 Long presentation From GhostNet to PseudoManuscrypt – The evolution of Gh0st RAT Jorge Rodriguez 🗣 | Souhail Hammou 🗣 The Gh0st Remote Access Trojan is a long-standing threat dating back to 2001 that is still active to this day. Following its release to the public in 2008 as version 3.6
From GhostNet to PseudoManuscrypt – The evolution of Gh0st RAT Read More »
Botconf 2023 Thursday | 09:45 – 10:15 Long presentation Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users Daniel Lunghi 🗣 Iron Tiger, also known as APT27 or Emissary Panda, is an advanced threat actor that has been doing espionage for more than a decade, targeting multiple sensitive industries worldwide. In the past
Iron Tiger Enhances its TTPs and Targets Linux and MacOS Users Read More »
Botconf 2023 Thursday | 10:20 – 10:40 Short presentation Ransom Cartel trying not to “REvil” its identity Jeremie Destuynder 🗣 | Alexandre Matousek 🗣 We Incident Responders from CERT Orange CyberDefense often face the same proven TTPs over and over by threat actors. Similar initial entry, privilege escalation, lateral movements, exfiltration, etc. techniques are seen in the
Ransom Cartel trying not to “REvil” its identity Read More »
Botconf 2023 Thursday | 11:10 – 11:55 Long presentation Yara Studies: A Deep Dive into Scanning Performance Dominika Regéciová 🗣 You probably know this scenario – you spent a while analyzing new samples, which was not easy, but you’re finally done. You also created a neat Yara rule to match the samples, and you’re ready
Yara Studies: A Deep Dive into Scanning Performance Read More »
Botconf 2023 Thursday | 12:00 – 12:40 Long presentation MCRIT: The MinHash-based Code Relationship & Investigation Toolkit Daniel Plohmann 🗣 | Daniel Enders | Manuel Blatt Ever since launching Malpedia [1] at Botconf 2017, we continuously maintained and expanded our community-driven data set with the vision of exploring new ways to leverage it effectively for the research of and
MCRIT: The MinHash-based Code Relationship & Investigation Toolkit Read More »
Botconf 2023 Thursday | 14:00 – 14:45 Long presentation Operation drIBAN: insight from modern banking frauds behind Ramnit Federico Valentini 🗣 | Alessandro Strino 🗣 During the last three years, we have tracked and closely analyzed a specific TA, intending to infect Windows workstations on corporate environments trying to alter legitimate banking transfers performed by the victims.
Operation drIBAN: insight from modern banking frauds behind Ramnit Read More »
Botconf 2023 Thursday | 14:50 – 15:20 Long presentation Catching the Big Phish: Earth Preta Targets Government, Educational, and Research Institutes Around the World Nick Dai 🗣 | Vickie Su | Sunny W Lu We have been monitoring a wave of spear-phishing attacks targeting the government, academic, foundations, and research sectors around the world. Based on the lure documents