Laura Varano Relatore

Lista Talk

• Could Threat Actors Be Downgrading Their Malware to Evade Detection? With the constantly changing landscape of IoT botnets it requires a certain effort to stay on top of all the changes introduced by attackers daily to make sure that both adequate detections and the right naming constantly remain in place. Surprisingly, the quality and the arsenal of malware functionality is not always improving or increasing in quantity. In this presentation, we are going to explore some peculiar modifications introduced by the botnet developers over time and try to find an explanation for them. More specifically, in this talk we are going to describe what type of attacks are observed from our chain of honeypots as initial vectors, we will then describe the functionalities of two very similar samples distributed as second stage with the same initial vector. We will highlight their code similarities and differences, and compare them with the well known Mirai and Gafgyt IoT botnets. Finally we are going to explore some peculiar modifications introduced by the botnet developers over time and try to find an explanation to them. - 12:15/13:00, 03 Dec 2022