Botconf has ended
Back To Schedule
Wednesday, December 2 • 11:50 - 12:40
Ponmocup, the full story: A giant hiding in the shadows

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Ponmocup is one of the most successful and longest running botnets of the past decade. First detected in 2006, as Vundo or Virtumonde, and detected as Ponmocup starting in 2011, we believe this is one of the most underestimated botnets still under continuous development.

Though Ponmocup has received a minimal amount of attention from the security community, it is in fact a sophisticated botnet serving different purposes. Though these purposes have often been described as low-risk functionalities, the malware is actually used by a group of sophisticated criminals who use the botnet for various (financials) gains, and are likely conducting a limited amount of targeted attacks.

The whitepaper aims to provide a complete time-line and unique insight into the modus operandi of the operation around Ponmocup and describes all the important details of the malware, including as yet unknown indicators of compromise, both on host and network level, which previous research has only scratched the surface of.

avatar for Maarten van Dantzig

Maarten van Dantzig

Lead Intelligence Analyst, Fox-IT
Threat intelligence analyst that loves to do incident response
avatar for Yonathan Klijnsma

Yonathan Klijnsma

I'm a senior threat intelligence analyst working for an EU based company called Fox-IT. Both my work and hobby focus around threat intelligence in the form of malware analysis.

Wednesday December 2, 2015 11:50 - 12:40 CET

Attendees (0)