We are thrilled to announce that Malwation will be attending Virus Bulletin 2024 as a Gold Sponsor! This year, the prestigious event will take place from October 2nd to October 4th, 2024, at the Clayton Hotel Burlington Road in Dublin, Ireland.

Why Virus Bulletin?

Virus Bulletin is a well-known and reputable platform on security information that provides reliable insights into the latest global cybersecurity threats and independent updates on the latest global threat trends as well as being a testing and certification organization.

Their annual international conference attracts top researchers, practitioners, and security vendors from around the world each year.

Meet Malwation at Virus Bulletin 2024

As a malware analysis and threat detection company dedicated to R&D, we always try to contribute to the cybersecurity community and demonstrate our commitment to staying at the forefront of the cybersecurity industry and exchanging ideas from the brightest minds in the field from all over the world in these events.

As a Gold Sponsor, we will be present at the event in our booth. We invite you to visit our booth to learn more about our innovative malware analysis and prevention solutions. Our team will be available to discuss the latest trends in malware analysis, offer interactive demonstrations, and explore how we can support your organization’s security needs.

Dates: October 2-4, 2024
Location: Clayton Hotel Burlington Road, Dublin, Ireland

Get your ticket to Virus Bulletin 2024 if you still haven’t! The tickets include:

• Admission to all conference sessions and exhibition area
• Lunch, early morning refreshments and mid-session coffee breaks each day
• Drinks reception on Wednesday 2 October
• Gala dinner and entertainment on Thursday 3 October
• Conference proceedings e-book
• Commemorative conference bag & t-shirt

PLUS, we’ll be offering exclusive giveaways at our booth, so make sure to find the Malwation booth in the area!

Malwation Team Members to Present at Virus Bulletin 2024

Our team members, Berk Albayrak and Utku Corbaci, will take part in the Virus Bulletin 2024’s program with “Origins of Logger Agent Tesla”.

Get to Know Berk and Utku and Take a Closer Look at Their Talk:

Berk Albayrak

Berk Albayrak works as a threat research team lead at Malwation. Throughout his career, Berk has carried out many different operations against malware/APT groups. Therewithal he discovered and reported multiple threat actors and their TTPs to the law enforcement authorities. His current role is to identify and report new critical threats and threat groups. Currently, he devotes his time to investigating threat groups and their prevention.

Utku Corbaci

Utku Çorbacı works as a security R&D engineer at Malwation. Throughout his career, Utku has worked on .NET reversing, malware analysis and emulation technologies. Currently, he continues to support the community with his open-source projects and blog posts. He is continuing his education at Yildiz Technical University.

They will explain the Origin Logger malware, which has an important place in the Initial Access Broker (IAB) market, the Malware as a Service (MaaS) structure of the malware, and a detailed analysis of the capabilities. We think it will give you an insight into how we at Malwation are developing strategies against malicious files and new attack threats.

Since the advent of cybercrime, the creation, distribution, and command and control of malware have presented a significant challenge for all threat actors. However, in today's attacks, we are seeing the emergence of different groups that are focusing their efforts on each part of the attack chain. This resulted in the emergence of a new line of business, with modern malware distribution becoming dominated by initial access brokers (IABs) and their Malware-as-a-Service (MaaS) tools. IABs can sell these access points to multiple groups simultaneously by exploiting various vulnerabilities, using zero-day exploits, setting up phishing services, or releasing fake software online. At this stage, instead of writing their trojans, the actors involved often purchase pre-written malware services.

The story of Agent Tesla began in 2014, precisely because of this need. Agent Tesla is a .NET-based remote access trojan (RAT) and data stealer, often used for MaaS. Once initial access to systems such as the IABs' first-stage malware has been gained, the download of more sophisticated second-stage tools is enabled. Over time, numerous versions and variants of the widely used Agent Tesla stealer have emerged, including the 2018 release of a new version called Origin Logger (also known as AgentTeslav3). During the 2020 pandemic, a new variant and its derivatives experienced a significant increase in popularity, maintaining their prevalence until 2023 when they entered a dormant period. Currently, the Origin Logger team and developers are primarily targeting the accounting, industrial, marketing, and tourism sectors in Türkiye, Poland, Germany, and the UK with automated business email compromise (BEC) attacks. Once infected, they exfiltrate valuable credentials through SMTP, FTP, or Telegram channels.

The Malwation Threat Research (MTR) team has recently concentrated on BEC attacks targeting the company's employees. By tracing the IOCs of the executed attacks and pivoting the information, the MTR team was able to identify the developers behind Agent Tesla and Origin Logger and expose their methods. During their investigation, the MTR team discovered that the current Origin Logger variant uses the open-source ConfuserEx 2 obfuscator, which was then analyzed using the team's Chiron automated deobfuscator and unpacker tool.

The MTR team will show the evolution of Agent Tesla since 2014, including the creation and development of Agent Tesla and Origin Logger by the development team. It will also reveal the true identities of the developers. Furthermore, the MTR team will present their ConfuserEx 2 deobfuscator and unpacker project (Chiron) developed by the MTR team, which provides insights into Origin Logger (AgentTeslav3), a key component of the MaaS ecosystem. Given the developers' decision to retire the Origin Logger service as of 1 July 2024, the MTR team has decided to publish comprehensive information about the developers and their activities.

Don’t miss this chance to gain insight into one of the most significant threats in cybersecurity today!

Let’s Connect in Dublin!

We are excited to meet and engage with cybersecurity professionals at Virus Bulletin 2024. If you are attending, be sure to visit our booth for live demos, insightful discussions, and to learn how we can help strengthening your organization’s cybersecurity posture.

Follow us on X for real-time updates and follow us on LinkedIn for the after-event insights from Virus Bulletin 2024.

See you in Dublin!

‍