Jump to navigation Jump to search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Group Banking, Downloading
Parent ZeuS
Family ZeuS (family)
Relations Variants: Pobelka

Sibling of:
Parent of: Pobelka
Distribution of: Dorifel, Dorifel crypto malware paralyzes Dutch companies and public sector, Reveton

Target Microsoft Windows
Distribution vector Smoke Bot
UserAgent Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
CCProtocol HTTP (Centralized)
Activity /
Status Actif
Programming language
Operation/Working group Operation b54


A ZeuS variant whose developers claim to engage in a privileged relationship with their customers.


Associated images

Checksums / AV databases


Citadel : le fichier de configurationFabien PerigaudLEXSI2012
Citadel V1.3.5.1: enter the fort’s dungeonsLimor KessemRSA2012
Citadel ZeuS botSherb1nCyber Sleuth2012
Citadel plitfi botnet reportCERT Polska2013
Citadel trojan malware analysisJason MilletaryDELL SecureWorks2012
Citadel trojan touts trouble-ticket systemBrian KrebsBrian Krebs2012
Citadel: a cyber-criminal’s ultimate weapon?Jérôme SeguraMalwarebytes2012
Collateral damage: Microsoft hits security researchers along with CitadelAbuse.ch2013
Demystifying PobelkaMichael SandeeFox-IT2013
Dorifel crypto malware paralyzes Dutch companies and public sectorEmsisoft2012
Exploring the market for stolen passwordsBrian KrebsBrian Krebs2012
Inside Citadel C&C & Builder - Botnet Control PanelKafeine2012
Inside the world of the Citadel trojanRyan SherstobitoffMcAfee2013
Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to CitadelRSA2012
Sopelka Botnet: three banking trojans and one banking panelJose Miguel EsparzaS21sec2012
The Pobelka botnet - a command and control case studyRickey GeversDigital Investigation2012
Update to Citadel : Rain Edition.Kafeine2012
Update to Citadel : v.