Difference between revisions of "Cimbot - A technical analysis"

From Botnets.fr
Jump to navigation Jump to search
(Created page with "{{Publication}}")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
{{Publication}}
{{Publication
|Botnet=Cimbot,
|Year=2009
|Date=2009-03-16
|Editor=FireEye
|Link=https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html
|Author=Julia Wolf,
|Type=Blogpost
|Abstract=I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from vazasaki-ji.info (91.211.65.180 as of Mar 11, 2009). These GIF files however are not well-formed — that is to say, it's a GIF89a header, followed by a lot of random gibberish.
}}

Latest revision as of 12:04, 31 July 2015

(Publication) Google search: [1]

Cimbot - A technical analysis
Botnet Cimbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-03-16
Editor/Conference FireEye
Link https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html (Archive copy)
Author Julia Wolf
Type Blogpost

Abstract

I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from vazasaki-ji.info (91.211.65.180 as of Mar 11, 2009). These GIF files however are not well-formed — that is to say, it's a GIF89a header, followed by a lot of random gibberish.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2014,
   editor = {FireEye},
   author = {Julia Wolf},
   title = {Cimbot - A technical analysis},
   date = {16},
   month = Mar,
   year = {2009},
   howpublished = {\url{https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=Cimbot_-_A_technical_analysis&oldid=4589"