Gamarue dropping Lethic bot
Revision as of 13:36, 18 July 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Gamarue, Lethic, |Feature=Custom packer, |Vector=Gamarue, |Group=Spamming, |Year=2015 |Date=2015-06-11 |Editor=Zscaler |Link=http://research.zscaler.com/...")
(Publication) Google search: [1]
Gamarue dropping Lethic bot | |
---|---|
Botnet | Gamarue, Lethic |
Malware | |
Botnet/malware group | Spamming |
Exploit kits | |
Services | |
Feature | Custom packer |
Distribution vector | Gamarue |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-06-11 |
Editor/Conference | Zscaler |
Link | http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html (Archive copy) |
Author | Amandeep Kumar, Nirmal Singh |
Type | Blogpost |
Abstract
“ The Gamarue (aka Andromeda) botnet is a highly modular botnet family that allows attackers to take complete control of an infected system and perform a range of malicious activity by downloading additional payloads. In this blog, we will cover a recent Gamarue infection that we looked at, which downloads and installs the Lethic bot on an infected system.
The Lethic botnet has been known to be involved in pharmaceutical and replica spam since it's inception as was detailed by Arbor Networks here. Neither of these botnets are new and have both survived takedown attempts by authorities. The Gamarue infection in our case was leading to the download of Lethic bot from the following URLs:
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR1635, editor = {Zscaler}, author = {Amandeep Kumar, Nirmal Singh}, title = {Gamarue dropping Lethic bot}, date = {11}, month = Jun, year = {2015}, howpublished = {\url{http://research.zscaler.com/2015/06/gamarue-dropping-lethic-bot.html}}, }