Citadel

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Citadel
Alias
Group	Banking, Downloading
Parent	ZeuS
Sibling
Family	ZeuS (family)
Relations	Variants: Pobelka Sibling of: Parent of: Pobelka Distribution of: Dorifel, Dorifel crypto malware paralyzes Dutch companies and public sector, Reveton Campaigns:
Target	Microsoft Windows
Origin
Distribution vector	Smoke Bot
UserAgent	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
CCProtocol	HTTP (Centralized)
Activity	/
Status	Actif
Language
Programming language
Operation/Working group	Operation b54

Introduction

A ZeuS variant whose developers claim to engage in a privileged relationship with their customers.

Features

File download

Video screen capture

Firefox cookie theft

Backconnect server

Luhn algorithm check

Dynamic webinject configuration update

Associated images

Checksums / AV databases

Publications

	Author	Editor	Year
Citadel : le fichier de configuration	Fabien Perigaud	LEXSI	2012
Citadel V1.3.5.1: enter the fort’s dungeons	Limor Kessem	RSA	2012
Citadel ZeuS bot	Sherb1n	Cyber Sleuth	2012
Citadel plitfi botnet report		CERT Polska	2013
Citadel trojan malware analysis	Jason Milletary	DELL SecureWorks	2012
Citadel trojan touts trouble-ticket system	Brian Krebs	Brian Krebs	2012
Citadel: a cyber-criminal’s ultimate weapon?	Jérôme Segura	Malwarebytes	2012
Collateral damage: Microsoft hits security researchers along with Citadel		Abuse.ch	2013
Demystifying Pobelka	Michael Sandee	Fox-IT	2013
Dorifel crypto malware paralyzes Dutch companies and public sector		Emsisoft	2012
Exploring the market for stolen passwords	Brian Krebs	Brian Krebs	2012
Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel	Kafeine		2012
Inside the world of the Citadel trojan	Ryan Sherstobitoff	McAfee	2013
Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel		RSA	2012
Sopelka Botnet: three banking trojans and one banking panel	Jose Miguel Esparza	S21sec	2012
The Pobelka botnet - a command and control case study	Rickey Gevers	Digital Investigation	2012
Update to Citadel : 1.3.5.1 Rain Edition.	Kafeine		2012
Update to Citadel : v.1.3.4.5	Kafeine		2012