Search results

Jump to navigation Jump to search
Results 1 – 116 of 132
Advanced search

Search in namespaces:

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

Page title matches

Page text matches

  • ...ution, regarding C&C traffic obfuscation. The botnet owners placed their C&C server, which uses the common IRC protocol, as a hidden service inside of t
    532 bytes (75 words) - 19:18, 3 August 2015
  • ...d taken offline, a single C&C in Russia (proobizz.cc) has remained. This C&C, and the bots communicating with it, are carrying out the last command issu
    592 bytes (81 words) - 00:42, 31 July 2015
  • |Description=Logging information is sent to the C&C
    93 bytes (12 words) - 13:48, 8 August 2015
  • |Description=Webmail used as a C&C medium
    89 bytes (12 words) - 15:50, 3 August 2015
  • |Feature=Encrypt files, Encrypt without C&C connection,
    158 bytes (21 words) - 11:39, 23 March 2016
  • |Introduction=* Seen using Yahoo webmail as C&C
    137 bytes (19 words) - 15:16, 18 July 2015
  • ...f old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives s
    812 bytes (121 words) - 11:13, 3 August 2015
  • ...er in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv ...rvers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world an
    1 KB (211 words) - 04:57, 19 August 2015
  • |Author=Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann, ...ion, we correctly detected DNS C&C in mixed office workstation network traffic.
    1,003 bytes (130 words) - 14:14, 31 July 2015
  • ...duction=Lié à [[sibling::Leouncia]] (enregistrement du nom de domaine du C&C)
    260 bytes (28 words) - 15:44, 8 August 2015
  • |Image=Detection and Classification of Different Botnet C&C Channels.png ...[botnet]] [[C&C]] traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.
    1 KB (207 words) - 21:49, 30 July 2015
  • ...I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddently
    536 bytes (93 words) - 00:50, 22 August 2015
  • ...groups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.
    931 bytes (139 words) - 14:42, 3 August 2015
  • ...command-and-control (C&C) channel. In this article we explore the Mocbot C&C in order to gain a better understanding of the reason for Mocbot's existenc The C&C servers, bniu.househot.com and ypgw.wallloan.com have been published in mos
    949 bytes (149 words) - 12:46, 31 July 2015
  • ...Banking credential theft, Man in the browser, Backconnect server, Custom C&C encryption algorithm, Domain generation algorithm,
    315 bytes (40 words) - 05:29, 12 August 2015
  • ...ct=This post is about the first network communication of Crisis with the C&C server. The reason why I think it’s very useful to write about it is that ...he C&C server is an authentication request. In the the sample I have the C&C server was located at the IP address 176.58.100.37. The communication is vi
    1 KB (168 words) - 21:31, 5 August 2015
  • ...he main server controlled by the attackers, this server is not a typical C&C in its functionalities, but is mainly a collector of information from the d
    1 KB (193 words) - 05:28, 12 August 2015
  • botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g.,
    2 KB (262 words) - 22:28, 5 August 2015
  • ...out to a handful of the candidates in a vein attempt to locate an active C&C server.
    1 KB (174 words) - 05:24, 12 August 2015
  • ...ands embedded in HTML pages and image files. W32.Morto has added another C&C communication vector by supplying remote commands through Domain Name Syste
    882 bytes (136 words) - 21:37, 30 July 2015
  • |Infrastructure=* C&C related to domains androfox.com and androfox.tk
    385 bytes (48 words) - 15:46, 8 August 2015
  • ...in the botnet, moving the network architecture away from a simple bot-to-C&C system and introducing the beginnings of a peer-to-peer model. This new var ...e to contact other peers to receive configuration files with URLs of new C&C servers.
    2 KB (381 words) - 05:27, 12 August 2015
  • ...compiled in 2002; however, their C&C was registered in August 2001. Other C&Cs used by the Equation group appear to have been registered as early as 19
    764 bytes (114 words) - 00:08, 17 February 2015
  • Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumve ...helps attackers to stay stealthy as they exfiltrate data, as very little C&C traffic is leaving the network.
    2 KB (230 words) - 22:48, 5 August 2015
  • ...cted a repacked Win32/Rootkit.Avatar with an active command and control (C&C) server. In this blog post we confirm that Avatar in-the-wild activity cont
    942 bytes (133 words) - 20:22, 30 July 2015
  • * [[feature::Upload minidump]] crash dump to C&C for debugging
    378 bytes (47 words) - 06:41, 14 August 2015
  • ...useful way to use the hidden service protocol is for communicating with C&C, getting update for configuration information, or downloading additional ma
    1 KB (170 words) - 18:18, 3 August 2015
  • ...ommunication utilisé est artisanal (blob binaire de 232 octets envoyé au C&C). Le chiffrement semble basé sur une table de substitution dont la variabl
    1 KB (194 words) - 15:49, 8 August 2015
  • ...s the command and control (C&C) structure used between them. Utilizing a C&C communication channel for data exfiltration, while previously rare, has bec
    1 KB (158 words) - 11:25, 18 July 2015
  • |Introduction=Infinity est un loader / botnet à base d'HTTP codé en C++. |Language1=C++
    482 bytes (67 words) - 01:44, 31 July 2015
  • Le loader est codé en C++ sous utilisant Code:: Blocks avec le compilateur mingw.<br /> |[[File:Vertexpanel.png|‎200px|thumb|left|C&C de VertexNet]]
    734 bytes (113 words) - 15:48, 8 August 2015
  • ...servers, a new variant was recently found that communicated with a fifth C&C server located in Canada as well.
    546 bytes (78 words) - 21:30, 5 August 2015
  • |Abstract=Leouncia's C&C payload decryption consists of two major phases. The first part is the form
    496 bytes (69 words) - 21:50, 5 August 2015
  • ...will also skip files found the folders C:\\WINDOWS, C:\\PROGRAM FILES, and C:\PROGRAM FILES (X86).
    977 bytes (136 words) - 22:13, 5 August 2015
  • ...device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its rout
    627 bytes (85 words) - 22:13, 5 August 2015
  • |Abstract=I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from v
    513 bytes (75 words) - 12:04, 31 July 2015
  • ...er is to retreive a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the bac
    1 KB (178 words) - 12:48, 31 July 2015
  • * C&C contact on link like: svpembtywvrc.eu /gate.php?cmd=ping&botnet=be1&userid=
    542 bytes (74 words) - 15:47, 8 August 2015
  • ...blog post I'm going to focus on the creation timeline, exfiltration, and C&C.
    601 bytes (92 words) - 11:41, 18 July 2015
  • ...ns multiple different networks in Europe, US and Asia. While most of the C&C IP addresses have been associated in the past with illicit operations (i.e. ...sing the GTISC sinkhole infrastructure to verify what we infer about its C&C communication channels and growth. As of today we have observed close to 20
    2 KB (412 words) - 22:23, 2 August 2015
  • ...blicly available information. That helped our understanding of where the C&C servers were located and how they were registered. ...new information that was collected during forensic analysis of the Flame C&C servers. This investigation was done in partnership with Symantec, ITU-IMPA
    2 KB (272 words) - 18:57, 7 February 2015
  • ...jan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including
    658 bytes (88 words) - 21:43, 5 August 2015
  • |Programming language=C, ASM
    130 bytes (14 words) - 07:04, 15 July 2021
  • ...alware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Ever
    721 bytes (100 words) - 12:30, 3 August 2015
  • ...ctually the “main” function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them. The most ...ns and user-written code, except the biggest slice that contains most of C&C interaction code.
    2 KB (256 words) - 18:48, 8 February 2015
  • ...d computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromis ...ontrol server to acquire additional commands. Following the request, the C&C server shipped them a file named browse32.ocx. This file can be summarized
    2 KB (281 words) - 21:47, 5 August 2015
  • ...campaigns. The attackers behind this campaign maintain a diverse set of C&C infrastructure and leverages anonymity tools to obfuscate
    752 bytes (105 words) - 03:44, 19 August 2015
  • ...binaries and the amount of logging information that is sent back to the C&C.
    1 KB (171 words) - 16:27, 7 February 2015
  • ...ration, which disabled the botnet and its backup infrastructure from the C&C.
    1 KB (232 words) - 19:00, 7 February 2015
  • |Link=http://c-apt-ure.blogspot.fr/2012/06/introducing-ponmocup-finder.html c-apt-ure.blogspot.fr |NomRevue=c-APT-ure
    691 bytes (95 words) - 16:27, 7 February 2015
  • ...( ? behind Reveton) is using it to spread Reveton which dress from its C&C with a new "Autumn Collection" and is targeting at least 4 new countries :
    708 bytes (98 words) - 19:00, 7 February 2015
  • ...alware is a ZeuS version 3 variant that uses peer-to-peer as its primary C&C channel and only resorts to the DGAgenerated domains if it fails
    1 KB (202 words) - 22:58, 5 August 2015
  • ...nfect a machine, download the necessary data from a command and control (C&C) server to create spam email messages, and then send the spam out using the ...its droppers, how its bootkit functions and how it communicates with its C&C server.
    1 KB (216 words) - 22:51, 5 August 2015
  • ...up in the last couple weeks is called ZeroLocker. There's indication the C&C configuration contains some errors which would prevent successful decryptio
    720 bytes (105 words) - 18:47, 8 February 2015
  • ...r that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance), and includes a nasty list of payloads, as well as unique me
    761 bytes (103 words) - 01:11, 31 July 2015
  • ...ted machines failed to uncover the characteristic communicatation with a C&C. After closer examination it appeared that the sample was probably a new ve
    724 bytes (112 words) - 22:52, 5 August 2015
  • ...this family (derived from the hostname of one of the initially observed C&C servers.)
    811 bytes (120 words) - 21:30, 5 August 2015
  • ...on the victim host and then sends system/web browser details back to the C&C. The botmasters can use this setup to “spoof” banking requests as the u
    753 bytes (108 words) - 18:49, 8 February 2015
  • ...quest, encrypts the requested data, and sends it to a command & control (C&C) server.
    838 bytes (115 words) - 22:49, 5 August 2015
  • * Load [[feature::Advertising|advertising]] (called AdSense in C&C)
    882 bytes (109 words) - 15:42, 8 August 2015
  • ...an.Ransomlock.K and the use of a control panel on a command-and-control (C&C) server which gave it the ability to serve localized social engineering mes
    857 bytes (127 words) - 21:49, 5 August 2015
  • ...targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples.
    1,013 bytes (145 words) - 00:33, 31 July 2015
  • |Programming language=C, Go,
    313 bytes (43 words) - 12:09, 30 October 2016
  • C&C :
    1,015 bytes (149 words) - 15:45, 8 August 2015
  • ...ervers. Infected W32.Xpaj.B executables send a download request to these C&C servers. Analysis of the threat’s backend control infrastructure revealed
    2 KB (266 words) - 21:43, 5 August 2015
  • ...enters in New York City and Chicago were raided and a command & control (C&C) infrastructure consisting of more than 100 servers was taken offline. At t
    941 bytes (138 words) - 22:13, 5 August 2015
  • ...one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different lan
    1 KB (161 words) - 18:57, 7 February 2015
  • ** The top three hosting countries for the c&c servers are Russia (26 hosts), Romania (15 hosts) and the Netherlands (12 h * because no binary samples have been located a sinkhole capturing c&c traffic from infected devices around the world, and a memory snapshot from
    3 KB (411 words) - 18:52, 8 February 2015
  • |Programming language=Visual C++,
    272 bytes (32 words) - 06:40, 14 August 2015
  • ...several groups of features that allow Disclosure to reliably distinguish C&C channels from benign traffic using NetFlow records (i.e., flow sizes, clien ...strates that Disclosure is able to perform real-time detection of botnet C&C channels over datasets on the order of billions of flows per day.
    2 KB (266 words) - 22:58, 5 August 2015
  • $c = /\/[A-Za-z]*\?hl=en/ (($a1 or $a2) or $b) and $c
    1 KB (126 words) - 15:44, 8 August 2015
  • |Programming language=C++,
    458 bytes (57 words) - 00:07, 21 August 2015
  • ...to the web server, logs them and sends them to its command and control (C&C) server, thereby gaining access to all login credentials, transactions, etc
    1 KB (158 words) - 22:49, 5 August 2015
  • ...Downloader that continuously connects to one of its command-and-control (C&C) servers and waits for new components to download and execute. The bot locates its C&C servers by domain names, and these names are generated using two algorithms
    2 KB (308 words) - 18:58, 7 February 2015
  • ...o real surprise, during analysis we found an active command-and-control (C&C) server login used by the threat.
    1 KB (161 words) - 21:51, 5 August 2015
  • * [[feature::Upload minidump]] crash dump to C&C for debugging
    1 KB (133 words) - 06:45, 14 August 2015
  • This sample contains two C&C url which in fact are at the moment pointing to the same server at IP 50.11
    977 bytes (157 words) - 16:29, 7 February 2015
  • ...brary, but actually receives commands from a remote Command and Control (C&C) server, which allow it to engage in sending text messages to premium numbe
    1 KB (170 words) - 13:10, 31 July 2015
  • In the latest batch of C&C servers we have analyzed, not only has the list of countries increased but
    1 KB (162 words) - 22:13, 5 August 2015
  • The botnet used multiple proxy servers to hide real C&C servers.
    1 KB (172 words) - 22:53, 5 August 2015
  • ...operation of Miniduke including its stages, and also information on the C&C infrastructure and communications. We have published another report from Cr
    1 KB (170 words) - 16:29, 7 February 2015
  • C&C Call
    1 KB (150 words) - 15:49, 8 August 2015
  • * a DLL that has an additional module and works with the C&C; and
    1 KB (208 words) - 05:04, 19 August 2015
  • ...ut right now we aren’t aware of large botnets based on Rovnix.D, and the C&C indicates that the number of currently active bots is 8,417.
    1 KB (177 words) - 16:27, 7 February 2015
  • C&C Call :
    2 KB (285 words) - 15:48, 8 August 2015
  • ...analysis of the botnet’s inner details. Because we gained access to the C&C database, objective statistics of the botnet is included at the end of the
    1 KB (202 words) - 16:29, 7 February 2015
  • ...omains greatfull-toolss.ru and greatfull.ru for its command and control (C&C). As we will discuss later, a third domain, hellcomeback.ru, was also utili
    1 KB (210 words) - 22:23, 5 August 2015
  • ...lux networks, which are a DNS technique used by botnets to hide the main C&C servers.
    1 KB (198 words) - 22:57, 5 August 2015
  • ...nce few days being spread in a new version tagged by Microsoft as revision C.
    543 bytes (70 words) - 19:03, 7 February 2015
  • ...information on how to acquire the crimeware, which is evident in the few C&C has, and undoubtedly, this categorization of "resource criminal private" ke
    2 KB (242 words) - 22:52, 30 July 2015
  • c&c
    2 KB (177 words) - 06:54, 15 August 2015
  • ...pt one) so its analysis is easier than the dropper. It also uses Objective-C heavily, which is still a bit annoying in IDA but has the advantage of the
    621 bytes (89 words) - 21:31, 5 August 2015
  • IP addresses for the command and control (C&C) servers. These servers are used to deliver encrypted binary large objects
    2 KB (244 words) - 21:51, 5 August 2015
  • ...(ce dernier n’a pas de fonction de lock) : O4 – HKLM..Run: [M1qlOHhkvQqm] C:M1qlOHhkvQqmM1qlOHhkvQqm.exe<br/>
    630 bytes (87 words) - 12:48, 31 July 2015
  • ...a very simple IRC protocol to communicate with the command and control (C&C) server, it was able to build a substantial installation base after a coupl
    2 KB (263 words) - 21:50, 5 August 2015
  • ...and recovery of the actual C&C server difficult. The traffic-forwarding C&C servers were scrubbed on October 20, 2011, so limited information was recov ...In addition to this infostealer, three more DLLs were pushed out by the C&C server on October 18.<br>
    8 KB (1,282 words) - 21:42, 5 August 2015
  • ...ate’s [[Xuxian Jiang]], and began investigating the command-and-control (C&C) servers associated with the threat. The malware was discovered on a third
    2 KB (286 words) - 16:11, 8 August 2015
  • reveal that 20% of the C&C servers remain operable on long term. Moreover, we observe steady migration
    2 KB (270 words) - 23:31, 30 July 2015
  • |Author=Brooks Li, Joseph C. Chen,
    745 bytes (105 words) - 15:27, 1 January 2017
  • The Nitol trojan that is installed on computers is written in Visual C++ with a lot of bugs in the code, apparently written by an untrained progra
    863 bytes (115 words) - 12:45, 31 July 2015

View (previous 100 | next 100) (20 | 50 | 100 | 250 | 500)