Search results
Jump to navigation
Jump to search
Page title matches
- 350 bytes (41 words) - 16:07, 28 July 2015
- 368 bytes (39 words) - 19:07, 7 February 2015
- |Image=Detection and Classification of Different Botnet C&C Channels.png ...[botnet]] [[C&C]] traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.1 KB (207 words) - 21:49, 30 July 2015
- ...device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its rout627 bytes (85 words) - 22:13, 5 August 2015
- ...I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddently536 bytes (93 words) - 00:50, 22 August 2015
- 516 bytes (67 words) - 19:02, 7 February 2015
- 997 bytes (139 words) - 16:30, 3 August 2015
- 865 bytes (117 words) - 12:57, 31 July 2015
- 40 bytes (3 words) - 03:27, 8 August 2015
- |Link=http://www.xylibox.com/2012/09/weelsof-use-ssl-c.html www.xylibox.com374 bytes (41 words) - 16:28, 7 February 2015
- 39 bytes (3 words) - 11:29, 23 March 2016
- 211 bytes (25 words) - 22:56, 5 August 2015
- 1 KB (127 words) - 22:30, 31 July 2015
- 24 bytes (2 words) - 12:00, 30 October 2016
- 24 bytes (2 words) - 12:00, 31 July 2015
Page text matches
- ...ution, regarding C&C traffic obfuscation. The botnet owners placed their C&C server, which uses the common IRC protocol, as a hidden service inside of t532 bytes (75 words) - 19:18, 3 August 2015
- ...d taken offline, a single C&C in Russia (proobizz.cc) has remained. This C&C, and the bots communicating with it, are carrying out the last command issu592 bytes (81 words) - 00:42, 31 July 2015
- |Description=Webmail used as a C&C medium89 bytes (12 words) - 15:50, 3 August 2015
- |Description=Logging information is sent to the C&C93 bytes (12 words) - 13:48, 8 August 2015
- |Feature=Encrypt files, Encrypt without C&C connection,158 bytes (21 words) - 11:39, 23 March 2016
- |Introduction=* Seen using Yahoo webmail as C&C137 bytes (19 words) - 15:16, 18 July 2015
- ...f old C&C channels, decides to pick up Facebook as a coordinator for the C&C server. I use the word “coordinator” because the Trojan only receives s812 bytes (121 words) - 11:13, 3 August 2015
- ...er in India, located at an ISP called Webwerks. Since then, another Duqu C&C server has been discovered which was hosted on a server at Combell Group Nv ...rvers were used as part of the infrastructure, some of them used as main C&C proxies while others were used by the attackers to jump around the world an1 KB (211 words) - 04:57, 19 August 2015
- |Author=Christian J. Dietrich, Christian Rossow, Felix C. Freiling, Herbert Bos, Maarten van Steen, Norbert Pohlmann, ...ion, we correctly detected DNS C&C in mixed office workstation network traffic.1,003 bytes (130 words) - 14:14, 31 July 2015
- ...duction=Lié à [[sibling::Leouncia]] (enregistrement du nom de domaine du C&C)260 bytes (28 words) - 15:44, 8 August 2015
- |Image=Detection and Classification of Different Botnet C&C Channels.png ...[botnet]] [[C&C]] traffic is inherently different from legitimate network traffic. The best performance of our detection system has an overall accuracy of 0.1 KB (207 words) - 21:49, 30 July 2015
- ...I checked the script – everything looked ok. So the massive drop of ZeuS C&C server is fact. I noticed that six of the worst ZeuS hosting ISP suddently536 bytes (93 words) - 00:50, 22 August 2015
- ...groups is relatively common, but this is the first instance of newsgroup C&C usage that Symantec has detected.931 bytes (139 words) - 14:42, 3 August 2015
- ...command-and-control (C&C) channel. In this article we explore the Mocbot C&C in order to gain a better understanding of the reason for Mocbot's existenc The C&C servers, bniu.househot.com and ypgw.wallloan.com have been published in mos949 bytes (149 words) - 12:46, 31 July 2015
- ...Banking credential theft, Man in the browser, Backconnect server, Custom C&C encryption algorithm, Domain generation algorithm,315 bytes (40 words) - 05:29, 12 August 2015
- ...ct=This post is about the first network communication of Crisis with the C&C server. The reason why I think it’s very useful to write about it is that ...he C&C server is an authentication request. In the the sample I have the C&C server was located at the IP address 176.58.100.37. The communication is vi1 KB (168 words) - 21:31, 5 August 2015
- ...he main server controlled by the attackers, this server is not a typical C&C in its functionalities, but is mainly a collector of information from the d1 KB (193 words) - 05:28, 12 August 2015
- botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g.,2 KB (262 words) - 22:28, 5 August 2015
- ...out to a handful of the candidates in a vein attempt to locate an active C&C server.1 KB (174 words) - 05:24, 12 August 2015
- ...ands embedded in HTML pages and image files. W32.Morto has added another C&C communication vector by supplying remote commands through Domain Name Syste882 bytes (136 words) - 21:37, 30 July 2015
- |Infrastructure=* C&C related to domains androfox.com and androfox.tk385 bytes (48 words) - 15:46, 8 August 2015
- ...in the botnet, moving the network architecture away from a simple bot-to-C&C system and introducing the beginnings of a peer-to-peer model. This new var ...e to contact other peers to receive configuration files with URLs of new C&C servers.2 KB (381 words) - 05:27, 12 August 2015
- ...compiled in 2002; however, their C&C was registered in August 2001. Other C&Cs used by the Equation group appear to have been registered as early as 19764 bytes (114 words) - 00:08, 17 February 2015
- Skilled attackers are burrowing their command and control (C&C) servers inside the networks of compromised businesses in order to circumve ...helps attackers to stay stealthy as they exfiltrate data, as very little C&C traffic is leaving the network.2 KB (230 words) - 22:48, 5 August 2015
- ...cted a repacked Win32/Rootkit.Avatar with an active command and control (C&C) server. In this blog post we confirm that Avatar in-the-wild activity cont942 bytes (133 words) - 20:22, 30 July 2015
- * [[feature::Upload minidump]] crash dump to C&C for debugging378 bytes (47 words) - 06:41, 14 August 2015
- ...useful way to use the hidden service protocol is for communicating with C&C, getting update for configuration information, or downloading additional ma1 KB (170 words) - 18:18, 3 August 2015
- ...ommunication utilisé est artisanal (blob binaire de 232 octets envoyé au C&C). Le chiffrement semble basé sur une table de substitution dont la variabl1 KB (194 words) - 15:49, 8 August 2015
- ...s the command and control (C&C) structure used between them. Utilizing a C&C communication channel for data exfiltration, while previously rare, has bec1 KB (158 words) - 11:25, 18 July 2015
- |Introduction=Infinity est un loader / botnet à base d'HTTP codé en C++. |Language1=C++482 bytes (67 words) - 01:44, 31 July 2015
- Le loader est codé en C++ sous utilisant Code:: Blocks avec le compilateur mingw.<br /> |[[File:Vertexpanel.png|200px|thumb|left|C&C de VertexNet]]734 bytes (113 words) - 15:48, 8 August 2015
- ...servers, a new variant was recently found that communicated with a fifth C&C server located in Canada as well.546 bytes (78 words) - 21:30, 5 August 2015
- |Abstract=Leouncia's C&C payload decryption consists of two major phases. The first part is the form496 bytes (69 words) - 21:50, 5 August 2015
- ...will also skip files found the folders C:\\WINDOWS, C:\\PROGRAM FILES, and C:\PROGRAM FILES (X86).977 bytes (136 words) - 22:13, 5 August 2015
- ...device as a zombie device that connects to specific command and control (C&C) servers. What is also noteworthy about this file is that it hides its rout627 bytes (85 words) - 22:13, 5 August 2015
- |Abstract=I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from v513 bytes (75 words) - 12:04, 31 July 2015
- ...er is to retreive a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the bac1 KB (178 words) - 12:48, 31 July 2015
- * C&C contact on link like: svpembtywvrc.eu /gate.php?cmd=ping&botnet=be1&userid=542 bytes (74 words) - 15:47, 8 August 2015
- ...blog post I'm going to focus on the creation timeline, exfiltration, and C&C.601 bytes (92 words) - 11:41, 18 July 2015
- ...ns multiple different networks in Europe, US and Asia. While most of the C&C IP addresses have been associated in the past with illicit operations (i.e. ...sing the GTISC sinkhole infrastructure to verify what we infer about its C&C communication channels and growth. As of today we have observed close to 202 KB (412 words) - 22:23, 2 August 2015
- ...blicly available information. That helped our understanding of where the C&C servers were located and how they were registered. ...new information that was collected during forensic analysis of the Flame C&C servers. This investigation was done in partnership with Symantec, ITU-IMPA2 KB (272 words) - 18:57, 7 February 2015
- ...jan horse. It receives and executes commands from a command-and-control (C&C) server and it gathers information from the compromised computer including658 bytes (88 words) - 21:43, 5 August 2015
- |Programming language=C, ASM130 bytes (14 words) - 07:04, 15 July 2021
- ...alware that appears to be using Evernote as a communication and control (C&C) server. Detected as BKDR_VERNOT.A, the malware attempts to connect to Ever721 bytes (100 words) - 12:30, 3 August 2015
- ...ctually the “main” function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them. The most ...ns and user-written code, except the biggest slice that contains most of C&C interaction code.2 KB (256 words) - 18:48, 8 February 2015
- ...d computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromis ...ontrol server to acquire additional commands. Following the request, the C&C server shipped them a file named browse32.ocx. This file can be summarized2 KB (281 words) - 21:47, 5 August 2015
- ...campaigns. The attackers behind this campaign maintain a diverse set of C&C infrastructure and leverages anonymity tools to obfuscate752 bytes (105 words) - 03:44, 19 August 2015
- ...binaries and the amount of logging information that is sent back to the C&C.1 KB (171 words) - 16:27, 7 February 2015
- ...ration, which disabled the botnet and its backup infrastructure from the C&C.1 KB (232 words) - 19:00, 7 February 2015
- |Link=http://c-apt-ure.blogspot.fr/2012/06/introducing-ponmocup-finder.html c-apt-ure.blogspot.fr |NomRevue=c-APT-ure691 bytes (95 words) - 16:27, 7 February 2015
- ...( ? behind Reveton) is using it to spread Reveton which dress from its C&C with a new "Autumn Collection" and is targeting at least 4 new countries :708 bytes (98 words) - 19:00, 7 February 2015
- ...alware is a ZeuS version 3 variant that uses peer-to-peer as its primary C&C channel and only resorts to the DGAgenerated domains if it fails1 KB (202 words) - 22:58, 5 August 2015
- ...nfect a machine, download the necessary data from a command and control (C&C) server to create spam email messages, and then send the spam out using the ...its droppers, how its bootkit functions and how it communicates with its C&C server.1 KB (216 words) - 22:51, 5 August 2015
- ...up in the last couple weeks is called ZeroLocker. There's indication the C&C configuration contains some errors which would prevent successful decryptio720 bytes (105 words) - 18:47, 8 February 2015
- ...r that creates a Peer-to-Peer (P2P) network of infected computers (using C&C, for instance), and includes a nasty list of payloads, as well as unique me761 bytes (103 words) - 01:11, 31 July 2015
- ...ted machines failed to uncover the characteristic communicatation with a C&C. After closer examination it appeared that the sample was probably a new ve724 bytes (112 words) - 22:52, 5 August 2015
- ...this family (derived from the hostname of one of the initially observed C&C servers.)811 bytes (120 words) - 21:30, 5 August 2015
- ...on the victim host and then sends system/web browser details back to the C&C. The botmasters can use this setup to “spoof” banking requests as the u753 bytes (108 words) - 18:49, 8 February 2015
- ...quest, encrypts the requested data, and sends it to a command & control (C&C) server.838 bytes (115 words) - 22:49, 5 August 2015
- * Load [[feature::Advertising|advertising]] (called AdSense in C&C)882 bytes (109 words) - 15:42, 8 August 2015
- ...an.Ransomlock.K and the use of a control panel on a command-and-control (C&C) server which gave it the ability to serve localized social engineering mes857 bytes (127 words) - 21:49, 5 August 2015
- ...targeted campaigns. Because of the active investigation, I cannot reveal C&C domains used in the samples.1,013 bytes (145 words) - 00:33, 31 July 2015
- |Programming language=C, Go,313 bytes (43 words) - 12:09, 30 October 2016
- C&C :1,015 bytes (149 words) - 15:45, 8 August 2015
- ...ervers. Infected W32.Xpaj.B executables send a download request to these C&C servers. Analysis of the threat’s backend control infrastructure revealed2 KB (266 words) - 21:43, 5 August 2015
- ...enters in New York City and Chicago were raided and a command & control (C&C) infrastructure consisting of more than 100 servers was taken offline. At t941 bytes (138 words) - 22:13, 5 August 2015
- ...one of the biggest remaining mysteries about Duqu – the oddities of the C&C communications module which appears to have been written in a different lan1 KB (161 words) - 18:57, 7 February 2015
- ** The top three hosting countries for the c&c servers are Russia (26 hosts), Romania (15 hosts) and the Netherlands (12 h * because no binary samples have been located a sinkhole capturing c&c traffic from infected devices around the world, and a memory snapshot from3 KB (411 words) - 18:52, 8 February 2015
- |Programming language=Visual C++,272 bytes (32 words) - 06:40, 14 August 2015
- ...several groups of features that allow Disclosure to reliably distinguish C&C channels from benign traffic using NetFlow records (i.e., flow sizes, clien ...strates that Disclosure is able to perform real-time detection of botnet C&C channels over datasets on the order of billions of flows per day.2 KB (266 words) - 22:58, 5 August 2015
- $c = /\/[A-Za-z]*\?hl=en/ (($a1 or $a2) or $b) and $c1 KB (126 words) - 15:44, 8 August 2015
- |Programming language=C++,458 bytes (57 words) - 00:07, 21 August 2015
- ...to the web server, logs them and sends them to its command and control (C&C) server, thereby gaining access to all login credentials, transactions, etc1 KB (158 words) - 22:49, 5 August 2015
- ...Downloader that continuously connects to one of its command-and-control (C&C) servers and waits for new components to download and execute. The bot locates its C&C servers by domain names, and these names are generated using two algorithms2 KB (308 words) - 18:58, 7 February 2015
- ...o real surprise, during analysis we found an active command-and-control (C&C) server login used by the threat.1 KB (161 words) - 21:51, 5 August 2015
- * [[feature::Upload minidump]] crash dump to C&C for debugging1 KB (133 words) - 06:45, 14 August 2015
- This sample contains two C&C url which in fact are at the moment pointing to the same server at IP 50.11977 bytes (157 words) - 16:29, 7 February 2015
- ...brary, but actually receives commands from a remote Command and Control (C&C) server, which allow it to engage in sending text messages to premium numbe1 KB (170 words) - 13:10, 31 July 2015
- In the latest batch of C&C servers we have analyzed, not only has the list of countries increased but1 KB (162 words) - 22:13, 5 August 2015
- The botnet used multiple proxy servers to hide real C&C servers.1 KB (172 words) - 22:53, 5 August 2015
- ...operation of Miniduke including its stages, and also information on the C&C infrastructure and communications. We have published another report from Cr1 KB (170 words) - 16:29, 7 February 2015
- C&C Call1 KB (150 words) - 15:49, 8 August 2015
- * a DLL that has an additional module and works with the C&C; and1 KB (208 words) - 05:04, 19 August 2015
- ...ut right now we aren’t aware of large botnets based on Rovnix.D, and the C&C indicates that the number of currently active bots is 8,417.1 KB (177 words) - 16:27, 7 February 2015
- C&C Call :2 KB (285 words) - 15:48, 8 August 2015
- ...analysis of the botnet’s inner details. Because we gained access to the C&C database, objective statistics of the botnet is included at the end of the1 KB (202 words) - 16:29, 7 February 2015
- ...omains greatfull-toolss.ru and greatfull.ru for its command and control (C&C). As we will discuss later, a third domain, hellcomeback.ru, was also utili1 KB (210 words) - 22:23, 5 August 2015
- ...lux networks, which are a DNS technique used by botnets to hide the main C&C servers.1 KB (198 words) - 22:57, 5 August 2015
- ...nce few days being spread in a new version tagged by Microsoft as revision C.543 bytes (70 words) - 19:03, 7 February 2015
- ...information on how to acquire the crimeware, which is evident in the few C&C has, and undoubtedly, this categorization of "resource criminal private" ke2 KB (242 words) - 22:52, 30 July 2015
- c&c2 KB (177 words) - 06:54, 15 August 2015
- ...pt one) so its analysis is easier than the dropper. It also uses Objective-C heavily, which is still a bit annoying in IDA but has the advantage of the621 bytes (89 words) - 21:31, 5 August 2015
- IP addresses for the command and control (C&C) servers. These servers are used to deliver encrypted binary large objects2 KB (244 words) - 21:51, 5 August 2015
- ...(ce dernier n’a pas de fonction de lock) : O4 – HKLM..Run: [M1qlOHhkvQqm] C:M1qlOHhkvQqmM1qlOHhkvQqm.exe<br/>630 bytes (87 words) - 12:48, 31 July 2015
- ...a very simple IRC protocol to communicate with the command and control (C&C) server, it was able to build a substantial installation base after a coupl2 KB (263 words) - 21:50, 5 August 2015
- ...and recovery of the actual C&C server difficult. The traffic-forwarding C&C servers were scrubbed on October 20, 2011, so limited information was recov ...In addition to this infostealer, three more DLLs were pushed out by the C&C server on October 18.<br>8 KB (1,282 words) - 21:42, 5 August 2015
- ...ate’s [[Xuxian Jiang]], and began investigating the command-and-control (C&C) servers associated with the threat. The malware was discovered on a third2 KB (286 words) - 16:11, 8 August 2015
- reveal that 20% of the C&C servers remain operable on long term. Moreover, we observe steady migration2 KB (270 words) - 23:31, 30 July 2015
- |Author=Brooks Li, Joseph C. Chen,745 bytes (105 words) - 15:27, 1 January 2017
- The Nitol trojan that is installed on computers is written in Visual C++ with a lot of bugs in the code, apparently written by an untrained progra863 bytes (115 words) - 12:45, 31 July 2015
- ...bling that of Flame, a similar code base and system for communicating to C&C servers, as3 KB (394 words) - 23:24, 21 March 2016
- ...xecute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wil710 bytes (101 words) - 12:15, 19 March 2016
- <NOWIKI>87.107.121.138 POST /price.php </NOWIKI> 21/10/12 - SubC&C1 KB (149 words) - 15:47, 8 August 2015
- ...d and were very easy to reverse engineer. The Trojan was written in Visual C++ either in a hurry or by an untrained programmer. We found a lot of bugs i1 KB (161 words) - 22:05, 5 August 2015
- The trojan in question is rather sophisticated. It is written in C++ and uses rootkit techniques to conceal its presence, though on occasion,1,020 bytes (154 words) - 00:06, 21 August 2015
- ...executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the latest offerings1 KB (160 words) - 21:50, 5 August 2015
- ...o node comes pre-configured with the locations of two Command & Control (C&C) servers, known as “gates” from which it can download updates, receive3 KB (491 words) - 21:31, 5 August 2015
- |Author=Ping Wang, Sherri Sparks, Cliff C. Zou, ...es robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and re1 KB (201 words) - 19:38, 31 July 2015
- |Language1=C#1 KB (171 words) - 15:48, 8 August 2015
- ...=* Uses twitter predefined accounts for commands (to point at URLs for the C&Cs)1 KB (165 words) - 15:50, 8 August 2015
- ...al service for RDP access, all maintaining identical copies of the custom, C# server manager software. These servers also act as the stolen data drops.2 KB (258 words) - 19:02, 7 February 2015
- |Introduction=Autrement appelé ''Destination Darkness Outlaw System'', c'est un botnet développé pour réaliser des attaques en déni de service d2 KB (200 words) - 15:45, 8 August 2015
- ...the HTran connection bouncer has been observed, indicating that selected C&C’s were simply compromised sites used to relay traffic elsewhere.2 KB (308 words) - 16:16, 5 August 2015
- === C === === C ===10 KB (847 words) - 12:17, 14 March 2020
- ...executables, which we have reverse engineered to an approximation of their C source code implementation. The iKee bot is one of the2 KB (306 words) - 16:35, 31 July 2015
- ** Soit à sens unique, c'est-à-dire permettant uniquement au bot de recevoir des commandes3 KB (467 words) - 10:39, 27 July 2015
- |Language1=C++4 KB (616 words) - 22:44, 1 February 2015