The DGA of Symmi
Revision as of 16:45, 12 August 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Symmi, |Feature=Domain generation algorithm, |Year=2015 |Date=2015-01-21 |Editor=Johannes Bader |Link=http://www.johannesbader.ch/2015/01/the-dga-of-symm...")
(Publication) Google search: [1]
The DGA of Symmi | |
---|---|
Botnet | Symmi |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | Domain generation algorithm |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-01-21 |
Editor/Conference | Johannes Bader |
Link | http://www.johannesbader.ch/2015/01/the-dga-of-symmi/ (Archive copy) |
Author | Johannes Bader |
Type | Blogpost |
Abstract
“ Looking through the most recent reports on malwr.com, a sample sparked my interest because it suits my current interest in domain generation algorithms (DGA). Virus scanners label the sample as Symmi, other names for the same or similar malware family are MewsSpy and Graftor. The sample is very noisy. It tries to resolve many domains in a short period of time — only limited by the response time of the DNS server.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4647, editor = {Johannes Bader}, author = {Johannes Bader}, title = {The DGA of Symmi}, date = {21}, month = Jan, year = {2015}, howpublished = {\url{http://www.johannesbader.ch/2015/01/the-dga-of-symmi/}}, }