The DGA of Symmi

From Botnets.fr
Revision as of 16:45, 12 August 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Symmi, |Feature=Domain generation algorithm, |Year=2015 |Date=2015-01-21 |Editor=Johannes Bader |Link=http://www.johannesbader.ch/2015/01/the-dga-of-symm...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

The DGA of Symmi
Botnet Symmi
Malware
Botnet/malware group
Exploit kits
Services
Feature Domain generation algorithm
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-01-21
Editor/Conference Johannes Bader
Link http://www.johannesbader.ch/2015/01/the-dga-of-symmi/ (Archive copy)
Author Johannes Bader
Type Blogpost

Abstract

Looking through the most recent reports on malwr.com, a sample sparked my interest because it suits my current interest in domain generation algorithms (DGA). Virus scanners label the sample as Symmi, other names for the same or similar malware family are MewsSpy and Graftor. The sample is very noisy. It tries to resolve many domains in a short period of time — only limited by the response time of the DNS server.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR4647,
   editor = {Johannes Bader},
   author = {Johannes Bader},
   title = {The DGA of Symmi},
   date = {21},
   month = Jan,
   year = {2015},
   howpublished = {\url{http://www.johannesbader.ch/2015/01/the-dga-of-symmi/}},
 }