Cimbot - A technical analysis

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Cimbot - A technical analysis
Botnet Cimbot
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2009 / 2009-03-16
Editor/Conference FireEye
Link https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html (Archive copy)
Author Julia Wolf
Type Blogpost

Abstract

I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from vazasaki-ji.info (91.211.65.180 as of Mar 11, 2009). These GIF files however are not well-formed — that is to say, it's a GIF89a header, followed by a lot of random gibberish.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2014,
   editor = {FireEye},
   author = {Julia Wolf},
   title = {Cimbot - A technical analysis},
   date = {16},
   month = Mar,
   year = {2009},
   howpublished = {\url{https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html}},
 }