Cimbot - A technical analysis
Jump to navigation
Jump to search
(Publication) Google search: [1]
| Cimbot - A technical analysis | |
|---|---|
| Botnet | Cimbot |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2009 / 2009-03-16 |
| Editor/Conference | FireEye |
| Link | https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html (Archive copy) |
| Author | Julia Wolf |
| Type | Blogpost |
Abstract
“ I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from vazasaki-ji.info (91.211.65.180 as of Mar 11, 2009). These GIF files however are not well-formed — that is to say, it's a GIF89a header, followed by a lot of random gibberish.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2014,
editor = {FireEye},
author = {Julia Wolf},
title = {Cimbot - A technical analysis},
date = {16},
month = Mar,
year = {2009},
howpublished = {\url{https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html}},
}