Cimbot - A technical analysis
Jump to navigation
Jump to search
(Publication) Google search: [1]
Cimbot - A technical analysis | |
---|---|
Botnet | Cimbot |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2009 / 2009-03-16 |
Editor/Conference | FireEye |
Link | https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html (Archive copy) |
Author | Julia Wolf |
Type | Blogpost |
Abstract
“ I was recently sent a .pcap file of a bot's C&C communications. Every 182 seconds, the bot would download a GIF file from vazasaki-ji.info (91.211.65.180 as of Mar 11, 2009). These GIF files however are not well-formed — that is to say, it's a GIF89a header, followed by a lot of random gibberish.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2014, editor = {FireEye}, author = {Julia Wolf}, title = {Cimbot - A technical analysis}, date = {16}, month = Mar, year = {2009}, howpublished = {\url{https://www.fireeye.com/blog/threat-research/2009/03/cimbot-a-technical-analysis.html}}, }