The DGA of Symmi

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

The DGA of Symmi
Botnet Symmi
Malware
Botnet/malware group
Exploit kits
Services
Feature Domain generation algorithm
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2015 / 2015-01-21
Editor/Conference Johannes Bader
Link http://www.johannesbader.ch/2015/01/the-dga-of-symmi/ (Archive copy)
Author Johannes Bader
Type Blogpost

Abstract

Looking through the most recent reports on malwr.com, a sample sparked my interest because it suits my current interest in domain generation algorithms (DGA). Virus scanners label the sample as Symmi, other names for the same or similar malware family are MewsSpy and Graftor. The sample is very noisy. It tries to resolve many domains in a short period of time — only limited by the response time of the DNS server.

Bibtex

 @misc{Bader2015BFR4647,
   editor = {Johannes Bader},
   author = {Johannes Bader},
   title = {The DGA of Symmi},
   date = {21},
   month = Jan,
   year = {2015},
   howpublished = {\url{http://www.johannesbader.ch/2015/01/the-dga-of-symmi/}},
 }