Make It count: An analysis of a brute-forcing botnet

What does a botnet do when it gets bored? Make every infection second count – even if it means to use the infection time for brute forcing.
This presentation aims to show a complete sandbox infection cycle, which started with a seemingly Gamarue infection and end up with an automated horizontally brute forcing malware and more than 4000 WordPress sites targeted.

By performing an in-depth network traffic analysis of a 15 days network capture, the talk will unveil how this botnet works, in particular:

  • A detailed timeline of the infection
  • Different command and control channels identified and different usages
  • Characteristics of the horizontal brute forcing and how it is actually performed
  • The uncovered infrastructure of the botnet
  • Network IOCs for identifying the threat
  • A short analysis of the targeted sites – who’s been targeted and commonalities among them
presentation presentation videoicon
Print Friendly, PDF & Email
Veronica Valeros
Veronica specializes in malware network traffic analysis and network behavioral patterns. Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems.