Make It count: An analysis of a brute-forcing botnet

What does a botnet do when it gets bored? Make every infection second count – even if it means to use the infection time for brute forcing.
This presentation aims to show a complete sandbox infection cycle, which started with a seemingly Gamarue infection and end up with an automated horizontally brute forcing malware and more than 4000 WordPress sites targeted.

By performing an in-depth network traffic analysis of a 15 days network capture, the talk will unveil how this botnet works, in particular:

A detailed timeline of the infection
Different command and control channels identified and different usages
Characteristics of the horizontal brute forcing and how it is actually performed
The uncovered infrastructure of the botnet
Network IOCs for identifying the threat
A short analysis of the targeted sites – who’s been targeted and commonalities among them

Bio
Twitter
Latest Posts

Veronica Valeros

Veronica specializes in malware network traffic analysis and network behavioral patterns. Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems.

@verovaleros

Woman. Hacker. Mentor. Optimist. Speaker. Malware Researcher. Studying Remote Access Trojans. Working at @civilsphere // Founder @womenintechfund & @mateslab

RT @x0rz: I need this in my life: a terminal user-interface for tshark https://t.co/iDxj1Mz5Kj https://t.co/siG3ANFo0w - 7 hours ago

Latest posts by Veronica Valeros (see all)

2015, Short talk