Make It count: An analysis of a brute-forcing botnet

What does a botnet do when it gets bored? Make every infection second count – even if it means to use the infection time for brute forcing.
This presentation aims to show a complete sandbox infection cycle, which started with a seemingly Gamarue infection and end up with an automated horizontally brute forcing malware and more than 4000 WordPress sites targeted.

By performing an in-depth network traffic analysis of a 15 days network capture, the talk will unveil how this botnet works, in particular:

  • A detailed timeline of the infection
  • Different command and control channels identified and different usages
  • Characteristics of the horizontal brute forcing and how it is actually performed
  • The uncovered infrastructure of the botnet
  • Network IOCs for identifying the threat
  • A short analysis of the targeted sites – who’s been targeted and commonalities among them
presentation presentation videoicon
Print Friendly
Veronica Valeros
Veronica specializes in malware network traffic analysis and network behavioral patterns. Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems.