Make It count: An analysis of a brute-forcing botnet

What does a botnet do when it gets bored? Make every infection second count – even if it means to use the infection time for brute forcing.
This presentation aims to show a complete sandbox infection cycle, which started with a seemingly Gamarue infection and end up with an automated horizontally brute forcing malware and more than 4000 WordPress sites targeted.

By performing an in-depth network traffic analysis of a 15 days network capture, the talk will unveil how this botnet works, in particular:

  • A detailed timeline of the infection
  • Different command and control channels identified and different usages
  • Characteristics of the horizontal brute forcing and how it is actually performed
  • The uncovered infrastructure of the botnet
  • Network IOCs for identifying the threat
  • A short analysis of the targeted sites – who’s been targeted and commonalities among them
presentation presentation videoicon
Print Friendly, PDF & Email
Veronica Valeros
Veronica specializes in malware network traffic analysis and network behavioral patterns. Since 2013 she is part of the Cognitive Threat Analytics team, Cisco Systems.
Veronica Valeros


When I was a little girl I wanted to change the world. Maybe someday, I’ll still do it. #hacker #woman #malware
RT @HITBGSEC: #ICYMI The #HITBGSEC website and Call for Papers is now open! Submission deadline: 30th April / Voting Period: 1st May -> 30t… - 16 hours ago