4n6strider

Your Data Zen starts here.

Sathurbot: The Bruteforcing of a WordPress sites

Sathurbot is an aggressive malware with fascinating spreading mechanism and effective workflow.

The idea behind these visualizations is to use the Graph Theory to analyze network traffic, identify and classify malware even in encrypted network traffic (“HTTPS” and other protocols).

1] Above is a schema of communication – so called conversations or netflows – of infected host and its Command and Control (CnC) servers.

 

Each main node is surrounded by circle of time stamps. Each time stamp stands for time of occurrence of a net flow – or say the conversation over the network between infected host getting instructions from its command and control server.

 

2] Next visual shows captured network communication of the infected host.

It shows POST/GET request used for communication with CnC servers, search engines and other members of Sathurbot infrastructure.

3] Another visualization, same data but payload was a little bit sorted:

4] Schema of involved entities:
{Including infected host, trackers, search engines, CnC servers.}

 

Credits:

Data for these visualizations were generated by Sebastian Garcia.
Purpose was to provide input for research conducted by Veronica Valeros and Anna Shirokova.

Results of the research were presented on Conference BruCon. {https://www.youtube.com/watch?v=q0GlAWbMeMo&sns=tw
}

 

Next Post

© 2017 4n6strider

Theme by Anders Norén