0

I've been able to find readily available botnet source code online however I'm currently working on my university research project and require access to an actual botnet client which encompases DGA's (Domain Generation Algorithms) and is live (the part the hacker infects the user with), as I need to do some network traffic analysis.

My analysis will look at the DGA's generated by the botnet client, however I need these to be current and registered domains, hence the need for a live botnet client.

I've searched the internet far and wide but can't seem to find anything which is sort of ironic.

If anyone could point me in the right direction I'd be forever grateful.

FullTimeCode
  • 1
  • 2
    Set up an intentionally vulnerable WordPress honeypot, wait for someone to pwn your server and watch the traffic once they use your server as a botnet client – Paradoxis Mar 07 '17 at 07:33
  • As @Paradoxis said, a honeypot is probably your best choice. But I'd like to suggest a simpler honeypot - just listen for ssh connections on port 22 with default passwords. The bot net will be at your door shortly :) Of course you should do that carefully, so read how to host a honeypot safely. – MiaoHatola Mar 07 '17 at 07:46
  • You appear to have some very specific and limiting requirements: live, source available, and using a specific technique. I'm not sure there is a common source to meet these specifics. Also, after a quick Google search, I'm running into a lot of results on this. Have you done some research? – schroeder Mar 07 '17 at 08:04

2 Answers2

1

Maybe try asking your local countries cybercrime department of the police?

I have no idea if they would answer a question like that but you might be doing useful research that they can use as well, so try to explain the mutual benefit of information sharing!

schroeder
  • 123,438
  • 55
  • 284
  • 319
Wealot
  • 879
  • 2
  • 12
  • 25
0

For the DGA part, I think you might be able to look for historical resources, rather than needing a live botnet. A good resource to look at is http://resources.infosecinstitute.com/domain-generation-algorithm-dga/, which provides an example DGA with code.

You might also consider checking the ISC, where DGA is frequently mentioned (e.g. https://isc.sans.edu/forums/diary/Mirai+now+with+DGA/21799).

For Malware, theZoo seems promising (http://thezoo.morirt.com/). Again, checking the ISC is worthwhile, since they frequently provide malware analysis, and generally make samples available via http://www.malware-traffic-analysis.net/.

http://www.malware-traffic-analysis.net is probably going to provide you what you are looking for, and also provides pre-baked pcaps you can use in place of infecting your own VMs.

iwaseatenbyagrue
  • 3,631
  • 1
  • 12
  • 24