A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #22417  by Xylitol
 Tue Feb 07, 2012 1:19 pm
Citadel samples by version:
Citadel 1.3.4.0
Citadel 1.3.4.5
Citadel 1.3.5.1
Citadel 1.2.0.0
Citadel 3.1.0.0
Atmos 0.0.1.1

Related materials:
Backdoor.Citadel.BkCnct
Hacktool.Citadel.Builder
Troj.ZbotPHP-A

Microsoft lawsuit against Citadel botherders: >>146519568

For 1.2.0.0 and 3.1.0.0 those are *private* version of Citadel, if you look for ressources:
S21Sec: Citadel hasn't gone
S21sec: Citadel "involution"
S21sec: Zeus-Я-uS
S21sec: ZeuS timeline 2
Hexacorn: Zeus trivia

Atmos, version 0.0.1.0 and 0.0.1.1:
JPCERT: Banking Trojan “Citadel” Returns
 #11529  by sleeper
 Thu Feb 09, 2012 1:05 pm
New Zeus Clone.

Was featured by Brian Krebs and seems to have some interesting Features (see here).

Anybody got a sample?
 #13278  by Xylitol
 Thu May 17, 2012 3:13 pm
Image Citadel C&C appeared today on ZeuS tracker, so far no sample.
Image Image Image Image Image
Image
Code: Select all
http://188.162.10.19/cp.php?m=login
http://188.162.10.19/file.php
http://188.162.10.19/api.php
http://188.162.10.19/gate.php
http://188.162.10.19/theme/style.css
http://188.162.10.19/theme/images/citadel.jpg
http://188.162.10.19/images/
http://188.162.10.19/files/
http://188.162.10.19/public/
http://188.162.10.19/system/
  • 1
  • 2
  • 3
  • 4
  • 5
  • 20