Licat

Description

(johannesbader) Murofet, also called LICAT, is a member of the Zeus family. It uses a Domain Generation Algorithm (DGA) to determine the current C2 domain names. There exist at least three different versions of Murofet’s DGA, some of which I couldn’t find reimplementations online. In this short blog post I list the three variants that I looked at and discuss the properties of each. Although all versions share a similar algorithm, the resulting domains are very different.

Names

Name
Licat
Murofet

Category

Malware

Type

  • Banking trojan
  • Backdoor
  • Info stealer
  • Credential stealer
  • Botnet

Information

Malpedia

Other Information

Uuid

fc0c4e94-c35f-4245-80b1-6862ce4cd9fa

Last Card Change

2020-05-24