This is a follow-up blogpost from the IoT Honeypot Analysis Series we have started earlier (here and here). In this episode we go more into understanding packets sent from and to the Edimax IC-7113W camera by using reverse engineering techniques and some hacking.
This blog post describes the analysis of a malware sample that was executed in a RapsberryPi from our IoT laboratory. The SHA256 of the sample that we executed in our laboratory is: d8040a64b88b4a738d333015ddd93a27187abb7584412df56633a7e7d12127f4.
This blogpost aims to give an insight of an IRCBased botnet describing the network behavior and showing the analysis of the C&C. By analyzing this botnet network traffic it was possible to identify the botmasters using an IRC channel and observe not only the conversation between them but also the orders they give to the bot.