Security and Communication Networks

Research Article

Characterizing Anomalies in Malware-Generated HTTP Traffic

Table 10

Top 5 malware families in categories grouped by the number of request groups.


Family name	Number of request groups

Backdoor
Htbot	3
GrayBird	2
Dimnie	2
Zeprox	1
Votwup.D	1
Mokes	1

Banker
Ursnif	27
Dreambot	24
Chthonic	12
Emotet	11
Kronos	10

Bruteforce
No-name	6
Pifagor	2

Clicker
KOVTER	6
Zeroaccess	4
Sefnit	2
Miuref/Boaxxe	1

DDoS
DirtJumper	17
MegalodonHTTP	4
Madness	2
MedusaHTTP	1

Downloader
Pony	21
Nemucod	19
SmokeLoader	17
Locky	12
Zbot	11

Downloader/JS
No-name	8
Cryxos	4

IP check
No-name	28

Keylogger
AgentTesla	3
Keybase	2
KeyLogger.acqh	1

Maldoc
No-name	16

Malicious download
No-name	20

Miner
No-name	11
Adylkuzz	4
1ms0rry	2
Smominru	1

Other
FakeAlert.jh	3
Ratankba	1
Psiphon	1
No-name	1
DustySky	1

PUA/Adware
Wizzcaster	3
InstallCapital	3
BubbleDock	3
Sureseeker	2
OfferCast	2

Ransomware
Locky	38
AlphaCrypt	8
PadCrypt	4
Sage	3
Fatboy	3

RAT
Quasar	2
XPCSpyPro	1
TViewer	1
Teamspy	1
ShinoBot	1

Spambot
Kelihos.F	8
Necurs	5
XnxxAgent	3
Sality	3
Tofsee	1

Stealer
AZORult	11
Loki	10
FormBook	6
WernikStealer	2
Hawkeye	2

Trojan
Zbot	29
No-name	16
Andromeda	12
Graftor	7
Betabot	6

UA problem
No-name	26