MMD-0054-2016 - ATMOS botnet facts you should know

This post is about recent intelligence and sharing information of the currently emerged credential stealer and spying botnet named “Atmos”, for the purpose of threat recognizing, incident response and may help reverse engineering.

For the the reference, first publicity and thorough technical analysis of the threat was posted by Xylit0l [link] in Xylibox blog [link]. His post contains good technical details with screenshots of the botnet functions. I strongly recommend you to take a look at his post first before reading this, or before you “google” other posts about Atmos botnet, to have you a good correct basic background & know-how on this threat beforehand, specially to the sysadmins and incident response team.