Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Solutions for Emerging Risks

Discover tailored resources that translate emerging threats into actionable strategies

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Analyzing a Backdoor/Bot for the MIPS Platform

Download File
Analyzing a Backdoor/Bot for the MIPS Platform (PDF, 3.39MB)Published: 13 Apr, 2015
Created by
Muhammad Junaid Bohio

Malware functionalities have been evolving and so are their target platforms and architectures. Non-PC appliances of different architectures have not traditionally been frequent targets of malware. However, many of those appliances, due to their enhanced processing power and/or low maintenance, provide ideal targets for malware. Moreover, due to the lack of security for home routers, they often remain infected until replaced, thereby providing longer persistence for a malware. Recently, there has been a surge in malware for the MIPS and ARM architectures, targeting specific routers, DVRs, and other appliances. These network devices, in comparison, get less focus from vulnerability researchers and firmware patch application by end-users. This increases the risk of compromise and requires additional skills to cope with malware exploiting these platforms. This paper discusses various tools and techniques for reversing malware for the MIPS platform. We perform static and dynamic analysis of a MIPS malware, discuss its Command and Control mechanism, and provide detection of its network communication.

Additional resources

Hashing and Digital Evidence – Hunting

WhitepaperDigital Forensics and Incident Response
  • 8 Jul 2025

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cybersecurity and IT Essentials
  • 20 May 2025
  • Rebekah Brown, Andreas Sfakianakis

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

WhitepaperArtificial Intelligence, Digital Forensics and Incident Response
  • 13 May 2025
  • SANS Institute

Catching the Hand in the Cookie Jar: Canary Session Cookies

WhitepaperDigital Forensics and Incident Response
  • 17 Apr 2025

A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 17 Apr 2025

SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges

WhitepaperDigital Forensics and Incident Response
  • 13 Mar 2025
  • Josh Lemon

Related courses

  • Slide 1 of 16

    SEC402: Cybersecurity Writing: Hack the Reader

    Essentials
    SEC402Digital Forensics and Incident Response
    FOR528: Ransomware and Cyber Extortion
    • 12 CPEs / 12 Hours (Self-Paced)

    View course detailsRegister
  • Slide 2 of 16

    FOR589: Cybercrime Investigations

    Major UpdatesIntermediate
    FOR589Digital Forensics and Incident Response
    FOR589: Cybercrime Intelligence
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
  • Slide 3 of 16

    FOR585: Smartphone Forensic Analysis In-Depth

    Major UpdatesEssentials
    FOR585Digital Forensics and Incident Response
    FOR585: Smartphone Forensic Analysis In-Depth
    • GIAC Advanced Smartphone Forensics (GASF)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hours of hands-on instruction

    View course detailsRegister
  • Slide 4 of 16

    FOR608: Enterprise-Class Incident Response & Threat Hunting

    Intermediate
    FOR608Digital Forensics and Incident Response
    FOR608: Enterprise-Class Incident Response & Threat Hunting
    • GIAC Enterprise Incident Responder (GEIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
  • Slide 5 of 16

    FOR518: Mac and iOS Forensic Analysis and Incident Response

    Intermediate
    FOR518Digital Forensics and Incident Response
    FOR518: Mac and iOS Forensic Analysis and Incident Response
    • GIAC iOS and macOS Examiner (GIME)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hours of hands-on instruction

    View course detailsRegister
  • Slide 6 of 16

    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

    Intermediate
    FOR508Digital Forensics and Incident Response
    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    • GIAC Certified Forensic Analyst (GCFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 35 Hours of hands-on instruction

    View course detailsRegister
  • Slide 7 of 16

    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

    Advanced
    FOR610Digital Forensics and Incident Response
    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
    • GIAC Reverse Engineering Malware (GREM)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 48 Hours of hands-on instruction

    View course detailsRegister
  • Slide 8 of 16

    FOR578: Cyber Threat Intelligence

    Intermediate
    FOR578Digital Forensics and Incident Response
    FOR578: Cyber Threat Intelligence
    • GIAC Cyber Threat Intelligence (GCTI)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
  • Slide 9 of 16

    FOR509: Enterprise Cloud Forensics and Incident Response

    Intermediate
    FOR509Digital Forensics and Incident Response
    FOR509: Enterprise Cloud Forensics and Incident Response
    • GIAC Cloud Forensics Responder (GCFR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
  • Slide 10 of 16

    FOR528: Ransomware and Cyber Extortion

    Intermediate
    FOR528Digital Forensics and Incident Response
    FOR528: Ransomware and Cyber Extortion
    • 4 Days (Instructor-Led)
    • 24 CPEs / 24 Hours (Self-Paced)
    • Labs: 13 Hours of hands-on instruction

    View course detailsRegister
  • Slide 11 of 16

    FOR577: LINUX Incident Response and Threat Hunting

    newIntermediate
    FOR577Digital Forensics and Incident Response
    FOR577: LINUX Incident Response and Threat Hunting
    • GIAC Linux Incident Responder (GLIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hours of hands-on instruction

    View course detailsRegister
  • Slide 12 of 16

    FOR710: Reverse-Engineering Malware: Advanced Code Analysis

    Advanced
    FOR710Digital Forensics and Incident Response
    FOR710: Reverse-Engineering Malware: Advanced Code Analysis
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 12 Hours of hands-on instruction

    View course detailsRegister
  • Slide 13 of 16

    FOR498: Digital Acquisition and Rapid Triage

    Essentials
    FOR498Digital Forensics and Incident Response
    FOR498: Digital Acquisition and Rapid Triage
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
  • Slide 14 of 16

    SEC403: Secrets to Successful Cybersecurity Presentation

    Essentials
    SEC403Digital Forensics and Incident Response
    FOR500: Windows Forensic Analysis
    • 6 CPEs / 6 Hours (Self-Paced)

    View course detailsRegister
  • Slide 15 of 16

    FOR500: Windows Forensic Analysis

    Essentials
    FOR500Digital Forensics and Incident Response
    FOR500: Windows Forensic Analysis
    • GIAC Certified Forensic Examiner (GCFE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hours of hands-on instruction

    View course detailsRegister
  • Slide 16 of 16

    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

    Advanced
    FOR572Digital Forensics and Incident Response
    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
    • GIAC Network Forensic Analyst (GNFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hours of hands-on instruction

    View course detailsRegister
Analyzing a Backdoor/Bot for the MIPS Platform