Analyses of malicious software long term activity -a case study

The paper describes the approach, instruments, and their evolution over a prolonged investigation of data collected by a honeypot system. The data is focused on network activity of a cybersecurity threat, in particular, attacks and activity throughout last five years of bots belonging to Smominru botnet. Conducted analyses include, but are not limited to, IP addresses used during attacks, day by day activity and evolution of ma-licious executables distributed over the observation period. The presented results also contain behavioural analysis of the threat and attack sources. Moreover, the paper details the systems used for data acquisition, their modifications along the observations made and all the tools developed to achieve the results.