Difference between revisions of "Malware analysis Rannoh/Matsnu"
Jump to navigation
Jump to search
m (Text replacement - " malware.lu" to "") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Image=mlu001.png | |Image=mlu001.png | ||
|Link=http://malware.lu/Pro/RAP001_malware_rannoh_matsnu_1.1.pdf | |Link=http://malware.lu/Pro/RAP001_malware_rannoh_matsnu_1.1.pdf (PDF) | ||
|Author=Paul Rascagnères, Hugo Caron | |Author=Paul Rascagnères, Hugo Caron | ||
|NomRevue=Malware.lu Reports | |NomRevue=Malware.lu Reports | ||
Latest revision as of 20:50, 5 August 2015
(Publication) Google search: [1]
| Malware analysis Rannoh/Matsnu | |
|---|---|
| |
| Botnet | Matsnu |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 001 |
| Editor/Conference | Malware.lu |
| Link | http://malware.lu/Pro/RAP001 malware rannoh matsnu 1.1.pdf (PDF) ((PDF) Archive copy) |
| Author | Paul Rascagnères, Hugo Caron |
| Type | |
Abstract
“ The objective of the mission is to make a complete analysis of a ransomware called
Rannoh/Matsnu. The objective is to be able to understand how this ransomware works, to control if it is possible to recover files encrypted by the ransomware, reverse the communication protocol between the malware and the command & control and to understand the encryption algorithms.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1156,
editor = {Malware.lu},
author = {Paul Rascagnères, Hugo Caron},
title = {Malware analysis Rannoh/Matsnu},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://malware.lu/Pro/RAP001_malware_rannoh_matsnu_1.1.pdf (PDF)}},
}