Difference between revisions of "Alina"

From Botnets.fr
Jump to navigation Jump to search
Line 1: Line 1:
{{Botnet
{{Botnet
|Introduction=* in version 4.0 of feb. 2013 the XOR key used was 0xAB
|Introduction=* starting v2 XOR was added and the key used was 0xAB
* starting version 3.1 HTTP status code 666
|Target=Microsoft Windows,
|Target=Microsoft Windows,
|CCProtocol=HTTP,
|CCProtocol=HTTP,
|Feature=Regular expression filtering, Memory scrapping, XOR encoding,
|Feature=Regular expression filtering, Memory scrapping, XOR encoding, Logging,
|BeginYear=2012
|Group=Point-of-sale,
|Group=Point-of-sale,
}}
}}

Revision as of 11:56, 18 July 2015

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Alina
Alias
Group Point-of-sale
Parent
Sibling
Family
Relations Variants: Eagle, Spark

Sibling of:
Parent of: Backoff, JackPOS
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol HTTP (Centralized)
Activity 2012 /
Status
Language
Programming language
Operation/Working group

Introduction

  • starting v2 XOR was added and the key used was 0xAB
  • starting version 3.1 HTTP status code 666

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Alina: casting a shadow on POSJosh GrunzweigTrustwave2013
Alina: following the shadow part 1Josh GrunzweigTrustwave2013
Alina: following the shadow part 2Josh GrunzweigTrustwave2013
LogPOS - new point of sale malware using mailslotsNick HoffmanMorphick2015
New PoS malware “Backoff” targets USTrend Micro2014
PoS RAM scraper malware; past, present and futureNumaan Huq2014
Retrieved from "https://www.botnets.fr/index.php?title=Alina&oldid=3637"