Difference between revisions of "Andromeda"
Jump to navigation
Jump to search
m (Text replacement - "CC1=" to "CCProtocol=") |
|||
| (9 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
* SOCKS4 proxy module | * SOCKS4 proxy module | ||
* Rootkits | * Rootkits | ||
|Alias=Gamarue, | |||
|Target=Microsoft Windows | |||
|Vector=Smoke Bot, | |||
|UserAgent=Mozilla/4.0 | |||
|CCProtocol=HTTP | |||
|Feature=File download, | |||
|BeginYear=2011-09 | |||
|Group=Downloading, | |||
|Fonctionnalités=* Anti-VM/Anti-Debugging | |Fonctionnalités=* Anti-VM/Anti-Debugging | ||
* Sandbox Detection | * Sandbox Detection | ||
| Line 17: | Line 23: | ||
ZwResumeThread | ZwResumeThread | ||
ZwUnmapViewOfSection | ZwUnmapViewOfSection | ||
|Commercialisation=* v 01.x : 300$ | |Commercialisation=* v 01.x : 300$ | ||
* v 02.x : 500$ | * v 02.x : 500$ | ||
| Line 24: | Line 29: | ||
* Keylogger : 200$ | * Keylogger : 200$ | ||
* Ring3 Rootkit : 300$ | * Ring3 Rootkit : 300$ | ||
|Etat= | |||
|Etat= | |||
|Alias1=Gamarue | |Alias1=Gamarue | ||
|Vendor1=Microsoft | |Vendor1=Microsoft | ||
|Victime4= | |Victime4= | ||
}} | }} | ||
Latest revision as of 16:02, 19 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Andromeda | |
|---|---|
| Alias | Gamarue |
| Group | Downloading |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | Microsoft Windows |
| Origin | |
| Distribution vector | Smoke Bot |
| UserAgent | Mozilla/4.0 |
| CCProtocol | HTTP (Centralized) |
| Activity | 2011-09 / |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Andromeda est un botnet basé sur HTTP qui inclus
Plugins :
- Keyloggers
- Form grabbers
- SOCKS4 proxy module
- Rootkits
Features