Difference between revisions of "Andromeda"
Jump to navigation
Jump to search
m (Text replacement - "OS1=" to "Target=") |
|||
| Line 7: | Line 7: | ||
* SOCKS4 proxy module | * SOCKS4 proxy module | ||
* Rootkits | * Rootkits | ||
|Target=Microsoft Windows | |||
|UserAgent=Mozilla/4.0 | |||
|CCProtocol=HTTP | |||
|Feature=File download, | |||
|BeginYear=09/2011 | |||
|EndYear=Unknown | |||
|Group=Banking | |||
|Fonctionnalités=* Anti-VM/Anti-Debugging | |Fonctionnalités=* Anti-VM/Anti-Debugging | ||
* Sandbox Detection | * Sandbox Detection | ||
| Line 17: | Line 22: | ||
ZwResumeThread | ZwResumeThread | ||
ZwUnmapViewOfSection | ZwUnmapViewOfSection | ||
|Commercialisation=* v 01.x : 300$ | |Commercialisation=* v 01.x : 300$ | ||
* v 02.x : 500$ | * v 02.x : 500$ | ||
| Line 24: | Line 28: | ||
* Keylogger : 200$ | * Keylogger : 200$ | ||
* Ring3 Rootkit : 300$ | * Ring3 Rootkit : 300$ | ||
|Etat=Unknown | |Etat=Unknown | ||
|Alias1=Gamarue | |Alias1=Gamarue | ||
|Vendor1=Microsoft | |Vendor1=Microsoft | ||
|Victime4= | |Victime4= | ||
}} | }} | ||
Revision as of 15:12, 17 July 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Andromeda | |
|---|---|
| Alias | |
| Group | Banking |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | Microsoft Windows |
| Origin | |
| Distribution vector | |
| UserAgent | Mozilla/4.0 |
| CCProtocol | HTTP (Centralized) |
| Activity | 09/2011 / Unknown |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Andromeda est un botnet basé sur HTTP qui inclus
Plugins :
- Keyloggers
- Form grabbers
- SOCKS4 proxy module
- Rootkits
Features