Difference between revisions of "Andromeda"
Jump to navigation
Jump to search
m (Text replacement - "OS1=" to "Target=") |
|||
Line 7: | Line 7: | ||
* SOCKS4 proxy module | * SOCKS4 proxy module | ||
* Rootkits | * Rootkits | ||
|Target=Microsoft Windows | |||
|UserAgent=Mozilla/4.0 | |||
|CCProtocol=HTTP | |||
|Feature=File download, | |||
|BeginYear=09/2011 | |||
|EndYear=Unknown | |||
|Group=Banking | |||
|Fonctionnalités=* Anti-VM/Anti-Debugging | |Fonctionnalités=* Anti-VM/Anti-Debugging | ||
* Sandbox Detection | * Sandbox Detection | ||
Line 17: | Line 22: | ||
ZwResumeThread | ZwResumeThread | ||
ZwUnmapViewOfSection | ZwUnmapViewOfSection | ||
|Commercialisation=* v 01.x : 300$ | |Commercialisation=* v 01.x : 300$ | ||
* v 02.x : 500$ | * v 02.x : 500$ | ||
Line 24: | Line 28: | ||
* Keylogger : 200$ | * Keylogger : 200$ | ||
* Ring3 Rootkit : 300$ | * Ring3 Rootkit : 300$ | ||
|Etat=Unknown | |Etat=Unknown | ||
|Alias1=Gamarue | |Alias1=Gamarue | ||
|Vendor1=Microsoft | |Vendor1=Microsoft | ||
|Victime4= | |Victime4= | ||
}} | }} |
Revision as of 15:12, 17 July 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Andromeda | |
---|---|
Alias | |
Group | Banking |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | Mozilla/4.0 |
CCProtocol | HTTP (Centralized) |
Activity | 09/2011 / Unknown |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Andromeda est un botnet basé sur HTTP qui inclus
Plugins :
- Keyloggers
- Form grabbers
- SOCKS4 proxy module
- Rootkits
Features