Difference between revisions of "Atrax"
Jump to navigation
Jump to search
m (Text replacement - "OS1=" to "Target=") |
m (Text replacement - "TOR" to "Tor") |
||
Line 7: | Line 7: | ||
* dlexec – download and execute file | * dlexec – download and execute file | ||
* dlrunmem – download file and inject it to browser | * dlrunmem – download file and inject it to browser | ||
* dltorexec – download | * dltorexec – download Tor executable file and execute | ||
* dltorrunmem – download | * dltorrunmem – download Tor executable file inject it to browser | ||
* update – update itself | * update – update itself | ||
* install – download file, encrypt with AES and save to %APPDATA% | * install – download file, encrypt with AES and save to %APPDATA% | ||
* installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward | * installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward | ||
* kill – terminate all own threads | * kill – terminate all own threads | ||
|Infrastructure=* On | |Infrastructure=* On Tor (found by ESET): iloii7dnyotii3gr.onion (/auth.php) | ||
|UserAgent=Unknown | |UserAgent=Unknown | ||
|CCProtocol= | |CCProtocol=Tor | ||
|Target=Microsoft Windows | |Target=Microsoft Windows | ||
|Etat=Unknown | |Etat=Unknown |
Revision as of 18:19, 3 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Atrax | |
---|---|
Alias | |
Group | Stealing |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | Unknown |
CCProtocol | Tor (Distributed-centralized) |
Activity | 2013 / Unknown |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Features
Associated images
Checksums / AV databases
Publications
Author | Editor | Year | |
---|---|---|---|
The rise of TOR-based botnets | Aleksandr Matrosov | ESET | 2013 |