Difference between revisions of "Casier"

From Botnets.fr
Jump to navigation Jump to search
 
m (Text replacement - "=Unknown" to "=")
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Botnet
{{Botnet
|Introduction=* Could be related to [[parent::Goldenbaks]]
|Introduction=Samples of the Karagny.L (? MS) Dropper:  
 
Samples of the Karagny.L (? MS) Dropper:  
MD5:
MD5:
   69e83126e526bda1edb44c802d9a1a6c
   69e83126e526bda1edb44c802d9a1a6c
Line 16: Line 14:
   <NOWIKI>lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81 </NOWIKI> 04/09/12
   <NOWIKI>lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81 </NOWIKI> 04/09/12
   <NOWIKI>87.107.121.138 POST /price.php </NOWIKI> 21/10/12 - SubC&C
   <NOWIKI>87.107.121.138 POST /price.php </NOWIKI> 21/10/12 - SubC&C
|Alias=Retacino, Karagny.L, Undefined-07,
|Parent=Goldenbaks,
|Target=Microsoft Windows,
|UserAgent=
|CCProtocol=
|Feature=Affiliation,
|Status=
|BeginYear=2012
|EndYear=
|Group=Police lock, Ransomware,
|Illustrations==== 2012/09 ===
|Illustrations==== 2012/09 ===
{{#ask: [[threat::Casier]][[month::2012-09]]
{{#ask: [[threat::Casier]][[month::2012-09]]
Line 25: Line 33:
|format=gallery|perrow=4|widths=300|heights=300
|format=gallery|perrow=4|widths=300|heights=300
}}
}}
|UserAgent=Unknown
|CCProtocol=Unknown
|Target=Unknown
|Status=Unknown
|BeginYear=2012
|EndYear=Unknown
|Group=Police lock
|Alias=Karagny.L
|Vendor1=Microsoft
|Vendor1=Microsoft
|Alias=Retacino
|Vendor2=Eset
|Vendor2=Eset
|Victime4=
|Victime4=
}}
}}

Latest revision as of 14:47, 8 August 2015

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Casier
Alias Retacino, Karagny.L, Undefined-07
Group Police lock, Ransomware
Parent Goldenbaks
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol
Activity 2012 /
Status
Language
Programming language
Operation/Working group

Introduction

Samples of the Karagny.L (? MS) Dropper: MD5:

 69e83126e526bda1edb44c802d9a1a6c
 13d4fa60a9bd7c12c0020ec3031cdc8e
 f3b37ec88b279cb6f6a10df5104543c1
 884f5d75b9ed1dcf9248a2378f82db72
 1b0edaa16e19954f319088fbf5f67829
 9a42acc44c3ab4435e3c160d8bcfaead 28/08/2012
 df2dc152f63576fda0c1bcd846840d65 04/09/12
 a4811501e920c5f39229dbbca41aa816 21/10/12

http:

 logunasens10.in POST /image/9rs/price.php 64.62.146.82 
 lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81  04/09/12
 87.107.121.138 POST /price.php  21/10/12 - SubC&C

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Gangstaservice Winlock AffiliateXylitolXylibox2012
Karagny.L unpackRootBSDMalware.lu2012
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian (Kafeine2012
Ransomware « Trojan.Casier » PanelMalekal morteMalekal2012