Difference between revisions of "Casier"

From Botnets.fr
Jump to navigation Jump to search
Line 16: Line 16:
   <NOWIKI>lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81 </NOWIKI> 04/09/12
   <NOWIKI>lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81 </NOWIKI> 04/09/12
   <NOWIKI>87.107.121.138 POST /price.php </NOWIKI> 21/10/12 - SubC&C
   <NOWIKI>87.107.121.138 POST /price.php </NOWIKI> 21/10/12 - SubC&C
|Alias=Retacino, Karagny.L,
|Alias=Retacino, Karagny.L, Undefined-07,
|Target=Microsoft Windows,
|Target=Microsoft Windows,
|UserAgent=Unknown
|UserAgent=Unknown

Revision as of 21:23, 30 July 2015

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Casier
Alias Retacino, Karagny.L, Undefined-07
Group Police lock
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent Unknown
CCProtocol Unknown ()
Activity 2012 / Unknown
Status Unknown
Language
Programming language
Operation/Working group

Introduction

Samples of the Karagny.L (? MS) Dropper: MD5:

 69e83126e526bda1edb44c802d9a1a6c
 13d4fa60a9bd7c12c0020ec3031cdc8e
 f3b37ec88b279cb6f6a10df5104543c1
 884f5d75b9ed1dcf9248a2378f82db72
 1b0edaa16e19954f319088fbf5f67829
 9a42acc44c3ab4435e3c160d8bcfaead 28/08/2012
 df2dc152f63576fda0c1bcd846840d65 04/09/12
 a4811501e920c5f39229dbbca41aa816 21/10/12

http:

 logunasens10.in POST /image/9rs/price.php 64.62.146.82 
 lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81  04/09/12
 87.107.121.138 POST /price.php  21/10/12 - SubC&C

Features

Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Gangstaservice Winlock AffiliateXylitolXylibox2012
Karagny.L unpackRootBSDMalware.lu2012
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian (Kafeine2012
Ransomware « Trojan.Casier » PanelMalekal morteMalekal2012