Difference between revisions of "Galock"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "=Unknown" to "=") |
||
| Line 18: | Line 18: | ||
|Illustrations={{Illustrations associées}} | |Illustrations={{Illustrations associées}} | ||
|UserAgent= | |UserAgent= | ||
|CCProtocol= | |CCProtocol= | ||
|Target= | |Target= | ||
|Status= | |Status= | ||
|BeginYear=2013-02 | |BeginYear=2013-02 | ||
|EndYear= | |EndYear= | ||
|Group=Police lock | |Group=Police lock | ||
|Vector=RedKit | |Vector=RedKit | ||
Latest revision as of 15:49, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Galock | |
|---|---|
| Alias | |
| Group | Police lock |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | |
| Origin | |
| Distribution vector | RedKit |
| UserAgent | |
| CCProtocol | |
| Activity | 2013-02 / |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
2013-03-21 Files stored in %Appdata% with UID name.
- Jpeg (generated on the fly with hardcoded data) - exe
md5
4b0be767a3c3adb528220756579b1086 - 8e5a21921e2ae8853143bfe84d564232 - 5a483877c0bba2bab9c4510b2c31cd3a 2013-03 244e7918670f01901c9502b5f34a59e1 - 31b1e0ed90dfe17ec959436792c8a99c - 928574ec069404777ad22799d0c96688 2013-03
httpget
194.242.59.55 /get_image?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252 /knock?uid=[GUID]&os=5&partner_id=11&hostname=[COMPUTERNAME]&account=[USERNAME]&language=ENU&codepage=1252
Features
Associated images
Galock US 2013-03
