The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Blog
http://malware.dontneedcoffee.com
@Kafeine
Publications
| Botnet | Campaign | Year |
---|
"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise | CTB-Locker | | 2014 |
1940 IPs for a BHEK/ULocker server - Nexcess-Net | ULocker | | 2012 |
A ScarePakage variant is targeting more countries : impersonating Europol and AFP | ScarePakage | | 2014 |
And real name of Magnitude is.... | | | 2014 |
Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel | | | 2012 |
CVE-2012-4681 - On its way to Sakura Exploit Kit too | | | 2012 |
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo | | | 2012 |
CVE-2012-4681 - Связка Sweet Orange | | | 2012 |
CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1 | | | 2012 |
CVE-2013-1493 (jre17u15 - jre16u41) integrating exploit kits | Urausy | | 2013 |
CVE-2013-2465/CVE-2013-2471/CVE-2013-2463 integrating Exploit Kits -- jre7u21 CVE- jre6u45 and earlier | | | 2013 |
CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites | Lurk | | 2014 |
CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits | | | 2015 |
Carberp, the renaissance ? | Carberp | | 2012 |
Cool EK : "Hello my friend..." CVE-2012-5076 | | | 2012 |
Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop | | | 2012 |
CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler | CryptXXX Bedep Reveton | | 2016 |
Fast look at Sundown EK | | | 2015 |
Fast look at an infection by a Blackhole Exploit Kit 2.0 | | | 2012 |
From Sakura to Reveton via Smoke Bot - or a botnet distribution of Reveton | Smoke Bot Reveton | | 2012 |
Gimemo finally targeting USA with Camera Feature too | Gimemo | | 2012 |
Gimemo wants to play in the big league | Gimemo | | 2012 |
Hello Neutrino ! (just one more Exploit Kit) | | | 2013 |
Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel | Andromeda | | 2012 |
Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel | | | 2012 |
Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel | Citadel | | 2012 |
Inside Impact exploit kit | | | 2012 |
Inside Pony 1.7 / Fareit C&C - Botnet Control Panel | Pony | | 2012 |
Inside Smoke Bot - Botnet Control Panel | Smoke Bot | | 2012 |
Inside Smoke Bot - botnet control panel | Smoke Bot | | 2012 |
Inside Styx exploit kit control panel | Urausy | | |
Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel | Upas | | 2012 |
Inside view of Lyposit aka (for its friends) Lucky LOCKER | Lyposit | | 2012 |
Meet "Red Dot exploit toolkit" | | | 2013 |
Meet CritXPack (Previously Vintage Pack) | | | 2012 |
Meet ProPack Exploit Pack - yes that's a lot of pack | Lyposit | | 2012 |
Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE | Ransom.II | | 2012 |
Ransomware : Smile you're on camera - Reveton.C new landing pages | Reveton | | 2012 |
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian ( | Lyposit Casier | | 2012 |
Redkit - one account = one color | | | 2012 |
Redkit : No more money ! Traffic US, CA, GB, AU | | | 2012 |
Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design | Reveton | | 2012 |
Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design | Reveton | | 2012 |
Reveton can speak now ! | Reveton | | 2012 |
Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages | | | 2012 |
Upas Kit (aka Rombrast) integrates webinjects | Upas | | 2012 |
Update to Citadel : 1.3.5.1 Rain Edition. | Citadel | | 2012 |
Update to Citadel : v.1.3.4.5 | Citadel | | 2012 |
Urausy has big plan for Europe - Targeting 3 new countries among which Norway ! | Urausy | | 2012 |
Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing | Urausy | | 2012 |