Difference between revisions of "Kelihos"
Jump to navigation
Jump to search
m (1 revision imported) |
|||
Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Introduction= | |Introduction=First attempt to shut down this botnet was done by closing the cz.cc domain. | ||
[[Image:Kelihos-Infection.png]] | [[Image:Kelihos-Infection.png]] | ||
|Target=Microsoft Windows | |||
|UserAgent=Unknown | |||
|CCProtocol=P2P | |||
|Feature=DDoS, Virtual machine detection, Fast flux, FTP password theft, Firefox password theft, Bitcoin mining, Bitcoin wallet theft, Keylogger, Winpcap interception, Double fastflux, USB vector, Send spam, | |||
|CVE=CVE-2010-2568, | |||
|Status=Unknown | |||
|BeginYear=Unknown | |||
|EndYear=Unknown | |||
|Group=Spamming | |||
|Fonctionnalités=* [[feature::Spam]] | |Fonctionnalités=* [[feature::Spam]] | ||
* [[feature::USB vector]] (2012-10) [[cve::CVE-2010-2568]] | * [[feature::USB vector]] (2012-10) [[cve::CVE-2010-2568]] | ||
Line 19: | Line 28: | ||
|Infrastructure=* P2P via port 80 | |Infrastructure=* P2P via port 80 | ||
|Commercialisation= | |Commercialisation= | ||
|UserAgent2= | |UserAgent2= | ||
|UserAgent3= | |UserAgent3= | ||
Line 27: | Line 35: | ||
|Language3= | |Language3= | ||
|Language4= | |Language4= | ||
|CC2=IRC | |CC2=IRC | ||
|CC3= | |CC3= | ||
|OS2= | |OS2= | ||
|OS3= | |OS3= | ||
|OS4= | |OS4= | ||
|Groupe2= | |Groupe2= | ||
|Vendor1= | |Vendor1= | ||
|Vendor2= | |Vendor2= | ||
|Vendor3= | |Vendor3= | ||
|Vendor4= | |Vendor4= | ||
|Vendor5= | |Vendor5= | ||
|Vendor6= | |Vendor6= | ||
|Vendor7= | |Vendor7= | ||
|Vendor8= | |Vendor8= | ||
|Vendor9= | |Vendor9= | ||
|Vendor10= | |Vendor10= | ||
|Exploitkit2= | |Exploitkit2= | ||
|Exploitkit3= | |Exploitkit3= |
Revision as of 02:21, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Kelihos | |
---|---|
Alias | |
Group | Spamming |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | Unknown |
CCProtocol | P2P (Decentralized) |
Activity | Unknown / Unknown |
Status | Unknown |
Language | |
Programming language | |
Operation/Working group | Operation b79 |
Introduction
First attempt to shut down this botnet was done by closing the cz.cc domain.
Features
CVE: CVE-2010-2568