Difference between revisions of "Rannoh"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "=Unknown" to "=") |
||
Line 12: | Line 12: | ||
|CC2=HTTPS | |CC2=HTTPS | ||
|Target=Microsoft Windows | |Target=Microsoft Windows | ||
|Status= | |Status= | ||
|BeginYear=2012 | |BeginYear=2012 | ||
|EndYear= | |EndYear= | ||
|Group=Police lock | |Group=Police lock | ||
|Alias=Matsnu | |Alias=Matsnu |
Latest revision as of 15:49, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Rannoh | |
---|---|
Alias | Trustezeb |
Group | Police lock |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914) |
CCProtocol | HTTP (Centralized) |
Activity | 2012 / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Rançongiciel qui chiffre les fichiers du disque dur et les renommes sous la forme: “locked-<nom original>.<4 caractères aléatoire>”
MD5: c36c46f4de045ef332decc006694db6e MD5: 81ff324d2023d8ecb98a127b87d51450 MD5: 51b046256db58b603a27eba8dee05479 2013-01-18
C&C Call
manualvilvotakano .com/una2/SF6344-GWXS-WEQOZ6.php?ltype=lk&id=[REDACTED]&ver=02.063&win=Windows_7_(64_bit)&loc=0x0409&cmd=pcc 2013-01-18 manualvilvotakano .com/una2/SF6344-GWXS-WEQOZ6.php?ltype=lk&id=[REDACTED]&ver=02.063&win=Windows_7_(64_bit)&loc=0x0409&cmd=msg 2013-01-18