https://www.botnets.fr/index.php?title=Tobfy&feed=atom&action=history
Tobfy - Revision history
2024-03-29T15:28:29Z
Revision history for this page on the wiki
MediaWiki 1.36.1
https://www.botnets.fr/index.php?title=Tobfy&diff=12462&oldid=prev
Eric.freyssinet: Text replacement - "=Unknown" to "="
2015-08-08T13:50:08Z
<p>Text replacement - "=Unknown" to "="</p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 13:50, 8 August 2015</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l29">Line 29:</td>
<td colspan="2" class="diff-lineno">Line 29:</td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> e7e54e5689d56b7080d36813ff3a0f91 14/10/12</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> e7e54e5689d56b7080d36813ff3a0f91 14/10/12</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> a3d8e17f2b046317c86c597038c4e00c 09/11/12</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div> a3d8e17f2b046317c86c597038c4e00c 09/11/12</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|UserAgent=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|UserAgent=</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|CCProtocol=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|CCProtocol=</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|Target=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|Target=</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|Status=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|Status=</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|BeginYear=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|BeginYear=</div></td></tr>
<tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>|EndYear=<del style="font-weight: bold; text-decoration: none;">Unknown</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>|EndYear=</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Group=Police lock</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Group=Police lock</div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Alias=TROJ_RANSOM.CMY</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>|Alias=TROJ_RANSOM.CMY</div></td></tr>
</table>
Eric.freyssinet
https://www.botnets.fr/index.php?title=Tobfy&diff=1671&oldid=prev
Eric.freyssinet: 1 revision imported
2015-02-04T22:07:13Z
<p>1 revision imported</p>
<p><b>New page</b></p><div>{{Botnet<br />
|Introduction=Note: Maybe 3 differents actors here<br />
|Fonctionnalités=* Ransom landing :<br />
<nowiki>http://www2.freefilewebhosting.su/get.php?id=9</nowiki><br />
<nowiki>www2.unionfilesexchnges.su/get.php?id=15</nowiki><br />
<nowiki>www2.intense-web-trade.su/get.php?id=9</nowiki><br />
<nowiki>http://www.aesl.com.gh/images/get.php?id=bro</nowiki> 11/08/12<br />
<nowiki>http://www.estudiobornia.com/images/get.php</nowiki> 13/08/12 (seems infected host)<br />
<nowiki>http://www2.intense-web-trade.su:80/get.php?id=15</nowiki> 20/08/12<br />
<nowiki>http://hohpoknhgn.digital-trading-adv.su/get.php?id=27</nowiki> 22/08/12<br />
<nowiki>http://pkmkjnkil.my-files-download.ru/get.php?id=22</nowiki> 17/09/12<br />
<nowiki>mail.lamitex.com.uy GET /images/get.php </nowiki> 27/09/12 200.40.50.170 (seems infected host)<br />
<nowiki>xn--9y2bv0ox3je9f27c.com GET /images/get.php </nowiki> 14/10/12 121.141.217.5 <br />
(seems infected host)<br />
jgnmnokkl.sunnytime.info GET /get.php?id=10 46.30.41.216 09/11/12<br />
<br />
<br />
* md5 :<br />
5da1b1d2b0c496baa0ab0a2aaf38afc7<br />
354833e79ef76190f4d47df122a8ab9c<br />
4963fd50c203f6fcf3d50e831d2ce86e<br />
2aeb44d3ef5c72da1c1e85ff6cac2011<br />
f9dbb8de5e4c86cdabd78089ef5c503a<br />
b9a58fc6c41cb57824c001eb36221e09<br />
d0dd0c2b6ed9605314843a5d165df25e<br />
f7d6b05d54ca256813f4d985a4ed2674<br />
d25684e061774481227f6be7e6b25333 17/09/12<br />
20ab9074b6889fe0a51f785b93c0bc2d 27/09/12<br />
e7e54e5689d56b7080d36813ff3a0f91 14/10/12<br />
a3d8e17f2b046317c86c597038c4e00c 09/11/12<br />
|UserAgent=Unknown<br />
|CCProtocol=Unknown<br />
|Target=Unknown<br />
|Status=Unknown<br />
|BeginYear=Unknown<br />
|EndYear=Unknown<br />
|Group=Police lock<br />
|Alias=TROJ_RANSOM.CMY<br />
|Vendor1=Trendmicro<br />
|Alias=Reveton.D<br />
|Vendor2=Microsoft<br />
|Victime4=<br />
}}<br />
== Copies d'écran ==<br />
=== 2012/10 ===<br />
<br />
Note : We are not 100% sure this is indeed Tobfy. We put this here based on Microsoft Signature but some indicators make us think it could be Ysreef or something new.<br />
<br />
{{#ask: [[threat::Tobfy]][[month::2012-10]]<br />
|?Has description<br />
|format=gallery|perrow=4|widths=300|heights=300<br />
|captionproperty=Has description<br />
}}<br />
<br />
=== 2012/08 ===<br />
{{#ask: [[threat::Tobfy]][[month::2012-08]]<br />
|?Has description<br />
|format=gallery|perrow=4|widths=300|heights=300<br />
|captionproperty=Has description<br />
}}<br />
<br />
=== 2012/06 ===<br />
{{#ask: [[threat::Tobfy]][[month::2012-06]]<br />
|?Has description<br />
|format=gallery|perrow=4|widths=300|heights=300<br />
|captionproperty=Has description<br />
}}</div>
Eric.freyssinet