Alina

From Botnets.fr
Jump to: navigation, search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Alina
Alias
Group Point-of-sale
Parent
Sibling
Family
Relations Variants: Eagle, Spark

Sibling of:
Parent of: Backoff, JackPOS
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector Spam
UserAgent
CCProtocol HTTP (Centralized)
Activity 2012 /
Status
Language
Programming language
Operation/Working group

Introduction

  • starting v2 XOR was added and the key used was 0xAB
  • starting v5.2, XOR scheme is more complex, 0xAA for the first 76 bytes, then data between offsets 18 and 35 are used as the XOR key
  • starting version 3.1 HTTP status code 666
  • packers used: UPX from version 2.1, a Visual Basic crypter from version 5.2 and UPX protector from version 5.5

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Alina: casting a shadow on POSJosh GrunzweigTrustwave2013
Alina: following the shadow part 1Josh GrunzweigTrustwave2013
Alina: following the shadow part 2Josh GrunzweigTrustwave2013
LogPOS - new point of sale malware using mailslotsNick HoffmanMorphick2015
New PoS malware “Backoff” targets USTrend Micro2014
PoS RAM scraper malware; past, present and futureNumaan Huq2014