(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Blog
http://malware.dontneedcoffee.com
@Kafeine
Publications
| | Botnet | Campaign | Year |
|---|
| "Crypto Ransomware" CTB-Locker (Critroni.A) on the rise | CTB-Locker | | 2014 |
| 1940 IPs for a BHEK/ULocker server - Nexcess-Net | ULocker | | 2012 |
| A ScarePakage variant is targeting more countries : impersonating Europol and AFP | ScarePakage | | 2014 |
| And real name of Magnitude is.... | | | 2014 |
| Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel | | | 2012 |
| CVE-2012-4681 - On its way to Sakura Exploit Kit too | | | 2012 |
| CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo | | | 2012 |
| CVE-2012-4681 - Связка Sweet Orange | | | 2012 |
| CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1 | | | 2012 |
| CVE-2013-1493 (jre17u15 - jre16u41) integrating exploit kits | Urausy | | 2013 |
| CVE-2013-2465/CVE-2013-2471/CVE-2013-2463 integrating Exploit Kits -- jre7u21 CVE- jre6u45 and earlier | | | 2013 |
| CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites | Lurk | | 2014 |
| CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits | | | 2015 |
| Carberp, the renaissance ? | Carberp | | 2012 |
| Cool EK : "Hello my friend..." CVE-2012-5076 | | | 2012 |
| Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop | | | 2012 |
| CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler | CryptXXX
Bedep
Reveton | | 2016 |
| Fast look at Sundown EK | | | 2015 |
| Fast look at an infection by a Blackhole Exploit Kit 2.0 | | | 2012 |
| From Sakura to Reveton via Smoke Bot - or a botnet distribution of Reveton | Smoke Bot
Reveton | | 2012 |
| Gimemo finally targeting USA with Camera Feature too | Gimemo | | 2012 |
| Gimemo wants to play in the big league | Gimemo | | 2012 |
| Hello Neutrino ! (just one more Exploit Kit) | | | 2013 |
| Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel | Andromeda | | 2012 |
| Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel | | | 2012 |
| Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel | Citadel | | 2012 |
| Inside Impact exploit kit | | | 2012 |
| Inside Pony 1.7 / Fareit C&C - Botnet Control Panel | Pony | | 2012 |
| Inside Smoke Bot - Botnet Control Panel | Smoke Bot | | 2012 |
| Inside Smoke Bot - botnet control panel | Smoke Bot | | 2012 |
| Inside Styx exploit kit control panel | Urausy | | |
| Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel | Upas | | 2012 |
| Inside view of Lyposit aka (for its friends) Lucky LOCKER | Lyposit | | 2012 |
| Meet "Red Dot exploit toolkit" | | | 2013 |
| Meet CritXPack (Previously Vintage Pack) | | | 2012 |
| Meet ProPack Exploit Pack - yes that's a lot of pack | Lyposit | | 2012 |
| Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE | Ransom.II | | 2012 |
| Ransomware : Smile you're on camera - Reveton.C new landing pages | Reveton | | 2012 |
| Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian ( | Lyposit
Casier | | 2012 |
| Redkit - one account = one color | | | 2012 |
| Redkit : No more money ! Traffic US, CA, GB, AU | | | 2012 |
| Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design | Reveton | | 2012 |
| Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design | Reveton | | 2012 |
| Reveton can speak now ! | Reveton | | 2012 |
| Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages | | | 2012 |
| Upas Kit (aka Rombrast) integrates webinjects | Upas | | 2012 |
| Update to Citadel : 1.3.5.1 Rain Edition. | Citadel | | 2012 |
| Update to Citadel : v.1.3.4.5 | Citadel | | 2012 |
| Urausy has big plan for Europe - Targeting 3 new countries among which Norway ! | Urausy | | 2012 |
| Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing | Urausy | | 2012 |