(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Blog
http://malware.dontneedcoffee.com
@Kafeine
Publications
| Botnet | Campaign | Year |
---|
"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise | CTB-Locker | | 2014 |
1940 IPs for a BHEK/ULocker server - Nexcess-Net | ULocker | | 2012 |
A ScarePakage variant is targeting more countries : impersonating Europol and AFP | ScarePakage | | 2014 |
And real name of Magnitude is.... | | | 2014 |
Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel | | | 2012 |
CVE-2012-4681 - On its way to Sakura Exploit Kit too | | | 2012 |
CVE-2012-4681 - Redkit Exploit Kit - I want Porche Turbo | | | 2012 |
CVE-2012-4681 - Связка Sweet Orange | | | 2012 |
CVE-2012-5076 - Massively adopted - Blackhole update to 2.0.1 | | | 2012 |
CVE-2013-1493 (jre17u15 - jre16u41) integrating exploit kits | Urausy | | 2013 |
CVE-2013-2465/CVE-2013-2471/CVE-2013-2463 integrating Exploit Kits -- jre7u21 CVE- jre6u45 and earlier | | | 2013 |
CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites | Lurk | | 2014 |
CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits | | | 2015 |
Carberp, the renaissance ? | Carberp | | 2012 |
Cool EK : "Hello my friend..." CVE-2012-5076 | | | 2012 |
Cool Exploit Kit - A new Browser Exploit Pack on the Battlefield with a "Duqu" like font drop | | | 2012 |
CryptXXX: new ransomware from the actors behind Reveton, dropping via Angler | CryptXXX Bedep Reveton | | 2016 |
Fast look at Sundown EK | | | 2015 |
Fast look at an infection by a Blackhole Exploit Kit 2.0 | | | 2012 |
From Sakura to Reveton via Smoke Bot - or a botnet distribution of Reveton | Smoke Bot Reveton | | 2012 |
Gimemo finally targeting USA with Camera Feature too | Gimemo | | 2012 |
Gimemo wants to play in the big league | Gimemo | | 2012 |
Hello Neutrino ! (just one more Exploit Kit) | | | 2013 |
Inside Andromeda Bot v2.06 Webpanel / AKA Gamarue - Botnet Control Panel | Andromeda | | 2012 |
Inside Blackhole Exploits Kit v1.2.4 - Exploit Kit Control Panel | | | 2012 |
Inside Citadel 1.3.4.5 C&C & Builder - Botnet Control Panel | Citadel | | 2012 |
Inside Impact exploit kit | | | 2012 |
Inside Pony 1.7 / Fareit C&C - Botnet Control Panel | Pony | | 2012 |
Inside Smoke Bot - Botnet Control Panel | Smoke Bot | | 2012 |
Inside Smoke Bot - botnet control panel | Smoke Bot | | 2012 |
Inside Styx exploit kit control panel | Urausy | | |
Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel | Upas | | 2012 |
Inside view of Lyposit aka (for its friends) Lucky LOCKER | Lyposit | | 2012 |
Meet "Red Dot exploit toolkit" | | | 2013 |
Meet CritXPack (Previously Vintage Pack) | | | 2012 |
Meet ProPack Exploit Pack - yes that's a lot of pack | Lyposit | | 2012 |
Ransom.II - UGC payment for USA - Windows Genuine impersonation for DE | Ransom.II | | 2012 |
Ransomware : Smile you're on camera - Reveton.C new landing pages | Reveton | | 2012 |
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian ( | Lyposit Casier | | 2012 |
Redkit - one account = one color | | | 2012 |
Redkit : No more money ! Traffic US, CA, GB, AU | | | 2012 |
Reveton += HU, LV, SK, SI, TR (!), RO - So spreading accross Europe with 6 new Design | Reveton | | 2012 |
Reveton Autumn Collection += AU,CZ, IE, NO & 17 new design | Reveton | | 2012 |
Reveton can speak now ! | Reveton | | 2012 |
Stamp EK (aka SofosFO) now showing "Blackhole 2.0 Like" landing pages | | | 2012 |
Upas Kit (aka Rombrast) integrates webinjects | Upas | | 2012 |
Update to Citadel : 1.3.5.1 Rain Edition. | Citadel | | 2012 |
Update to Citadel : v.1.3.4.5 | Citadel | | 2012 |
Urausy has big plan for Europe - Targeting 3 new countries among which Norway ! | Urausy | | 2012 |
Urausy improving its localization - A (the\?) Gaelic Ransomware with Interpol impersonation as default landing | Urausy | | 2012 |