Difference between revisions of "Travnet"
Jump to navigation
Jump to search
m (Text replacement - "=Unknown" to "=") |
|||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Target= | |||
|UserAgent= | |||
|CCProtocol=HTTP | |||
|Feature=Document theft, Data theft, Base64 encoding, | |||
|Status= | |||
|BeginYear=2009 | |||
|EndYear= | |||
|Group=Stealing, Spying, | |||
|Fonctionnalités=* [[feature::Data theft]] (searches for doc, docx, xls, xlsx, txt, rtf, pdf files, lists all filenames, all files from desktop) | |Fonctionnalités=* [[feature::Data theft]] (searches for doc, docx, xls, xlsx, txt, rtf, pdf files, lists all filenames, all files from desktop) | ||
* Lossless [[feature::Data compression]] for upload (similar to LZSS and then a custom Base64 encoding) | * Lossless [[feature::Data compression]] for upload (similar to LZSS and then a custom Base64 encoding) | ||
* Uses Internet Explorer by injecting a DLL to send the files | * Uses Internet Explorer by injecting a DLL to send the files | ||
|Language1=Chinese | |Language1=Chinese | ||
|Vendor1=McAfee | |Vendor1=McAfee | ||
|Victime4= | |Victime4= | ||
}} | }} |
Latest revision as of 15:50, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Travnet | |
---|---|
Alias | |
Group | Stealing, Spying |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | |
Origin | |
Distribution vector | |
UserAgent | |
CCProtocol | HTTP (Centralized) |
Activity | 2009 / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Features
Associated images
Checksums / AV databases
Publications
Author | Editor | Year | |
---|---|---|---|
Travnet botnet steals huge amount of sensitive data | Umesh Wanve | McAfee | 2013 |
Travnet trojan could be part of APT campaign | Vikas Taneja | McAfee | 2013 |