Difference between revisions of "Travnet"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - "=Unknown" to "=") |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Target= | |||
|UserAgent= | |||
|CCProtocol=HTTP | |||
|Feature=Document theft, Data theft, Base64 encoding, | |||
|Status= | |||
|BeginYear=2009 | |||
|EndYear= | |||
|Group=Stealing, Spying, | |||
|Fonctionnalités=* [[feature::Data theft]] (searches for doc, docx, xls, xlsx, txt, rtf, pdf files, lists all filenames, all files from desktop) | |Fonctionnalités=* [[feature::Data theft]] (searches for doc, docx, xls, xlsx, txt, rtf, pdf files, lists all filenames, all files from desktop) | ||
* Lossless [[feature::Data compression]] for upload (similar to LZSS and then a custom Base64 encoding) | * Lossless [[feature::Data compression]] for upload (similar to LZSS and then a custom Base64 encoding) | ||
* Uses Internet Explorer by injecting a DLL to send the files | * Uses Internet Explorer by injecting a DLL to send the files | ||
|Language1=Chinese | |Language1=Chinese | ||
|Vendor1=McAfee | |Vendor1=McAfee | ||
|Victime4= | |Victime4= | ||
}} | }} | ||
Latest revision as of 15:50, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Travnet | |
|---|---|
| Alias | |
| Group | Stealing, Spying |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | |
| Origin | |
| Distribution vector | |
| UserAgent | |
| CCProtocol | HTTP (Centralized) |
| Activity | 2009 / |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Features
Associated images
Checksums / AV databases
Publications
| Author | Editor | Year | |
|---|---|---|---|
| Travnet botnet steals huge amount of sensitive data | Umesh Wanve | McAfee | 2013 |
| Travnet trojan could be part of APT campaign | Vikas Taneja | McAfee | 2013 |