FinFisher/CAFA6A1F
Inhaltsverzeichnis
- 1 CAFA6A1F
- 1.1 Licenses
- 1.2 Support-Requests
- 1.2.1 072E1188
- 1.2.2 13728121
- 1.2.3 19ADD5DE
- 1.2.4 1D0384A6
- 1.2.5 20ED92A0
- 1.2.6 2461649A
- 1.2.7 412E0BAE
- 1.2.8 4252F63B
- 1.2.9 4D515378
- 1.2.10 56C15033
- 1.2.11 7AE38720
- 1.2.12 9146CC82
- 1.2.13 96FB8725
- 1.2.14 97ADA93C
- 1.2.15 A30DB806
- 1.2.16 A6251F67
- 1.2.17 B19FD3D6
- 1.2.18 BA831F71
- 1.2.19 BD4CA3A0
- 1.2.20 C0335DF3
- 1.2.21 E7D59CA3
- 1.2.22 E84DB2F4
CAFA6A1F
Licenses
| LicenseID | MachineUID | SoftwareUID | SoftwareName | VersionMajor | NotBefore | ValidityStart | NotAfter | ValidityEnd | InstallationDate | LicenseFile | LicenseContents | Status | CustomerID | ProductID | Deleted | UserID | DataEntryDate | LastUpdated |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 131 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 3 | 1270425600 | 2010-04-05 00:00:00 | 1332979200 | 2012-03-29 00:00:00 | 2011-03-03 18:27:54 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 VERSION MAJOR 3 NOT BEFORE 1270425600 NOT AFTER 1332979200 DEMO 0 |
Activated | 14 | 1 | 1 | 5 | 2011-03-03 18:27:54 | 2012-02-10 09:39:28 |
| 132 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 3 | 1270425600 | 2010-04-05 00:00:00 | 1332979200 | 2012-03-29 00:00:00 | 2011-03-03 18:28:19 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 VERSION MAJOR 3 NOT BEFORE 1270425600 NOT AFTER 1332979200 DEMO 0 |
Activated | 14 | 16 | 1 | 5 | 2011-03-03 18:28:19 | 2012-02-10 09:39:22 |
| 133 | 02:46:8E:0C:60:B0:81:0F | 00:1A:00:0A | FinFly-Lite | 2 | 1253404800 | 2009-09-20 00:00:00 | 1333065600 | 2012-03-30 00:00:00 | 2011-03-03 18:29:51 | License.txt | MACHINE UID
02:46:8E:0C:60:B0:81:0F CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1A:00:0A SOFTWARE NAME FinFly-Lite VERSION MAJOR 2 NOT BEFORE 1253404800 NOT AFTER 1333065600 DEMO 0 |
Activated | 14 | 2 | 1 | 5 | 2011-03-03 18:29:51 | 2012-02-10 09:39:36 |
| 202 | 2F:3B:FA:A8:7B:B5:35:CB | 00:1D:00:0A | FinFireWire | 4 | 1306454400 | 2011-05-27 02:00:00 | 1432944000 | 2015-05-30 02:00:00 | 2011-06-01 18:36:49 | License.txt | MACHINE UID
2F:3B:FA:A8:7B:B5:35:CB CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1D:00:0A SOFTWARE NAME FinFireWire VERSION MAJOR 4 NOT BEFORE 1306454400 NOT AFTER 1432944000 DEMO 0 |
Activated | 14 | 12 | 0 | 5 | 2011-06-01 18:36:49 | 2011-06-01 16:36:49 |
| 203 | 2F:3B:FA:A8:7B:B5:35:CB | 00:1D:00:0A | FinFireWire | 4 | 1306454400 | 2011-05-27 02:00:00 | 1432944000 | 2015-05-30 02:00:00 | 2011-06-01 18:37:00 | License.txt | MACHINE UID
2F:3B:FA:A8:7B:B5:35:CB CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1D:00:0A SOFTWARE NAME FinFireWire VERSION MAJOR 4 NOT BEFORE 1306454400 NOT AFTER 1432944000 DEMO 0 |
Activated | 14 | 12 | 0 | 5 | 2011-06-01 18:37:00 | 2011-06-01 16:37:00 |
| 204 | 2F:3B:FA:A8:7B:B5:35:CB | 00:1D:00:0A | FinFireWire | 4 | 1306454400 | 2011-05-27 02:00:00 | 1432944000 | 2015-05-30 02:00:00 | 2011-06-01 18:37:49 | License.txt | MACHINE UID
2F:3B:FA:A8:7B:B5:35:CB CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1D:00:0A SOFTWARE NAME FinFireWire VERSION MAJOR 4 NOT BEFORE 1306454400 NOT AFTER 1432944000 DEMO 0 |
Activated | 14 | 12 | 0 | 5 | 2011-06-01 18:37:49 | 2011-06-01 16:37:49 |
| 205 | 2F:3B:FA:A8:7B:B5:35:CB | 00:1D:00:0A | FinFireWire | 4 | 1306454400 | 2011-05-27 02:00:00 | 1432944000 | 2015-05-30 02:00:00 | 2011-06-01 18:40:32 | License.txt | MACHINE UID
2F:3B:FA:A8:7B:B5:35:CB CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1D:00:0A SOFTWARE NAME FinFireWire VERSION MAJOR 4 NOT BEFORE 1306454400 NOT AFTER 1432944000 DEMO 0 |
Activated | 14 | 3 | 0 | 5 | 2011-06-01 18:40:32 | 2011-06-01 16:40:32 |
| 217 | F0:CF:13:F5:8D:AD:1B:5E | 00:1B:00:0A | FinFly-Web | 4 | 1306540800 | 2011-05-28 02:00:00 | 1432944000 | 2015-05-30 02:00:00 | 2011-06-22 09:22:02 | License.txt | MACHINE UID
F0:CF:13:F5:8D:AD:1B:5E CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1B:00:0A SOFTWARE NAME FinFly-Web VERSION MAJOR 4 NOT BEFORE 1306540800 NOT AFTER 1432944000 DEMO 0 |
Activated | 14 | 13 | 0 | 5 | 2011-06-22 09:22:02 | 2011-06-22 07:22:02 |
| 297 | AD:9B:CA:80:F3:52:CE:51 | 00:1A:00:0A | FinFly-LAN | 4 | 1253318400 | 2009-09-19 02:00:00 | 1364428800 | 2013-03-28 01:00:00 | 2012-02-10 10:37:20 | License.txt | MACHINE UID
AD:9B:CA:80:F3:52:CE:51 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1A:00:0A SOFTWARE NAME FinFly-LAN VERSION MAJOR 4 NOT BEFORE 1253318400 NOT AFTER 1364428800 DEMO 0 |
Expired | 14 | 2 | 1 | 5 | 2012-02-10 10:37:20 | 2013-05-08 13:20:45 |
| 298 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1364428800 | 2013-03-28 01:00:00 | 2012-02-10 10:38:29 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 VERSION MAJOR 4 NOT BEFORE 1270425600 NOT AFTER 1364428800 DEMO 0 |
Expired | 14 | 1 | 1 | 5 | 2012-02-10 10:38:29 | 2013-05-08 13:20:41 |
| 299 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1364428800 | 2013-03-28 01:00:00 | 2012-02-10 10:38:50 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 VERSION MAJOR 4 NOT BEFORE 1270425600 NOT AFTER 1364428800 DEMO 0 |
Expired | 14 | 16 | 1 | 5 | 2012-02-10 10:38:50 | 2013-05-08 13:20:38 |
| 593 | AD:9B:CA:80:F3:52:CE:51 | 00:1A:00:0A | FinFly-LAN | 4 | 1253318400 | 2009-09-19 02:00:00 | 1398124800 | 2014-04-22 02:00:00 | 2013-05-08 15:07:44 | License.txt | MACHINE UID
AD:9B:CA:80:F3:52:CE:51 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1A:00:0A SOFTWARE NAME FinFly-LAN VERSION MAJOR 4 NOT BEFORE 1253318400 NOT AFTER 1398124800 DEMO 0 |
Expired | 14 | 2 | 1 | 5 | 2013-05-08 15:07:44 | 2014-04-22 14:54:44 |
| 594 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1398124800 | 2014-04-22 02:00:00 | 2013-05-08 15:20:10 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 NOT BEFORE 1270425600 NOT AFTER 1398124800 MOBILE NOT BEFORE 0 MOBILE NOT AFTER 0 MOBILE TARGETS MAX NUMBER 0 VERSION MAJOR 4 DEMO 0 |
Expired | 14 | 1 | 1 | 5 | 2013-05-08 15:20:10 | 2014-04-22 14:54:41 |
| 595 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1398124800 | 2014-04-22 02:00:00 | 2013-05-08 15:20:29 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 NOT BEFORE 1270425600 NOT AFTER 1398124800 MOBILE NOT BEFORE 0 MOBILE NOT AFTER 0 MOBILE TARGETS MAX NUMBER 0 VERSION MAJOR 4 DEMO 0 |
Expired | 14 | 16 | 1 | 5 | 2013-05-08 15:20:29 | 2014-04-22 14:54:38 |
| 797 | 89:B4:69:2B:12:EB:62:6D | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1429660800 | 2015-04-22 02:00:00 | 2014-04-22 16:51:40 | License.txt | MACHINE UID
89:B4:69:2B:12:EB:62:6D CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 NOT BEFORE 1270425600 NOT AFTER 1429660800 MOBILE NOT BEFORE 0 MOBILE NOT AFTER 0 MOBILE TARGETS MAX NUMBER 0 VERSION MAJOR 4 DEMO 0 |
Activated | 14 | 1 | 1 | 5 | 2014-04-22 16:51:40 | 2014-04-22 14:52:57 |
| 798 | 6C:A5:20:7F:83:EB:3F:76 | 00:1E:00:0A | FinSpyV2 | 4 | 1270425600 | 2010-04-05 02:00:00 | 1429660800 | 2015-04-22 02:00:00 | 2014-04-22 16:52:45 | License.txt | MACHINE UID
6C:A5:20:7F:83:EB:3F:76 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1E:00:0A SOFTWARE NAME FinSpyV2 AGENTS MAX NUMBER 3 TARGETS MAX NUMBER 30 NOT BEFORE 1270425600 NOT AFTER 1429660800 MOBILE NOT BEFORE 0 MOBILE NOT AFTER 0 MOBILE TARGETS MAX NUMBER 0 VERSION MAJOR 4 DEMO 0 |
Activated | 14 | 1 | 0 | 5 | 2014-04-22 16:52:45 | 2014-04-22 14:52:45 |
| 799 | AD:9B:CA:80:F3:52:CE:51 | 00:1A:00:0A | FinFly-LAN | 4 | 1253318400 | 2009-09-19 02:00:00 | 1429660800 | 2015-04-22 02:00:00 | 2014-04-22 16:54:05 | License.txt | MACHINE UID
AD:9B:CA:80:F3:52:CE:51 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1A:00:0A SOFTWARE NAME FinFly-LAN VERSION MAJOR 4 NOT BEFORE 1253318400 NOT AFTER 1429660800 DEMO 0 |
Activated | 14 | 2 | 0 | 5 | 2014-04-22 16:54:05 | 2014-04-22 14:54:05 |
| 800 | AD:9B:CA:80:F3:52:CE:51 | 00:1A:00:0A | FinFly-LAN | 4 | 1253318400 | 2009-09-19 02:00:00 | 1429660800 | 2015-04-22 02:00:00 | 2014-04-22 16:54:31 | License.txt | MACHINE UID
AD:9B:CA:80:F3:52:CE:51 CUSTOMER UID CAFA6A1F SOFTWARE UID 00:1A:00:0A SOFTWARE NAME FinFly-LAN VERSION MAJOR 4 NOT BEFORE 1253318400 NOT AFTER 1429660800 DEMO 0 |
Activated | 14 | 16 | 1 | 5 | 2014-04-22 16:54:31 | 2014-04-22 14:54:47 |
Support-Requests
072E1188
TrackingID: 072E1188
Summary: "Offline Infection Removal Tool"
Description: "In order to avoid contaminating forensic analysis post arrest, it would be beneficial to be able to remove the infection and recover non-downloaded data from the target machine without the requirement to connect it to the internet and boot the machine.\r\n\r\nWe would suggest something that could run of a bootable USB key which could boot the target machine, recover non-downloaded data and then remove the infection from the machine.\r\nThis usb key could then be connected to an agent machine and upload the recovered data to the MASTER."
ProductID: 1
TypeID: 5
FileName: 072E1188
StatusNotification: 1
SupportComments: "The feature has been implemented into the FinFly USB product.
Dear Customer,
that is a good idea and we will add this to our FinFly USB planning.
What we currently plan for 2.50 (october) for the dongle:
U3/Autorun:
- Infect System
- De-Infect System
- Pickup Data
Bootable System:
- Infect System (MBR)
- De-Infect System
- Pickup Data (might be postponed to 2.60)
Best Regards,
Martin."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2010-07-13 05:00:00"
LastUpdated: "2012-10-11 16:58:35"
13728121
TrackingID: 13728121
Summary: "Title based screen recording"
Description: "Title based screen recording creates a new recording and send to master. Any new recordings created look to be appended to the original recording and sent. This results in a very high amount of data being sent to the master. Experienced over 700MB in 3 days for one target set to 1 minute intervals at 80 percent. We have replicated this bug on a test infection. The end result is that basic screenshots will exceed a targets data limit quickly."
ProductID: 1
TypeID: 2
FileName: 13728121
StatusNotification: 1
SupportComments: "Problem was solved in version 3.03. A suitable information has been sent by mail."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-09-15 07:20:53"
LastUpdated: "2011-11-02 18:07:35"
19ADD5DE
TrackingID: "19ADD5DE"
Summary: "Latest Manual Request"
Description: "Hi,\r\n\r\nglad to be back! Can we please have a copy of the latest user manual. The one we have is from version 1.4 as we are totally rebuilding our server as the old one was taken offline after the public disclosure in July last year. In the coming days you will be seeing a new licence request for the new machine ID as soon as our engineers have rebuilt it. They have requested a copy of the user manual so they can see the build instructions.\r\n\r\nMany Thanks.\r\n\r\nAdam\r\n"
ProductID: 1
TypeID: 5
FileName: "19ADD5DE"
StatusNotification: 1
SupportComments: "
An email with the download link for the latest manuals was send on 5/10/2013.
"
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2013-05-09 10:02:06"
LastUpdated: "2013-06-21 11:27:29"
1D0384A6
TrackingID: "1D0384A6"
Summary: "OSX Infection 2.62 to 3.01"
Description: "A target with version 2.62 appears online but is displayed as version 3.1\r\n\r\nThe option to update the target was never displayed.\r\n\r\nUpon entering configuration of the target and trying to add the Command Module the module flashes on the left column and eventually times out giving the error: Adding the module Command Shell on Target failed: Target detected connection closed.\r\n\r\nThis also happens when trying to add the Screen module."
ProductID: 1
TypeID: 1
FileName: "1D0384A6"
StatusNotification: 1
SupportComments: "A suitable mail has been sent."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-08-30 06:56:33"
LastUpdated: "2011-09-08 10:45:51"
20ED92A0
TrackingID: "20ED92A0"
Summary: "UPCOMING OSX MOUNTAIN LION"
Description: "Hi,\r\n\r\nWe have a current development version of Mountain Lion and confirmed that the existing FinSpy is not compatible. While test we have noticed that the infection when installed, does install but OS X then freezes after about 30 seconds, we think this may be linked to the heartbeat of the device.\r\n\r\nWe thought we would make you aware of what we are seeing currently. Were forward planning for imminent OS releases.\r\n\r\nRegards"
ProductID: 1
TypeID: 5
FileName: "20ED92A0"
StatusNotification: 1
SupportComments: "OSX Mountain support has been added."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2012-07-11 00:36:55"
LastUpdated: "2012-10-11 17:09:53"
2461649A
TrackingID: "2461649A"
Summary: "FinSpy Relay"
Description: "is there an install guide available for the installtion of the relay in Centos? whild I can ru and configure the relay.cfg ok, I cannot get monit working properly with ffrelay. "
ProductID: 1
TypeID: 3
FileName: "2461649A"
StatusNotification: 1
SupportComments: "The required information has been sent by mail."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-07-19 09:28:30"
LastUpdated: "2011-07-22 15:31:06"
412E0BAE
TrackingID: "412E0BAE"
Summary: "Link to download the latest update"
Description: "Hi guys,\r\n\r\nI was sent an update email about a month ago from Holger re the finweb update. I have deleted the email unfortunately and neglected to grab the link first....sorry. Can you please resend me the download link. I tried updating it online but I get a /.../bin/update not accessible message. \r\n\r\nMany Thanks\r\n\r\nAdam"
ProductID: 13
TypeID: 4
FileName: "412E0BAE"
StatusNotification: 1
SupportComments: "Another email with the download link was send on 5/10/2013."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2013-05-09 10:04:17"
LastUpdated: "2013-06-21 11:26:26"
4252F63B
TrackingID: "4252F63B"
Summary: "Licence File for New Master "
Description: "Machine ID: 89:B4:69:2B:12:EB:62:6D\r\n\r\nCan you please supply the appropriate licence file for our new Master which is currently under construction.\r\n\r\nkind regards,\r\n\r\nAdam"
ProductID: 1
TypeID: 4
FileName: "4252F63B"
StatusNotification: 1
SupportComments: "Mail with the new license has been send."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2013-06-04 07:10:59"
LastUpdated: "2013-06-04 08:21:06"
4D515378
TrackingID: "4D515378"
Summary: "BA831F71"
Description: "Please close support ticket BA831F71. Culprit was found to be an out of date version of ffmpeg2theora.n As soon as this was updated problem was rectified."
ProductID: 1
TypeID: 2
FileName: "4D515378"
StatusNotification: 1
SupportComments: "According your feedback the ticket will be closed"
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-09-12 08:14:10"
LastUpdated: "2011-09-15 08:07:45"
56C15033
TrackingID: "56C15033"
Summary: "Bootable USB Key Failure"
Description: "Version 3.0. When building an infection and requesting creation of a bootable usb key the following message is occurring:\r\n Infecting the files failed. Writing the bootsector to the usb dongle failed 1. 2 different FinSPy USB keys have been tried with the same results."
ProductID: 1
TypeID: 1
FileName: "56C15033"
StatusNotification: 1
SupportComments: "A suitable mail has been sent."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-08-17 12:07:55"
LastUpdated: "2011-08-31 10:17:49"
7AE38720
TrackingID: "7AE38720"
Summary: "Error appearing in log"
Description: "Mon Dec 12 16:05:32 2011 0xb4dc4b70 ERROR: Error opening file /usr/local/finspy_master/data/finspy_allowed_modules.txt"
ProductID: 1
TypeID: 2
FileName: "7AE38720"
StatusNotification: 1
SupportComments: "A suitable mail has been sent."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-12-12 05:57:52"
LastUpdated: "2011-12-16 15:57:32"
9146CC82
TrackingID: "9146CC82"
Summary: "Lost Target"
Description: "Hi\r\n\r\nAs per conversations with Pierre. We have a target who is hitting the proxy but not appearing on the Master. Upon advice we turned on debug mode for a period. Looking at the logs, a normal target Connects, Heartbeats then Terminates. The target who is not appearing on the master is Connecting then Terminates and is missting the Heartbeat.\r\n\r\nAttached are the debug logs from the proxy and master form a time period when the target was hitting the proxy but not appearing on the master.\r\n\r\nThe Target UID is 7A54E70D"
ProductID: 1
TypeID: 1
FileName: "9146CC82.log"
StatusNotification: 1
SupportComments: ""
StatusID: 2
CustomerID: 14
Language: "en"
CreationDate: "2012-07-16 02:38:00"
LastUpdated: "2012-07-16 14:30:02"
96FB8725
TrackingID: "96FB8725"
Summary: "Time Discrepancies"
Description: "In the Agent we are noticing that some of the Target start times are the same as the Target end time or even after the End time.\r\n\r\nFor example:\r\nSTART SESSION TIME TARGET: 2011-02-03 19:15:44\r\nEND SESSION TIME TARGET: 2011-02-03 08:08:56\r\n\r\nThis file also contains data but is returning a file size of 0 B"
ProductID: 1
TypeID: 2
FileName: "96FB8725"
StatusNotification: 1
SupportComments: "Dear Customer,
the problem has been solved in version 3.0.
A suitable mail has been sent.
Sincerely yours,
FinFisher Customer Support"
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-02-04 04:45:24"
LastUpdated: "2011-07-08 15:48:53"
97ADA93C
TrackingID: "97ADA93C"
Summary: "MAC OSX LION UNSUPPORTED"
Description: "It seems as if osx lion is not compatible with the current Finspy. We have conducted initial testing and have been unable to infect the lion os at all. Did Gamma test this prior to Lion being publicly released? Our understanding is that all processed are now sandboxed in Lion. Is there going to be a formal announcement from Gamma regarding this at all? Current targets will upgrade eventually and we may be left with a situation where current targets will be becoming unusable when they do this."
ProductID: 1
TypeID: 1
FileName: "97ADA93C"
StatusNotification: 1
SupportComments: "MAC OS X Lion support was added in release 3.02."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-08-17 12:20:22"
LastUpdated: "2011-09-26 13:56:36"
A30DB806
TrackingID: "A30DB806"
Summary: "Adding Module to target results in an error"
Description: "Adding Module to target results in an error when changing config and saving.\r\n\r\nSaving the configuration failed: Saving the module configuration for 7CF4A5D6 failed: -10017 The module is not loaded\r\n\r\n"
ProductID: 1
TypeID: 1
FileName: "A30DB806"
StatusNotification: 1
SupportComments: "Problem has been solved with version 4.0"
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2012-02-02 00:57:35"
LastUpdated: "2012-02-20 14:13:04"
A6251F67
TrackingID: "A6251F67"
Summary: "disintegrating infection removal tool"
Description: "We currently have a situation where we have infected a target but have set a heartbeat that is too quick for the targets poor 3g connection. We now are in the unenviable position of being unable to have the target connect to the proxy/master and pickup the new slower heartbeat time. We cannot re-install a new infection while this situation exists. It would be handy to be able to have an exe that we can socially engineer to the target to remove the existing infection and then disintegrate so that it cannot be reused to disinfect any subsequent infections. "
ProductID: 1
TypeID: 5
FileName: "A6251F67"
StatusNotification: 1
SupportComments: "Targets can be reinfected, so it is possible to change the configuration accordingly."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-08-17 12:14:40"
LastUpdated: "2012-10-11 17:07:28"
B19FD3D6
TrackingID: "B19FD3D6"
Summary: "DLL installation"
Description: "The FS manual does not describe the correct method for using the DLL installation vector that was released with the latest version of FS. Could you please provide instructions on how to use this and update the user manual accordingly."
ProductID: 1
TypeID: 3
FileName: "B19FD3D6"
StatusNotification: 1
SupportComments: "A suitable tutorial has been sent by mail."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2012-04-16 23:48:08"
LastUpdated: "2012-10-11 17:08:47"
BA831F71
TrackingID: "BA831F71"
Summary: "Screen captures not downloading"
Description: "There are several screen captures on the target, about 50-60, which are not downloading. Changing to manual and selecting an individual file does not resolve this. \r\n\r\nLooking at the target activity log i can see the request going out to the target to download but never completing.\r\n\r\n"
ProductID: 1
TypeID: 1
FileName: "BA831F71"
StatusNotification: 1
SupportComments: "According your feedback the ticket will be closed.
\r\n
Please close support ticket BA831F71. <br />Culprit was found to be an out of date version of ffmpeg2theora.<br />As soon as this was updated problem was rectified.
"
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-08-18 07:34:08"
LastUpdated: "2011-09-15 08:04:08"
BD4CA3A0
TrackingID: "BD4CA3A0"
Summary: "Arbitrary process cloaking/protection"
Description: "A feature to provide the ability to upload and run an arbitrary executable using finspy, and to extent finspys cloaking and personal firewall/av protection to the new executable. For example:\r\n \r\n- hide the executable on disk\r\n- hide the process from process listings\r\n- start and stop the executable as desired e.g. start on finspy startup\r\n- apply firewall evasion to the new process\r\n \r\nIn other words, treat the new process as an extension of the finspy process and provide the same cloaking/evasion features already present in finspy to the new process.\r\n \r\nDepending upon how finspy is implemented, this may be an easy change, or it may be quite complex. It would be interesting to get your thoughts on the feasability."
ProductID: 1
TypeID: 5
FileName: "BD4CA3A0"
StatusNotification: 1
SupportComments: "A similar feature has been implemented with the Forensic tools, which allows also to execute customized binaries.
Dear Customer,
I think the best here would be to discuss this over Skype with all details so that we can get the full picture of your requirements here.
What we have in the roadmap for 2.50 (october) is our Intrusion Module which contains features like:
1. View Network Shares
2. View reachable Bluetooth devices
3. View reachable Wireless Networks
This module will also offer the possibility to add custom executables which will undergo binary encryption to avoid signature detection and also be loaded and executed by FinSpy Target. The output files of these custom tools can also be send through the regular FinSpy System back to the Master server. These tools are activated through Live Sessions with the Target System.
Starting and Stopping these tools on system boot/shutdown is currently not planed for this release but we will add it to the roadmap as it also makes sense for adding network sniffers and such.
Would this be what you need? Otherwise we could also discuss developing some kind of custom module and give you a very high-level API for developing own modules which can be fully integrated with FinSpy. But to be honest here this would be nothing quick and probably would go into Q1 2011.
Best Regards,
Martin."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2010-07-13 06:39:06"
LastUpdated: "2012-10-11 17:01:17"
C0335DF3
TrackingID: "C0335DF3"
Summary: "Dual Screen Capture"
Description: "FS does not currently capture multiple displays. Where a target is using dual screens it seems as if FS is only able to capture the main screen and vital evidence is unable to be collected from the secondary display."
ProductID: 1
TypeID: 2
FileName: "C0335DF3"
StatusNotification: 1
SupportComments: ""
StatusID: 2
CustomerID: 14
Language: "en"
CreationDate: "2012-04-16 23:46:45"
LastUpdated: "2012-04-18 08:56:38"
E7D59CA3
TrackingID: "E7D59CA3"
Summary: "Infection mode Updates - ALL OUT OF DATE."
Description: "The automatic update infection modules that are supported are all well out of date. The chances of seeing a target with these patch versions is ZERO. Why has GG not been updating these on a regular basis? Please see the examples below:\r\n\r\nSupported Version Release Date Superseded Date\r\n\r\nSkype 5.0.0.152-5.1.0.104 14/10/2010 6/01/2011\r\nItunes 9.1.1 27/4/2010 16/6/2010\r\nOpen Office 3.1.1 31/8/2009 11/2/2011\r\n\r\n\r\nThis one one of the key features in FFLAN that made us purchase it. If these arent supported and updated then it is no better than an open source MITM tool just with a very expensive GUI."
ProductID: 2
TypeID: 4
FileName: "E7D59CA3"
StatusNotification: 1
SupportComments: "The new release supports all possible update infections. A suitable mail has been sent."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-09-19 08:13:54"
LastUpdated: "2011-11-02 18:06:50"
E84DB2F4
TrackingID: "E84DB2F4"
Summary: "FinAgent - not sidplaying properly on Fusion VM"
Description: "As discussed, FinAgent is not rendering correctly on a Windows VM running on Fusion osx. Problem is a red background that makes all icons unviewable. Problem occurs on all versions of agent from 2.51 to 3.02. This is replicated on multiple machines. Problem does not occur on a VM hosted on a windows VMWare, only on Fusion. Unfortunately our standard is windows VM running on OSX Fusion.\r\n\r\nPK has already been sent a screencapture of the issue."
ProductID: 1
TypeID: 2
FileName: "E84DB2F4"
StatusNotification: 1
SupportComments: "According the suitable email, the ticket will be closed."
StatusID: 4
CustomerID: 14
Language: "en"
CreationDate: "2011-09-12 08:18:10"
LastUpdated: "2011-09-26 08:26:49"
