Jump to content
Byte-ul

Carberp Trojan Source - BootKit - Rootkit - FUD - Stealer - Spreaders - FormGrabber

By Byte-ul, in Programe hacking

Recommended Posts

Byte-ul Newbie

Byte-ul

Posted
Posted

Copy-Paste HF:

Carberp

Otstuk 60-90%

Win XP/Vista/7 x86

--

Complete set

Each successive includes previous

Minimum:

- Loader

- FTP grabber (31 client)

- Passvord grabber

- Form Grabber (IE, FF, Opera)

- FTP sniffer

- Grabber basic-authentication in IE

- Remove cookie and sol in IE and FF

- DDOS

- Socks5 proxy

- Support injected in IE and FF

- A program for writing and debugging injected with convenient GUI

- Encrypted Traffic

- Builder

- Multi-bot Admin

Extended:

- Grabber Serta from IE

- Module Hunter

- Universal keylogger

- AutoUpdate crypt and Domains

- Search words in documents and send to the admin panel

- Video recording on the boat for debugging inzhey and AZ

- Enhanced functionality in the admin

Full:

- VNC (win xp/vista/7 admin / user) and RDP (win xp admin)

Bootkit:

- MBR-loader bot (win xp / 7)

--

Program list grabber

Messengers

Miranda, ICQ2003, RQ,

Trillian, ICQ99b, MSN, Yahoo,

AIM, Gaim, QIP, Odigo, IM2,

SIM, GTalk, PSI, Faim, LiveMessenger,

PalTalk, Excite, Gizmo, Pidgin, AIMPRO,

MySpace, Pandion, QIPOnline, JAJC, Digsby,

Astra

Email clients

Becky, The_Bat, Outlook,

Eudora, Gmail, MRA, IncrediMail,

GroupMailFree, VypressAuvis, PocoMail,

ForteAgent, Scribe, POPPeeper,

MailCommander, Windows_Mail_Live, Windows_Mail_Vista

FTP clients

Total Commander, FAR Manager, WS_FTP, CuteFTP,

FlashFXP, FileZilla, FTP Commander, FTP Navigator,

BulletProof, SmartFTP, TurboFTP, FFFTP, CoffeeCup,

Core FTP, FTPExplorer, Frigate3, UltraFXP, FTPRush,

SecureFX, Web Publisher, BitKinex, Classic FTP PC,

Fling, SoftX FTP Client, Directory Opus, FreeFTP,

DirectFTP, LeapFTP, WinSCP

Browsers

Firefox, Safari, Opera, IE, Chrome

Other

SysInfo, WinVNC, ScreenSaver,

ASPNET, RDP, FreeCall, CamFrog,

PCRemoteControl, NetCache, CiscoVPN,

Credentials

--

Socks5 proxy

To receive a bot uses windows-server application

When bot knock, the server connects and hangs it on a different port

Makes bots SOCKS5-proxy

Web-based interface for connection and control bots

--

Inject

Injection works on IE and FF

Is supported by G, P, and L

Syntax 1B1 as Zeus, but just in case you need to check on the performance of

There is a convenient debugger injected with which it is easy to check its inzhey and write new

--

Traffic Encryption

All traffic from the spammer to admin and back encrypted unique key for each botnet

Bots can not knock on the admin area to another key

All requests from the bot to go to the admin scripts with random names

All plug-ins, download bot from admin, just encrypted

--

Module Hunter

When you visit a particular url bot requests from admin certain command, so for example you can include all of the DSA bots who went to the bank or upload any exe

--

Universal keylogger

Through admin defined list of processes that need to benefit from logging keystrokes

Bots get a list and send the admin logs as they become available

In the admin logs are divided not only on the processes and individual bots, but for different applications launch

--

AutoUpdate crypt and domains

Update bots crypt to clean and domains without otstuk perebildinga and update bots

In the admin panel added a list of domains and loaded kriptovat builds

Admin checks for their own services and scan4you chk4me

Every half hour boat knocks in admin for the new domains and builds

Depending on the set on the boat AB admin panel gives it a clean build and domains

When you update the build this way, preferred shares and domains bot are the same, regardless of the fact that the resident in build

It's easy to check domains, without giving them the bots

If you have your own kriptor as exe, admin panel itself can kriptovat builds, making 10 of the crypts at a time, check them out, choose the cleanest and give bots, or to make a permanent link on the net to build chords, as well as update and notify exe kriptora in jabber if crypts palitsya

--

Search for words in documents

You can search for a specific word or phrase

The search is performed within the documents txt, doc, docx, xls, xlsx, pdf, rtf, odt, lying on the drive, even if they are packed in zip or rar archive

All documents found packed in one file and go to the admin panel

--

Video recording

When visiting a specific url in the browser on the boat and the recording video

Videos sent to windows-server running receiver module

Video is written in our own format, maximum compression and optimized, b / w 2fps

To view using our own player, it is implemented for the convenience of a quick search on the name of the active window

On request, you can customize video recording - the start of a specific event, record the full screen, a record for a certain time, etc.

--

RDP and VNC

Remote connection to the bot is controlled via a single server windows-application

After connecting to the server, just select the bot and press the connect button

Server forwarding one of its ports and assign it to the boat, then you can connect and work

--

Gates

Server other than the primary server with the admin, the request is redirected to the admin panel of bots, bots and giving answers from her

The main objective of the gate - hide admin bot from abuse

For your regular gate UPU, the main thing is not the iron, and the channel

When abuse can quickly deploy a new gate, install time ~ 30 minutes

Gates can be several, and all lead to one admin

There are several types of implementations, including based on OpenVPN, but we recommend the normal Nginx-webserver is configured as a proxy

--

Bootkit

Works on Win XP / 7, otstuk ~ 60-80%

Mounted on ring3 bot, so if the installation failed, the boat ring3 remain in a healthy state

After installation is restarted, and if successful launch bot from ring0, ring3 version is deleted

AB bootkit can not find, as well as a bot that runs through bootkit kriptovat and therefore do not need to update

Even if in the future some AV can find it, you still can not remove, the user will only reinstall

Vitality 65% ??or more in a month after progruza

--

Rules for granting licenses

One license is admin page on the same server with reference to ip + boat builder and configure a gateway. For an additional fee, you can configure the desired number of gates. License restriction in the number of servers from the admin. One license - one server.

Redirecting bots on ip, which was not put our admin panel, as well as where there is untied our or its written under our boat, admin panel, is prohibited. We monitor each license carefully, and if there is a suspicion of attempted violation of the license or otvyazki bot / admin, we reserve the right to take appropriate action, up to revocation and ddos ??domain / server offender.

Admin protected with IonCube latest version. Boat protected systems of our own design. Just as they present additional internal encryption and special bookmarks that define ip / domains binding. If it is found that the bot / Admin decoupled, bookmarks make to the work of random distortion, resulting in a bot / Admin begin to not work properly, do not carry out the commands, or simply fail. As a result, it becomes impossible to control the botnet will be lost logs, bots will breathe much faster, etc. And at first glance, the bot can work untethered and knock in the same way as normal. Defects can be detected only by detailed analysis. With each new version, along with modifications to the functional and improved otstuk also will change and become more complex protection.

Software is provided as is, manibek not provided. Resale of software is prohibited.

--

Plans to develop

- Inject and formgrabber for Chrome

- 64-bit mode

- RPD under Win 7

- Loader minimum size for all models

- P2p to regain control of the botnet

Italics marked updates that will be distributed free of charge, provided that the unit to which the update has already been purchased

If you have your own suggestions, we will add them to this list, prioritize the development of themselves

--

Updates

Bug fixes in the current module and minor additions to the functional free

New modules and major additions to the current for a fee

For an additional fee, any possible improvements

--

Grabbers and AZ of any complexity

We accept orders for writing grabbers and AZ

Our team has extensive experience in writing grabbers passwords, keys, balance sheets and AZ any difficulty under any system

We have already written a grabber and AZ-based systems:

- HTML / Javascript

- ActiveX

- Java

- Win32

Thanks to the close cooperation of our programmers, we can adjust and finish our bot order the AZ for maximum results

There is a full featured Admin AZ

Prices and conditions are specified for each order separately

This is not a service for writing small inzhey, work only with large customers

-- BEGIN PGP PUBLIC KEY BLOCK --

Version: GnuPG v1.4.10 (GNU / Linux)

Removed - useless here

-- END PGP PUBLIC KEY BLOCK --

--

Requirements for Admin bot:

php> = 5.3.3

IonCube Loader

php-mysqli

php-zip

php-geoip (possible and without it there is remote but it is less efficient so it is better this otkompilenny right in php)

php-pcntl

Lighttpd + Lighttpd FastCGI + FastCGI Alow-XSendFile (Can and Apache 2.2 but mnee productive if you want to put it to him that necessarily mod_xsendfile)

Download Link: http://priv8.ru/archive/krab.rar

Nu deschideti .exe-uri sau alte chestii pe care la gasiti acolo.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...