I’m here to present CosmicHTTP offering you the ability to handle a large number of bots . Developped within a year Cosmic HTTP offers a modular interface to load multiple plugins and using advanced capabilites for providing ultimate access to each machine Offering you a fresh and viable solution to load all your software or use our plugins CosmicHTTP [+]Client was coded in C++ (not C) & Win32 API: -Support all windows line from XP->10 -Resident in the OS -no CRT or TLSfor easy crypts -Run Entirely in Memory not runPE -User Mode Rootkit used to hide (Registry Keys) Process is injected so no need to hide it & no files are dropped on Disk,the password grabber has it’s own rootkit to hide files of reports (grabbed data) -Dynamic Loading of all API’s -Support for multiple backup domains -Shellcode mode (code is position independant) -Doesn’t interfer with memory protection DEP/ASLR offering you high stability -Using 2 viable injection method (1 into default browser,1 into explorer.exe) -Ability to run without Admin priviliege -40 kb size uncompressed contains main work of bot + first modules -Malware Killer using predefined Indice of Compromised this bot will kill & remove : Zeus & it’s variant(Sphinx,ICE IX,Shylock),Pony,Rovnix,Athena,Tinba… -Plugin capable -Bypass Windows Firewall and Commercial firewall (not all) -Encrypted Traffic between Client & Server using AES256 (Key is generated in runtime) -Rate depends on cryptor [+]CnC: -Download & Execute -Download & Inject into parent process or another process -Load DLL into system using custom loader -Update config (add backup domain or remove domain) -Written in PHP & PDO using MySQL Database Screenshots (Big Pictures): Not able to post pictures contact me for screenshots Version 1:Loader 100$ for first 10 Clients (150$ for the rest) -Free Rebuilds -Free Support Contact : rev@jabbim.cz For Thread in other forums : coru/verfiied/dc contact me trough PM Version 2:This is Frameworked version in testing contact me for information and proof (in developpement with group). [+]Usage of Domain Generation (DGA) to knock to CnC Domains are generated using time+text template parameter . Once your register a domain and client knock to it it will be locked as default in case of Domain Down just generate new domain using (dgatool.exe) and register one of them [+]POP3/SMTP/IMAP/FTP Grabber : Module grab emails,ftp, logins on the fly by hooks in user-mode. [+]Browser/Certificate Password Recovery: Grabs Stored passwords of multiple software including: -20 FTP Client -Browsers(Maxthon/Chrome/Opera/FF/IE/K-meleon/Chromium/Vivaldi…) -Stored certificates [+]Provide VNC Access [+]Spam module