- Working on a similar project. Dark Umbrella fast flux/domain flux hybrid approach
- (In development about 3-5 months left)
- bot coded in assembly no dependencies
- Each build has maximum of 10k bots to ovoid widespread av detection.
- Basic bot uses socks5.
- built in ssh client
- Bot is built with 30k pre generated 256 bit AES keys.
- 1 256 bit AES key for logs
- 1 256 bit AES key ssh
- 1 256 bit AES key socks 5
- hwid it selects a pre-generated key 256 bit AES key.
- Bot writes encrypted data into common file using stenography
- process injection
- Download/Upload Socks5
- Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.
- Using ipv6 in ipv4 tunnel.
- Collector bot assembly
- tor and i2p Plug-ins C++
- Assuming 10k bots
- Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.
- Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know
- Russia is no good.
- (Domain-flux .onion panel can be easily moved)
- Using a Ubuntu Server on bullet proof server.
- Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.
- Server uses a simple .onion panel with php5 and apache2 and mysql.
- You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors
- and bot will go to the next one and so forth.
- A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.
- The bot master uses my Dark Umbrella.net panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and
- sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted
- on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt
- database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send
- commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.
- 1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)
- 2.Social network cracker. (in development)
- 3.Statics. (Working)
- 4.Anonymity status. (Working)
- 5.Decrypt-er. Decryption codes in highly obfuscated.net limiting each build to 10k bots. (Working)
- 6.Daemon status (Working)
- 7.logs (Working)
- 8.Metasploit connects via rpc. (working)
- 9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.
- Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (in development)
- 10.Teensy spread. (in development)
- 11.vnc back connect. (working)
- 12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)
- 13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)
- 14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (in development)
- bot Plug-ins developed later
- Each Panel is hwid
- 1 unique build per Copy embedded into panel.
- estimated cost 10k per copy my goal to sell 12 copies worldwide
a guest Aug 15th, 2011 2,276 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data