Guest User

New botnet

a guest
Aug 15th, 2011
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.79 KB | None | 0 0
  1. Working on a similar project. Dark Umbrella fast flux/domain flux hybrid approach
  2. (In development about 3-5 months left)
  4. bot coded in assembly no dependencies
  5. Each build has maximum of 10k bots to ovoid widespread av detection.
  6. Basic bot uses socks5.
  7. built in ssh client
  8. (fast-flux)
  9. Bot is built with 30k pre generated 256 bit AES keys.
  10. 1 256 bit AES key for logs
  11. 1 256 bit AES key ssh
  12. 1 256 bit AES key socks 5
  13. hwid it selects a pre-generated key 256 bit AES key.
  14. Bot writes encrypted data into common file using stenography
  15. process injection
  16. Download/Upload Socks5
  17. Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.
  18. Using ipv6 in ipv4 tunnel.
  21. Collector bot assembly
  22. tor and i2p Plug-ins C++
  23. Assuming 10k bots
  24. Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.
  25. Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know
  27. Russia is no good.
  29. (Domain-flux .onion panel can be easily moved)
  30. Using a Ubuntu Server on bullet proof server.
  31. Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.
  32. Server uses a simple .onion panel with php5 and apache2 and mysql.
  33. You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors
  35. and bot will go to the next one and so forth.
  36. A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.
  38. The bot master uses my Dark panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and
  40. sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted
  42. on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt
  44. database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send
  46. commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.
  48. 1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)
  49. 2.Social network cracker. (in development)
  50. 3.Statics. (Working)
  51. 4.Anonymity status. (Working)
  52. 5.Decrypt-er. Decryption codes in highly limiting each build to 10k bots. (Working)
  53. 6.Daemon status (Working)
  54. 7.logs (Working)
  55. 8.Metasploit connects via rpc. (working)
  56. 9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.
  57. Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (in development)
  58. 10.Teensy spread. (in development)
  59. 11.vnc back connect. (working)
  60. 12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)
  61. 13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)
  62. 14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (in development)
  64. bot Plug-ins developed later
  67. Each Panel is hwid
  68. 1 unique build per Copy embedded into panel.
  70. estimated cost 10k per copy my goal to sell 12 copies worldwide
Add Comment
Please, Sign In to add comment