Guest User

Armada Spread Method

a guest
Jul 24th, 2016
649
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. Hack Forums
  3. Armada Spread Method (Insert Various randomized high value number here)
  4.  
  5. +- Hack Forums (http://hackforums.net)
  6. +-- Forum: Hacks, Exploits, and Various Discussions (/forumdisplay.php?fid=45)
  7. +--- Forum: Hacking Tools and Programs (/forumdisplay.php?fid=10)
  8. +---- Forum: Remote Administration Tools (/forumdisplay.php?fid=114)
  9. +---- Thread: Armada Spread Method (Insert Various randomized high value number here) (/showthread.php?tid=4966514)
  10.  
  11. Armada Spread Method (Insert Various randomized high value number here) - Armada - 08-28-2015 12:02 AM
  12.  
  13. Ok, so I say it time and time again to people who ask, but as some may have noticed when it comes to spreading, I dont usually give out "Tips" other than the generic advice. There is a reason for this. Why? Well simple, I dont want all of YOU ass hats fucking my methods of spreading up on me.
  14.  
  15. BUT, Every now and again, we gotta share and share alike. So today I am going to walk you through the simplest and easiest way to get a boat load of slaves with minimal wok required.
  16.  
  17. But, we gotta setup first, right? Black Hat Right.
  18.  
  19. Requirements:
  20. Reliable stable RAT
  21. A couple existing slaves (for their social media accounts, facebook, instagram etc)
  22. Functional knowledge of "masking" malware to look like something else.
  23. ability to use google images or another site for icons.
  24.  
  25. So the premise for this type of spreading campaign is pretty straight forward TBH.
  26. In my Targeted Spreading guide, I discuss the different "classes" of computer users.
  27. - In this write up we will be targeting the "Home or Workstation" Classification of machines.
  28.  
  29. - This is a "Themed" based type of masking, meaning as saturated as I am sure this will soon become it is universal, and over 15 years of doing this has yet to fail on me. (So some might argue this is a known technique) - But its the "craftsmanship" you place in to your efforts that makes it pay off.
  30.  
  31. OK ȺʁɱªÐą Shut up, whats the scoop here?
  32.  
  33. Ok. We are going to start by picking the theme.
  34. we need the current popular BS thats a hot seller for kids at the current time you wish to do so. at time of writing this, its all about the Minions
  35. [Image: minions-2.png]
  36.  
  37. Now that we have our theme, we want to market this gibberish to the "Soccer Mom" class of users. We are talking the parents who are either too busy or simply dont know any better than to check the stuff on their computer.
  38.  
  39. So in our example we are going to market a "Minions Movie Screen Saver" - Free of course. Because who does not like free?. Roflmao
  40. - Point of note, sometime charging a MINIMAL amount makes it look more legit, but you get less installs. However, file remains FUD longer, as it gets distributed less. Black Hat
  41.  
  42. Basics:
  43. Build your RATs Binary
  44. Encrypt the RAT Binary
  45.  
  46. Masking:
  47. Find topiclly related image
  48. convert to appropriate Icon sizing (*.ico)
  49. Using Resource Hacker (NOT the Crypters icon changer!) you will now change the Encrypted Binarys Icon and Assembly information.
  50. -- This MUST be done in Resource Hacker, using other programs tends to cause the AVs to flag the file off. Newer heuristics are checking for "forged" assembly information now Glare (F$*%g c#$k goblins)
  51.  
  52. At the end of all of this you should have a file that is a binary and has a topiclly related icon.
  53.  
  54. - RENAME THE FILE TO .SCR - Its a "Screen saver", right?
  55. - Thats right, no spoofing of BS here, were outright marketing a viral binary, and yes I did even suggest charging people money for it.
  56.  
  57. Marketing the binary:
  58. Remember those social network passwords I said we needed, and the reason you need a few slaves already?
  59. Here is why.
  60.  
  61. We are now going to utilize other peoples accounts to manually post our malware. We are going to use their accounts, search out the topical content on facebook, twitter, instagram, etc and spam the fuck out of the social groups.
  62.  
  63. BUT FIRST! Our malware needs a home to reside.
  64.  
  65. *Cough* https://pop.co *Cough*
  66.  
  67. Create a website that advertises the malware in a believable fashion.
  68.  
  69. !!WARNING!! Spoiler contents links to malware, DO NOT DOWNLOAD FILES FROM THE SITE - You have been warned. !!WARNING!!
  70. Spoiler (Click to View)
  71.  
  72. As users will note. The site is simple yet direct. The navigational areas have been intentionally thinned out to prevent users from "navigating away" from the intended malware link (In this case, the screen savers DOWNLOAD NOW option on the main page.)
  73.  
  74. Now, go my Minions, spread the link across social media, hitting as many diferent social groups on facebook and other chats. - Utilizing the users OWN social networks as well. (If they belong to a local mom swap group, for example)
  75.  
  76. Craft your post to be a "real post" but something you can use as a base script to simple copy and paste (this speeds the spread time up)
  77.  
  78. Code:
  79. "Hey folks, I absolutely love this movie <3 #MINIONSFOREVER I found an awesome screen saver for the movie, its cute, I sit here sometimes just watching it. hehe. If anyone is interested I found it here: http://www.malwaresite.xxx
  80. - Its free too!"
  81. - Simple
  82. - Generic, but something someone WOULD write
  83. Zen.
  84.  
  85. ??????
  86.  
  87. Sit back, crack a beer, and wait, watching as the slaves come rolling on in. Black Hat
  88.  
  89. Now stop asking for spreading techniques, its CLEARLY not rocket science, where did everyone's creativity go?
  90.  
  91. OLD MAN RANT
  92. Back in my day we didn't have these fancy video games, we played 2 bit PONG, you ever heard of that game sonny? We got really excited when FROGGER and PITFALL came out. We moved up to the fantastical world of 8 bit gaming. etc.. rabbles off on some random tangent......
  93.  
  94. * - Hamware - 08-28-2015 12:06 AM
  95.  
  96. Awesome simple method mate, loving your contribution to the section. Love you.
  97.  
  98. * - Armada - 08-28-2015 12:25 AM
  99.  
  100. (08-28-2015 12:06 AM)Hamware Wrote: ►Awesome simple method mate, loving your contribution to the section. Love you.
  101.  
  102. Thanks. I understand how people starting out can find spreading difficult, it will forever be one of those aspects that will remain a challenge for any malware controller. Its an ever evolving challenge, however as I noted this is a technique I have personally used for nearly 15 years and it remains good to this day. (Modifications have happened of course)
  103.  
  104. This is an excerpt from a more complete thorough write up to a book I am in the works of Publishing. Black Hat
  105.  
  106. * - Paul Wilson - 08-28-2015 02:38 AM
  107.  
  108. Thanks for this spreading method mate, really nice, I wish I had a malware to spread but mine is still in development and I can't afford a crypter ;(
  109.  
  110. appreciate it Black Hat
  111.  
  112. * - that_jonix - 08-28-2015 03:08 AM
  113.  
  114. thanks for this nice spreading methode youre a big part of the Rat section :)
  115.  
  116. * - Shards - 08-28-2015 03:16 AM
  117.  
  118. Amazing! Thank for not selling it, can really help people out!
  119.  
  120. * - sudoaptgetusr - 08-28-2015 04:38 AM
  121.  
  122. I've been wanting to do something silmilar for a while, just been lazy. Do you know where I can find a webhost for free that I can point my domain to?
  123.  
  124. * - Armada - 08-28-2015 04:51 AM
  125.  
  126. (08-28-2015 04:38 AM)sudoaptgetusr Wrote: ►I've been wanting to do something silmilar for a while, just been lazy. Do you know where I can find a webhost for free that I can point my domain to?
  127.  
  128. As I noted, pop.co is a fantastic resource for this, I generally just throw my file up to dropbox (They dont distribute BTW, I've tested) and link to that. People generally dont check the links or if they go off site.
  129.  
  130. pop.co also ofers free ad free hosting for very simple single or 2-3 page sites (might just be single, I dun remember to be honest)
  131.  
  132. And honestly. I whip this together from start to finish within 30-45 mins. MAX.
  133. So even an inexperienced person who might muddle through the steps might take a maximum of 1.5 hours. Super minimal effort for the pay off bro. Black Hat
  134.  
  135. - And to the comment about not SELLING m method. - I noted this is an excerpt from a soon to be for sale commercial BOOK. But we gotta give some stuff out for free. (I find it only fair, as it was a promise I made to my Mentor, so many years ago) Black Hat
  136.  
  137. My only hope is others take on this same approach, and dont get overly greedy after they have experience themselves.
  138.  
  139. * - Paul Wilson - 08-28-2015 05:03 AM
  140.  
  141. (08-28-2015 04:51 AM)ȺʁɱªÐą Wrote: ►As I noted, pop.co is a fantastic resource for this, I generally just throw my file up to dropbox (They dont distribute BTW, I've tested) and link to that. People generally dont check the links or if they go off site.
  142.  
  143. pop.co also ofers free ad free hosting for very simple single or 2-3 page sites (might just be single, I dun remember to be honest)
  144.  
  145. And honestly. I whip this together from start to finish within 30-45 mins. MAX.
  146. So even an inexperienced person who might muddle through the steps might take a maximum of 1.5 hours. Super minimal effort for the pay off bro. Black Hat
  147.  
  148. - And to the comment about not SELLING m method. - I noted this is an excerpt from a soon to be for sale commercial BOOK. But we gotta give some stuff out for free. (I find it only fair, as it was a promise I made to my Mentor, so many years ago) Black Hat
  149.  
  150. My only hope is others take on this same approach, and dont get overly greedy after they have experience themselves.
  151.  
  152. Do you have to write your own files or is there an editor? Because a website like weebly has an editor so you can make your site look professional very quickly without any knowledge
  153.  
  154. * - matisshakeris - 08-28-2015 05:36 AM
  155.  
  156. Couldnt you just use 000webhost and host the file one the website itself? I suggest 000webhost because that's what im using myself too.
  157. Greath method. Anyways.
  158. Avoid hosting sites like rghost or sendspace because browser will likely block it as malware since it's "unstrusted source" i can avoid that uploading to my own site file.
RAW Paste Data