Guest User

0day - zeusovertor

a guest
Feb 21st, 2016
1,620
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. Why Z0t?
  3. ------------------
  4. EXTREME RESILIENCE
  5. ------------------
  6. Zeus Over Tor cannot be shut down by Spamhaus or Zeus-Tracker or any methods currently employed by organizations hell bent on removing the zeus threat. It can't be shut down because you cannot find the ip address of the hosting from the hidden service address and so thus cannot report to the hosting company that you are indeed hosting malware. Furthermore Zeus Over Tor does not require you to register a domain, you have a hidden service address and as such you can easily move your botnet within one hour and your hidden service domain cannot be shut down because with hidden service there is no domain registration. The domain is generated dynamically when you create your hidden service. This feature alone makes Zeus Over Tor the most resilient and easy to maintain financial malware currently available on the market, bar none.
  7. ==========================================================
  8. Sphinx is tested and working on WinXP, Win7, Win8, Win8.1, Windows10. Internet, Firefox And Chrome Latest versions tested -- 11.02.2016
  9. ------------------------------------------
  10. In Depth Analasys of Zeus By British Media
  11. ------------------------------------------
  12. [youtube]https://www.youtube.com/watch?v=DUnZMwXCkyw[/youtube]
  13. https://www.youtube.com/watch?v=DUnZMwXCkyw
  14. MAN IN THE BROWSER PART 1
  15.  
  16. [youtube]https://www.youtube.com/watch?v=14TZOjG97EM[/youtube]
  17. https://www.youtube.com/watch?v=14TZOjG97EM
  18. MAN IN THE BROWSER PART 2
  19.  
  20. -------------------------------------------------------------------
  21. Vice Documentary On Fraud In The UK - (Zeus is inevitably the source of many of the details acquired and used to commit fraud based in this documentary)
  22. -------------------------------------------------------------------
  23. [youtube]https://www.youtube.com/watch?v=lA4R84xfLOQ[/youtube]
  24. https://www.youtube.com/watch?v=lA4R84xfLOQ
  25. Vice - How To Get Away With Stealing
  26.  
  27.  
  28. ================================================================
  29. Zeus0verTor trojan is coded in C++ based on ZeuS source-code. It
  30. operates fully through the Tor network using Tor hidden service. Zeus0verTor
  31. is immune to sinkholing, blacklisting and ZeuS tracker.
  32.  
  33. :: Malware:
  34. - Formgrabber and Webinjects for latest Internet Explorer, Mozilla
  35. Firefox, Google Chrome and Tor Browser with cookie grabber fo IE and transparent page
  36. redirect(Webfakes).
  37. - Backconnect SOCKS, VNC.
  38. - Socks 4/4a/5 with UDP and IPv6 support
  39. - FTP, POP3 grabber
  40. - Certificate grabber
  41. - Keylogger
  42. - Installation
  43.  
  44.  
  45.  
  46. Backconnect VNC - WinXp, VIsta: https://vimeo.com/147444171
  47.  
  48. It allows you to make money transfers right from your victims computer. Your VNC is
  49. done on a different desktop than victim is using so its completely
  50. hidden. You can steal money from bank while victim is playing
  51. multiplayer games or watching movies. Forget about configuring browser,
  52. because when carding with Zeus0verTor you don't need to. With Backconnect
  53. VNC you can also remove anti-virus/rapport software from victim. Port-
  54. forwarding for victim is not required due to use of Reverse connection.
  55.  
  56. Backconnect SOCKS:
  57. Use your victims as a SOCKS proxy. Port-forwarding is not required due
  58. to use of Reverse connection.
  59.  
  60. Webinjects:
  61. Used for speeding up report gathering. With Webinjects you can change
  62. the content of website and ask more information. You can do such things
  63. as asking for credit-card data from victims PayPal/Amazon/Ebay/Facebook
  64. for successful login. Webinjects use ZeuS format.
  65.  
  66. Webfakes:
  67. Used to do phishing attacks without having to trick victim in to going
  68. in to a fake domain. When configured for bankofamerica, user will be
  69. transparently redirected to your phish site without changing url.
  70.  
  71. Installation:
  72. At the moment, the bot is primarily designed to work under Vista/Seven,
  73. with enabled UAC, and without the use of local exploits. Therefore the
  74. bot is designed to work with minimal privileges (including the user
  75. "Guest"), in this regard the bot is always working within sessions per
  76. user (from under which you install the bot.). Bot can be set for each
  77. use in the OS, while the bots will not know about eachother. When you
  78. run the bot as "LocalSystem" user it will attempt to infect all users
  79. in the system.
  80.  
  81. When you install, bot creates its copy in the user's home directory,
  82. this copy is tied to the current user and OS, and cannot be run by
  83. another user, or even more OS. The original copy of the same bot (used
  84. for installation), will be automatically deleted, regardless of the
  85. installation success.
  86.  
  87.  
  88. :: Webpanel:
  89. Zeus0verTor uses the same familiar Zeus command and control panel
  90.  
  91. Features:
  92. - XMPP notification
  93. - Statistics
  94. - Botlist
  95. - Scripts
  96.  
  97. XMPP notification:
  98. You can receive notifications from the Control Panel in the Jabber-
  99. account.
  100.  
  101. At the moment there is a possibility of receiving notifications about a
  102. user entering a defined HTTP/HTTPS-resources. For example, it is used
  103. to capture user session in an online bank.
  104.  
  105. Scripts:
  106. You can control the bots by creating a script for them.
  107.  
  108. Statistics:
  109. - Number of infected computers.
  110. - Current number of bots that are online.
  111. - The number of new bots.
  112. - Daily activity of bots.
  113. - Statistics by OS.
  114.  
  115. -------------------------
  116. -------------------------
  117.  
  118.  
  119. PRICE: $500 Per Bin --- New version pending upon which price will sharply rise - [NOTE] The builder is not for sale. [NOTE]
  120. ======================================================
  121. If you wish to setup your server ask us for the panel files before purchase.
  122. ------------------------------------------------------------------
  123. If you wish for us to setup your server:
  124. PRICE: 100$ --- Fresh Servers Only. We can provide a server for you if you wish this will take 12 hours. We appreciate your kindness in not asking our sales & tech guys for free tech support and server setup. All sales are final and we do not give refunds for reasons of customers not being able to setup their servers and wanting free setup. A free tutorial will be provided to each customer for windows server setup, if setup is required we can do this for the price stated above.
  125.  
  126.  
  127. We also provide traffic and exploit kit if needed.
  128.  
  129. I thank you for your patience in reading & welcome to Zeus0verTor. The future in financial malware.
  130. Zeus0verTor Demo panel and bot
  131. ---------------------------------------------
  132. http://6araahcqgbaebwcs.onion/cp.php?m=login
  133. ---------------------------------------------
  134. user: alphabay
  135. pass: alphabay
  136. ------------------------------------------------------------------------------
  137. Here is the link for the uncrypted bot:https://www.sendspace.com/file/yyme62
  138. ------------------------------------------------------------------------------
  139. This is a demonstration panel and uncrypted executable of Zeus0verTor for public use.
  140. --------------------------------------------------------------------------------------
  141.  
  142. ==============================
  143. Jabber: zeusovertor@exploit.im - Sales Support & Tech
  144. z0t_support@exploit.im - Lead Sales
  145. z0t_support@siph0n.pw - Sales
  146. ==============================
RAW Paste Data