From 69f1c8fc1990c387214300dc4f0539d24cf0d7c0 Mon Sep 17 00:00:00 2001 From: Cx01N Date: Sun, 11 Jun 2023 10:51:07 -0400 Subject: [PATCH] fixed ramnit --- Crimeware/ramnit.profile | 15 ++++++--------- Crimeware/saefko.profile | 2 +- Crimeware/trickbot.profile | 8 ++++---- Normal/slack.profile | 4 ++-- 4 files changed, 13 insertions(+), 16 deletions(-) diff --git a/Crimeware/ramnit.profile b/Crimeware/ramnit.profile index 67ceb0d..baf14b3 100644 --- a/Crimeware/ramnit.profile +++ b/Crimeware/ramnit.profile @@ -49,7 +49,7 @@ http-get { prepend "105"; prepend " "; + append "\"/> "; print; } @@ -69,18 +69,15 @@ http-post { header "Accept-Language" "en-US"; header "Host" "xn--b1aanbboc3ad8jee4bff.xn--p1ai"; # header "Connection" "Keep-Alive"; - - output { - netbios; - print; - } - - id { netbios; prepend "http://........../redirect.php?acsc="; - + header "Referrer"; + } + output { + netbios; + print; } } diff --git a/Crimeware/saefko.profile b/Crimeware/saefko.profile index 2c66a4a..2a83bb5 100644 --- a/Crimeware/saefko.profile +++ b/Crimeware/saefko.profile @@ -89,7 +89,7 @@ http-post { prepend "\nHTTP/1.1 100 Continue\n\n"; #checked to make sure the misspells were misspelled, uh, correctly? - append "irc_channel\":\"null\",\"irc_nickname\":\"jI87fg\",\"irc_password\":\"K8gtr$4\",\"irc_port\":\"6669\",\"irc_server\":\"Setting+up+IRC+service.\",\"machine_active_time\":\"12\",\"machine_artct\":\"x86\",\"machine_bitcoin_value\":\"0\",\"machine_business_value\":\"0\",\"machine_calls_activity\":\"0\",\"machine_camera_activity\":\"8\",\"machine_country_iso_code\":\"8864\",\"machine_creadit_card_posiblty\":\"0\",\"machine_current_time\":\"10:32:45\",\"machine_facebook_activity\":\"0\",\"machine_gaming_value\":\"0\",\"machine_gmail_avtivity\":\"0\",\"machine_googlepluse_activity\":\"0\",\"machine_instgram_activity\":\"0\",\"machine_ip\":\"10.1.23.146\",\"machine_lat\":\"0\",\"machine_lng\":\"eng\",\"machine_os_type\":\"win\",\"machine_register_date\":\"0222\",\"machine_screenshot\":\"1"; + append "\"irc_channel\":\"null\",\"irc_nickname\":\"jI87fg\",\"irc_password\":\"K8gtr$4\",\"irc_port\":\"6669\",\"irc_server\":\"Setting+up+IRC+service.\",\"machine_active_time\":\"12\",\"machine_artct\":\"x86\",\"machine_bitcoin_value\":\"0\",\"machine_business_value\":\"0\",\"machine_calls_activity\":\"0\",\"machine_camera_activity\":\"8\",\"machine_country_iso_code\":\"8864\",\"machine_creadit_card_posiblty\":\"0\",\"machine_current_time\":\"10:32:45\",\"machine_facebook_activity\":\"0\",\"machine_gaming_value\":\"0\",\"machine_gmail_avtivity\":\"0\",\"machine_googlepluse_activity\":\"0\",\"machine_instgram_activity\":\"0\",\"machine_ip\":\"10.1.23.146\",\"machine_lat\":\"0\",\"machine_lng\":\"eng\",\"machine_os_type\":\"win\",\"machine_register_date\":\"0222\",\"machine_screenshot\":\"1\""; print; } } diff --git a/Crimeware/trickbot.profile b/Crimeware/trickbot.profile index ad689c3..f445a5f 100644 --- a/Crimeware/trickbot.profile +++ b/Crimeware/trickbot.profile @@ -49,8 +49,8 @@ http-get { prepend "
nginx
"; prepend ""; prepend ""; - prepend ""; + prepend ""; append ""; print; } @@ -78,7 +78,7 @@ http-post { id { base64url; - header "Cookie"; + header "Cookie"; } } @@ -103,7 +103,7 @@ http-stager { header "Server" "nginx"; header "Date" "Fri, 30 Jun 2017 13:08:47 GMT"; header "Content-Type" "text/html; charset=utf-8"; - header "Connection" "keep-alive"; + header "Connection" "keep-alive"; } diff --git a/Normal/slack.profile b/Normal/slack.profile index 80917e7..557ea79 100644 --- a/Normal/slack.profile +++ b/Normal/slack.profile @@ -92,8 +92,8 @@ http-get { append ""; append "
"; append "We strongly recommend enabling desktop notifications if you’ll be using Slack on this computer."; - append " •"; - append " •"; + append ""; + append ""; append ""; append ""; append "
";