Sunday, June 2, 2013

Full disclosure of 309 Bots/Botnet Source Codes Found via Germany Torrent

Background

If you see the post's title well, this post is as per it is. A shocky, and took us a long time to confirm the source code one by one until we are pretty sure that the data is valid.

The data was found by our team member (thank's for the great and swift follow) after receiving an anonymous hint, it was found a torrent account which lead to a file-share contains these malicious contents. The account is under legal process to the authority and we grabbed all of the data as evidence, shortly after we retrieved the data and some "one on one" battle, the account was closed and the file shared was suddenly deleted.

The malware source is a bit old, mostly are data from 3-4years ago, most of them are bots/botnet clients source codes of various malicious implementation and some of them are still considered a "useable" stuff. After having a long internal discussion, we decided to full-disclose the information for sharing purpose to the AV/security industry, authority and known researchers only, sorry for the inconveniences that might occurred, please contact us for the sample request together with your introduction (as a good guys with credential *smile*). Upon the approved requests, we don't provide the downloads URL for you, we will push via FTP for the specific sources requested (the reason is: big size & security purpose) so please prepare your temporary FTP/FTPS account. I mean FTP, means no Dropbox, no Google Drive, no File Sharing, and please no argue about this, since we have our own security reason. In some cases we will demand the PGP/GPG keys for validation.

Below is the category (supported to PHP, UNIX & Windows native C codes):

Login Brute Forcer Bot
IRC Bot
WebShell
SqlInject Attack Bot
Virus/Malware Botnet Client
Spyware/Backdoor Bot

Snapshot

Some dangerous bots (snipped in picture):

Ransomware:

UNIX Bot (Client):

Sql Brutter Client:

IRC Worm:

ZeuS:

Hashes

The complete list of the sample:

DATESTAMP   TIME  MD5                              SIZE       FILENAME
------------------------------------------------------------------------------------------------------------------
2009/06/12  19:28 f3c4064ffc78852d07c4cb3f6b23f159    438,881 (rbot)x0n3-Satan-v1.0-Priv8-By-CorryL{x0n3-h4ck}.rar
2009/06/12  19:29 6c156b3e3fe269385076880bce7fc094  2,591,697 120 Moded By t0nixx.rar
2009/06/12  19:30 276717078dda96ddd1fa7da10bdaed99  1,861,648 120-MYSQL-V2.rar
2009/06/12  19:30 fda4772759e01da0ea6e3fbd29c5dddb  1,834,838 120-MYSQL-V999.rar
2009/06/12  19:29 49a53e3490283199c43c38d7833e36ad  1,598,898 120-MYSQL1THREAD-V2.rar
2009/06/12  19:30 3bfd0b7d99b578ac9262ed5c737a230c  1,846,551 120-MYSQLBRUTE-V2.rar
2009/06/12  19:30 eccbec0caf7be85f513b37a290ffbe06    311,471 120-PSTORE-MSSQL-SYM-NTPASS-VNC-NETAPI-2007.rar
2009/06/12  19:30 9888a260793b4cc1ce42e2238b94edc7  1,629,967 120-VnC-Brute+pStore.rar
2009/06/12  19:28 f025eae0375ff22154c6972fb60adfcf    159,305 120-[BruteTest]-V0.5.rar
2009/06/12  19:28 56ef53170406d8ea82154a1d1a65b964    329,645 120-[DVNC-TEST]-DDOS-V1.0.rar
2009/06/12  19:28 6c6aba1e5af4c3d6d558d6871e02118d    233,800 120-[ModBot]-SNIFF-VNCBRUTE-SP2FIX-NICK.rar
2009/06/12  19:28 13c08d0b13b3e75bf8f6ddbfb1e43ceb    243,298 120-[ModBot]-SP2FIX-SYM-VNCBRUTE.rar
2009/06/12  19:28 70da6fc1586ac3cd0a025ea0e6aad31a    146,865 120-[ModBot]-V0.5.rar
2009/06/12  19:28 ea6fc0ea066d3e835ef28a1c90949660    312,882 120-[ModBot]-V1.0.rar
2009/06/12  19:28 5b6c4675e1616e51da2bfdc6213148f7    265,415 120-[ModBot]-VNCBRUTE-MSSQL-2007.rar
2009/06/12  19:28 74fd34fc2b497602237402bbaedba8a2    240,382 120-[netapi-sym-mohaa]-(vncbrute-sp2patch).rar
2009/06/12  19:29 ad693fb4e2313fdc78b883c417f8ad3a    207,623 120-[SP2-PATCH-BRUTE]-V2.0.rar
2009/06/12  19:29 342aefc091d1e82cb8813e7bba535dda    196,201 120-[SP2-PATCH]-V2.0.rar
2009/06/12  19:28 4800ee7bc8a9e3f4d8a4f82722f02c42    228,752 120-[SP2FIX-VNCBrute-Mohaa]-STRIP V1.0.rar
2009/06/12  19:28 24ff016f81aa71a20df1226255960f12    240,027 120-[SP2FIX-VNCBrute-Mohaa]-Test V1.0.rar
2009/06/12  19:28 cac14cb51f4ece12a357759ac82df8dc    227,567 120-[SP2fix-VncBrute]-FINALV1.0.rar
2009/06/12  19:28 68c45a875dba68c638e1cb8d139d118a    283,206 @@ SKUZ FIXED DDOS @@.rar
2009/06/12  19:30 a05ef342a2d0059a6ef895a18d43922c    514,428 a.rar
2009/06/12  19:30 eef69909a5e0598b1045f16771e316dd    991,860 a59base.rar
2009/06/12  19:30 64f9e1ae1e6a578ffee4b9fb32868d45      8,460 acidBot.rar
2009/06/12  19:30 52670ac6c7bb1f7e971b0b6c7f28b146     10,821 acidBot2fix.rar
2009/06/12  19:30 9f8dc19511a188e8fdbd3f454d92df60      6,224 acidbotEncypt.rar
2009/06/12  19:30 1530eb627c220286792abbf0658c5b7a      7,841 Ad Clicker Bot - Private - Free-Hack VIP Tool.rar
2009/06/12  19:30 90a02f5853087a9f08ed4fddada1f81e  1,470,160 agobot3-0.2.1-pre4-priv.rar
2009/06/12  19:30 17488ed87161e959bf9ea1f25d206d78     66,405 AkBot-IRC--lsd-mod.rar
2009/06/12  19:30 9842020705382d29a3c3bc23dd2103f7     90,263 AkBot-x0r-dns.rar
2009/06/12  19:30 5c4e92b534053bb0217199ec7d85bc24    168,342 Akbot_v0.4.1_netapi_.rar
2009/06/12  19:30 20635cea0f079ca7cd4395da99f05a62    142,885 asn-pstore-spam.rar
2009/06/12  19:30 ed9f49a1bb5bf552c34fc5b8d942269b    141,693 aspergillus_1.3.rar
2009/06/12  19:30 9030d27bf842ff8233752724e10c7c81    402,767 bBot-Version_0.6.rar
2009/06/12  19:30 de08fa387c1148568104d61d7b8ae609     17,502 BioZombie 1.5 Beta.rar
2009/06/12  19:30 7a232e2c7ef0085d0fa1c4eb859d20d8    112,302 blacksun.rar
2009/06/12  19:31 99d56b1460686e0da2a1e1586cb021cd    278,984 BlowSXT.rar
2009/06/12  19:31 1fb2d733cf36e9d352dbb999fba0ea2c     60,462 bmw.rar
2009/06/12  19:31 1cf0cd89a05814fadddc835934226bb3     43,176 bot mods.rar
2009/06/12  19:31 2b36670d863e7a89586c6137a8f30d82    269,740 botnet200.zip
2009/06/12  19:31 e1dc44e0de020ecd29e5c1a0eaa93a8d      3,270 Brainbot_v1.5.zip
2009/06/12  19:31 fe7f5c930537a25c676c317f0f7ede55    185,794 CBot-Fixed Version.rar
2009/06/12  19:31 59a95e39a104798872084ab1954e42f1  2,119,050 ChodeBot C++ v1 base.rar
2009/06/12  19:31 54d994b223b34aa3793dac250f69ecb7    197,682 ciscobawt.rar
2009/06/12  19:32 7416e613bd89dc18876ee54054e2e28e    645,293 Crackbot_v1.4b-final_spin.zip
2009/06/12  19:31 e41507022a1c46d4667586150d6bff2e    192,638 Crx-realmbot.VNC+RFI.rar
2009/06/12  19:31 b38bdca4ae6d993258ff7b341ef641d3    197,107 Crx-realmbot_VNC_exploit.rar
2009/06/12  19:31 d826b47ee22d43edcc3e91213d7a6fa1    131,999 CYBERBOTv2.2-Stable.m0dd_ownz.DreamWoRK.rar
2009/06/12  19:31 b4bd7566c8f52504def1520daa619f10     89,904 CYBERBOTv4.0.rar
2009/06/12  19:31 b01e2800778e0356a7125d0b169016cb     19,352 C_15Pub pre4.c.rar
2009/06/12  19:31 aef6eeec9dab3614040924a42bc1e59a     26,398 C_15Pub.rar
2009/06/12  19:31 00c39caedea5396e5ef752c7124b6478    209,817 DarkAnalNKX-BACKDOOR-REMOVED.rar
2009/06/12  19:31 0cc93898910b2e28d11bcd6015df2d95    514,997 Darkness IRC Bot.rar
2009/06/12  19:31 4c736cb10035c4c1d938dd56a9392e73    470,970 Darkness.last.mod.rar
2009/06/12  19:31 613e31fde44dfb58bc5827382a6d2121    116,307 dbot-irc-sell.rar
2009/06/12  19:31 f47bde579b059da5d2100dc3d57addb6     67,747 Dbot.v3.1.rar
2009/06/12  19:32 c3c889b923b47f051b6aec0dac9c6b9b  2,676,329 DCI Bot.rar
2009/06/12  19:32 4f7e093d42e53daba32eb4be642ceab6    817,799 dci_bot.rar
2009/06/12  19:32 28088545580766d59a5980bb166262ab    100,233 dopebot.rar
2009/06/12  19:32 bc487a321f966901ccff083fdfb9d76d  1,159,465 dopebot0.22.rar
2009/06/12  19:32 bc487a321f966901ccff083fdfb9d76d  1,159,465 dopebot0.22.uncrippled.rar
2009/06/12  19:32 53bf7302b4d1652f82d66f810d8ee941    107,161 dopebot_2.0.rar
2009/06/12  19:32 64e29da4acd67784ac7902a8a7d5778e    128,622 dopebot_current.rar
2009/06/12  19:32 9f888ff2dff506e1275857865f8273ba    251,418 drx_realcast_woopie.rar
2009/06/12  19:33 a34bbb6b2ab99869ca9ce040954e1a54  1,113,713 fiesta Sploit-pack.rar
2009/06/12  19:33 2809919d7df5c98fb8d72179759b1271  2,776,404 ForBot_Olin-SYM-VNC-NETAPI-All_The_Public_Shit.rar
2009/06/12  19:33 1a5a554cf0d51a946bb39b41afb127d7    691,904 ForBot____sniffer__other_mods-_ch405_.rar
2009/06/12  19:33 94569dfd1e3c39b0887b15602d1282b4    910,480 frozenbot6.rar
2009/06/12  19:33 be9041ce8838fd8cc3fa19c9231307b4    218,854 fukj00.rar
2009/06/12  19:33 dc163d64564178a5228be6904e1a1afc     74,862 fungus.rar
2009/06/12  19:33 8f237784ce29a851a2c10e091bc7647f      1,365 fxBot_beta_.rar
2009/06/12  19:33 99013df00a00db8377a37edf96f43710    450,355 g-spotv2.0.rar
2009/06/12  19:33 cce327ac783ed2e03f3804a4711b2980     98,338 Gellbot_3.rar
2009/06/12  19:34 9f62032cec5bf5a6829f8f8ed62b4740    943,873 GENTOOreptile-base.rar
2009/06/12  19:33 e0e204b89ee612879184473714aea2f5    405,270 GigaBot-DCASS.rar
2009/06/12  19:33 e35b3b428bae342f9e9b5c416a444111     20,944 gsys3_final.zip
2009/06/12  19:34 1bcc13ffc13a60b61cc20de05323f78c    477,851 gt-badteam.rar
2009/06/12  19:34 7c9081af12474e58bf877e04f1fb6173    639,102 gt-virtualslut.rar
2009/06/12  19:34 f508da5fe53f643838b07bdb31f6173a    631,223 gt.zip
2009/06/12  19:33 a56fa0c5bc1f9adfcdbf10af4e40e958     18,085 gtbot-hackersteam.zip
2009/06/12  19:34 c216d6757a0a944881fa1038dc105a69     61,125 gtsev-spreader.rar
2009/06/12  19:34 c216d6757a0a944881fa1038dc105a69     61,125 gtsev-spreader_2_.rar
2009/06/12  19:34 4ba2a256f576f49fa6ddcc8b3ca850d3    461,610 H-Bot M0d 3.0 M0dd3d by TH & Sculay.rar
2009/06/12  19:34 4a242f6d83c001d6737ac1b743005784    582,435 H-Bot_M0d_3.0_M0dd3d_by_TH___Sculay.rar
2009/06/12  19:34 dc958fff0f8538c6cb1a1816b16b2586     16,116 h3xb0t.rar
2009/06/12  19:34 bc0d89415675a722f2af74b0c174ad29     28,672 h4x0rb0t_2.0_gt_edition.zip
2009/06/12  19:34 2ba073919798b49fda385298fe64d935  1,198,546 harvecter_bot.rar
2009/06/12  19:34 131e297fcb7b4097327352b11c078982     94,865 hdbotv0.2-ciscoscan.rar
2009/06/12  19:34 115881fb06d2ab57abf8afb7f4ae1815     88,956 hellbot10-06-05.rar
2009/06/12  19:34 3acba4c7f32087368937d7b4fdc29038     62,560 hellbot3[10-06-05].rar
2009/06/12  19:34 19b1ea7eb040789fa35d4e31909da225     90,126 hellbotv3.rar
2009/06/12  19:34 e1688beaf7b28f279abb90da00faeee8     16,905 hydra-2008.1.zip
2009/06/12  19:34 40a3282cf7e1d832ddfb4e6c33fc0252     17,443 I1.4b0.rar
2009/06/12  19:35 e09d194f790134f500c4c30aa0ff2388  1,231,092 icepack-ie7 mod.rar
2009/06/12  19:34 9d08ed0af3b70cd4fa0858698071c7d6    199,267 IHS-H-A-V003-Exploits.zip
2009/06/12  19:34 e23d9fde0bb6c1d84344bb291ad6afb3    495,581 iis-gt-bot.rar
2009/06/12  19:34 b7bb59167431b696a400c076b83ca22c    224,062 illusion_bot.rar
2009/06/12  19:34 3434dd0e03e545c647d0026d57dbb83b    248,553 Imbot1.3_V3.1.zip
2009/06/16  01:31 9d7f2f4c776062f7eb1300142bb44f6b     80,290 IMbotMod_V4.1.zip
2009/06/12  19:34 299ad5de20ba8c3c9182fdcb33016bc6    207,505 IMBOT_MOD.rar
2009/06/12  19:34 8493cbdc1fcb1caf3f32b9a8a548b179     97,313 IMBot_SRC_$$.rar
2009/06/12  19:34 eba95d73077c762dfd5c05fd871db38a    170,393 InTeL_m0dd-Test101-ms0640.rar
2009/06/12  19:34 2968af1c1a9ca3c1b8258f5902ec91c6    105,750 irbot0.15.rar
2009/06/15  20:15 ce35769c0538f13f599dcc5c0b6d9e96  2,555,449 ircd.tar.gz
2009/06/12  19:35 8e4c53d9673e44ff9df410288c5f0050     34,728 IrcWormv1.3-SourceCode.zip
2009/06/12  19:35 c52acf3396793f97bda614252bd8492d  1,991,254 IrINi_bot_0.1_public_limited_version_for_win32.rar
2009/06/12  19:35 63e0c87e11fd8e46111a5e734975d9f0    662,071 italian.zip
2009/06/12  19:35 ae71290e63db49bdda0ae0b0b8bfe88f    296,592 JRBOT_Modded_By__bloody_.rar
2009/06/12  19:35 3f7cf217ec499ba9d34e86e47cf08efe      8,643 kaiten.c.rar
2009/06/12  19:35 8dd36535dc8af32d6f398706b7f63c3e      7,322 knight.rar
2009/06/12  19:35 e44a741b6507ad9bb14c1ccd152a48ed      5,586 KoBRA-RFISCaN.EDiTEDBYBRaT.rar
2009/06/12  19:35 6cee5d68699c496c59afa6d9aeb2c75b     11,201 l0lw0rm.rar
2009/06/12  19:35 7f0657b3fb5ec9b67ce2487a8040ca05    227,961 LiquidBot_FixEd_By_Pr1muZ_anD_Ic3.rar
2009/06/12  19:35 4e8a71749ece0c3209f40c0304d1c7e2     86,201 litmus2-bot.rar
2009/06/12  19:35 4e8a71749ece0c3209f40c0304d1c7e2     86,201 litmus2-bot_2_.rar
2009/06/12  19:35 d43da1e84969c2eb0ba1ef760681e671      2,751 Lnknell.rar
2009/06/12  19:36 cbdbc295c611f1b1c6dcf11da45e4878  2,028,539 LoexBot.rar
2009/06/12  19:35 db5420ab2a883ed938aae77429573135    128,635 M0LdBotv1.0-small.rar
2009/06/12  19:35 9d90100354b9efeae6fc3f57ab0a036d    249,373 mm0d_asn_.rar
2009/06/12  19:35 9d90100354b9efeae6fc3f57ab0a036d    249,373 mmodbasn.rar
2009/06/12  19:35 f8bede07136fb166a0b4d197a24c7723    327,656 ModBot V1 Mod by iNs v0.2.rar
2009/06/12  19:36 1b521746de9dc8c77658d5bf9ed46786  1,387,852 MSDN(mirc scan bot).rar
2009/06/12  19:35 4ba39b27d1976eabc28cd71e515fac82     33,627 MSITBotWin.rar
2009/06/12  19:35 45b6ce6fef7e3e2d5769a3c2a1979daf     45,149 MSN Spread Bot Priv8.rar
2009/06/12  19:36 003a33c8e9701722179c99980bfdbfac    247,232 mystic-Urx.rar
2009/06/12  19:36 2d7328e87f0570a3bbd2ebdf76183cc7    240,673 mystic-Urx_Fixed_by_Pr1muz.rar
2009/06/12  19:36 88eac4e54021a2cf0ca8137f35b21bc2    647,269 my_poly_sploit ie6-ie7-op-firefox.rar
2009/06/12  19:36 8e4c63ff630c591d36dcb64dd7e1c15b    116,659 Nbot.rar
2009/06/12  19:36 3d0e097817ebd904fecd4645b8186b14    110,060 nbot032-update-5-28-08-enc_07-10am_.rar
2009/06/12  19:36 2d1927aa1a0a05d9e6ed1f8a4bc83579    213,512 NESBOT_v5.rar
2009/06/12  19:36 cb6e2ab433ddd93acc92b8127c408168    149,543 nesebot1.1r-ASN-PNP.rar
2009/06/12  19:36 ea9433508e84ece9647389999491a472    206,253 nesebot1.2.rar
2009/06/12  19:36 4bd17a046c2c34cd65210f386af85cb8    252,529 Netapi.Prueb-Norman.2oo6.Prif-Jessi-Off.rar
2009/06/12  19:36 4f1a198048010bebe6a496c2b6482756    211,737 New Folder.rar
2009/06/12  19:36 4d691657be055879d7961a5ccf845f1b    232,021 New_NZM_netapi_bot.rar
2009/06/12  19:36 1650de57781e5e2145c4aeebdc5c6ad5     14,946 niggerbot-vnc-nocrypt.rar
2009/06/12  19:36 8fc87d29d7ac4933c61a2c73df3174e8     94,040 NinjaBot.rar
2009/06/12  19:36 53ad266492c5ac6a166c2281e6bd2130     20,208 NITE-AIM.rar
2009/06/12  19:36 df8d52c0d08e277cc43c472dca2ed8cb     42,667 NtScan-rbot.rar
2009/06/12  19:36 96691ea655bf3dee6101a4af666d99b9    112,504 nullbot[2.1.1] [23-11-05].rar
2009/06/12  19:36 c14512df73863f6520fc04f095f74858    112,489 nullbot[finals].rar
2009/06/16  01:31 2c1c70b4fbbd2652051f6a8e48fc9ad7    252,691 NzM 3.0 By Ph3mt.rar
2009/06/12  19:37 1b2ef2799610f4db8fab315bd269123e    866,864 nzm-netapi.rar
2009/06/12  19:36 b2c297155d283e15aaa7de677ce1c831    447,772 nzmlite_sql.rar
2009/06/12  19:36 96045f06b6fe0b10ab8876a0ee120402    221,135 nzmlite_symantec___.rar
2009/06/12  19:36 5f6ebad8d78f6a60d9b2a084e503b855    401,538 nzm_priv_shit.rar
2009/06/12  19:36 36605f658061064219b2c7364250f478     66,557 oscar.rar
2009/06/12  19:36 4ff53675ff4cdd829da9b0a42f358e81      6,948 pBot.rar
2009/06/12  19:36 54566f2c6d73bd7837a5a51bfcaf38e6      6,397 pBot_v2.rar
2009/06/16  01:31 97351e9d23d352e6aa1f2b62e55f37c2    327,680 ri0t[v5].rar
2009/06/12  19:28 787edfdfdc5610c9f4b8cfb77de93399    533,970 _dkcs_ddos_bot.rar
2009/06/12  19:28 02cd4a3f219739942fb3f74468318f99    714,852 _Radmin-scanner_-EcKstasy.rar
2009/06/12  19:28 02c1edcbc84d3e1a173a377955c43bd6    677,164 _sHk-Bot.svchost-ns-dev.NOT-FOR-RELEASE_.rar
2009/06/12  19:40 6f1965b7156d0f45702b54f1ab1dcf9b   8,330,434 Phatbot-gh3tt0Bot.rar
2009/06/12  19:38 468c6a889d70027bef6e1b36915f6c88   3,072,230 Phatbot-NortonBot.rar
2009/06/12  19:38 343890fa7a2bf1456be638419d45302d   1,940,198 phatbot-SkYKr3w.rar
2009/06/12  19:39 7139728433d292be62fe205e6a17b76a   3,348,672 Phatbot-stoney.rar
2009/06/12  19:37 85a8b554fbecc76b04d584be7e023983   1,316,528 phatbot[11-20-04][PCAP][SYNSCAN].rar
2009/06/12  19:37 e0a856cdd29f7a94d5c55ceac9b942fc   1,500,349 phatbot_alpha1.rar
2009/06/12  19:38 dcc4bc9260c9b9b45900a30b4e3758f2       5,532 phb2.rar
2009/06/12  19:38 afc6284bb1e5ea18897c77708c6a7476       3,464 php_bot.rar
2009/06/12  19:38 dfa368e6624d8dc7e03a7e2c35d3e4e3     278,407 plague.gecko.netapi.rar
2009/06/12  19:38 f629aaf7d78d9020d8620407d84e0346     357,695 pr1vsrc-nzm-m0d-by-ibby.rar
2009/06/12  19:39 e6b2deed37a64d027fd537f4ecc062c3     247,327 private_enzyme_rxmod_04-04-05.rar
2009/06/12  19:39 7a76d91b3ac04e15e74e9a127553720c     257,317 prueva[1].Netapi.asn.m0dded-Norman.rar
2009/06/12  19:39 f8929c235aa51ded4f94e32cc778c4e4     247,912 prv_nzm-rx.sp2fix.rcast.rar
2009/06/12  19:47 63d5ce47604dd47e658be563606c7af8  19,031,884 PsyProxy.zip
2009/06/12  19:39 ee5de8ed6a9e8ae2fe1304222bd668a3     246,038 pwnBoT.rar
2009/06/12  19:39 fa302cd7352ad3e8420fa3ec8924f842       8,372 q8bot.zip
2009/06/12  19:39 f4ed84cdef31f7235f163d20668edf97     216,679 r00t3d.asn.ftp.lsass.by.Morgan.rar
2009/06/12  19:39 78c02f7ec3b5af667cccd7a2d3754f07     130,140 RAGEBOT.rar
2009/06/12  19:39 9a6d2a549b4ea49e3ede33b2f8957cb1     102,702 RAGEBOT[Clean].rar
2009/06/12  19:39 b946350e3f2348bf578803919ba9f65a      18,016 RansomWar.rar
2009/06/12  19:39 e61ca1f98b33e10a0f14e885ebdd2510       6,200 Ravbot.rar
2009/06/12  19:40 18dcba301450a14e3261225163991de3      28,629 rbot-LC-Priv8.rar
2009/06/12  19:41 36d130cbfd1fccb685ad42f303997a04     288,289 rBot-sxt-harro.rar
2009/06/12  19:40 20d6865263e96848754353930ffc3c74     120,044 rbot0.2-scionix-102b-working.rar
2009/06/12  19:40 88e0d9bfaf3dccc46230dc6d70495688     159,057 rBot0.3.3Pub.rar
2009/06/12  19:41 e86d83476b327e7df82d4cf43eb733b3     220,647 rBotv0.6.6-privlsass.rar
2009/06/12  19:40 839e1825a9580a03032de1bbf46b6059   1,169,550 rBot_0.2-MODE-by-akusot.v1.5.rar
2009/06/12  19:40 72dd0e30b85f0b3e64198520afa584da      72,666 rbot_dnsquery2007.rar
2009/06/12  19:40 0441ceff1c609627e0028c066e1a519a     415,849 rbot_netapi_vnc_ipswitch.rar
2009/06/12  19:40 234a3f399969dd621c71c6add8cc2a47      66,993 rBoT_oTh3R-dImeNsIoN_4.4x(2).rar
2009/06/12  19:40 234a3f399969dd621c71c6add8cc2a47      66,993 rBoT_oTh3R-dImeNsIoN_4.4x.rar
2009/06/12  19:41 62bc8519bf3eb573c58f23494b36ab00     247,426 Release no_cpp.rar
2009/06/12  19:41 2f4327515aff4a16196e460d55658382     317,296 reptile-small.rar
2009/06/12  19:42 d6a4075a7edbf3f6a8d24eae3c13bfbe   2,458,703 reptile.04.pnp.asn.ftpd.reload.rar
2009/06/12  19:41 82e4700bbd4e81643cb9f69dbe887ede   2,428,941 reptile.rar
2009/06/12  19:41 a92d4c607a2a4877b39b9e4a5399525b     234,311 Reptile._small_.DMG.Fixes.0x1FE.rar
2009/06/12  19:41 5a0e13a825e520c785848653e1fca8f4      97,352 rezo.ninjabot.zip
2009/06/12  19:41 53e7e66ffe37fc1d96c56dbec771d9e6     317,064 RFI-SCAN.V2.PRIVATE-1x33x7.rar
2009/06/12  19:42 f0a504aa728922406552dbfddd18df23     851,993 ri0tv5.rar
2009/06/12  19:42 1530ed8db18f47c23e9b94837865c93a     760,056 ri0t].rar
2009/06/12  19:42 c8ec81bb03371c8a176cb6e2589fb8c8     158,637 ri0t_v4.rar
2009/06/12  19:42 5cb7edb4ad178fb63b5d443dbf413798     344,515 ri0t_v5_.rar
2009/06/12  19:42 15de82b050ed3def8c3c7c8c0aa9e7a0      66,789 RNM5-Priv-Pr1muZ.rar
2009/06/12  19:42 bbba5301ca57ea9337720695861a3c62      72,004 rnm5b.rar
2009/06/12  19:42 fb6afedb3ab60fb63f9902fbef710aab     107,604 Rose v1.3 2007 by DreamWoRK.rar
2009/06/12  19:42 2053825af23c7ff10027d4c0d734daa8     200,570 Rose1.1.rar
2009/06/12  19:42 869243cb22e16b96b7ec60fa8f8f5a3c     268,082 Rose_2008.rar
2009/06/12  19:42 f2d9e3b23729e9d46043c77ff962badc     145,470 Rose_v1.3_2007_by_DreamWoRK.rar
2009/06/12  19:42 3bcf15b667707be1bab0d94b5b1a7380     127,851 Ruffbot1.2-MassAsnPrivShit-150705.rar
2009/06/12  19:42 d1744451650673b13465aec4b765f22f     425,351 Ruffbotv2.rar
2009/06/12  19:42 f53ad631bbccf511b883b55d6f1bdf1b     174,378 rx-14-09-06_Netapi_doyley.rar
2009/06/12  19:43 a27f77bf36e62ecb2032f401b6ee3204     324,778 rx-AKMod___msDTC1025- Stripp3d------sc4nn3rz.rar
2009/06/12  19:43 ec2561b44a61d041c398574086785e0c     319,638 rx-asn-2-re-worked v3.rar
2009/06/12  19:43 1e67d41177165910e435287db306a5d1     323,336 rx-asn-2-re-worked_v2.rar
2009/06/12  19:43 901c4b3f29a5cb17759bfab16834e57b     333,391 rx-asn-2-re-worked_v3.rar
2009/06/12  19:45 af68b52c74732143ebc8bbdb787fe02b   1,419,782 RX-GUTTED.rar
2009/06/12  19:45 aae2f25f6a723963c71367aee9423570     197,060 rx-sky2kpnpprivate.rar
2009/06/12  19:46 c13f005a869f4e94442bfb44181c7fbc   4,976,033 RX-STRIP-BOTKILLER-0.5.rar
2009/06/12  19:44 69b427aa15549ecfe51279f7b4469cb7     257,880 rxbot-EcLiPsE cReW 1.1.priv.rar
2009/06/12  19:44 69b427aa15549ecfe51279f7b4469cb7     257,880 rxbot-EcLiPsE-cReW-1.1.priv.rar
2009/06/12  19:44 3e3aa7373a0edbfb2dabeeafa4aa6813     284,100 RxBot-MP.rar
2009/06/12  19:44 576bc25b74b1db3a326a72d106a6a2b7     142,874 RXBOT-RevengE2005pnp.rar
2009/06/12  19:44 51d41661674d19d199f1d00b34565e6a     283,581 rxBot-sxt-harro.rar
2009/06/12  19:45 182b9c39d50551e35acb9dc59e194b67   1,011,736 rxbot-xerion-2.0.rar
2009/06/12  19:43 9a9e3aaf4ffd6de3a56cf71f614676c7     266,640 rxBot0.6.6b-priv-stable-CoKeHeAd.rar
2009/06/12  19:43 fdbc9c8665f8bccd6b521e8091f57f65     302,520 rxbot2006.rar
2009/06/12  19:43 40d47769b8cbb15bf3d7511510af8695     605,643 rxbot7.5.rar
2009/06/12  19:43 90e086817c78266f9009e53085b126c6     231,691 rxbot_0.65.zip
2009/06/12  19:43 a9ba6ca3eb4f040c3c7fca1ace9515a2     217,103 Rxbot_7.6-Modded-Tr0gdor.rar
2009/06/12  19:44 a9ba6ca3eb4f040c3c7fca1ace9515a2     217,103 Rxbot_7.6-Modded-Tr0gdor_2_.rar
2009/06/12  19:43 35481b70cdcc19d97eb63cf7bc8cb8cf     179,516 Rxbot_ak_7.7_fira_pviv8.rar
2009/06/12  19:44 f907e1af2bb422836f3302f4dcf23304     130,797 rxbot_undertow-6-10-05.rar
2009/06/12  19:44 5d88290eca0ad4478d75059f5ddf0c9e     210,216 rxbot_undertow-6-6-05ASN.rar
2009/06/12  19:44 af35f62151da19b2c5d419473bef33c2   2,047,507 rxbot_undertow[PnP]modded.memcpy.0.2.rar
2009/06/12  19:44 bef073118968d7bf99b195474a2c7cee     157,149 rxbot_v0.6.5_pk__lsdigital_spreader.rar
2009/06/12  19:44 3b62b52cae6a2942ecbf34d684c7619c     227,347 rxBot_v0.7.7_Sass.rar
2009/06/12  19:43 2121a41a5b764c4ec0557b42f24b2fc7     289,581 RXB__tM__d-VNC-NETAPI-ASN-2006.rar
2009/06/12  19:42 5aa288d2a1692673803d723ad59706e0      65,533 rx_dev+service+working_lsass+sasser+ftpd.rar
2009/06/12  19:42 9273d451ebdd01b9380efea5ea42948c     474,597 rx_dev_service_working_lsass_sasser_ftpd.rar
2009/06/12  19:43 5e3fd5677376500c00484d16f473bda5     217,685 rX_lsdigital_Mod_priv.rar
2009/06/12  19:43 0e739e4b87c4ff60888d31c4baef1684     258,739 Rx_Temptation.rar
2009/06/12  19:45 d74793f5072ad764f4428f6652fb3801       7,863 s5.rar
2009/06/12  19:49 798b16d4018b74a74555938deb06d619   1,858,529 Sbot-RARSpreader.rar
2009/06/12  19:45 7f480ebe0a8bd58ef49ad6579b1986e9      64,994 SBX.amk.0x00.rar
2009/06/12  19:45 b47655beb2153f8f9d8f906786b6461e     142,660 screens.zip
2009/06/12  19:45 2117589061d5ae386e68ac140b425106      89,489 sd with fake xdcc by Synco.zip
2009/06/12  19:46 5bbcbe76a73c8e7a0392c0e41867f5a3     100,167 sdbot i3s.rar
2009/06/12  19:47 7061b41082cf46b051c0f68a735065de      50,889 sdbot-ntpass-codefix-nils-22.10.03.rar
2009/06/12  19:46 a0bab8e230cc6f2bfa963dfb84416a3a      28,930 SDbot05b-getadm.rar
2009/06/12  19:46 b16e8a33e54e5fdcf721b1653b1afe81      57,481 sdbot05b_skbot__mods_by_sketch.rar
2009/06/12  19:46 99ab1f471ec8ea0ec12a0eff605af2d9     390,300 Sdbot_Hardcore_Mod_By_StOner.zip
2009/06/12  19:46 7e027233923c53a9d33c087e6e698dff      92,181 SDBot_with_NB spreader.rar
2009/06/12  19:47 6a9abbe9db6d919e30f42fc40484c5be      51,312 SDX.amk.0x00.rar
2009/06/12  19:46 06b17aecd7f744a502f0789f88c1e4c3     402,522 sd_bot_all.zip
2009/06/12  19:47 f26b2deb2d9fc65ad74554737df53d36   3,022,716 shadowbot-m3.rar
2009/06/12  19:47 dc626ec6e103da5aa5e34c9209b93096     116,185 shadowbot.rar
2009/06/12  19:47 227204fd6958067d53765b5145641904      86,441 shadowbotv3.rar
2009/06/12  19:47 1d5a6cd11731d12dbf980f00924c3e5d     521,820 shellbotFTP.rar
2009/06/12  19:47 02c1edcbc84d3e1a173a377955c43bd6     677,164 sHk-Bot.svchost-ns-dev.NOT-FOR-RELEASE.rar
2009/06/12  19:47 d3ecb7e97103009399f03519160e1168     204,781 SkuZ-BoT-V.1-2006-.rar
2009/06/12  19:47 25f9f0c5e37a4579fcd213b330cfb692     289,319 SkuZ-Netapi-VNC-IM.rar
2009/06/12  19:47 8586b8374c955d84ac360507eb169ce5      15,518 Sky Bot_incomplete.rar
2009/06/12  19:47 6c3e198b78774f4ce202b849e1acea38      46,185 Skype_Spread(PoC).7z
2009/06/12  19:47 7062e27b7b355f396f41134f5c297587       9,806 Small.rar
2009/06/12  19:47 e5f228844bfeeddf2a2c2c6452a6f1ec      90,650 SpazBot.rar
2009/06/12  19:47 fee0531a4bb6baae558752a149828f07     333,754 SpyBot Leechbot_r1.5a_private.rar
2009/06/12  19:47 eb1e2e57a68f536f7592e985d40d6fdd      35,088 spybot1.2-FULl.rar
2009/06/12  19:47 2163ce34a63d2088dfe4af673f4f0261      95,696 spybot1.4.zip
2009/06/12  19:47 cce221fca66c9b9ed96605c9e4c57ff3      36,470 spybot_1.2c.zip
2009/06/12  19:47 80145a460f300a2a70faf397ed66ba2f      91,107 spybot_1.3m.zip
2009/06/12  19:48 c8fb061171652dbb2d518dca7dbe27e9      89,331 spybot_1.4.zip
2009/06/12  19:48 2b183360db6e212a3a6c2836f53137e2      53,537 STEAMBOT-src-2008.rar
2009/06/12  19:48 8dcdeb211ed5077d5dfd85168992ae5b     385,550 Stripped-RXV8.rar
2009/06/12  19:48 5b11513082401b1231e17a4a7777a0c3      22,071 svBot_.rar
2009/06/12  19:48 e7714da35836571a071e83e90115a572      24,742 svbot_activex.rar
2009/06/12  19:48 e05085b6362f3f9cbb9f281c7db08033     313,360 svmail.rar
2009/06/12  19:48 de29ce28b985c781b64357bfd7c4d5c9     180,780 SYM-VNC-NETAP__304_-ASN.rar
2009/06/12  19:48 12a4ccecca84db4909b477468c478594     291,529 TANKBOT 1.0.rar
2009/06/12  19:48 1f0f78be8fe1596680041495783ea08d      37,318 tgspy_nt.zip
2009/06/12  19:48 ad19cf692eb1dd180b12ad546e5e75c9   1,479,024 TsGh_Bot_v3.rar
2009/06/12  19:48 e3c6ead12b4ed521dd2bcfa127b489cf     250,381 uber-wks-asn-m0dded-Pr1v.rar
2009/06/12  19:48 28ccec60a3da99fcb2f3221167c13586      83,202 Unix bot 2.2.5.rar
2009/06/12  19:48 64409a5e2ca611ccc826947654923335     127,945 uNk + USB.zip
2009/06/12  19:48 bd2138b06d33df22e83ffda0bc210f71     203,100 URX-pnp-asn.rar
2009/06/12  19:48 eb14beaa111df581ff7b4a30e3b9fdfd     176,144 Urx.SYM+ASN.rar
2009/06/12  19:48 620bd3c7138c838140ad0cb9aaa760e9     253,664 Urxbot.pRiV-sKull.MoD-ASN_FTP_WORKING.rar
2009/06/12  19:48 a3d68eeff0dc4ee2c58a090c49464685      25,987 vbbot.zip
2009/06/12  19:48 a8f635399ab05d197237e5c6c452ba1b      49,639 vBot.rar
2009/06/12  19:49 164f47d80a5f4b2b103e633c9e69b32a     701,859 VNCscanner.rar
2009/06/12  19:48 89da2d3dbe384977dce0503c10ba5a39     250,208 VrX-5_Priv8_-Msn-Yahoo-TIM-EXPLS-DDOS-116kb.rar
2009/06/12  19:49 376ed869ca322723fabc967628c5769d   2,307,717 w32-netapi-rfi_whit_vnc_exploit.rar
2009/06/12  19:48 9b756f3da73492d2d8de4a48a49bc4cc      19,857 w32ogw0rm.rar
2009/06/12  19:48 9f4841fe9b342352cd3a25590539e8f3       2,355 WarSkype.rar
2009/06/12  19:48 b18e973b610e1838932e88bd53a7891d       8,404 wbot 0.2.rar
2009/06/12  19:48 b91d2846e9fb0d5a2ff50b942fdf48cf       7,426 Win32.Anthrax.rar
2009/06/12  19:49 31ee869f37d73652213352f4631af52e      11,143 Win32.Divinorum.rar
2009/06/12  19:49 1f951ab7c0fb0c5b85e069b1be4bb262       6,439 Win32.Fga.rar
2009/06/12  19:49 5fb72a96da34703e3acc1ee513f36552       8,487 Win32.FridaySectoriate.rar
2009/06/12  19:49 b3ff0098ce3eb257e0af4441541ecac4       7,781 Win32.Harulf.rar
2009/06/12  19:49 459b78d94185943b9ffb2cf108559d6a      42,327 Win32.Mimail.rar
2009/06/12  19:49 e5d1585c450930ca2400b73a915b3fda       3,421 Win32.MiniPig.rar
2009/06/12  19:49 8ff7fc0dc36db3e06be09f3ca560a838      12,875 Win32.Relock.rar
2009/06/12  19:49 8abeded32cc32bb29df9dda9c52ec398       3,172 Win32.Whore.rar
2009/06/12  19:49 502c68a0e3b0a25556a1b3c7dfc798cf      54,804 wisdom.zip
2009/06/12  19:49 a6a25a6801eeb505592dbcdd22701318   2,856,262 wisdom3.rar
2009/06/12  19:49 403b57447d83c96fb4bc17856cec80b2      56,133 wisdom_phr0st_modd.zip
2009/06/12  19:49 bcf4d44ec3550604560b179b481d47dd     151,716 Wiseg3ck0-AIM-DDOS-.rar
2009/06/12  19:50 f536b52db492b1fdb8e63835ccadc19a   1,337,728 woodworm2.rar
2009/06/12  19:49 a2c135f08c7d3dd9a10207c0b8afb9ba     233,121 X0R-USB-By-Virus.rar
2009/06/12  19:49 df8d52c0d08e277cc43c472dca2ed8cb      42,667 xerion2.5.rar
2009/06/12  19:49 7489acc9b17505f0074f103edb49e6ac       7,498 XfireSpread.rar
2009/06/12  19:49 4aa1b4f3f83e470d14b38d05d426fdb0      53,167 xTBot.0.0.2-priv.rar
2009/06/12  19:50 9cffdfa96d91e497b1d0f14fb055cdd5     473,901 ya.bot.rar
2009/06/12  19:50 866681ae3248b68aea0f1e1598386b5c   1,126,175 Zeus 1.1.0.0.rar
2009/06/12  19:50 75efc4a3c87ba1e7f8b743de36718132     358,075 zunker.rar
------------------------------------------------------------------------------------------------------------------
Your incomplete/un-clear request for sample will be answered as follows, please state your identity well:

[Additional Tue Jun 4 00:40:22 JST 2013] Our other member found the similar source codes shared openly via HTTP in the below site hosted in Sweden after the finding of the torrent source described above, suspected as the same owner or the individual who grabbed the same torrent source we found before deletion. Noted: the torrent we found was up & alive for a while before we found it. There is no need for us to hide these information, so we expose it too as per below, for the evidence and further legal investigation purpose:

database,th3-0utl4ws,com/index.php
contact: facebook.com/0uTl4wS
Date: Mon, 03 Jun 2013 15:36:49 GMT
Server: Apache/2.2.23 (CentOS)
X-Powered-By: PHP/5.2.17
With the domains details:
Domain Name: TH3-0UTL4WS.COM
   Registrar: INTERNET.BS CORP.
   Whois Server: whois.internet.bs
   Referral URL: http://www.internet.bs
   Name Server: NS1.TH3-0UTL4WS.COM
   Name Server: NS2.TH3-0UTL4WS.COM
   Status: clientTransferProhibited
   Updated Date: 02-may-2013
   Creation Date: 03-may-2009
   Expiration Date: 03-may-2014

Registrant:
    Fundacion Private Whois
    Domain Administrator
    Email:ialif564f82375a6bc36@t02cduv4f7f99a255f64.privatewhois.net
    Attn: th3-0utl4ws.com
    Aptds. 0850-00056
    Zona 15 Panama
    Panama
    Tel: +507.65995877
After the torrent data we found the similar share of these evil codes on several blackhat sites was popping up here and there too with the changes in archives (with passworded) and some additional malicious changes (mostly backdoored) in some source codes, which was one main reason we should start to right share fir these information properly to the AV companies, authority and trusted researchers. We checked the source before sharing, the originality can be confirmed by the hash listed above.

#MalwareMustDie, NPO.

2 comments:

  1. a good guy must hide until he prepare to overcome bad guy..
    so, it is just a theory.. i believe...
    thank 4 ur post....

    ReplyDelete
    Replies
    1. There are so many annoying messages came to us, which stated that the codes were also sighted in here and there at bad/underground/hacker forums and sites, which came up some codes was changed/stripped, and some forums url stated is trapping user which visited with the many browser's info, and one more link was forwarded to exploit kit's url.

      To those who flood us with those kind of message, I explain this once and explain it clear:
      We share what we found and professionally checked as a valid materials for understanding bad codes to mitigate the threat, and we intend to share to security entities.

      Good guys are contacting us NOT because only they need reliable sources, but they need the safe & reliable materials. and that's what we are going to share them.
      Not those UNTRUSTED junks on the webs as per you said.

      If you have information of other sites sharing the codes, keep it for yourself. We or our fellow researchers are FAR from interested.

      Seriously. I am trying be patient for those message, but today I saw you tried to poison our readers by posting exploit kit url, from now on I will track EVERY lamer poster down like the malware-dog & scums that we fight daily. And believe me we are very good at it.
      You can expect it then!

      Delete