4 Differents Citadel kits targetting Netherlands, here is one of them:
8 397 976 reports, 48 033 bots.. not bad.
Login:
Summary:
Setup:
Cron:
OS:
Installed Software:
2/5:
3/5:
4/5:
5/5:
Firewall:
2/3:
3/3:
Antivirus:
2/5:
3/5:
4/5:
5/5:
Bots:
Full infs:
Script:
VNC:
Context menu:
VNC Infs:
VNC Config:
Account parser:
URL rules:
Search in database:
Search in files:
Botnets name:
CMD Parser:
View videos:
Jabber notifier:
Information:
Options:
User:
Users:
Edit user:
Note:
Crypt EXE:
The second panel (hosted on the same server) is bigger
With 64 596 Bots and 17 887 287 reports, This one have the interface in Russian.
Malware execute task:
I says server with quote because it's very probable that these IP are just used as proxies.
If police takes that server, they won't have datas, only nginx/apache logs and probably server is not saving these logs, imho the backend server is elsewhere.
And surprise... yeah you guess it it's another Citadel:
And... yes it's a 4nd Citadel hosted on the same shit !
So for the moment: 113k Bots and 26351k reports in one ip... someone have better ?
Also for those who sent me their Citadel builders and who ask for cracks, let's make things clear:
The builder takes some information about your machine (some specifics params) and use these params to make a hash, this hash is used to decode the bot template inside the binary of builder.
So i need a valid hash from a costumer, because every builder has the bot template encrypted with different hash value.
it's impossible (for me) to crack it without having a good hash key.
What tool you use to brute force web panel ?
ReplyDeletebuilder dont work
ReplyDelete