tag:blogger.com,1999:blog-76803463837031914092024-03-19T12:20:20.428+00:00Tracking Cybercrime"A sneak peek view in to the world of Cybercriminals".
Tracking Malware, Exploit Kits, Spam, Affiliates, Carding and EspionageUnknownnoreply@blogger.comBlogger76125tag:blogger.com,1999:blog-7680346383703191409.post-42711718596589586202016-01-17T10:13:00.001+00:002016-01-17T10:14:29.713+00:00Rescator Jan 2016 update<div dir="ltr" style="text-align: left;" trbidi="on">
<b>As on January 2016</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4maBAO8-w3fvA68WdVeLnvR6hbyxwpx-F8SGnne3twvf0MBuqhvBFyz9MrpM4QB4I11tUx_1PZ5k9ODEmmSQ6gZ5hVa_RBHnTfSbUOo3jlWZs9wrr3bH8FgaVrBXegdSAjXXGkKzuI6k/s1600/resc1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4maBAO8-w3fvA68WdVeLnvR6hbyxwpx-F8SGnne3twvf0MBuqhvBFyz9MrpM4QB4I11tUx_1PZ5k9ODEmmSQ6gZ5hVa_RBHnTfSbUOo3jlWZs9wrr3bH8FgaVrBXegdSAjXXGkKzuI6k/s640/resc1.png" width="299" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEila67DQxUxS7ZEsOvE1F1GxPMnY-Tx9LQ2xAO3I3TtVoTJ8UEVTZ8a41U0v3EQvk7Ytu2Z3p7FGFpobG59AicgzI4xaVTmKg3oTqUugjXI8aLL8j3tkm4SkCsYmzH8_kMI4DfFXhCIVm0/s1600/resc2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEila67DQxUxS7ZEsOvE1F1GxPMnY-Tx9LQ2xAO3I3TtVoTJ8UEVTZ8a41U0v3EQvk7Ytu2Z3p7FGFpobG59AicgzI4xaVTmKg3oTqUugjXI8aLL8j3tkm4SkCsYmzH8_kMI4DfFXhCIVm0/s640/resc2.png" width="364" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMe4-OIA8CcR5Uov3cli1uQgV0QV7ybAaQCJ_ZE3mhpxrVuVCgTLoWLuOiKZOhN9AKa8qUz1paQxGU7fCYokjPpZz3f-LmCx1hil13Csll1i7onj_KDdVc8-WiV0km4o4aB8AyRKSu5Fk/s1600/resc3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMe4-OIA8CcR5Uov3cli1uQgV0QV7ybAaQCJ_ZE3mhpxrVuVCgTLoWLuOiKZOhN9AKa8qUz1paQxGU7fCYokjPpZz3f-LmCx1hil13Csll1i7onj_KDdVc8-WiV0km4o4aB8AyRKSu5Fk/s640/resc3.png" width="452" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOl3nkUGHmMzRvfV93Xy6LAumGA9wiivwfrqkLzpdYalcHI8BSCHj8jwVV_0YkH0wfj83W3215NXypB4ZRbKF3HNSb6KxTR4ma65ls72gyisjABzVOBOMiW9MxAJgOF_TMzwBsMp2Y-g0/s1600/resc4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="630" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOl3nkUGHmMzRvfV93Xy6LAumGA9wiivwfrqkLzpdYalcHI8BSCHj8jwVV_0YkH0wfj83W3215NXypB4ZRbKF3HNSb6KxTR4ma65ls72gyisjABzVOBOMiW9MxAJgOF_TMzwBsMp2Y-g0/s640/resc4.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEuDk3K6Y2GRb-Cge5QikozYzAEiTvjldRIb8jWGBBVHONTvAVcS9r8jgL8MeA_0veX1axUtNhOPL86JQVQapbea9EyPv6bAXy_ysqwFp0BxOTnswv8QKdqiPrSfz51Z7rVnr_EUc0gh4/s1600/resc5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="230" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEuDk3K6Y2GRb-Cge5QikozYzAEiTvjldRIb8jWGBBVHONTvAVcS9r8jgL8MeA_0veX1axUtNhOPL86JQVQapbea9EyPv6bAXy_ysqwFp0BxOTnswv8QKdqiPrSfz51Z7rVnr_EUc0gh4/s640/resc5.png" width="640" /></a></div>
<br />
<br />
<br /></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-600231922638969842015-07-07T18:42:00.002+01:002015-07-07T19:01:38.010+01:00Rescator June 2015 update<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMLFcP8zQzePgrN1wnwh75VwnlY6f0-StLN7hTrDUKr0KYCdoK3Rp7K0Nh6q87GtLk9kD-paOntxdWe3B4Nwzpd2yP2_D8mqY0ZdJ8xwsWgqLxDHTlLCN7DEkYKhEuiXZSxO3CTPxGmsc/s1600/rescjuly1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMLFcP8zQzePgrN1wnwh75VwnlY6f0-StLN7hTrDUKr0KYCdoK3Rp7K0Nh6q87GtLk9kD-paOntxdWe3B4Nwzpd2yP2_D8mqY0ZdJ8xwsWgqLxDHTlLCN7DEkYKhEuiXZSxO3CTPxGmsc/s640/rescjuly1.png" width="322" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnLugoxjo8quDtx8uc-dy_lGui5MRwS8l8hU-lz8mIY5aqlW8ijE3Bi5bjIoEOmvAOYnlqNXqLJ5p5ToAWiv-T-hoqLeKDSH8PQu-Hk_RNPTMrDW4lk9H57AfE5YU_SMZT0Qg5g_p4vKY/s1600/rescjune152.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnLugoxjo8quDtx8uc-dy_lGui5MRwS8l8hU-lz8mIY5aqlW8ijE3Bi5bjIoEOmvAOYnlqNXqLJ5p5ToAWiv-T-hoqLeKDSH8PQu-Hk_RNPTMrDW4lk9H57AfE5YU_SMZT0Qg5g_p4vKY/s640/rescjune152.png" width="456" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje8BZS-tMnL9rGtncto-zxstMyJIdprtFN7Xz_dGhCiTD3Oinumz9l0U9roILX5VfLfggxmzSErQDb9NNZ-VwZ6ueuFMVCI6IQnJuqekNNjMoTI5uscDeLl8PoVpBIhvf17f65Zoz-MZI/s1600/rescjune15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEje8BZS-tMnL9rGtncto-zxstMyJIdprtFN7Xz_dGhCiTD3Oinumz9l0U9roILX5VfLfggxmzSErQDb9NNZ-VwZ6ueuFMVCI6IQnJuqekNNjMoTI5uscDeLl8PoVpBIhvf17f65Zoz-MZI/s640/rescjune15.png" width="462" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAtLy5eWp7jc4sAWs7EZMQ9mcASXSzRC9Nse4nYzNmGirR8S1Uje2ozrsKcAhgF2NQ9SPC8Gq2ZF_F6aQoJffwHY8AdOjm_IIgmE3I0np5at44VIqFiNz6xHmGpjuS031aT7bInTJUyEQ/s1600/rescatorbulk.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAtLy5eWp7jc4sAWs7EZMQ9mcASXSzRC9Nse4nYzNmGirR8S1Uje2ozrsKcAhgF2NQ9SPC8Gq2ZF_F6aQoJffwHY8AdOjm_IIgmE3I0np5at44VIqFiNz6xHmGpjuS031aT7bInTJUyEQ/s640/rescatorbulk.png" width="546" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-75970334088757900442014-09-26T23:23:00.002+01:002015-07-07T18:55:55.527+01:00Rescator Sept update<b>September updates at Rescator Shop</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNl8GgcxoZ0BXINcJagP6bS7BrWztIX-kCFELTFAqhFPBGnaKm8v8bZ_k0Z6DTEtVytMndyaCzNE2zR8IGe25OOqaAWSezfOwMShIRoHnWAogCb6cNlHZl7DZrAEoLuTKFBuQno1S0_Bk/s1600/1411769747789screencapture.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNl8GgcxoZ0BXINcJagP6bS7BrWztIX-kCFELTFAqhFPBGnaKm8v8bZ_k0Z6DTEtVytMndyaCzNE2zR8IGe25OOqaAWSezfOwMShIRoHnWAogCb6cNlHZl7DZrAEoLuTKFBuQno1S0_Bk/s1600/1411769747789screencapture.png" width="468" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCkQcYdmY7m7NupWaelEvQn0FChZK-n2a3jjPl7DmM-ylWx0zo_2fneYTJeAZmRqLOJOfgf7Hzmm88GqW7D1um6UplzvG4f5zMb6vAahX90NsXxOdMPVNtP4TjwkbwB4adjdDUVX6D5Y4/s1600/1411769826163screencapture.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCkQcYdmY7m7NupWaelEvQn0FChZK-n2a3jjPl7DmM-ylWx0zo_2fneYTJeAZmRqLOJOfgf7Hzmm88GqW7D1um6UplzvG4f5zMb6vAahX90NsXxOdMPVNtP4TjwkbwB4adjdDUVX6D5Y4/s1600/1411769826163screencapture.png" width="289" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-56155215811187730162014-03-03T12:13:00.000+00:002015-07-07T18:56:02.903+01:00Rescator<b>Recent updates at Rescator Track2 Shop</b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2WRQvc4twgjmgx6gEsAOgft7mznceYnJus3YXTLpA6scyaZIN8LIgwf0AWVP7tPjO03OO2ODNd7BR3axJ3qxQHEisIeaJ_Vb5j6aTe4csQAK9H4sWJ0sofXO7Cyg3KJvDKfeaCHFoT4Y/s1600/resc1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="433" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2WRQvc4twgjmgx6gEsAOgft7mznceYnJus3YXTLpA6scyaZIN8LIgwf0AWVP7tPjO03OO2ODNd7BR3axJ3qxQHEisIeaJ_Vb5j6aTe4csQAK9H4sWJ0sofXO7Cyg3KJvDKfeaCHFoT4Y/s1600/resc1.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkh3Z_9puhYnMwk1G8AKVRxxPhBcT0sIIsRjar0U-JpaF08XfAAH-dvHQaDdsasX38ViT54Zr6y9en2B9ERklMP-_IqQF8XPiJEXE3z8ZTYqN-tw_BtDZFjMhrXvzBGYRgIxACwLPjkPw/s1600/resc2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="385" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkh3Z_9puhYnMwk1G8AKVRxxPhBcT0sIIsRjar0U-JpaF08XfAAH-dvHQaDdsasX38ViT54Zr6y9en2B9ERklMP-_IqQF8XPiJEXE3z8ZTYqN-tw_BtDZFjMhrXvzBGYRgIxACwLPjkPw/s1600/resc2.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3voaPKI5n2LwbThZFBrEXELhaJknwaEYMujxcBXrDq5IsADfHtL9prcJ9UF9FHnq6lUOk19UTP4EUm1uOU1ubWOJEzYIob9s1zjVrrY9kuiGqnINVBoTvEjVs6xw5HaRoL5c4XgyGNzs/s1600/resc3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="352" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3voaPKI5n2LwbThZFBrEXELhaJknwaEYMujxcBXrDq5IsADfHtL9prcJ9UF9FHnq6lUOk19UTP4EUm1uOU1ubWOJEzYIob9s1zjVrrY9kuiGqnINVBoTvEjVs6xw5HaRoL5c4XgyGNzs/s1600/resc3.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOswb2C12zLVuWw5X-bXDHHhtDDB2NsyfPS7Kg82rY5AgpxTMOluuk4Hw4YlO05VywifLPIGCEOjPPnYtkCcHrn6YKF0Zx5t6jReuQihLJQWKKuyTf7DLMLQPdjPFpvU4T_1eApIFx3s/s1600/resc4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="403" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuOswb2C12zLVuWw5X-bXDHHhtDDB2NsyfPS7Kg82rY5AgpxTMOluuk4Hw4YlO05VywifLPIGCEOjPPnYtkCcHrn6YKF0Zx5t6jReuQihLJQWKKuyTf7DLMLQPdjPFpvU4T_1eApIFx3s/s1600/resc4.png" width="640" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-19930260966964589422014-02-05T19:59:00.000+00:002014-02-05T19:59:05.621+00:00Storm - DDOS Bot<br />
<b>Screens</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijEbGt7EILKqf7Fvu4Y8Fw2UJNyhGuJ7OllRQ5hdUstg4iYc1PZj9GAeIyyIKqNbvxGxcP-XRtqF2BXM5JXmUjBw1EO9lJR9Yf22q_uwkaUWpTmMEVkcPixnX2MwjADG1KuDSHaLIxyUY/s1600/storm1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijEbGt7EILKqf7Fvu4Y8Fw2UJNyhGuJ7OllRQ5hdUstg4iYc1PZj9GAeIyyIKqNbvxGxcP-XRtqF2BXM5JXmUjBw1EO9lJR9Yf22q_uwkaUWpTmMEVkcPixnX2MwjADG1KuDSHaLIxyUY/s1600/storm1.png" height="342" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7DH_DwukkLJRrUd5QCbYKbtT_X4xW738VRW4gJapA1JJM8GurW763ya0e0NeQTzcMh1NWyOf3rnkFLR4IrCLy3H6Eif5KRJPDpmxEWj9qftFxxevSOQOeSck2LhYao_c7bQqew3Z3NnQ/s1600/storm2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7DH_DwukkLJRrUd5QCbYKbtT_X4xW738VRW4gJapA1JJM8GurW763ya0e0NeQTzcMh1NWyOf3rnkFLR4IrCLy3H6Eif5KRJPDpmxEWj9qftFxxevSOQOeSck2LhYao_c7bQqew3Z3NnQ/s1600/storm2.png" height="228" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnWJdvp2Ch1-ZXepHKMELTB-IoqomVKvCFqQyxO7uiwjBVFhX_P8rrrzIsNnlqv8FXnubBXpuHtDwedLzfASNrNEMlbZTX87IyVFRbkUPQyvngpzZi90l8hUJH6BNP5-iUqCdReMQZtoI/s1600/storm3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnWJdvp2Ch1-ZXepHKMELTB-IoqomVKvCFqQyxO7uiwjBVFhX_P8rrrzIsNnlqv8FXnubBXpuHtDwedLzfASNrNEMlbZTX87IyVFRbkUPQyvngpzZi90l8hUJH6BNP5-iUqCdReMQZtoI/s1600/storm3.png" height="292" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwOpmi52Q659a8XJnJOTe-axSRvBT40vAGdBj8Sui6Ua6XlaxXjvX8lFJyTx0GjQCVoXA4GUr90kEpUrRMQ2JAf5WkzROAMMUwcrK-pGrqrjWdZC_C1AohyphenhyphenTChrynZ_RfZzWvJL_V6IKs/s1600/storm4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwOpmi52Q659a8XJnJOTe-axSRvBT40vAGdBj8Sui6Ua6XlaxXjvX8lFJyTx0GjQCVoXA4GUr90kEpUrRMQ2JAf5WkzROAMMUwcrK-pGrqrjWdZC_C1AohyphenhyphenTChrynZ_RfZzWvJL_V6IKs/s1600/storm4.png" height="280" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLIVwUbTw88DvSO5Rk-FeKbbylbilaU92dDadcss71eO0l55SJtnaRw1HZNxNjCDbpt3B1uec-1H52QCxx6oP5eDXC80AwRnJM95OYy9dtTyZD64sXql_S8sZ2kbSte2jHtfR7pi23Kfw/s1600/storm5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLIVwUbTw88DvSO5Rk-FeKbbylbilaU92dDadcss71eO0l55SJtnaRw1HZNxNjCDbpt3B1uec-1H52QCxx6oP5eDXC80AwRnJM95OYy9dtTyZD64sXql_S8sZ2kbSte2jHtfR7pi23Kfw/s1600/storm5.png" height="271" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGSZ3rv69O_ma00Rpw6XMiCt0pKuhGk2jPOMFCr4z7m9RbN4wKbKLVJq0k8VCvzyPr8I5Tey3xG2vLWaewegFGEIvO7GbI8OWvg0zaBv3pt-cK6JTZZZcZsz10w4EGr49b4ljKNfMnaV8/s1600/storm6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGSZ3rv69O_ma00Rpw6XMiCt0pKuhGk2jPOMFCr4z7m9RbN4wKbKLVJq0k8VCvzyPr8I5Tey3xG2vLWaewegFGEIvO7GbI8OWvg0zaBv3pt-cK6JTZZZcZsz10w4EGr49b4ljKNfMnaV8/s1600/storm6.png" height="200" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnLr0vPmYrBf2tqmFEN63itAd1glUTchjU9TpjP5bniTcrSAPGHz1QJGG8fyrLcQ2mb_-yuJfOdpgK7QhCiMGCvJ0Xuq7ZX72kI_CSVIg8Gz1l2GKcIP5VYBlRk59bqtUEjfMv-OWTGuw/s1600/storm7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnLr0vPmYrBf2tqmFEN63itAd1glUTchjU9TpjP5bniTcrSAPGHz1QJGG8fyrLcQ2mb_-yuJfOdpgK7QhCiMGCvJ0Xuq7ZX72kI_CSVIg8Gz1l2GKcIP5VYBlRk59bqtUEjfMv-OWTGuw/s1600/storm7.png" height="155" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSt7r2p_bUO2jTkHGLmBYi_-zSlMHKAvdUsPvqQJBYfw_lb-STFHdvSNxMWtweNRQJ6cv_k6LOsF6tlplSHiwMQf6vGE8vTq_L_dRzC-1Wpk_x1pkAwNm_s8-kXbBRFIl-8jw4NfSmfqw/s1600/storm8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSt7r2p_bUO2jTkHGLmBYi_-zSlMHKAvdUsPvqQJBYfw_lb-STFHdvSNxMWtweNRQJ6cv_k6LOsF6tlplSHiwMQf6vGE8vTq_L_dRzC-1Wpk_x1pkAwNm_s8-kXbBRFIl-8jw4NfSmfqw/s1600/storm8.png" height="285" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVaDF1eCQ8DMRjimx5ikrGhWA87U9HL7Ua1prIpxaRuin2hXbN_tViBOy8hZ7jF9rrb_CzS3vV4Jldm6nbyiimdf3YZqzLUxQGkWTAlCicl0lse0KO6YGW5fPntaegPuDVpq1Mlhz2LkI/s1600/storm9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVaDF1eCQ8DMRjimx5ikrGhWA87U9HL7Ua1prIpxaRuin2hXbN_tViBOy8hZ7jF9rrb_CzS3vV4Jldm6nbyiimdf3YZqzLUxQGkWTAlCicl0lse0KO6YGW5fPntaegPuDVpq1Mlhz2LkI/s1600/storm9.png" height="161" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyi9mGyhe3lLA9iEDHEbowcKczaS3GhNWVzRCtZAHsy6w97a51TF4IhlRsSFzq3xAFvfZgUVNJ4GRvxMCfsH_ASyJ2UFVaACW4yp3ugupQGM7gvmDbew2rCBJ_fxp5vc-WCNndxonJ2Bs/s1600/storm10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyi9mGyhe3lLA9iEDHEbowcKczaS3GhNWVzRCtZAHsy6w97a51TF4IhlRsSFzq3xAFvfZgUVNJ4GRvxMCfsH_ASyJ2UFVaACW4yp3ugupQGM7gvmDbew2rCBJ_fxp5vc-WCNndxonJ2Bs/s1600/storm10.png" height="275" width="400" /></a></div>
<br />
<br />
<br />
<b>Videos</b><br />
<br />
<a href="https://mega.co.nz/#!5VtWwIiZ!MJYTS0nS4GbFRzfaVfnfKWbkp_E8_w68rcuT3i9_Qp0">https://mega.co.nz/#!5VtWwIiZ!MJYTS0nS4GbFRzfaVfnfKWbkp_E8_w68rcuT3i9_Qp0</a><br />
<br />
<a href="https://mega.co.nz/#!gZ1yiLYC!MHK-nTtBlIweJu8Pv8yc8HXOhXEfbRGWcVW8eIh3ERE">https://mega.co.nz/#!gZ1yiLYC!MHK-nTtBlIweJu8Pv8yc8HXOhXEfbRGWcVW8eIh3ERE</a><br />
<br />
<br />
<b>Features</b><br />
<br />
====Storm.Bot серверная часть====<br />Утилита предназначена ИСКЛЮЧИТЕЛЬНО для стресс-тестирования своих собственных сетей. За использования в незаконных целях автор ответсвенности не несет.<br />- Все модули бота находятся в одном бинарнике.<br />- Написан на чистом Си.<br />- Обфусцирован и упакован собственным алгоритмом.<br />- После запуска бота моментально самоудаляется.<br />- Хоть это и не windows-бот, все же бот пытается лишний раз не палить себя в системе, прячется под системный процесс, скрываются параметры запуска.<br />- При каждом запуске очищаются все возможные логи сервера начиная от .bash_history, заканчивая системными. Даже если сервер попадет не в те руки, никто ничего на нем не найдет.<br />- C&C(админ-панель) автоматически заливает бота при каждой атаке.<br />- Малый размер - менее 30кб.<br />- Работает на любой системе *nix(x86,x64).<br />- Защита по hwid при запуске бота, запускается только со специальным ключом, уникальным для каждого сервера.<br />- Общение между ботом и C&C зашифровано.<br /><br />----------------------<br />*Модуль UDP DNS<br />----------------------<br />-Атака DNS-амлификацией.<br />-Файл с опен-резолверами подгружается в память целиком.<br />-Атака по рандомным портам.<br />-Атака по подсети любого размера.<br />-Возможна атака по любому диапазону(пример 1.1.1.1-1.1.23.2).<br />-Выжимает максимальную мощность из дедика при низкой загрузке процессора.<br />-Возможна одновременная амплификация с разных доменов.<br />-Выбор DNS Query type для атаки(A/TXT/ANY).<br />-Выбор определенных стран(реализовано на стороне C&C).<br />-Многопоточность.<br /><br />----------------------<br />*Модуль SYN(Syn-Random, Syn-IP-list, Syn-Country, Syn Amplification(Он же SYN Reflection)<br />----------------------<br />-Атака "perfect" spoofed-syn-флудом, пробивающим очень многие анти-ддос защиты.<br />-Syn-пакет !полностью! идентичен пакету Windows 7/8.<br />-Атака по рандомным портам.<br />-Выжимает максимальную мощность из дедика при низкой загрузке процессора.<br />-Автоматическое определение страны атакующего сервера и атака только с ип-адресов той страны где непосредственно находится сервер(Syn-Country флуд).<br />Данный тип флуда помогает избежать потерь PPS на магистральных провайдерах и на умных маршрутизаторах некоторых датацентров.<br />-Атака с подменой ип адресов по вашему собственному списку. Сделано для того чтобы все эти ип адреса с большой вероятностью забанились на антиддос провайдере.<br />-Атака SYN(TCP)-Амплификацией. Возможно поднять мощность PPS в 5 раз(но при этом потеряется немного легальность пакетов, ибо приходить будут SYN-ACK\RST).<br />-Выбор определенных стран для SYN амплификации(реализовано на стороне C&C).<br />-Возможность выбора к атакам Syn-Random, Syn-IP-list, Syn-Country параметр ACK.<br />После каждого SYN будем слать полулегальный ACK. Полулегальный потому что невозможно угадать Seq-number, возможно угадать только Win-окно.<br />Если комбинировать различные типы атак - то сносит напрочь мозги всяким цискам и джуниперам.<br />-Многопоточность.<br /><br />----------------------<br />*Модуль ABUSE<br />----------------------<br />-Атака "Abuse" SYN/ACK флудом по 22/21 портам, с подменой ип адреса жертвы.<br />Суть заключается в том что мы загружаем большие подсети разных датацентров, и флудим их на 22 и 21 порт, подставляя в обратный ип - адрес жертвы.<br />И на этот адрес сыпется куча абуз за SCAN/Bruteforce/DDOS 22(ssh) и 21(ftp) портов других датацентров. Большое поле для экспериментов, например залить подсеть US Army или UK Ministry of Defense.<br />
<br />----------------------<br />*Модуль DNS Scaner<br />----------------------<br />-Состоит из двух потоков которые запускаются параллельно, один из них биндится на задданный порт, второй рассылает днс-запросы к потенциальным опен_резолверам.<br />-Принимает в виде листов как и список ип адресов, так и список подсетей вида 1.1.1.1/24<br />-В качестве аргумента принимает домен для DNS-запроса и тип query запроса.<br />-Возможность установить нижний минимальный лимит ответа от DNS опен_резолвера в виде аргумента(например не сохранять опен_резолверы, которые отвечают менее 512 байт)<br />-Искуственная умная задержка при разных типах сканирования (чтобы не упираться в лимит канала сервера) и всегда собирать ответы от опен_резолверов.<br /><br />----------------------<br />*Модуль SYN Scaner<br />----------------------<br />-Состоит из двух потоков которые запускаются параллельно, один из них биндится на заданный порт, второй рассылает SYN-запросы на 80 порт.<br />-Принимает в виде листов как и список ип адресов, так и список подсетей вида 1.1.1.1/24<br />-Возможность установить нижний минимальный количества ответов от серверов(например не сохранять сервера, которые ответили SYN+ACK менее чем два раза)<br />-Искусственная умная задержка при разных типах сканирования (чтобы не упираться в лимит канала сервера) и всегда собирать ответы от серверов.<br />----------------------<br /><br />Все управление ботом осуществляется через Веб-админку, админка полностью многопоточная, веб2.0, аякс, jquery, все статусы серверов обновляются на аяксе. Все это и прочие штуки работают интуитивно понятно.<br />
<br />
Полный комплект всего этого добра стоит 2500 USD. <br />Оплата в webmoney, либо bitcoin.<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-18234025878162304772013-11-06T17:37:00.006+00:002013-11-06T17:39:37.641+00:00Card Shop Advertisement<br />
<b>Stolen Card Shops Advertisement on a Underground forum.</b><br />
<br />
<br />
<br />
<!-- This version of the embed code is no longer supported. Learn more: https://vimeo.com/help/faq/embedding --> <object height="212" width="500"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=74414157&force_embed=1&server=vimeo.com&show_title=1&show_byline=1&show_portrait=1&color=ff9933&fullscreen=1&autoplay=0&loop=0" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=74414157&force_embed=1&server=vimeo.com&show_title=1&show_byline=1&show_portrait=1&color=ff9933&fullscreen=1&autoplay=0&loop=0" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="500" height="212"></embed></object>
<br />
<br />
<br />
<br />
<br />
<object height="213" width="500"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=74416210&force_embed=1&server=vimeo.com&show_title=1&show_byline=1&show_portrait=1&color=ff9933&fullscreen=1&autoplay=0&loop=0" /><embed src="http://vimeo.com/moogaloop.swf?clip_id=74416210&force_embed=1&server=vimeo.com&show_title=1&show_byline=1&show_portrait=1&color=ff9933&fullscreen=1&autoplay=0&loop=0" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="500" height="213"></embed></object> <br />
<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-55679642623884388272013-09-11T14:15:00.000+01:002013-09-11T14:15:28.707+01:00Chinese Threat Actor Part 7According to the HTRAN report published by Dell, gxdet.com is one the command control domains used by threat actor.<br />
<b><br /></b>
<a href="http://www.secureworks.com/cyber-threat-intelligence/threats/htran/">http://www.secureworks.com/cyber-threat-intelligence/threats/htran/</a><b><br /></b><br />
<b><br /></b>
<b>conn.gxdet.com</b> - 112.64.213.249:443<br />
<b><br /></b>
<b>ddbb.gxdet.com - </b>112.64.213.249:443<b><br /></b><br />
<b><br /></b>
Other subdomains associated with the domain gxdet.com<br />
<br />
*.gxdet.com<br />
bbs.gxdet.com<br />
conn.gxdet.com<br />
db.gxdet.com<br />
ddbb.gxdet.com<br />
home.gxdet.com<br />
info.gxdet.com<br />
mail.gxdet.com<br />
mailsrv.gxdet.com<br />
news.gxdet.com<br />
soft.gxdet.com<br />
sports.gxdet.com<br />
tcp.gxdet.com<br />
tech.gxdet.com<br />
webmail.gxdet.com<br />
www.gxdet.com<br />
<br />
<b>WHOIS</b> <br />
<br />
<br />
Domain: gxdet.com - Whois History<br />
<span style="color: red;"><b>Cache Date: 2010-02-11</b></span><br />
Registrar: ENOM, INC.<br />
Server: whois.enom.com<br />
<b>Created: 2008-07-14<br />Updated: 2008-07-18<br />Expires: 2010-07-14</b><br />
Reverse Whois: Click on an email address we found in this whois record<br />
to see which other domains the registrant is associated with:<br />
xixipai@hotmail.com <b>20051xue@sina.com</b><br />
<br />
Registration Service Provided By: Chinese DQ Network Tech Corp.<br />
Contact: xixipai@hotmail.com<br />
<br />
Domain name: gxdet.com<br />
<br />
Registrant Contact:<br />
Zhang san<br />
Zhang San ()<br />
Fax: <br />
beijing<br />
beijing, Beijing 100000<br />
CN<br />
<br />
Administrative Contact:<br />
Zhang san<br />
Zhang San (20051xue@sina.com)<br />
+86.1033333333<br />
Fax: +86.1044444444<br />
<b>beijing</b><br />
beijing, Beijing 100000<br />
CN<br />
<br />
Technical Contact:<br />
Zhang san<br />
Zhang San (20051xue@sina.com)<br />
+86.1033333333<br />
Fax: +86.1044444444<br />
<b> beijing</b><br />
beijing, Beijing 100000<br />
CN<br />
<br />
Status: Locked<br />
<br />
Name Servers:<br />
<br />
dns1.name-services.com<br />
dns2.name-services.com<br />
dns3.name-services.com<br />
dns4.name-services.com<br />
dns5.name-services.com<br />
<br />
<br />
In the month of March 2010, Threat actor noticed his mistake that he used his personal email for domain registration. He then changed the registrant email to henfinder@gmail.com.<br />
<br />
<b>July 2008 - Feb 2010 Zhang San (20051xue@sina.com) <br /><br />Mar 2010 - July 2010 Tom Hanson (henfinder@gmail.com)</b><br />
<br />
<br />
<b>Actor Attribution</b><br />
<br />
The Sina email "20051xue@sina.com" is the registrant email of Sina community where the registrant posted on a tech forum, Video, Astrology forum and finally a Micro blog where he posted his picture.<br />
<br />
<a href="http://blog.sina.com.cn/u/1145193935" target="_blank">http://blog.sina.com.cn/u/1145193935</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-KxtHm7ibhgc/UTJlLJYFyuI/AAAAAAAAAfY/-e2YgPfP9A8/s1600/xue1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="333" src="http://2.bp.blogspot.com/-KxtHm7ibhgc/UTJlLJYFyuI/AAAAAAAAAfY/-e2YgPfP9A8/s1600/xue1.png" width="400" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/--GhYwB29kcY/UTJnnXI7aQI/AAAAAAAAAgE/8mSTbdq_JmM/s1600/microblog.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="268" src="http://4.bp.blogspot.com/--GhYwB29kcY/UTJnnXI7aQI/AAAAAAAAAgE/8mSTbdq_JmM/s1600/microblog.png" width="400" /></a></div>
<br />
<br />
<br />
<a href="http://club.tech.sina.com.cn/default.php?s=user&a=profile&uid=1145193935" rel="nofollow" target="_blank">http://club.tech.sina.com.cn/default.php?s=user&a=profile&uid=1145193935</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-xv8eL2o2V-I/UTJnAxfYv9I/AAAAAAAAAf8/iilS2fBoY-g/s1600/Xue3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="325" src="http://4.bp.blogspot.com/-xv8eL2o2V-I/UTJnAxfYv9I/AAAAAAAAAf8/iilS2fBoY-g/s1600/Xue3.png" width="400" /></a></div>
<br />
Sina Video<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-J5ksyl2W1iU/UTJnzbfPDzI/AAAAAAAAAgM/G-zAh1mXI4I/s1600/sinavideo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="270" src="http://3.bp.blogspot.com/-J5ksyl2W1iU/UTJnzbfPDzI/AAAAAAAAAgM/G-zAh1mXI4I/s1600/sinavideo.png" width="400" /></a></div>
<br />
<br />
<br />
<a href="http://club.astro.sina.com.cn/thread-171861-1-1.html" rel="nofollow" target="_blank">http://club.astro.sina.com.cn/thread-171861-1-1.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-CKyEWl4y7aY/UTJlfLL7lkI/AAAAAAAAAfk/aAAmfpVOTyE/s1600/Xue5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="367" src="http://3.bp.blogspot.com/-CKyEWl4y7aY/UTJlfLL7lkI/AAAAAAAAAfk/aAAmfpVOTyE/s1600/Xue5.png" width="400" /></a></div>
<br />
<br />
20051xue Newbie Posted :2005 -07-26 11:31 Show author<br />
Post 39 Posts: 0 Joined :2005-3-8 PM <br />
Large in small <br />
4<br />
<br />
Of course! <br />
sign this thing is not allowed, but every time I look up, never really had. Anyway, my wife is a lion (818), <b>I am Capricorn (107)</b>, the two married four years, and loving too are almost never fight, I live in the compound who recognized that we are the most loving couple.<br />
<br />
<b>The most interesting part is his Weibo personal blog where he mentions that he is Alumni of Tsinghua University and follow them, born on Jan 7, 1974 Capricorn and lives in Haidian District, Beijing.</b><br />
<br />
<br />
<br />
<a href="http://weibo.com/1145193935/" target="_blank">http://weibo.com/1145193935/</a><br />
<br />
<b>Basic information</b><br />
<br />
Nickname - Riding a white deer visit mountains<br />
<br />
Location - Haidian District, Beijing<br />
<br />
Gender - Male<br />
<br />
Birthday - January 7, 1974, Capricorn<br />
<br />
Job Information<br />
<br />
Education Information - <b>Tsinghua University </b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-teENHsMXmUA/UTJlvjLw71I/AAAAAAAAAfs/uIUmv3BuCk8/s1600/20051weibo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="367" src="http://1.bp.blogspot.com/-teENHsMXmUA/UTJlvjLw71I/AAAAAAAAAfs/uIUmv3BuCk8/s1600/20051weibo.png" width="400" /></a></div>
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-t4a648xQzVc/UTJmRp0UuJI/AAAAAAAAAf0/w8m6tGhAh-Q/s1600/weibofollowers.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://1.bp.blogspot.com/-t4a648xQzVc/UTJmRp0UuJI/AAAAAAAAAf0/w8m6tGhAh-Q/s1600/weibofollowers.png" width="381" /></a></div>
<b><br /></b>
<br />
<br />
200051Xue is using Samsung Galaxy S III android phone and he posted one of the picture of his daughter. The geo location listed in the pic was Han Jiachuan Road, Beijing, Haidan District<b>.<span style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; background-color: #fafafa; color: #333333; display: inline !important; float: none; font-family: Arial, Helvetica, sans-serif; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: 10.399999618530273px; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"></span></b><br />
<br />
<br />
<b>He posted his personal picture in the album. </b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-7o9ZBxz31X4/UTTiU7DeOLI/AAAAAAAAAgc/1vAxje7n5jE/s1600/xuecolor.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="http://4.bp.blogspot.com/-7o9ZBxz31X4/UTTiU7DeOLI/AAAAAAAAAgc/1vAxje7n5jE/s1600/xuecolor.JPG" width="272" /></a></div>
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<b><br /></b>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-72388075018931644782013-04-20T16:42:00.004+01:002013-04-20T16:42:59.614+01:00Sakura Exploit Pack<b>(Cross posted from Underground Forum)</b><br />
<br />
Intro: Можно сказать что связка прошла успешное испытание временем, доказала свою конкурентноспособность и право на существование.<br />Я уверен что она придется по вкусу многим. Добро пожаловать в проект Sakura! <br /><br />Текущая версия 1.1<br /><br />В связку на данный момент входят:<br />- Java Rhino<br />- Java Obe<br />- Pdf Libtiff<br /><br />Изменения:<br />- Внедрены дополнительные механизмы защиты эксплоитов<br />- Добавлен модуль проверки домена/ip по блеклистам<br />- Добавлен список юзерагентов основных ботов<br />- Добавлена возможность установки беклинка(по умолчанию 404 ошибка) для непробитого траффа<br />- Mac, Linux траффик и браузер Google Сhrome по умолчанию считаются неуникальным траффиком.<br /><br /><br />Возможности:<br />- Статистика по странам/источникам/браузерам/версиям ОС<br />- Поддержка потоков с разными настройками<br />- Ребилд связки на новый ip/домен через админку<br /><br />Цена:<br />- 2000$/месяц при потоках <100к траффика в сутки. При больших потоках цена обговаривается отдельно.<br />- За 30% траффа US,CA,UK,AU при потоках >50к сутки.<br />Связка предоставляется бесплатно! Вы не покупаете лицензию. <br /><br />За что вы платите:<br />1)Чистки - Постоянные чистки. Моя основная задача - поддерживать постоянную чистоту. <br />Вам не придется беспокоится об этом, я сам проверяю несколько раз в день и при палеве автоматически заливаю на ваш сервер.<br />2)Обновления<br />3)Написание любых нужных вам модулей, функционала<br /><br />Особенности связки:<br />Связка ставится на Ваш сервер. <br /><br />Время работы:<br />- пн-пт 10.00-19.00(мск)<br />- выходные - суббота,воскресение.<br /><br />
<b>Screens</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-mYl0PBTGNSw/UXK3TqQXuKI/AAAAAAAAAg8/7t7rSJ-2VZk/s1600/sakura1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-mYl0PBTGNSw/UXK3TqQXuKI/AAAAAAAAAg8/7t7rSJ-2VZk/s1600/sakura1.png" height="506" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-c9Mh436ikO0/UXK3TSc2VTI/AAAAAAAAAg0/xzha0aU5f9E/s1600/sakura2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-c9Mh436ikO0/UXK3TSc2VTI/AAAAAAAAAg0/xzha0aU5f9E/s1600/sakura2.png" height="444" width="640" /></a></div>
<br />
<br />
<br />
<b>Detailed Screens</b> <br />
<br />
<a href="http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html">http://www.xylibox.com/2012/01/sakura-exploit-pack-10.html</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-83006181440407272532013-04-20T16:31:00.001+01:002013-04-20T16:31:30.231+01:00Styx Exploit Pack<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-3kYq57aVHUY/UXK0QBAkm_I/AAAAAAAAAgs/h4cE4SD7tqw/s1600/styxexp.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-3kYq57aVHUY/UXK0QBAkm_I/AAAAAAAAAgs/h4cE4SD7tqw/s1600/styxexp.png" height="400" width="640" /></a></div>
<br />
<br />
<b>(Cross posted from Underground forum )</b><br />
<br />
<b>Styx Sploit Pack</b><br /><br />Gentlemen, it's a time to announce a new next generation product for your viewing pleasure: Styx Vulnerability Browser Stress Test Platform 2.0.<br /><br />Our team worked hardly around three years to make a quality product which will be trustful for any person. Also we made a deep testing so this product already tested with our crypt.<br /><br /><b>Possibilities:</b><br /><br />Updating via GIT from the master-server twice a day with any detect of any sploit;<br />No domains binding: you can specify any number of domains without rebuild;<br />There are no restrictions on traffic. Flow as many traffic as your channels and its hardware server can handle; Traffic must flow.<br />Speed. The product is able to handle as many connections as your MIPS processor.<br />Working with sub accounts: you can split any traffic flows to different sub accounts, share files and watch for the most quality traffic;<br />Flexible statistics: we use MongoDB (NoSQL-stores) on each sub account, browsers, country, operating system, time;<br />Two variants of rent: use can use the product on your servers or on our server;<br />Package. Deployment on your server with one script will take around two minutes.<br />Dynamic URL Flow link generation. Each link on which traffic flows is unique. This way makes a lack of possibility to detect the URL by the signature. Only domain.<br />Support for downloading files from a remote host. You can upload files to your sub account remotely.<br />Having a flexible API for all types of operations: each operation, which is available through the administrative interface is a command, and it's repeated by the API;<br />Checking the IP / Domain to the presence of black-lists through friendly service GhostBusters;<br />Quiet operation: like falling from a tree sakura flower, all the product is quiet;<br /><br /><b>Frequently asked questions:</b><br /><br />Q: WTF Styx Sploit Pack?<br /><br />A: This is a modern new generation exploit pack written by Styx team from scratch. It has been tested on huge traffic: 500К - 2КК in last 1,5 years.<br /><br />Q: What's the differences between Styx Sploit Pack and BH, Phoenix, Sakura?<br /><br />A: Our product is much more professional then other products: we written all exploits from scratch, we don't need rebuilds, we have really rapid product cleaning on demand, we have good support, also we have ticket system and 'All inclusive' package which includes everything: setup, cleaning, support, consulting.<br /><br />We don't have a term 'rebuild for a new domain', 'how much is FUD', and 'when it will be FUD?' Paid once a month you will have stable and professional work all time you use the product and it will fully satisfy you.<br /><br />Q: What exploits are included to package?<br /><br />A: Java, PDF, Abobe Flash and their derivatives.<br /><br />Q: What's the % hit, where can I see stats?<br /><br />A: Stats really depends on traffic. This means that all people showing stats are cheaters and cheating all newbies because it's no way to make real life stats like that on pictures.<br /><br />We will not fool you with stats pictures and huge numbers but the truth is out there (: -- our % hit and stats is better than any product which is available in market at this time. We have from 1 to 10% more but it only depends on traffic.<br /><br />Q: What's the guaranteed support time and reaction?<br /><br />A: Support is available in two modes: ticket system and realtime (jabber, online). You will have full 24x7 support all paid time.<br /><br />Q: What will I get for this money?<br /><br />A: You will get the product, installed to your server, setup to work with TDS and consulting and cleaning for 1 month. We don't have to 'rebuild for a new domain', our product works fine without any rebuilds, you just have to specify paths in settings. Guaranteed clean time is two hours from alert. In this way you will have a full freedom: you don't need to wait for anybody to rebuild or clean, exploit pack works with any your domains and server demands are low.<br /><br />We think these arguments are enough to explain quality and price for private customers.<br /><br />Q: How much does it cost?<br /><br />A: $3000 per month.<br /><br />Q: Can I buy sources?<br /><br />A: No. (=<br /><br />Q: What are hardware requirements?<br /><br />A: They are fully democratic: we need only 512Mb RAM and 100Mbit channel to work comfortably. We also demand good OS installed to server: we don't support Windows or any *BSD.<br /><br />Q: What about domains? How can I see if it's in stop-list?<br /><br />A: We recommend you to use Ghost Busters or CHK4ME services for that, write a simple script and setup it up to cron to 1/2 hour.<br /><br />Q: TDS? What TDS do you support and what TDS are compatible?<br /><br />A: Any adequate TDS. We recommend you to use Sutra.<br /><br />Q: Are your sploits packed?<br /><br />A: Each exploit is cyphered and obfuscated from AVs at our service Styx Crypt.<br /><br />Q: Is there browser fall down?<br /><br />A: We have a small % of browser fall down so it can be ignored at all because it only depends on user's OS and browser version installed, so just ignore them.<br /><br />Q: Is Chrome hit?<br /><br />A: No.<br />
<br />Q: Can I make a test?<br /><br />A: Yes.<br /><br />Q: What are test demands for me?<br /><br />A: You should provide us abuse-immunity server with root access with OS Linux installed (Debian is preferred), installed TDS (to filter unused traffic: mobile useragents, Mac, Linux, Chrome), you should provide us FUD EXE to be loaded from pack (no detections at all with size < 4Mb) and a clean domain.<br /><br />Q: What shoud I get from test?<br /><br />A: We will provide a full URL (from your domain) to allow you to 'make the spice flow (:' - to put there traffic. Two hours will be enough to let you to see % hit. EXE you provided will be loaded and you can check knoks from it. It's clear to understand that % hit fully depends on traffic quality so we will not accept any complain about it.<br /><br />Q: Which language is sploit-pack written?<br /><br />A: Usermode is written on PHP5, but exploit coge and generator — is no matter for you.<br /><br />Q: What database do you use?<br /><br />A: We use last MySQL version.<br /><br />Q: So what is real hit percentage?<br /><br />A: You can see it by yourself by requesting a test. We will not fool you by specifying huge numbers in «35%» and / or «right 2% higher then BH». Anoone who once tried to compare sploit packs knows what the hellish job this is: you need to have perfectly ideal traffic, same servers must work absolutely in same mode and so on. In real life quality can be determined by only one parameter: by testing. Of course this depends on your traffic.<br /><br />Q: So why are you better? For what do I pay money?<br /><br />A: For the first, by hit percentage. For the second, by flexible integrated system which can be used in any huge infrastucture. Our product is flexible and scalable and these features are used some times by different partnership programs. This flexibility allows you to work with more clients on same server then BH due to reduced file sizes and due to no PHP obfuscation. For the third, updates, support and cleaning. You don't have to pay for «domain switching / rebuilding» and «cleaning». We will just update pack on server. For the fourth, all new sploits are always included to pack first right after all tests passed on all browsers and OSes with all SPs. We don't search for any public sploits we research my ourselves and in some cases we buy technologies. So you see that this is - Perpetuum Mobile, but in same cases is Perfectum Mobile.<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-9562819053696284342013-03-06T20:29:00.001+00:002013-03-06T20:31:12.916+00:00Chinese Threat Actor Part 6<div class="separator" style="clear: both; text-align: left;">
<a href="http://4.bp.blogspot.com/-T_W6lzsinGU/UTE_LVl-WlI/AAAAAAAAAeY/OmISM4Z65cQ/s1600/6sanya.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
APT Malware reported on 2012-05-24<br />
<br />
<a href="http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PWS-BXJ/detailed-analysis.aspx" target="_blank">http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~PWS-BXJ/detailed-analysis.aspx</a><br />
<br />
www.wmicrosoftw3.com<br />
<br />
Whois<br />
<br />
Domain Name ..................... WMICROSOFTW3.COM<br />
Name Server ..................... dns27.hichina.com<br />
dns28.hichina.com<br />
Registrant ID ................... hc354172142-cn<br />
Registrant Name ................. li gang<br />
Registrant Organization ......... ligang<br />
Registrant Address .............. beijingchaiyangshuangjing<br />
Registrant City ................. bei jing shi<br />
Registrant Province/State ....... bei jing<br />
Registrant Postal Code .......... 100001<br />
Registrant Country Code ......... CN<br />
Registrant Phone Number ......... +86.01052636523 -<br />
Registrant Fax .................. +86.01095236325 -<br />
Registrant Email ................ pksslxc@gmail.com<br />
<br />
pksslxc@gmail.com is also registrant of many other espionage domains<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-XMHpi5gGhUM/UTE8uNUNmTI/AAAAAAAAAeM/OVvlKo9-TNg/s1600/domains.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Actor Attribution</b></div>
<br />
<br />
pksslxc@gmail.com is the registrant email of many chinese boards. On his baidu profile he mentioned that he is into <b>Computers / Network Military</b> but after the Bloomberg and Mandiant report, he removed that information.<br />
<br />
<br />
<b>6Sanya</b><br />
<br />
<a href="http://www.6sanya.com/show.php?t_766_72_82125" rel="nofollow" target="_blank">http://www.6sanya.com/show.php?t_766_72_82125</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-T_W6lzsinGU/UTE_LVl-WlI/AAAAAAAAAeU/1JQ1C86oPyI/s1600/6sanya.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-T_W6lzsinGU/UTE_LVl-WlI/AAAAAAAAAeU/1JQ1C86oPyI/s1600/6sanya.png" height="150" width="320" /></a></div>
<br />
<br />
<br />
<a href="http://www.tianya.cn/techforum/content/766/72/82125.shtml" rel="nofollow" target="_blank">http://www.tianya.cn/techforum/content/766/72/82125.shtml </a> ( Cache)<br />
<br />
7140#作者:pksslxc 回复日期:2012-3-19 23:12:00 pksslxc@gmail.com<br />
<br />
<br />
<a href="http://www.baidu.com/p/pksslxc" rel="nofollow" target="_blank">http://www.baidu.com/p/pksslxc</a><br />
<br />
<a href="http://www.baidu.com/p/pksslxc/detail" rel="nofollow" target="_blank">http://www.baidu.com/p/pksslxc/detail</a><br />
<br />
擅长领域: 电脑/网络 军事<br />
<br />
<b><span style="color: red;">Male, Area of expertise - Computer / Network Military</span></b><br />
<br />
(Now the profile details are changed)<b><span style="color: red;"></span></b><br />
<b><span style="color: red;"><br /></span></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-k_gTrP8CzeY/UTFLRwMmd0I/AAAAAAAAAek/eBDulP46loQ/s1600/baidu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-k_gTrP8CzeY/UTFLRwMmd0I/AAAAAAAAAek/eBDulP46loQ/s1600/baidu.png" height="248" width="400" /></a></div>
<br />
<b>CSDN Profile</b><br />
<br />
<a href="http://blog.csdn.net/pksslxc" rel="nofollow" target="_blank">http://blog.csdn.net/pksslxc</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-AKhmKpiEJEY/UTFLa9FsdOI/AAAAAAAAAes/Lg9oKIW3kjk/s1600/csdn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-AKhmKpiEJEY/UTFLa9FsdOI/AAAAAAAAAes/Lg9oKIW3kjk/s1600/csdn.png" height="282" width="400" /></a></div>
<br />
<br />
<b>51CTO Blog</b><br />
<br />
<a href="http://3239647.blog.51cto.com/">http://3239647.blog.51cto.com</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-89eNmkG05Wg/UTFMG6t9KwI/AAAAAAAAAe8/F_yNxtZ0Zwg/s1600/51cto.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-89eNmkG05Wg/UTFMG6t9KwI/AAAAAAAAAe8/F_yNxtZ0Zwg/s1600/51cto.png" height="295" width="400" /></a></div>
<br />
<br />
<br />
<b>Tianya Board</b><br />
<br />
<a href="http://www.tianya.cn/65799758" rel="nofollow" target="_blank">http://www.tianya.cn/65799758 </a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-gUOcMyxHQMA/UTFLsyUnMEI/AAAAAAAAAe0/o9Kz7zWM1pM/s1600/tianya.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-gUOcMyxHQMA/UTFLsyUnMEI/AAAAAAAAAe0/o9Kz7zWM1pM/s1600/tianya.png" height="231" width="400" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-17432612203791936442013-02-20T01:49:00.000+00:002013-03-01T23:06:51.617+00:00Chinese Threat Actor Part 5<div class="separator" style="clear: both; text-align: center;">
</div>
Follow up on Mandiant report<br />
<br />
<a href="http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf" target="_blank">http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf</a><br />
<br />
<b>Mandiant Report</b><br />
<br />
"Once again, in tracking SH we are fortunate to have access to the accounts disclosed from rootkit.com. The rootkit. com account “SuperHard_M” was originally registered from the IP address 58.247.237.4, within one of the known APT1 egress ranges, and using the email address “mei_qiang_82@sohu.com”. We have observed the DOTA persona emailing someone with the username mei_qiang_82. The name “Mei Qiang” (梅强) is a reasonably common Chinese last/first name combination. Additionally, it is a common practice for Chinese netizens to append the last two digits of their birth year, suggesting that SuperHard is in fact Mei Qiang and was born in 1982. <i><b>Unfortunately, there are several “Mei Qiang” identities online that claim a birth year of 1982, making attribution to an individual difficult."</b></i><br />
<br />
One of the threat actor identified by Mandiant is "SuperHard_M". His name is Mei Qiang and email is "mei_qiang_82@sohu.com"<br />
<br />
<b>Attribution</b><br />
<br />
Rootkit database<br />
<br />
(32261,'SuperHard_M','bf787577ff656cde5b5d1f8236a75d2a',<b>'mei','mei_qiang_82@sohu.com</b>',1,1130405749,'',''<br />
,'','','','',1,'','',1267772902,'58.247.237.4',0,0,0,1267772654,0,0,0,'','','','','',800,'')<br />
<br />
IP Address 58.247.237.4 - CHINA, SHANGHAI, SHANGHAI<br />
<br />
This email is the registrant email at kaixin001 social network<br />
<br />
<a href="http://www.kaixin001.com/home/13874928.html" rel="nofollow" target="_blank">http://www.kaixin001.com/home/13874928.html</a><br />
<br />
<b>Full Name - Mei Xiao Qiang ( 梅小强 ), Living in Shanghai</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rItdX3rr5yg/USQo82n60gI/AAAAAAAAAaI/A6CBaNj5Jao/s1600/kaixin.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-rItdX3rr5yg/USQo82n60gI/AAAAAAAAAaI/A6CBaNj5Jao/s1600/kaixin.png" height="245" width="400" /></a></div>
<br />
<br />
<br />
<b>Tianya Chinese Board</b><br />
<br />
meo_qiang_82@sohu.com is also the registrant email at Tianya chinese board but the name linked to this email address is "2005_9_24" and profile information says he is a Male, living in city of ZhengZhou, Henan Province with Date of Birth <b>September 12th 1982</b>, Virgo<b> </b>and this profile is registered on 24 Sep 2005 suggesting that he was in Zhengzhou at this time.<br />
<br />
<a href="http://www.tianya.cn/3963856" rel="nofollow" target="_blank">http://www.tianya.cn/3963856</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-i3r6D3lgOMY/USQpVl5ScvI/AAAAAAAAAaQ/9boZLpXyGUY/s1600/tianya2005.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-i3r6D3lgOMY/USQpVl5ScvI/AAAAAAAAAaQ/9boZLpXyGUY/s1600/tianya2005.png" height="205" width="400" /></a></div>
<br />
<br />
<br />
Interesting enough, there is another account on Tianya with the handle "SuperHard_M" which is registered with email address "mei_qiang_82@hotmail.com"<br />
<br />
<a href="http://www.tianya.cn/5685768" rel="nofollow" target="_blank">http://www.tianya.cn/5685768</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-uapydIsYPgg/USQprq5uwHI/AAAAAAAAAaY/zIMUrFXvxts/s1600/tianyasuper.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-uapydIsYPgg/USQprq5uwHI/AAAAAAAAAaY/zIMUrFXvxts/s1600/tianyasuper.png" height="200" width="400" /></a></div>
<br />
"mei_qiang_82@hotmail.com" is also the registrant email at kaixin social network but the profile is deleted now and we know why :)<br />
<br />
Search on mei_qiang_82@hotmail.com reveals he is aged 24 in 2005, that means he is 31 years old now. <br />
He was living in Zhengzhou, Henan province during 2005. In a Job profile, he mentions that his interests are network security and developing hacking tools. <br />
<br />
<a href="http://www.sxsoft.com/index.php/it/employee/show/2331" rel="nofollow" target="_blank">http://www.sxsoft.com/index.php/it/employee/show/2331</a><br />
<br />
<b>Name: SuperHard_M</b><br />
Gender: Male<br />
Age: 24<br />
Education: Masters<br />
Tel: 13503456644<br />
Contact Address: Henan Zhengzhou 1001 mailbox 774<br />
PostalCode: 450002<br />
<b>E-mail: mei_qiang_82@hotmail.com</b><br />
Date: 2005-11-28 08:50:40<br />
Published Username: SuperHard_M<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-58bonQqhAAM/USQqLsysFDI/AAAAAAAAAag/z2fWgfyZfSo/s1600/superhardm1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-58bonQqhAAM/USQqLsysFDI/AAAAAAAAAag/z2fWgfyZfSo/s1600/superhardm1.png" height="318" width="400" /></a></div>
<br />
The mailbox address 1001 mailbox 774, Zhengzhou city, Henan Province belongs to the famous PLA Information Engineering University that implies he was a student at PLAIEU.<br />
<br />
Mei Qiang published two journals along with Zhu Yue-Fei related to HTTP Session Hijacking on Switch LAN, Man In The Middle (MITM), ARP Spoof. It is important to note that Zhu Yue-Fei also published articles with <a href="http://cyb3rsleuth.blogspot.ru/2012/03/chinese-threat-actor-part-3.html" target="_blank">Zhang Chang-he</a><br />
<br />
<a href="http://www.cdblp.cn/namedisambiguation/%E6%A2%85%E5%BC%BA/%E4%BF%A1%E6%81%AF%E5%B7%A5%E7%A8%8B%E5%A4%A7%E5%AD%A6/32123.html" rel="nofollow" target="_blank"> http://www.cdblp.cn/namedisambiguation/%E6%A2%85%E5%BC%BA/%E4%BF%A1%E6%81%AF%E5%B7%A5%E7%A8%8B%E5%A4%A7%E5%AD%A6/32123.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-_myiWKZF260/USScc8VYqSI/AAAAAAAAAbM/6LNRGq0VNb0/s1600/meiqiang.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-_myiWKZF260/USScc8VYqSI/AAAAAAAAAbM/6LNRGq0VNb0/s1600/meiqiang.png" height="375" width="400" /></a></div>
<br />
<br />
(Credit goes to Tommy for the Journal link)<br />
<br />
Read online<br />
<br />
<a href="http://www.docin.com/p-53977513.html">http://www.docin.com/p-53977513.html</a><br />
<br />
<br />
<b>SuperHard_M profiles on chinese boards</b><br />
<br />
<br />
<b>Weibo Profile </b><br />
<b><br /></b>
Lives in Shanghai Pudong area<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-gncPqv3YHHI/UTEyx4Lr_aI/AAAAAAAAAd8/yrDGCz_Hn0M/s1600/supweibo.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-gncPqv3YHHI/UTEyx4Lr_aI/AAAAAAAAAd8/yrDGCz_Hn0M/s1600/supweibo.png" height="351" width="400" /></a></div>
<br />
<br />
<b>T QQ Profile</b><br />
<br />
Lives in Shanghai Pudong area and Virgo<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-0QGUxAsKBok/UTEz89AS1aI/AAAAAAAAAeE/7ZNGMelYVp8/s1600/qiang_qq.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-0QGUxAsKBok/UTEz89AS1aI/AAAAAAAAAeE/7ZNGMelYVp8/s1600/qiang_qq.png" height="265" width="400" /></a></div>
<br />
<br />
<br />
<a href="http://www.douban.com/people/SuperHard_M/" rel="nofollow" target="_blank">http://www.douban.com/people/SuperHard_M/</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-PXOlUq1TX30/USQqaLyf9KI/AAAAAAAAAao/755Wvt4PGBc/s1600/douban.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-PXOlUq1TX30/USQqaLyf9KI/AAAAAAAAAao/755Wvt4PGBc/s1600/douban.png" height="231" width="400" /></a></div>
<br />
<br />
Wolf's World<br />
<br />
<a href="http://superhard.blog.sohu.com/" rel="nofollow" target="_blank">http://superhard.blog.sohu.com</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-zqWxIKYYCdY/USQqqrOqsMI/AAAAAAAAAaw/O2PG5WZvKYE/s1600/sohublog.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-zqWxIKYYCdY/USQqqrOqsMI/AAAAAAAAAaw/O2PG5WZvKYE/s1600/sohublog.png" height="203" width="400" /></a></div>
<br />
<br />
<a href="http://www.pinglunjuhe.com/pinglun/1009858.aspx?bt=3" rel="nofollow" target="_blank">http://www.pinglunjuhe.com/pinglun/1009858.aspx?bt=3</a> <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Ukf7ikHjkNY/USQq7K9qsAI/AAAAAAAAAa4/ZLMDZQinDQ0/s1600/meiqiang.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-Ukf7ikHjkNY/USQq7K9qsAI/AAAAAAAAAa4/ZLMDZQinDQ0/s1600/meiqiang.png" height="252" width="400" /></a></div>
<br />
One of the other possible email of SuperHard is mei_qiang_82@163.com<br />
<br />
<span style="color: red;"><b>Update</b></span> <br />
<br />
After few hours of this blog post, Mei Qiang's Kaixin profile is deleted and sxsoft profile details are changed.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-YmQ-V9yWsSg/USSdwPV-nFI/AAAAAAAAAbY/zRKnqpwKtf4/s1600/superhard2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-YmQ-V9yWsSg/USSdwPV-nFI/AAAAAAAAAbY/zRKnqpwKtf4/s1600/superhard2.png" height="223" width="400" /></a></div>
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-1943282803772114662013-02-16T07:54:00.000+00:002013-02-18T09:32:27.338+00:00PLAIEU<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>People's Liberation Army - Information Engineering University (PLAIEU)</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-30b-haO0zbc/UR843BFuZ4I/AAAAAAAAAV0/Vg26WRk8MKM/s1600/PLAIEU.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-30b-haO0zbc/UR843BFuZ4I/AAAAAAAAAV0/Vg26WRk8MKM/s1600/PLAIEU.jpg" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
(Content is translated using Google)</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<b>Profile</b><br />
<br />
Chinese People's Liberation Army Information Engineering University (The PLA Information Engineering University), former PLA Information Engineering University , PLA Institute of Surveying and Mapping, PLA Institute of Electronic Technology merged to form from directly under the General Staff leadership is a key national science and engineering higher military academies. The whole army one of the five comprehensive universities (the other four are: the National University of Defense Technology , PLA University of Science , Air Force Engineering University , Naval Engineering University ). Seeking, innovation and dedication is the motto of the University.<br />
<br />
<b>PLA Information Engineering University</b><br />
<br />
Training, Department of Political Affairs, the school, the four organs of the Ministry of the Ministry of Scientific Research, under the Information Systems Engineering, College of geospatial information, password Engineering, College of cyberspace security navigation and air and space targets Engineering University now compiled, the rationale College, commanding officer basic education College letter seven colleges and the Institute of Information Technology. Has three postdoctoral programs, 24 doctoral degree programs (including six one discipline Doctorate), 53 master degree programs. Has three national key disciplines (including one of a national key disciplines), the five army key disciplines, 10 disciplines field is listed as the field of army " 211 Project "key construction disciplines. In addition, the school also has a National Engineering Research Center (National Digital Switching System Engineering Technology Research Center), five Army Key Laboratory of 2 provincial key laboratories, as well as 43 basic and specialized laboratories.<br />
<br />
The University has a high-quality teaching and research ability, structured teaching team. It has a large number of countries to the the Professor Gao Jun, the Chinese Academy of Sciences, the Chinese Academy of Engineering, Professor Wang Jiayao Wu Professor Jiang Xing, Professor Xu Qifeng, young experts with outstanding contributions by the army and the experts and professors enjoy special government allowances. Existing teaching and research and engineering and technical personnel, with more than 600 senior professional and technical positions. My school's existing National Science and Technology Award Committee, the State Council Academic Appraisal Group, the National Informatization specifically Advisory Committee members, the National 863 Program information field of the Expert Team 3, Lunar Exploration Science Applications experts 2 Committee experts, the national teachers teaching, outstanding teachers, outstanding scientific and technological workers, one person was "New Century Female Inventors of the Fourth National Innovation Award, a teaching team was named national teaching team 22 enjoy special government allowances, 23 were rated as outstanding teachers, 211 people were army outstanding professional and technical personnel post allowance, 259 people were Yucai Award of the military academies.<br />
<br />
<b>Students elegance</b></div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-8LABAbSDaFM/UR865OEtnpI/AAAAAAAAAWQ/DQc0B792WK4/s1600/plaieu2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-8LABAbSDaFM/UR865OEtnpI/AAAAAAAAAWQ/DQc0B792WK4/s1600/plaieu2.jpg" height="300" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-PpMeKV2Lle4/UR86zUnLaOI/AAAAAAAAAWI/QlGOC6srD6U/s1600/plaieu3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<div style="text-align: left;">
<br />
<br />
Since the establishment of the University, close to the force requirements, closely around the central task of personnel training, and promote the development strategy for education transformation and strong school, level of education and teaching, and improve quality of personnel training, and has won two National Teaching Achievement Award three second prize, army-level teaching achievement award 32; 6 tutorial was named national quality courses, 12 courses were rated as high quality courses in the military, army excellent network courses; 11 achievements have been awarded the National Grand Prix of multimedia educational software. etc. Award; published textbook 200 for more than 16 textbooks as the "Eleventh Five-Year" project national planning materials; College English curriculum reform identified by the Ministry of Education for the whole army's only teaching reform demonstration sites; school assessment The collective work of art for the National Academic Degrees and Graduate Education Management.<br />
<br />
University academic atmosphere active research strength, fruitful, is a base for research and innovation in the field of military information. Has undertaken a national army 3000 a number of key issues, including more than 400 of the 863 Program, 973 Program, National Natural Science Foundation of China, and defense major research projects. University since its formation in 1999, has won first prize in three national scientific and technological progress second prize of National Science and Technology Progress (State Technological Invention) 24, 65 armed forces (provincial and ministerial level) first prize for scientific and technological progress. At present, universities in program-controlled exchange, the third-generation mobile communication technology, information security, core router, signal analysis and processing, satellite and microwave communications, computer networks, network communication protocols, spatial positioning, satellite navigation, space remote sensing, digital photogrammetry, strong research strengths and strength in the direction of the simulation engineering, digital cartography, geographic information systems, and some in the international advanced level. Independently successfully developed China's first large-scale digital program-controlled switches HJD-04 exchange system and China's first all core technology with independent intellectual property rights of high-performance IPv6 router, and presided build a national high-speed information demonstration network, the next generation of broadcast networks ( NGB) technology leader. In addition, the development of the Shenzhou series of spacecraft, the successful to simulate landing field three-dimensional terrain contributed to write a new history of China Aerospace brilliant.<br />
<br />
The University actively updating educational ideas, closely tracking the development of information science and technology, comprehensive deepen the educational reform, accelerate instantiate teaching, quality of personnel training has been significantly improved, the army now of building transport three thousand much-needed information class talent. University graduate students writing a thesis, was named National Excellent Doctoral Dissertation 5, 16 was named military Excellent Doctoral Dissertation the 33 named army Hits; cadets participated nationwide disciplines reward of more than 170 above the competition won the first prize; trainees Zhao Jing was named "the army's top ten of learning to become pacesetters"; students the Xie Kangmin was the first National Youth Century Talent Competition Gold Award; Meng Xiangbin, Wu Wenbin, graduate trainees has been named " Moving China "Person of the Year, and Meng Xiangbin Central Military Commission awarded the honorary title of sacrificed their lives to save a model officer, Wu Wenbin Central Military Commission awarded the honorary title of the earthquake relief heroic warrior.</div>
<div style="text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-PpMeKV2Lle4/UR86zUnLaOI/AAAAAAAAAWI/QlGOC6srD6U/s1600/plaieu3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-PpMeKV2Lle4/UR86zUnLaOI/AAAAAAAAAWI/QlGOC6srD6U/s1600/plaieu3.jpg" height="179" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<br />
The school occupies a total area of nearly 5,000 acres, total construction area of more than 110 million square meters, tidy campus wide, tree-lined, with a good learning environment, headquarters named "garden-style barracks. Schools built GPS experimental field, satellite ground stations, satellites, observatories, Observatory, computing center, swimming pool, shooting range, track and field stadium, indoor sports hall, multi-media classrooms, academic lecture hall, fully supporting the teaching, research and living facilities . The Library is a collection of more than 100 million copies digital literature resources 280TB. Campus built broadband high-speed campus network, dedicated access Internet Education and Research Network INTERNET.<br />
<br />
<b>Information Engineering</b><br />
<br />
Located in the Yellow Sea, the northern foot of the Songshan of the Chinese People's Liberation Army Information Engineering University Information Engineering Institute, shoulder the important task of training project of the modernization of national defense technology and scientific research personnel, is a the army key building colleges.<br />
<br />
Information Engineering University College of Information Engineering, Higher College of Science and Technology for the the defense modernization cultivation engineering and scientific researchers, and its predecessor, the PLA Information Engineering University, is approved by the State Council, the national key institutions of higher learning. Seven professional Institute jurisdiction of Computer Science and Technology, communications engineering, information science, information studies, command and management of Electronic Science and Technology, Network Engineering Department and the Information Technology Institute, Beijing graduate professional training center. Has two post-doctoral research stations , two one discipline Doctorate seven secondary discipline Doctorate programs, 15 master degree programs, 2 national key disciplines , two Army, one of the key disciplines army Key Laboratory 1 Key Laboratory of Henan Province, five army key construction disciplines areas of expertise, a national engineering centers (National Digital Switching System Engineering Technology Center). Existing School of Computer Science and Technology, network engineering, communications engineering, automation, information engineering, information research and security, electronic engineering, electronics and information engineering , eight four-year undergraduate students nationwide, according to local priorities score merit.<br />
<br />
College to inherit and carry forward the fine tradition of the original Information Engineering College 50 years, has a strong school strength and rich experience in education, and the formation of a unique educational advantages in the field of information technology and information security. College adhere to educational policy "toward modernization, the world and the future", focus on updating educational philosophy, extensive application of modern educational technology , continue to deepen the reform of teaching methods and means,<br />
<br />
<b>Students elegance</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-hbRa5HnL9ic/UR89y-ygGZI/AAAAAAAAAWo/URCq4xCWsQs/s1600/plaieu4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-hbRa5HnL9ic/UR89y-ygGZI/AAAAAAAAAWo/URCq4xCWsQs/s1600/plaieu4.jpg" height="203" width="400" /></a></div>
<br />
<br />
Attaches great importance to the students to innovative thinking and creative ability and improve. In recent years, a number of achievements of the state and the army high-grade teaching achievement awards in International, National Mathematical Modeling, Electronic Design Contest and radio direction finding, since 2002 to 154 won the National Award Championship academic competitions, including a top award , 60 first prize. The trainees Xie Kangmin won the gold medal in 2002, the first national youth century style TV contest. Zhengzhou Jianyuanyilai co-culture of all kinds at all levels more than 20,000 graduates of graduates in short supply, praised by the employer, played an important role in the construction of our military information, and many graduates have become the state-of-the-art technology pillars of the field.<br />
<br />
College faculty quality, reasonable structure. 42% of senior professional and technical positions in the Teacher, faculty with doctoral and master's degrees accounted for 89%, with the Chinese Academy of Engineering, Professor Wu Jiangxing represented by a group of renowned experts and scholars in and outside the military. 47 existing doctoral tutor , Master Instructor 147. Dozens of teachers were rated as the young and middle of the country and the army, the country, the military, and Henan Province, outstanding teachers, 61 excellent professional and technical personnel post allowance enjoy special government allowances and the military , 67 military academies Yucai Award. The College also hired 18 academicians from outside the hospital as a part-time professor.<br />
<br />
Academic research environment, excellent strength, and fruitful. A National Engineering Center - National Digital Switching System Engineering Technology Research Center, in joint research, scientific and technological achievements into out of the new road. Following since the advent of the 1990s, the college has independently developed China's first large-scale digital program-controlled switches HJD-04 exchange system, a major breakthrough in packet switching, information security, 3G technology and routing technology research areas, there are more than 100 innovative achievements countries, the armed forces or the Provincial Science and Technology Progress Award, which from 2001 to 2004, the fourth consecutive year the National Science and Technology Progress Award, the National Science and Technology Progress Award in 2006, created a new glory of the Institute of Scientific Research.<br />
<br />
<b>Institute of Surveying and Mapping</b><br />
<br />
PLA Information Engineering University is a military operational command of the high culture of military training and scientific research, the intermediate military mapping professionals higher engineering professional and technical colleges, formerly known as the 60 years of establishment of the hospital the history of the People's Liberation Army Institute of Surveying and Mapping, by approved by the State Council, one of the national key universities. Existing measurement and navigation of the College of Engineering, Department of Remote Sensing and Information Engineering, Cartography and Geographic Information Engineering, the operational environment and Simulation Engineering, Surveying Engineering and Equipment Department of Measurement and Control Technology and Management, joint schools and the local Health Department and other seven departments and Surveying Engineering Research Institute, has a post-doctoral research stations, six doctoral degree programs, 11 master's degree programs. With a national key disciplines, two army key disciplines, 4 army key construction disciplines field, an army Key Laboratory and one provincial engineering technology center.<br />
<br />
With a high-quality, reasonable structure and faculty. Total teaching, research, engineering and technical staff of more than 260 people, including more than 90 people positive vocational staff of 47 people, 82 Fu Gaozhi, doctoral, Master Instructor. Gao Jun Academician of the Chinese Academy of Sciences , the Chinese Academy of Engineering academician Wang Jiayao SURVEYING Academy of Sciences, Fellow of the International Eurasian Academy of money Zeng Bo is a group of well-known scholars, experts and professors. Equipment state-of-the-art educational technology center, satellite observation station, GPS experimental field, the center of the Observatory, remote sensing satellite ground stations, remote sensing image processing , spatial information, data processing centers, teaching facilities. The campus network to achieve hospital-wide sharing of information resources and online teaching. In recent years, the college has a positive commitment to the past more than 500 major research projects of the state and the army, there are more than 120 achievements have been awarded the National Invention Award and the Science and Technology Progress Award, and other awards. Academic teaching and research fully equipped, state-of-the-art facilities, the basic realization of modernization of teaching methods.<br />
<br />
The College has more than 60 years of school history, is one of the institutions of our military earliest foreign academic exchanges. Has received the military mapping the delegation of the United States , the United Kingdom, Germany , Canada, Switzerland , Russia, Romania , France, North Korea and other countries, and the famous experts, scholars visit, lecture, study abroad each year of experts, scholars, studies, lectures and participate in International Conference. The distinctive characteristics of school running strong academic atmosphere, elegant campus environment, the country, "the party's ideological and political work of advanced institutions of higher learning" the General Staff "personnel building advanced units" and "Army Class A health units".<br />
<br />
<b>Institute of Electronic Technology</b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-M4M4W8aJc6A/UR89gEMGWtI/AAAAAAAAAWg/K-Xm9inyoMg/s1600/plaieu5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-M4M4W8aJc6A/UR89gEMGWtI/AAAAAAAAAWg/K-Xm9inyoMg/s1600/plaieu5.jpg" height="260" width="400" /></a></div>
<br />
<br />
Information Engineering University, Institute of Electronic Technology Polytechnic Army information security technology based combination of command and technology combined with the multi-disciplinary institutions of higher learning. Formerly known as the 50 years of history of the People's Liberation Army Institute of Electronic Technology. The Institute existing command and management system, the Department of Information Research, Information Security, Information Equipment Engineering Department and an Information Security Institute of Technology, has a Key Laboratory of Information Security of Henan Province, a Henan Province Information Security Engineering Research center and a Henan e-commerce Engineering Research Center. A national key disciplines, three army key construction disciplines, three doctoral degree programs, eight master's degree authorization centers. Four four-year undergraduate programs of the existing College of Electronic Science and Technology, Information Engineering (Information Security), security, electronic engineering students nationwide, according to local priorities score merit.<br />
<br />
The College has a strong school strength and rich experience in education, characteristics and advantages in cryptography, information security, network engineering, and computer application technology . Institute focus on updating the educational philosophy, the deepening education reform and innovation of the approach, the emphasis on the cultivation of students 'innovative thinking and ability to carry out the students' independent research and other rich classroom activities, numerous international, national college students, graduate students mathematical modeling, English won the first prize in the contest, information security competition, there have been two students have been named "the whole army 10 learning to become pacesetters.<br />
<br />
The College has a reasonable structure, quality of teachers, accounting for 40% of the senior professional and technical positions in the faculty ranks, with doctoral and master's degrees accounted for 84%, with a number of disciplines with a solid foundation of theory and higher academic attainments academic leaders, including two "national young and middle," the General Staff outstanding young experts "7, 3 people enjoy special government allowances, seven teachers have been assessed to outstanding teachers in the military, 32 military academies "Yucai Awards. In recent years, the school has undertaken a national army, "863", "973", and the National Natural Science Fund and a number of major research projects by the national army and provincial-level teaching, research first, second and third prize hundred items.<br />
<br />
College teaching, research and living facilities. Library, Academic Hall, Experimental Center, Military Sports Pavilion, standard athletics stadium, swimming pool, field training ground, comprehensive service building and other support facilities. Social security services complete living facilities, park CAPE through the hospital campus wide and tidy, rational layout, tree-lined, beautiful environment. The college has been named the "National and cherishing the model unit", "the General Staff learning to become advanced units," the whole army civilization Health barracks "," garden-style barracks, garden-style units ".<br />
<br />
<br />
<b>Journals published by PLA Information Engineering University</b><br />
<br />
<a href="http://www.cqvip.com/qk/90290B/201201/" rel="nofollow" target="_blank">http://www.cqvip.com/qk/90290B/201201/</a><br />
<br />
<br />
<br />
<b>Page 57 of USCC Report provides more information about PLA Information Engineering University</b><br />
<br />
<a href="http://www.scribd.com/doc/84582278/USCC-Report-Chinese-Capabilities-for-Computer-Network-Operations-and-Cyber-Espionage" target="_blank">http://www.scribd.com/doc/84582278/USCC-Report-Chinese-Capabilities-for-Computer-Network-Operations-and-Cyber-Espionage</a></div>
<div style="text-align: left;">
<br />
Information Engineering University: The PLA Information Engineering University (PLAIEU), located in <br />
Zhengzhou, Henan Province, is perhaps the military university with the most comprehensive involvement in information warfare and computer network operations training, planning, and possibly also execution. <br />
According to a 2008 PLA Daily description, the school employs 800 professors and senior engineers and 100 part-time professors, serving 55 graduate degree programs.119 Published <i><b>PLAIEU-sponsored research includes studies on worm propagation, network attack evaluation, kernel-mode rootkits, data hiding, malware behavior detection, and “emergency public opinion control.”</b></i><br />
<br />
PLAIEU achieved worldwide notoriety in August, 2011 when the user ‘chinesecivilization2’ posted to YouTube a segment of the military-themed television documentary, “The Network Storm is Coming,” broadcast by CCTV-7 on July 16, 2011. The segment showed the live use of an apparent denial of service tool, bearing the title “PLA Information Engineering University” in Chinese, and offering the user a list of “attack destinations” including a Falun Gong website hosted at the University of Alabama in Birmingham (UAB). The broad exposure gained by the video’s YouTube distribution brought considerable attention to the PLAIEU, convincing many that the school sponsored hacking activity outright. However, staff at UAB later commented that the computer identified in the video had not been compromised, suggesting that the video only showed a simulation. Nevertheless, the video strongly suggests that the PLAIEU is involved in developing software to assist network attack operations. The specificity of the example (a Falung Gong website at an Alabama university) reflects the detailed, real world network reconnaissance that Chinese network security researchers in both academia and government are conducting to further PRC security interests.<br />
<br />
PLAIEU researchers are prolific publishers of information security-related material, having issued more than 300 articles in the past two years. Their recent collaborations include those with scholars at Zhengzhou University of Light Industry, PLA Unit 61365, Luohe Medical College, Public Security Marine Police Academy, Xi’an University of Electronic Science and Technology, Hebei University of Science and Technology, Sichuan University, the National Digital Switching Engineering Center, Nanyang Normal College, and many others. The number and diversity of collaboration partners enjoyed by PLAIEU researchers suggests both aggressive partnership-building on the school’s part and a broad-based reputation for technical expertise.<br />
<br />
Although the above key military institutions play important roles in the development of China’s information warfare capabilities, the PLA’s development of new CNO and EW capabilities depends to a substantial degree on collaboration with civilian academic institutions for the modernization of military command and technical talent.<br />
<br />
<b>Epoch Times Article - DDOS Software</b> <br />
<i><b></b></i><br />
<i><b><br /></b></i>
<i><b>The screenshots show the name of the software and the Chinese university
that built it, the Electrical Engineering University of China’s
People’s Liberation Army—direct evidence that the PLA is involved in
coding cyber-attack software directed against a Chinese dissident group.</b></i><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-nDHIjvm7N3o/USHvuXUaMDI/AAAAAAAAAXo/oYyHjaYvaOc/s1600/epoch.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-nDHIjvm7N3o/USHvuXUaMDI/AAAAAAAAAXo/oYyHjaYvaOc/s1600/epoch.jpg" height="280" width="400" /></a></div>
<br />
EXPOSED: A picture of the hacking software shown during the Chinese
military program. The large writing at the top says 'Select Attack
Target.' Next, the user choose an IP address to attack from (it belongs
to an American university). The drop-down box is a list of Falun Gong
websites, while the button on the left says 'Attack.' (CCTV)<br />
<br />
<b>Read Full article here</b><br />
<br />
<a href="http://www.theepochtimes.com/n2/china-news/slip-up-in-chinese-military-tv-show-reveals-more-than-intended-60619.html" rel="nofollow" target="_blank">http://www.theepochtimes.com/n2/china-news/slip-up-in-chinese-military-tv-show-reveals-more-than-intended-60619.html</a><br />
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-68246025342523268142013-02-04T17:35:00.002+00:002013-02-20T01:19:19.759+00:00Chinese Threat Actor Part 4Hugesoft.org is an espionage domain which goes back several years connected to uglygorilla@163.com. <br />
<br />
<a href="http://www.whoismind.com/whois/hugesoft.org.html" target="_blank">http://www.whoismind.com/whois/hugesoft.org.html</a><br />
<br />
Domain ID:D105044855-LROR<br />
Domain Name:HUGESOFT.ORG<br />
Created On:25-Oct-2004 09:46:18 UTC<br />
Last Updated On:10-Sep-2012 12:39:43 UTC<br />
Expiration Date:25-Oct-2013 09:46:18 UTC<br />
Sponsoring Registrar:eNom, Inc. (R39-LROR)<br />
Status:OK<br />
Registrant ID:3D553CC3140BB142<br />
Registrant Name:huge soft<br />
Registrant Organization:hugesoft<br />
Registrant Street1:shanghai<br />
Registrant Street2:<br />
Registrant Street3:<br />
Registrant City:shanghai<br />
Registrant State/Province:S<br />
Registrant Postal Code:200001<br />
Registrant Country:CN<br />
Registrant Phone:+86.21000021<br />
Registrant Phone Ext.:<br />
Registrant FAX:<br />
Registrant FAX Ext.:<br />
Registrant Email:<br />
Admin ID:3D553CC3140BB142<br />
<br />
The "ug-" sub domains are connected to this guy.<br />
<br />
email.hugesoft.org<br />
leets.hugesoft.org<br />
happy.hugesoft.org<br />
ne.hugesoft.org<br />
sllaw.hugesoft.org<br />
slnoa.hugesoft.org<br />
sw.hugesoft.org<br />
cdc01.hugesoft.org<br />
ug-aaon.hugesoft.org<br />
ug-aeai.hugesoft.org<br />
ug-ag.hugesoft.org<br />
ug-asg.hugesoft.org<br />
ug-ati.hugesoft.org<br />
ug-bdai.hugesoft.org<br />
ug-bdfa.hugesoft.org<br />
ug-bpd.hugesoft.org<br />
ug-cccc.hugesoft.org<br />
ug-ccr.hugesoft.org<br />
ug-co.hugesoft.org<br />
ug-cono.hugesoft.org<br />
ug-cti.hugesoft.org<br />
ug-dfait.hugesoft.org<br />
ug-enrc.hugesoft.org<br />
ug-ga.hugesoft.org<br />
ug-hst.hugesoft.org<br />
ug-irpf.hugesoft.org<br />
ug-kfc.hugesoft.org<br />
ug-man.hugesoft.org<br />
ug-mbi.hugesoft.org<br />
ug-nema.hugesoft.org<br />
ug-opm.hugesoft.org<br />
ug-piec.hugesoft.org<br />
ug-pmet.hugesoft.org<br />
ug-pnl.hugesoft.org<br />
ug-rev.hugesoft.org<br />
ug-rj.hugesoft.org<br />
ug-sbig.hugesoft.org<br />
ug-tree.hugesoft.org<br />
ug-tta.hugesoft.org<br />
ug-volpe.hugesoft.org<br />
<br />
<br />
<b>Attribution</b><br />
<b><br /></b>
uglygorilla@163.com is the registrant email of rootkit.com. This database is leaked and available in public domain.<br />
<br />
'WangJack','uglygorilla@163.com',1,1125921689,'','','','','','',0,'','',1148883119,'58.246.255.28',0,0,0,0,0,0,0,'','','','','',0,''<br />
<br />
<br />
IP Address: 58.246.255.28<br />
Location CHINA, SHANGHAI, SHANGHAI<br />
Latitude, Longitude 31.22222, 121.45806 (31°13'20"N 121°27'29"E)<br />
Connection through CHINA UNICOM SHANGHAI NETWORK<b><br /></b><br />
<br />
uglygorilla@163.com is also the registrant email of chinese social networks like renren.com, weibo.cn and tianya.cn<br />
<br />
<br />
He is a member of many chinese boards.<br />
<br />
<a href="http://bbs.chinamil.com.cn/forum/bbsui.jsp?id=(o)5681">http://bbs.chinamil.com.cn/forum/bbsui.jsp?id=(o)5681</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Z_kt1Tpxosc/UQ_wpH2nbUI/AAAAAAAAATU/Iam18ULw9qA/s1600/bbsmil.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-Z_kt1Tpxosc/UQ_wpH2nbUI/AAAAAAAAATU/Iam18ULw9qA/s400/bbsmil.png" height="207" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
<a href="http://www.verycd.com/i/1401285/" target="_blank">http://www.verycd.com/i/1401285/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rGel1GfAkt4/UQ_w19OZQeI/AAAAAAAAATc/PL37DW9aX5Q/s1600/verycd.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-rGel1GfAkt4/UQ_w19OZQeI/AAAAAAAAATc/PL37DW9aX5Q/s400/verycd.png" height="238" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
<a href="http://my.csdn.net/uglygorilla">http://my.csdn.net/uglygorilla</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-yy5guMEx9_g/UQ_w6gHhYVI/AAAAAAAAATk/Irgs-HrvqkI/s1600/csdn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-yy5guMEx9_g/UQ_w6gHhYVI/AAAAAAAAATk/Irgs-HrvqkI/s400/csdn.png" height="263" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
<a href="http://www.chinaunix.net/old_jh/52/1036982.html">http://www.chinaunix.net/old_jh/52/1036982.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-cRnK4rLJZv0/UQ_w-QQbg_I/AAAAAAAAATs/_6jHaFF3FOA/s1600/chinaunix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-cRnK4rLJZv0/UQ_w-QQbg_I/AAAAAAAAATs/_6jHaFF3FOA/s400/chinaunix.png" height="241" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
<a href="http://www.tianya.cn/19462717" rel="nofollow" target="_blank">http://www.tianya.cn/19462717</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-wjB5pdZ6L_0/USQkfTp8yAI/AAAAAAAAAZ4/k3AygwshBBY/s1600/ugly.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-wjB5pdZ6L_0/USQkfTp8yAI/AAAAAAAAAZ4/k3AygwshBBY/s1600/ugly.png" height="206" width="400" /></a></div>
<br />
<br />
<a href="http://bbs.sjtu.edu.cn/bbsanc?path=/groups/GROUP_0/message/D4EFC2634/D7AC8E3A8/G.1092960050.A" target="_blank">http://bbs.sjtu.edu.cn/bbsanc?path=%2Fgroups%2FGROUP_0%2Fmessage%2FD4EFC2634%2FD7AC8E3A8%2FG.1092960050.A</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-ldJHrQ47_NQ/UQ_xDiLvJLI/AAAAAAAAAT0/GHSow5qM74A/s1600/uglysjtu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ldJHrQ47_NQ/UQ_xDiLvJLI/AAAAAAAAAT0/GHSow5qM74A/s400/uglysjtu.png" height="267" width="400" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
uglygorilla (uglygorilla) on station 2 times, net age [ 17 ] days [ Leo ]<br />
Last: [ August 3, 2004 10:23:38 Tuesday ] from [ 210.22.114.46 ] to the site a visit.<br />
<br />
IP Address: 210.22.114.46<br />
Location CHINA, SHANGHAI, SHANGHAI<br />
Latitude, Longitude 31.22222, 121.45806 (31°13'20"N 121°27'29"E)<br />
<br />
He appears to be a student of Shanghai Jiotang University (SJTU) in 2004<br />
<br />
<div style="text-align: left;">
Previous Posts</div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<a href="http://cyb3rsleuth.blogspot.co.uk/2012/03/chinese-threat-actor-part-3.html">http://cyb3rsleuth.blogspot.com.au/2012/03/chinese-threat-actor-part-3.html</a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<a href="http://cyb3rsleuth.blogspot.co.uk/2012/02/chinese-threat-actor-part-2.html">http://cyb3rsleuth.blogspot.com.au/2012/02/chinese-threat-actor-part-2.html</a></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-24355247222891659282012-09-20T06:37:00.001+01:002012-09-20T06:37:39.342+01:00Ulocker CrimewareCross posted from Russian Cyber Criminal Forum<br /><br /> English translation @Sherb1n<br />
<br />
Seller - xfrzx<br /><br />Ulocker is EU traffic monetization software. It accepts payments through Ukash and Psc vouchers for €50 or €100.<br />
<br />
As of today, it supports AT,CH,CY,DE,ES,FI,FR,GR,IT,NL,PL,PT,RO,SE. You are able to add and modify the number of languages.<br /><br />Details:<br /><br />1. Size: ~22KB uncompressed.<br />2. Kills MSCONFIG.exe, regedit.exe, regedit32.exe, CMD.exe, taskmgr.exe.<br />3. Accepts Ukash and Psc.<br />4. Hides Start menu and taskbar.<br />5. Blocks system keys.<br />6. Can modify text remotely.<br /> 7. Does not turn on if there's no internet connection (optional).<br />8. Launches on startup.<br />9. Disables Safe mode (XP)<br />10. Always on top.<br />11. Stays up after entry.<br />12. It's easy to add new languages to work with additional countries (!)<br /><br />Server component:<br /><br />Option 1: No panel, writes to file: date || ip || ukash || amount || country. The same for Psc. Responses are written to file.<br />Option 2: Simple panel, displays vouchers (ukash, psc), displays responses. Requires Php+MySql.<br /> Responses are replies from the infected machines, not necessarily unique ones.<br /><br />Price:<br /><br />For the first 3 buyers: $250. 0/3.<br />The price does not depend on the server component.<br /><br />The buyer receives:<br /><br /> 1. Consultation at the time of purchase.<br />2. Minor updates for free.<br />3. You do your own encryption.<br />4. Help adding new language modules. Not creating, only adding. I'll show you how, it's very simple.<br />5. Don't have the builder yet (!). Free rebuilds.<br /> 6. Vouchers are not checked for validity. Checking services can be added if available.<br /><br />You're prohibited from:<br /><br />1. Uploading the build to public AV checkers.<br />2. Making this software available to others.<br /><br />Violators will get banned without a refund.<br /><br />Original<br />
<br />Seller - xfrzx<br /><br />Ulocker - софт для монетизации евро загрузок.В качестве оплаты принимает Ukash,Psc ваучеры по 50,100 евро.<br />На данный момент AT,CH,CY,DE,ES,FI,FR,GR,IT,NL,PL,PT,RO,SE . Вы сможете добалять и изменять количество языков.<br /><br />Детали:<br /><br />1.Вес ~22кб без сжатия<br />2.Убивает MSCONFIG.exe, regedit.exe, regedt32.exe, CMD.exe, taskmgr.exe<br />3.Принимает Ukash,Psc.<br />4.Скрывает пуск и панель.<br />5.Блокирует системные клавиши.<br />6.Возможность удалённо менять текст.<br />7.Не включается при отключенном интернет(Опционально).<br />8.Автозагрузка.<br />9. Отлючение Безопасного режима(хп)<br />10.Висит поверх всех окон.<br />11.После ввода не снимается.<br />12. Возможность быстро и удобно добавлять свои языки для работы с конкретными странами(!)<br /><br />Серверная часть:<br /><br />1й вариант - без панели пишет в файл дата || ip || ukash || номинал || страна .C psc аналогично.Пишет отклики в файл.<br />2й вариант - простенькая панель ,вывод ваучеров(ukash,psc) ,вывод откликов.Необходимо Php+MySql.<br />Отклик - отстук зараженной машины,не обязательно уникальный.<br /><br />Цена: <br /><br />Первым 3 покупателям - 250$ 0/3 .<br />Цена не зависит от варианта серверной части.<br /><br />Покупателю:<br /><br />1. Консультации при покупке.<br />2. Мелкие апдейты бесплатно.<br />3. Крипт лежит на вас.<br />4. Помощь в добавлении языков для работы локера. Не создании,а добавлении.На примере,очень просто.<br />5. Билдера пока нет(!).Ребилд бесплатно.<br />6. На валид ваучеры не чекаются.Если есть сервисы для чека,можно добавить.<br /><br />Запрещено:<br /><br />1. Сливать билд на паблик чекеры АВ.<br />2. Выкладывать софт.<br /><br />При нарушении в бан,без возврата средств.<br /><br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-58617687818581080862012-09-20T06:33:00.003+01:002012-09-20T06:33:56.942+01:00Upas RootkitCross posted from Russian Cyber Criminal Forum<br />
<br />
English translation @Sherb1n<br />
<br />
Seller - Auroras<br /><br /><strong>Upas Kit 1.0.0.0</strong><br /><br />Description:<br /><br />Upas is a modular http bot created for a single purpose - eliminating your headache. It's an advanced Ring3 rootkit that has something in common with SpyEye and Zeus. As a result, it's installed "silently", without triggering AV. As of today, it works on the following Windows versions: XP, Vista, 7 (Seven), Server 2003, server 2008. It's also "compatible" with all the service packs.<br /><br />In its current version the rootkit can be injected into any 32-bit process. Written in C++.<br /><br />By default, the kernel comes with the following modules (additional modules sold separately):<br /><br />Rootkit<br />Download/Execute<br />Update<br />AntiRuskill<br />HTTP Panel<br />Antis<br /><br />The following modules are sold separately:<br /><br />USB spreader (lnk/autorun)<br />Botkiller<br />Form Grabber (IE, FF, Chrome)<br />FTP Grabber<br />Flooders Package - SYN/Slowloris/UDP<br />DNS Hook<br />Visit (hidden, show)<br />Ruskill<br />Post Spreaders<br /><br />Prices, as of 6/14/2012:<br /><br />Kernel $1000<br />Usb Spreader $200<br />Form Grabber $1000<br />Recompile with the same data $10<br />Recompile with different data (if your DNS is blacklisted or blocked) $50<br /><br />The prices may seem a bit infated, but if you consider the conversion rate and how effective this kit is, the price is right.<br /><br />Panel features:<br /><br />GeoIP (Maxmind)<br />IP block when the gate receives a response from anything but a bot<br />IP block when the input data is brute-forced<br />Add/Remove/Manage users<br />Installs log<br />Scan2you scanner for checking files, exploits, IPs, domains, etc. through web requests.<br />Detailed stats using Google Chart Tools<br />CAPTCHA at login, to prevent password brute-forcing<br />Easy way to add/remove jobs with parameters<br />Pre-populated list of sites for grabbing, ability to modify websites grabbed by Form Grabber<br />Per-country commands<br /> Simple installer<br />English and Russian interface<br /><br />Special features:<br /><br />Antis file analysis protection<br />Decent sized stub<br />Easily cryptable<br />Unlimited domains. If a domain is unavailable, the bot tries the next one.<br /> Ability to specify subdomains the responses will be sent to.<br /><br />Disclaimer:<br /><br />Upas Kit was created for penetration testing of personal and business information systems.<br />Upas Kit has never been and cannot be used to commit cybercrimes.<br />By purchasing this software you agree to not break the laws of the Russian Federation and other countries.<br />By purchasing this product you agree to use it at your own risk. Before installing this software on anyone's computer, you need to ask for that person's permission.<br /><br />
<br />
Original<br /><br />Seller - Auroras<br /><br />Upas Kit 1.0.0.0<br /><br />Описание:<br /><br />Upas - это модульный http бот, который был создан с единственной целью - избавить вас от головной боли. Это продвинутый ring3 руткит, имеющий что-то общее со SpyEye и Zeus. Таким образом установка происходит "тихо" без опознования антивирусами. В данный момент он работает на следующих версиях Windows: XP, Vista, 7 (Seven), Server 2003, Server 2008. Помимо этого "совместим" и со всеми сервис паками.<br />В текущей версии руткит внедряется во всех 32-х битные процессы. Приложение написано на С++.<br /><br />По умолчанию ядро поставляется со следующими модулями (дополнительные покупаются отдельно)<br /><br />Rootkit<br />Download/Execute<br />Update<br />AntiRuskill<br />HTTP Panel<br />Antis<br /><br />Список модулей, которые можно приобрести отдельно:<br /><br />Usb spreader (lnk/autorun)<br />Botkiller<br />Form Grabber (IE,FF,Chrome)<br />FTP Grabber<br />Flooders Package - SYN/Slowloris/UDP<br />DNS Hook<br />Visit (hidden, show)<br />Ruskill<br />Post Spreaders<br /><br />Цены актуальные 6/14/2012 числа:<br /><br />Ядро $1000<br />Usb Spreader $200<br />FormGrabber $1000<br />Перекомпиляция на те же данные $10<br />Перекомпиляция с вводом других данных (если DNS попали в лист, либо заблокировали) $50<br /><br />Цены могут показатся завышенными, однако, если прикинуть степень монетизация и эффективности данного софта цена становится обоснованной.<br /><br />Возможности панели:<br /><br />Geoip от maxmind<br />Блокировка IP если отстук на гейт пришел не от бота<br />Блокировка IP в случае брута данных входа<br />Добавление/Удаление/Управление пользователя<br />Журнал загрузок<br />Сканнер Scan2you, использующий веб-запросы для сканирования файлов, эксплойтов, IP, доменов и т.д.<br />Детальная статистика с использованием Google Chart Tools<br />Капча при входе в панель для усложнения процесса подбора пароля<br />Простое и удобнное добавление/удаление задач с параметрами<br />Готовый список сайтов для грабинга, возможность изменения сайтов сграбленных Форм граббером (Form Grabber)<br />Отправка команда по странам<br />Простой установщик<br />Английский и русский языки<br /><br />Особенности бота:<br /><br />Antis защита для предовтращения от анализа вашего файла<br />Decent sized stub<br />Easily cryptable<br />Легко шифруем<br />Неограниченное число доменов. Отстук идет по доменам, в случае неудачи берется следующий.<br />Возможность отстука для произвольный поддомен<br /><br /><br />Отказ от отвественности:<br /><br />ПО Upas Kit было создано для выявления уязвимостей в информационных системах как частных лиц, так и огранизаций.<br />Upas Kit никогда не использовался для совершения кибер преступлений и таковым быть не может.<br />Покупая данный продукт вы соглашаетесь не нарушать законы Российской Федерации и других стран. <br />Покупая данный продукт вы используете его на свой страх и риск. Перед загрузкой приложения на ПК пользователя вы должны получить его согласие.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-44567219490938301852012-06-10T14:01:00.002+01:002012-06-10T14:02:00.239+01:00Spam ServiceProvider - avigdottir<br />
<br />
Cross posted from Russian cyber criminal forum<br />
<br />
English translation by @Sherb1n<br />
<br />
<b>Spam Campaigns</b><br />
<br />
The service is designed to provide clicks for your link, including the option of using our intermediary redirect shells.<br />
<br />
Our campaign most often results in a visitor coming to your site/page/affiliate page.<br />
<br />
We can spam different links, automatically pulling them from your URL every minute.<br />
<br />
This rules out the loss of traffic due to obsolete URLs and other similar problems.<br />
<br />
We provide traffic stats (this feature is complimentary when you order our redirect shells).<br />
<br />
Inbox rate for Gmail is over 90%. The rate varies for other services, but is considerably higher than Gmail's. If you have a specific request, run it by our support before starting the campaign.<br />
<br />
Distribution speed: 1 million/20 minutes.<br />
<br />
We can also help you pick a template (with randomization) for a theme-based campaign.<br />
<br />
Prices:<br />
<br />
$150 for 1 million goods, your spam base<br />
$200 for 1 million goods, your DB, your link, through our redirect shells (with URL auto-update)<br />
<br />
Minimum order: 1 million (anything under that goes at the price of a minimum order).<br />
<br />
We can provide our own spam DBs in certain cases, but the price will increase substantially.<br />
<br />
Typically, we prefer to use your bases. After spamming, they are permanently deleted.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-52092350311733899272012-03-19T17:25:00.004+00:002012-03-19T18:06:10.298+00:00Citadel 1.3Citadel Zeus Bot is under active development and new version 1.3.3 is released by its coder Aquabox.<br />
<br />
The author post is directly copied from underground forum and translated to english for your convenience. Thanks to @Sherb1n.<br />
<b><br /></b><br />
<b>Citadel v1.3.3.0 Spring Edition!</b><br />
<br />
It's springtime, a time when everything changes and functionality goes into full bloom. Pimp out your ride for the summer!<br />
<br />
Our product has become quite unique, so we're going to give an overview of all the features you can start using right away to get even more profit out of the new version:<br />
<br />
1) Admin control panel has a new section, "Performance and Security", which has been integrated with the scan4you service; now you can run AV detection checks for all of your exe builds with a single click, right from the Citadel control panel. You can also set up automated daily scans, so that if one of your files gets burned by more than 3 AVs, you'll receive an instant Jabber notification and will be able to replace the exe right away. Now that this task is automated, you can feel free to be lazy!<br />
<br />
2) Some customers complained that only 40% of their bots were getting updated to the new exe versions, while the rest were failing to update for an unknown reason. Indeed, that turned out to be a bug from the old ZeuS times; we did some research and fixed it. Now config has a new parameter: timer_autoupdate 8, which sets how often (in hours) the bot will download and restart the exe from the server (RC4 key should match). 80% of bots are now successfully updating; go ahead, encrypt and re-upload your exe, with the uptime improved by 37.1%, your bots will have the freshest and cleanest builds.<br />
<br />
3) Server reporting system has been rewritten. In previous versions, every report generated a separate POST request to the gate; in the new schema, reports are sent in batches. This reduces the number of open sessions and minimizes the server load, allowing the server to support a larger number of bots online.<br />
<br />
4) Video recording format has been changed to .webm (HTML5); an online video player has been built into the Citadel control panel, and now you can watch the videos right in your browser (Opera is recommended). Features: rewind, fast-forward / full-screen / search for videos by BotID, IP address, date.<br />
But that's not all, we didn't stop there: many of you are using AT (and it's about time everyone else started using it to develop this industry collectively), and personal admin servers for your injects/account collections, etc. Wouldn't you like to watch videos of how well your auto-transfers and injections work, right from your admin panel on that server? That's easy! We've created an API system for this: just send your BotID or IP address to the script, and the API will send back an HTML embed code for all the videos uploaded by that bot. You can embed and watch this video wherever you want, even on narod.ru, without having to visit the Citadel server.<br />
<br />
5) An improved system command (CMDList) analyzer/parser has been added to the admin panel. Now you can use the new table layout to view the output of system commands like ipconfig, the list of machines on the local network, the list of running processes, etc.<br />
<br />
6) Now, upon installation, the bot will automatically send to the server a one-time report with the following information: installed firewalls, installed AV products, installed programs. <br />
This information can be viewed for each bot separately, or for the entire botnet. We've created a new admin panel section where you can see all these stats, visual graphs and calculations. Now you know who you're up against.<br />
<br />
7) "Favorite logs" - this new feature allows you to mark any account (or report) of interest when searching for data in admin; the accounts will be highlighted, and you can easily find them later.<br />
<br />
8) A new "CardSwipe" module has been developed. It can grab card numbers and dumps out of HTTPS/WinSocket traffic and send them as a separate report.<br />
The module uses LUHN10 algorithm to analyze traffic. Margin of error - 25%.<br />
Price: $250 LR.<br />
<br />
9) Injects are now compatible with UTF-8, and can be customized for any language (Japanese, Chinese, etc.)<br />
<br />
10) Want to find new clients or business partners in your line of work? Consider placing your banner ad with the Citadel CRM.<br />
Number of ad spaces: only 3 (234x60), two are still available; we only accept ads for relevant vendors and services (installs, encryption, traffic, etc., business partner search). Contact support through Jabber for a price quote.<br />
<br />
As always, this update is free for our current clients. Place your requests through Jabber or CRM. (The update kits will be delivered on March 15, at 11:30PM).<br />
<br />
New clients will receive a discount when buying the full package!<br />
<br />
<b>Citadel V 1.1</b><br />
<br />
<a href="http://cyb3rsleuth.blogspot.co.uk/2012/01/citadel-zeus-bot.html">http://cyb3rsleuth.blogspot.co.uk/2012/01/citadel-zeus-bot.html</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-27562452863642198362012-03-02T03:45:00.013+00:002013-02-19T17:23:24.187+00:00Chinese Threat Actor Part 3<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-zCQp_CKKIWM/USHhebTYKoI/AAAAAAAAAXY/0I4j7bowrW0/s1600/zhangqq1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<b>Sin Digoo Identified</b><br />
<br />
<div class="separator" style="clear: both; text-align: left;">
Another email mentioned in <a href="http://www.secureworks.com/research/threats/sindigoo/" target="_blank">Joe's blog</a> was jeno_1980@hotmail.com which is linked to xxgchappy@vip.sina.com</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyGxTdereppbjYzl1ghRP6FKB-NM6o3afVMIP7TTRejgmZ9fs9JfyldXPyctzHNXoEX176St9XpplN0Z8mQO1clHPr_buemfV4BfOWiGOwK7KFrMVCBL4gSqvvs3dHIYhLEVRZBrt9fyU7/s1600/mindmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgyGxTdereppbjYzl1ghRP6FKB-NM6o3afVMIP7TTRejgmZ9fs9JfyldXPyctzHNXoEX176St9XpplN0Z8mQO1clHPr_buemfV4BfOWiGOwK7KFrMVCBL4gSqvvs3dHIYhLEVRZBrt9fyU7/s640/mindmap.png" height="462" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-r4coD-ztSAA/USHVdzVOzcI/AAAAAAAAAXI/XeOCsU3McOY/s1600/domains.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-r4coD-ztSAA/USHVdzVOzcI/AAAAAAAAAXI/XeOCsU3McOY/s1600/domains.png" height="571" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Espionage Domains</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Malware reported on umu1.echosky.biz</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.threatexpert.com/report.aspx?md5=3d10e68dec16b1a4bf949e3e403f2dda" target="_blank">http://www.threatexpert.com/report.aspx?md5=3d10e68dec16b1a4bf949e3e403f2dda</a> </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Malware reported on www.dellpc.us - December 2007</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.threatexpert.com/report.aspx?md5=9419edc58c2b46a2af81b55387290883">http://www.threatexpert.com/report.aspx?md5=9419edc58c2b46a2af81b55387290883</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>BlackHat Domains</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Archive on socialup.net reveals ICQ info of Jeno aka Tawnya aka xxgchappy<br />
<br />
<a href="http://web.archive.org/web/20100106025256/http://www.socialup.net/contacts.php">http://web.archive.org/web/20100106025256/http://www.socialup.net/contacts.php</a><br />
<br />
ICQ 567950703<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/--VciJRjBN5Q/T0_yS1DAvdI/AAAAAAAAAP4/GD6DeRtQeHE/s1600/social1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/--VciJRjBN5Q/T0_yS1DAvdI/AAAAAAAAAP4/GD6DeRtQeHE/s640/social1.png" height="420" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The ICQ search leads to a blackhatworld profile with handle "xxgchappy" and a domain makewithmoney.com</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Domain name: makewithmoney.com</div>
<br />
Creation date: 18 Nov 2009 02:17:06<br />
<br />
Expiration date: 18 Nov 2010 02:17:06<br />
<br />
Registrant Contact:<br />
personal<br />
eric charles ()<br />
<br />
Fax: <br />
Santa Cruz 1156 High Street<br />
california, california 95064<br />
US<br />
<br />
Administrative Contact:<br />
personal<br />
eric charles<b> (jeno_1980@hotmail.com)</b><br />
+1.831459019<br />
Fax: +1.831459019<br />
Santa Cruz 1156 High Street<br />
california, california 95064<br />
US<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://web.archive.org/web/20100530075046/http://makewithmoney.com/">http://web.archive.org/web/20100530075046/http://makewithmoney.com/</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-HLwKn3l6z4Q/T0_yaWOiGEI/AAAAAAAAAQI/C3AWACXYR-c/s1600/makemoney.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-HLwKn3l6z4Q/T0_yaWOiGEI/AAAAAAAAAQI/C3AWACXYR-c/s640/makemoney.png" height="312" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Twitter<br />
<br />
<a href="https://twitter.com/leedoctor">https://twitter.com/leedoctor</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-L_rSS654kNk/UMPrWoRc77I/AAAAAAAAASg/Pw5gk15Mkvg/s1600/leedoctor.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-L_rSS654kNk/UMPrWoRc77I/AAAAAAAAASg/Pw5gk15Mkvg/s400/leedoctor.png" height="226" width="400" /></a></div>
<br />
<br />
<br />
<a href="http://www.blackhatworld.com/blackhat-seo/members/73099-xxgchappy.html">http://www.blackhatworld.com/blackhat-seo/members/73099-xxgchappy.html</a><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-_Jynp0S09qY/T0_yXGSU73I/AAAAAAAAAQA/jRqLYv3Ay58/s1600/black1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-_Jynp0S09qY/T0_yXGSU73I/AAAAAAAAAQA/jRqLYv3Ay58/s640/black1.png" height="506" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<a href="http://www.v7n.com/forums/social-networking/161752-wts-cheap-digg-service-0-1-per-digg.html">http://www.v7n.com/forums/social-networking/161752-wts-cheap-digg-service-0-1-per-digg.html</a><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
Jeno promoted his socialup.net in chinese forums</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://bbs.admin5.com/thread-3384331-1-1.html">http://bbs.admin5.com/thread-3384331-1-1.html</a></div>
<br />
<a href="http://1.bp.blogspot.com/-38hvxaI5fPs/T0_zLIAUMGI/AAAAAAAAAQg/CL7U_DBFaa8/s1600/jeno.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-38hvxaI5fPs/T0_zLIAUMGI/AAAAAAAAAQg/CL7U_DBFaa8/s640/jeno.png" height="424" width="640" /></a><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Profile - <a href="http://bbs.admin5.com/space-uid-97762.html">http://bbs.admin5.com/space-uid-97762.html</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The profile mentions www.hnsj.org as his website</div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-TjOCnnh2qM4/UMPtRUAns0I/AAAAAAAAAS4/OMk_1PIVFcs/s1600/bbs.admin5.com.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-TjOCnnh2qM4/UMPtRUAns0I/AAAAAAAAAS4/OMk_1PIVFcs/s400/bbs.admin5.com.png" height="288" width="400" /></a></div>
<br />
<br />
<br />
Whois record of hnsj.org<br />
<br />
Domain ID:D155737903-LROR<br />
<b>Domain Name:HNSJ.ORG</b><br />
Created On:27-Mar-2009 10:10:58 UTC<br />
Last Updated On:04-Apr-2010 05:17:20 UTC<br />
Expiration Date:27-Mar-2011 10:10:58 UTC<br />
Sponsoring Registrar:eNom, Inc. (R39-LROR)<br />
Status:OK<br />
Registrant ID:f1f613654acc4737<br />
<b>Registrant Name:eric charles</b><br />
Registrant Organization:personal<br />
Registrant Street1:Santa Cruz 1156 High Street<br />
Registrant Street2:<br />
Registrant Street3:<br />
Registrant City:california<br />
Registrant State/Province:State<br />
Registrant Postal Code:95064<br />
Registrant Country:YE<br />
Registrant Phone:+1.831459019<br />
Registrant Phone Ext.:<br />
Registrant FAX:+1.831459019<br />
Registrant FAX Ext.:<br />
Registrant Email:<b>jeno_1980@hotmail.com</b><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Personal Domains</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
Search on hnsj.org revealed some interesting information. The domain is related to mobile phone sales and the name of the company is Henan Mobile Network.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-xSLIuHY3ObQ/UMPrufsgkAI/AAAAAAAAASo/cRS_nS3rKQ0/s1600/hnsj.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-xSLIuHY3ObQ/UMPrufsgkAI/AAAAAAAAASo/cRS_nS3rKQ0/s400/hnsj.png" height="333" width="400" /></a></div>
<br />
<br />
<b><br /></b>
<b>Archive</b><br />
<br />
<a href="http://web.archive.org/web/20100109050932/http://www.hnsj.org/article.php?id=4">http://web.archive.org/web/20100109050932/http://www.hnsj.org/article.php?id=4</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-2pXIujUr2Us/URftWZwFRCI/AAAAAAAAAVA/K_o4XN4MiJE/s1600/hnsj.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-2pXIujUr2Us/URftWZwFRCI/AAAAAAAAAVA/K_o4XN4MiJE/s1600/hnsj.png" height="317" width="400" /></a></div>
<br />
<br />
QQ number <b>55356626 </b>is posted as contact on HNSJ.ORG<br />
<br />
<br />
<br />
xxgchappy promoted hnsj.org on his baidu blog<br />
<br />
<a href="http://hi.baidu.com/%BA%D3%C4%CF%CA%D6%BB%FA%CD%F8/home">http://hi.baidu.com/%BA%D3%C4%CF%CA%D6%BB%FA%CD%F8/home</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-pp_405MTqTY/T1A-mtFdd0I/AAAAAAAAARs/39YJ3NBXYGs/s1600/baidu3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-pp_405MTqTY/T1A-mtFdd0I/AAAAAAAAARs/39YJ3NBXYGs/s640/baidu3.png" height="508" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />
<br />
His baidu profile mentions further details<br />
<br />
<a href="http://passport.baidu.com/?business&aid=6&un=xxgchappy#0">http://passport.baidu.com/?business&aid=6&un=xxgchappy#0</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-82WXvHSuhjg/T1A-q1vTd_I/AAAAAAAAAR0/YKhvW-WO0X8/s1600/baidu.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-82WXvHSuhjg/T1A-q1vTd_I/AAAAAAAAAR0/YKhvW-WO0X8/s640/baidu.png" height="480" width="640" /></a></div>
<br />
Further search reveals other QQ and Phone contacts<br />
<br />
<a href="http://bbs.shangdu.com/t/20080831/01004001126/126-1.htm">http://bbs.shangdu.com/t/20080831/01004001126/126-1.htm</a><br />
<br />
2008 post<br />
<br />
慧慧数码旗舰店<br />
<br />
http://shop36037986.taobao.com ( Shop doesn't exist now)<br />
<br />
各种智能手机专卖<br />
淘宝名店 钻石信誉 全国热卖<br />
保原装 非原装赔偿精神损失50.全额退款。<br />
百脑汇2楼2b16<br />
<span style="color: red;"><b>QQ:55356626</b></span><br />
旺旺:慧慧数码旗舰店<br />
<b><span style="color: red;">13949001667</span></b><br />
我们的专业,值得信赖。<br />
<br />
Phone number 13949001667 (mobile GSM card) is part of Zhengzhou City, Henan Province and name mentioned here is Zhang<br />
<br />
<a href="http://www.hahait.com/h41328">http://www.hahait.com/h41328</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rywYgeeMcNQ/UMPr5CQFlbI/AAAAAAAAASw/_qLTHfbCwSU/s1600/haihatqq.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-rywYgeeMcNQ/UMPr5CQFlbI/AAAAAAAAASw/_qLTHfbCwSU/s400/haihatqq.png" height="306" width="400" /></a></div>
<br />
<br />
<table style="-webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; color: #103a86; font-family: Arial; font-size: 12.800000190734863px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;"><tbody>
<tr><td align="right" width="100"><b><span class="goog-text-highlight" style="-webkit-box-shadow: rgb(153, 153, 170) 2px 2px 4px; background-color: #c9d7f1; box-shadow: rgb(153, 153, 170) 2px 2px 4px; box-sizing: border-box; position: relative;">Company Name:</span></b></td><td>Henan phone network<span class="Apple-converted-space"> </span></td></tr>
<tr><td align="right"><b>Tel:</b></td><td>0371-66900779</td></tr>
<tr><td align="right"><b>Company Address:</b></td><td>Longhai Road, No. 188 Central Plains Communications Digital City A420</td></tr>
<tr><td align="right"><b><span style="color: red;">Contact:</span></b></td><td><b><span style="color: red;">Mr. Zhang</span></b></td></tr>
<tr><td align="right"><b>Fax:</b></td><td><br /></td></tr>
<tr><td align="right"><b>E-mail:</b></td><td><br /></td></tr>
<tr><td align="right"><b>Company QQ:</b></td><td><a href="http://wpa.qq.com/msgrd?v=3&uin=878972156&site=qq&menu=yes" style="background-color: white; background-position: initial initial; background-repeat: initial initial; color: black; text-decoration: initial;" target="blank"><img alt="Click to chat" border="0" src="http://www.hahait.com/img/qq.gif" />878,972,156<span class="Apple-converted-space"> </span></a> <a href="http://wpa.qq.com/msgrd?v=3&uin=390363752&site=qq&menu=yes" style="background-color: white; background-position: initial initial; background-repeat: initial initial; color: black; text-decoration: initial;" target="blank"><img alt="Click to chat" border="0" src="http://www.hahait.com/img/qq.gif" />390,363,752<span class="Apple-converted-space"> </span></a> <a href="http://wpa.qq.com/msgrd?v=3&uin=55356626&site=qq&menu=yes" style="background-color: white; background-position: initial initial; background-repeat: initial initial; color: black; text-decoration: initial;" target="blank"><img alt="Click to chat" border="0" src="http://www.hahait.com/img/qq.gif" />55,356,626</a> </td></tr>
<tr><td align="right"><b>Website:</b></td><td><a href="http://www.hahait.com/41328" style="color: #103a86; text-decoration: initial;" target="_blank">http://www.hahait.com/41328</a></td></tr>
<tr><td align="right"><b>Scope of business:</b></td><td>Phone Samsung LG Nokia </td></tr>
</tbody></table>
<br />
QQ 878972156<br />
<br />
QQ 390363752<br />
<br />
QQ 55356626<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
The QQ number is linked to a post on a car forum dated 2005<br />
<br />
<a href="http://www.xcar.com.cn/bbs/viewthread.php?tid=6300657">http://www.xcar.com.cn/bbs/viewthread.php?tid=6300657</a><br />
<br />
<a href="http://www.xcar.com.cn/bbs/viewthread.php?tid=1576356">http://www.xcar.com.cn/bbs/viewthread.php?tid=1576356</a><br />
<br />
爱 卡 I D:Jeno<br />
小狮子 1。6 xmt<br />
车牌 豫ADB922<br />
手机号 13513899779<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<b>Whois Record- XIUXING.INFO</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Domain ID:D13719670-LRMS</div>
<b>Domain Name:XIUXING.INFO<br />Created On:09-Jun-2006 06:16:29 UTC</b><br />
Last Updated On:29-May-2007 01:13:12 UTC<br />
Expiration Date:09-Jun-2009 06:16:29 UTC<br />
Sponsoring Registrar:eNom, Inc. (R126-LRMS)<br />
Status:OK<br />
Registrant ID:49A2353365A0954B<br />
<b>Registrant Name:tawnya grilth</b><br />
Registrant Organization:i-tobuy.com<br />
Registrant Street1:po box 211<br />
Registrant Street2:<br />
Registrant Street3:<br />
Registrant City:sin digoo<br />
Registrant State/Province:ca<br />
Registrant Postal Code:92101<br />
Registrant Country:US<br />
Registrant Phone:+1.818926523<br />
Registrant Phone Ext.:<br />
Registrant FAX:<br />
Registrant FAX Ext.:<br />
<b>Registrant Email:jeno_1980@hotmail.com</b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<b>xiuxing.info</b> is a forum related to Buddhism.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/--ndBhOFqMl8/UMPtqR1GzTI/AAAAAAAAATA/r1jROF8axWQ/s1600/www.xiuxing.info.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/--ndBhOFqMl8/UMPtqR1GzTI/AAAAAAAAATA/r1jROF8axWQ/s400/www.xiuxing.info.png" height="236" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Jeno mentions his buddhism website on his profile along the same QQ number used in HNSJ.org</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-Q4ya9lW0Gfg/URl_lB_1tKI/AAAAAAAAAVQ/2F2AIjPgsd8/s1600/undercurrent1.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Q4ya9lW0Gfg/URl_lB_1tKI/AAAAAAAAAVQ/2F2AIjPgsd8/s1600/undercurrent1.png" height="190" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-NR4KXPlZnlY/URl_s_nrSbI/AAAAAAAAAVY/vDel_2hrenk/s1600/undercurrent2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-NR4KXPlZnlY/URl_s_nrSbI/AAAAAAAAAVY/vDel_2hrenk/s1600/undercurrent2.png" height="258" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />
<br />
<b>Tawyna Grilth aka Eric Charles aka xxgchappy aka Jeno aka undercurrent</b><br />
<b><br /></b>
<br />
<b>Personal Details</b><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<b>QQ number 55356626 Profile</b><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-B0u7mmdwA6U/T1A5zqNST9I/AAAAAAAAAQ4/M6mj2rrKxNA/s1600/xxgcqq.PNG" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-B0u7mmdwA6U/T1A5zqNST9I/AAAAAAAAAQ4/M6mj2rrKxNA/s640/xxgcqq.PNG" height="424" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<b>The personal email "xxgchappy@vip.sina.com" is also mentioned on a Shellcode article written by Jeno at Xfocus, a famous chinese hacking forum dated 2003.</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://www.xfocus.net/articles/200308/604.html">http://www.xfocus.net/articles/200308/604.html</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<img border="0" src="http://1.bp.blogspot.com/-CE8dwxkmDFs/T08MVmn7pwI/AAAAAAAAAPI/mFOSdHR3TzU/s640/xfocus.png" height="488" width="640" /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
转自:http://www.xfocus.net<br />
创建时间:2003-08-31<br />
文章属性:原创<br />
文章提交:<b>jeno (xxgchappy_at_vip.sina.com)</b><br />
<br />
作者:jeno<br />
Email: jeno@vip.371.net<br />
Time: 2003-8-31<br />
<br />
<b>Xfocus Profile</b><br />
<br />
<a href="https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=35525">https://www.xfocus.net/bbs/index.php?lang=cn&act=Profile&do=03&MID=35525</a><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-AMCUo2TlgD8/T08MwuZ0ROI/AAAAAAAAAPU/Zv-UZa73jHI/s1600/xfocus2.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-AMCUo2TlgD8/T08MwuZ0ROI/AAAAAAAAAPU/Zv-UZa73jHI/s640/xfocus2.png" height="376" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
DOB 1980-10-1</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
The name Jeno and DOB 1980 makes the email Jeno_1980@hotmail.com which is used as registrant email.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Kaixin001 Chinese Social Network </b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
xxgchappy@vip.sina.com is the registrant email of chinese social network Kaixin001.<br />
<br />
<a href="http://www.kaixin001.com/home/17206761.html">http://www.kaixin001.com/home/17206761.html</a><br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-RiPj9as6cDg/T08MzfiyqBI/AAAAAAAAAPc/y2Q_3YTZ-OM/s1600/xxgchappy.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-RiPj9as6cDg/T08MzfiyqBI/AAAAAAAAAPc/y2Q_3YTZ-OM/s640/xxgchappy.png" height="318" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<b>Personal details mentioned on Kaixin profile.</b><br />
<br />
Name - 张长河 Zhang Chang<b>-</b>he<br />
<br />
Living in Zhengzhou, Henan Province, China.<br />
<span style="color: red;"><b><br /></b></span>
<span style="color: red;"><b><br /></b></span>
<span style="color: red;"><b>QQ number 55356626 leads to a personal blog revealing his pic</b></span><br />
<br />
<a href="http://55356626.qzone.qq.com/">http://55356626.qzone.qq.com</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-zCQp_CKKIWM/USHhebTYKoI/AAAAAAAAAXY/0I4j7bowrW0/s1600/zhangqq1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-zCQp_CKKIWM/USHhebTYKoI/AAAAAAAAAXY/0I4j7bowrW0/s1600/zhangqq1.png" height="230" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-dSvqN8lkXOE/T1BlIL9ACtI/AAAAAAAAASM/WVd9xjyIBck/s1600/zhangsingle.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><br /></a></div>
<br />
<b>Conclusion</b><br />
<br />
Jeno registered all the domains associated with espionage and considering his xfocus and rootkit.com profile we can zero on Jeno or he is some way associated with the group.<b></b><br />
<b><br /></b>
<b> </b><br />
<b>Update 16 Feb 2013</b><br />
<b><br /></b>
<b><a href="http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked">http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked</a></b><br />
<br />
<br />
<b></b>
<b>Journals published by Zhang Chang-he (2005-2011)</b><br />
<b><br /></b>
<a href="http://www.cnki.net/KCMS/detail/search.aspx?dbcode=CJFQ&sfield=au&skey=%E5%BC%A0%E9%95%BF%E6%B2%B3&code=22840348;20139954;21141875;">http://www.cnki.net/KCMS/detail/search.aspx?dbcode=CJFQ&sfield=au&skey=%E5%BC%A0%E9%95%BF%E6%B2%B3&code=22840348;20139954;21141875;</a><b></b><br />
<b><br /></b>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-k8TciaeCh9k/UR9JBWXMVAI/AAAAAAAAAW4/5_t_dIgGFVk/s1600/zhangjournals.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-k8TciaeCh9k/UR9JBWXMVAI/AAAAAAAAAW4/5_t_dIgGFVk/s1600/zhangjournals.png" height="208" width="400" /></a></div>
<b><br /></b>
<br />
<b>Windows Rootkit</b><br />
<br />
<a href="http://www.cnki.net/KCMS/detail/detail.aspx?QueryID=5&CurRec=2&recid=&filename=XXGC200702023&dbname=cjfd2007&dbcode=CJFQ&pr=&urlid=&yx=">http://www.cnki.net/KCMS/detail/detail.aspx?QueryID=5&CurRec=2&recid=&filename=<span style="color: red;">XXGC200702023</span>&dbname=cjfd2007&dbcode=CJFQ&pr=&urlid=&yx=</a> <br />
<br />
<a href="http://www.docin.com/p-49869286.html"><span style="color: #0000ee;"><u>http://www.docin.com/p-49869286.html</u></span></a><span style="color: #0000ee;"><u> </u></span><br />
<br />
<br />
<b>Analysis of Windows Startup</b><br />
<span style="color: #0000ee;"><u><br /></u></span>
<span style="color: #0000ee;"><u><a href="http://www.cnki.net/kcms/detail/detail.aspx?filename=XXGC200903027&dbcode=CJFQ&dbname=CJFD2009">http://www.cnki.net/kcms/detail/detail.aspx?filename=<span style="color: red;">XXGC200903027</span>&dbcode=CJFQ&dbname=CJFD2009</a></u></span><br />
<br />
<a href="http://www.docin.com/p-253321277.html"><span style="color: #0000ee;"><u>http://www.docin.com/p-253321277.html</u></span></a><br />
<br />
<br />
<b>Security Analysis of PCI device</b><br />
<br />
<a href="http://www.docin.com/p-279253540.html">http://www.docin.com/p-279253540.html</a><br />
<br />
<br />
<b>Capturing File Transferred or Printed Based on SMB in LAN</b><br />
<br />
<a href="http://www.cnki.net/kcms/detail/detail.aspx?filename=WJSJ200606039&dbcode=CJFQ&dbname=cjfd2006" rel="nofollow" target="_blank">http://www.cnki.net/kcms/detail/detail.aspx?filename=WJSJ200606039&dbcode=CJFQ&dbname=cjfd2006<span style="color: black;"><b><br /></b></span></a><br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-55761357696220166322012-02-29T23:10:00.032+00:002013-02-28T08:00:36.356+00:00Chinese Threat Actor Part 2Follow up on Joe Stewart Investigation<br />
<br />
<a href="http://www.secureworks.com/research/threats/sindigoo/">http://www.secureworks.com/research/threats/sindigoo/</a><br />
<br />
<b>Chinese Threat Actor Part 1</b><br />
<br />
<a href="http://cyb3rsleuth.blogspot.com/2011/08/chinese-threat-actor-identified.html">http://cyb3rsleuth.blogspot.com/2011/08/chinese-threat-actor-identified.html</a><br />
<br />
king_public@hotmail.com also owns another email king_public@163.com<br />
<br />
<b>RootKit Database</b><br />
<br />
(23025,'king-rose','<span style="color: red;">e211f11c0b28434bf7f1c8fb510fa9ae</span>','Club tom','<b>king_public@hotmail.com</b>',1,1106582903,'','','','','','',0,'','',1106837367,'61.51.59.63',0,0,0,1106583113,0,0,0,'BH','19800126','','','',0,'')<br />
<br />
<b>IP - 61.51.59.63</b><br />
<br />
Location CHINA, BEIJING, BEIJING<br />
Connection through CHINA UNICOM BEIJING PROVINCE NETWORK<br />
<br />
<b>IP - 123.120.127.153</b><br />
<br />
20446,'king-z','<span style="color: red;">e211f11c0b28434bf7f1c8fb510fa9ae</span>','k,z,y','<b>wzy_100@hotmail.com'</b>,1,1097652186,'','','','','','',0,'','',1284013010,'123.120.127.153',0,0,0,1284013010,0,0,0,'','','','','',0,'')<br />
<br />
Location CHINA, BEIJING, BEIJING<br />
Connection through CHINA UNICOM BEIJING PROVINCE NETWORK<br />
<br />
<br />
<b> </b><br />
The Kaixin profile linked to king_public@hotmail.com reveals the name <a href="http://www.kaixin001.com/home/23531652.html" target="_blank">Wang Liang Chen</a> (王亮晨 ) and his other email king_public@163.com is also linked to a Kaixin profile.<br />
<br />
<b>Wang Zhong Yun (王仲俊)</b><br />
<br />
<a href="http://www.kaixin001.com/home/22655901.html">http://www.kaixin001.com/home/22655901.html<b> </b></a><br />
<br />
<a href="http://www.kaixin001.com/photo/logolist.php?uid=22655901">http://www.kaixin001.com/photo/logolist.php?uid=22655901</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-NKg23eK1mH8/T06tPmh6-wI/AAAAAAAAAOs/nuLH0Z2yBbs/s1600/wangzhongjun.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-NKg23eK1mH8/T06tPmh6-wI/AAAAAAAAAOs/nuLH0Z2yBbs/s640/wangzhongjun.png" height="390" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Gender: Male</div>
Current residence: Beijing<br />
Zodiac Sign: Pisces<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<b>The spacewalk picture is used as profile picture for king_public@hotmail.com kaixin. </b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>His social network got many friends and the profile appears genuine.</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-qSYu077mj50/US0oD3H5_jI/AAAAAAAAAdA/wy6z-48K-Ik/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-qSYu077mj50/US0oD3H5_jI/AAAAAAAAAdA/wy6z-48K-Ik/s1600/1.png" height="225" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-tep1T5h5wVM/US0oDvfa3eI/AAAAAAAAAc8/q2Sqrh2qRjw/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-tep1T5h5wVM/US0oDvfa3eI/AAAAAAAAAc8/q2Sqrh2qRjw/s1600/2.png" height="318" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-qTBQCHjc3gY/US0oCAtOVHI/AAAAAAAAAc0/SFNXXNukSTU/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-qTBQCHjc3gY/US0oCAtOVHI/AAAAAAAAAc0/SFNXXNukSTU/s1600/3.png" height="321" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-SChinuLVubg/US0oFAisOII/AAAAAAAAAdM/_12tJoTPY8o/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-SChinuLVubg/US0oFAisOII/AAAAAAAAAdM/_12tJoTPY8o/s1600/4.png" height="243" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
Further analysis reveals that king_public@163.com is linked to many tech and hacker forums with handles "W100", "King-W" and "King-Z"</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Tianya Board</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-LdKM0e23POk/US0nvs6iWpI/AAAAAAAAAcs/GYQidZubn90/s1600/tianya.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-LdKM0e23POk/US0nvs6iWpI/AAAAAAAAAcs/GYQidZubn90/s1600/tianya.png" height="256" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Male, Beijing, Pisces</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://w100.download.csdn.net/">http://w100.download.csdn.net/</a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-TgQJcZjwU0g/URQFHBC0PEI/AAAAAAAAAUE/fQcc-SrpyXA/s1600/csdn.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-TgQJcZjwU0g/URQFHBC0PEI/AAAAAAAAAUE/fQcc-SrpyXA/s400/csdn.png" height="350" width="400" /></a></div>
<br />
<br />
<a href="http://topic.csdn.net/t/20031223/17/2594994.html">http://topic.csdn.net/t/20031223/17/2594994.html</a>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-XsNuV6Iw7VQ/URQFwD1XigI/AAAAAAAAAUQ/uyFho4ugcQg/s1600/csdn2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-XsNuV6Iw7VQ/URQFwD1XigI/AAAAAAAAAUQ/uyFho4ugcQg/s400/csdn2.png" height="267" width="400" /></a></div>
<br />
<br />
<a href="http://topic.csdn.net/t/20050926/19/4295450.html">http://topic.csdn.net/t/20050926/19/4295450.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-pKRaOdIqXDo/URQF3meXr1I/AAAAAAAAAUY/CmMefWmEx2Y/s1600/csdn1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-pKRaOdIqXDo/URQF3meXr1I/AAAAAAAAAUY/CmMefWmEx2Y/s400/csdn1.png" height="367" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
51CTO Blog</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-Jcn86CIdyUc/URQF_L5diXI/AAAAAAAAAUg/wMFQVBOBW9o/s1600/51cto.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Jcn86CIdyUc/URQF_L5diXI/AAAAAAAAAUg/wMFQVBOBW9o/s400/51cto.png" height="302" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>8dragon</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-OZu1Rbsqju8/US0or7EIs5I/AAAAAAAAAdU/D4Hd6fcgqw4/s1600/wzydragon.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-OZu1Rbsqju8/US0or7EIs5I/AAAAAAAAAdU/D4Hd6fcgqw4/s1600/wzydragon.png" height="206" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://bbs.chinaunix.net/archiver/tid-2028262.html">http://bbs.chinaunix.net/archiver/tid-2028262.html</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-p7FLPnjPCV0/URQGLazykXI/AAAAAAAAAUo/NqOUsyavH-4/s1600/chinaunix.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-p7FLPnjPCV0/URQGLazykXI/AAAAAAAAAUo/NqOUsyavH-4/s400/chinaunix.png" height="146" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://forum.eviloctal.com/thread-33878-1-1.html">http://forum.eviloctal.com/thread-33878-1-1.html</a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-pKApuG4E2cI/URQGmRFVkmI/AAAAAAAAAUw/KvHLtgMr9w4/s1600/eviloctal.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-pKApuG4E2cI/URQGmRFVkmI/AAAAAAAAAUw/KvHLtgMr9w4/s400/eviloctal.png" height="303" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<b>Known emails and handles of the actor</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
king_public@hotmail.com</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
wzy_100@hotmail.com
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
king_public@163.com</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
king_w100@163.com</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Handles - King-Z, King-W, W100, King-rose</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Chinese Threat Actor Part 3</b></div>
<div class="separator" style="clear: both; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="http://cyb3rsleuth.blogspot.com/2012/03/chinese-threat-actor-part-3.html">http://cyb3rsleuth.blogspot.com/2012/03/chinese-threat-actor-part-3.html</a><b><br /></b></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-53288019493914960182012-02-13T02:49:00.000+00:002012-02-13T02:49:40.851+00:00Gigabid AffiliateGigabid - Clickbot and Fake AV Affiliate<br />
<br />
INCOME UP TO 400 $ - 1K US<br /><br />US, GB, CA, AU, AT, BE, BG, DE, GR, DK<br />IE, ES, IT, CY, LU, MT, NL, PT, FI, FR, SE<br />
<br />
STANDARD US CA GB AU<br />
<br />
up to 90%<br /><br />
NEW METHOD FOR THE ENVELOPE!<br />Earn up to $ 830 A DAY<br />UP TO 20% Referral<br />COMPATIBLE with other software<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-0wmP0j8Kls4/Tzh4xds4UlI/AAAAAAAAANI/iyulELQlKDY/s1600/GigaBid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="280" src="http://3.bp.blogspot.com/-0wmP0j8Kls4/Tzh4xds4UlI/AAAAAAAAANI/iyulELQlKDY/s640/GigaBid.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-BOy1SSBTIOw/Tzh42Xa6lwI/AAAAAAAAANQ/hsswgN2lHxs/s1600/giga1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="418" src="http://3.bp.blogspot.com/-BOy1SSBTIOw/Tzh42Xa6lwI/AAAAAAAAANQ/hsswgN2lHxs/s640/giga1.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-vStjZ8Yh-2A/Tzh46EikdWI/AAAAAAAAANY/zoR_MUL2BZg/s1600/giga2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="408" src="http://3.bp.blogspot.com/-vStjZ8Yh-2A/Tzh46EikdWI/AAAAAAAAANY/zoR_MUL2BZg/s640/giga2.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-hhl4FfVpMno/Tzh4-BgIoMI/AAAAAAAAANg/f0dV41r0Kbk/s1600/giga3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="298" src="http://3.bp.blogspot.com/-hhl4FfVpMno/Tzh4-BgIoMI/AAAAAAAAANg/f0dV41r0Kbk/s640/giga3.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-46rc-cdY8Io/Tzh5BOTo5yI/AAAAAAAAANo/eUxqWGMdC30/s1600/giga4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="306" src="http://3.bp.blogspot.com/-46rc-cdY8Io/Tzh5BOTo5yI/AAAAAAAAANo/eUxqWGMdC30/s640/giga4.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-nLey-LiWPHA/Tzh5E4IzoII/AAAAAAAAANw/_xlEmia0eqI/s1600/giga5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="346" src="http://2.bp.blogspot.com/-nLey-LiWPHA/Tzh5E4IzoII/AAAAAAAAANw/_xlEmia0eqI/s640/giga5.jpg" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<br />Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7680346383703191409.post-74067049322094397842012-02-10T13:51:00.001+00:002012-02-10T14:01:49.124+00:00Evade Antivirus Detection<b>Bad Guys way</b><br />
<b><br /></b><br />
<b>- Scan malware at multiple Anti Virus Checker that do not send samples to AV companies.</b><br />
<b>- Crypt malware with Polymorphic crypters to avoid detection.</b><br />
<b><br /></b><br />
<b>MyAV Scan - Private AV Scanners and Crypters</b><br />
<b><br /></b><br />
<b>About</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-_cMlRH067uM/TzUe_Mzp_fI/AAAAAAAAAMU/QQmzLY8_-dY/s1600/avscan1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="http://2.bp.blogspot.com/-_cMlRH067uM/TzUe_Mzp_fI/AAAAAAAAAMU/QQmzLY8_-dY/s640/avscan1.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<b> Services</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-3boNO0NpqhE/TzUfC_X3CdI/AAAAAAAAAMc/d8qxmHijuZc/s1600/avscan2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="http://1.bp.blogspot.com/-3boNO0NpqhE/TzUfC_X3CdI/AAAAAAAAAMc/d8qxmHijuZc/s640/avscan2.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<b>Multiple Scanners & Crypters</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-hDxugMhx9z8/TzUfJp5Zs6I/AAAAAAAAAMs/imuk9QqDryM/s1600/avscan5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="524" src="http://2.bp.blogspot.com/-hDxugMhx9z8/TzUfJp5Zs6I/AAAAAAAAAMs/imuk9QqDryM/s640/avscan5.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-8ImAAR_Hf8M/TzUfNAZIVkI/AAAAAAAAAM0/9UOAzbhOvhc/s1600/avscan6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="628" src="http://1.bp.blogspot.com/-8ImAAR_Hf8M/TzUfNAZIVkI/AAAAAAAAAM0/9UOAzbhOvhc/s640/avscan6.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: left;">
<b>Desktop Version</b></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-DlWClaXLg24/TzUfP6D5B3I/AAAAAAAAAM8/6brIdH934LM/s1600/avscan7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="http://1.bp.blogspot.com/-DlWClaXLg24/TzUfP6D5B3I/AAAAAAAAAM8/6brIdH934LM/s640/avscan7.png" width="640" /></a></div>
<br />Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7680346383703191409.post-74626917297948802072012-02-01T16:07:00.001+00:002012-02-01T16:14:44.247+00:00Andromeda Bot<br />
English translation by @Sherb1n<br />
<br />
Coder - Waahoo - Adv on Private Forum<br />
<br />
<b>Description:</b><br />
<br />
This versatile modular bot can be used as the foundation for a botnet with an endless variety of possibilities. The bot’s functionality can be expanded through a system of plugins, any number of which can be added at any time.<br />
<br />
Supports unlimited number of reserve domains.<br />
<br />
Data exchange protocol between the bot and the admin server is RC4-encrypted.<br />
<br />
You can reconfigure your botnet to your needs at any time, by yourself.<br />
<br />
Doesn’t overload the system, doesn’t require admin rights to install, doesn’t trigger a UAC pop-up.<br />
<br />
The bot protects itself, so an unskilled user will not be able to remove it from the system.<br />
<br />
Bypasses firewalls, doesn’t appear in the list of processes, injects into a trusted process.<br />
<br />
Doesn’t produce any DLLs, doesn’t contain TLS, easy to encrypt.<br />
<br />
Regardless of how successful the installation is, the original executable is deleted.<br />
<br />
Works on WinXP through Win7, including x64 systems.<br />
<br />
Very lightweight, written entirely in Assembler.<br />
<br />
There are two versions of this bot:<br />
<br />
01.* public inject-based, uses QueueUserAPC<br />
02.* bypass-based; this version, unlike the one above, can get through proactive defense.<br />
<br />
Written in PHP, bundled with MySQL.<br />
Detects bots behind the NAT.<br />
Keeps botnet stats: # of bots online/offline/dead, breakdown by country, breakdown by platform.<br />
Keeps track of the number of finished/unfinished tasks.<br />
Can set a limit on the number of times the task will be executed.<br />
Can assign tasks to individual bots.<br />
Assign tasks based on the bots’ countries.<br />
Clear all stats/delete all dead bots from the DB.<br />
<br />
Admin panel screenshots:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-CfXMSJKtn40/TylimF7tv1I/AAAAAAAAAMA/31Fti1y7qBU/s1600/andromeda1.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="384" src="http://3.bp.blogspot.com/-CfXMSJKtn40/TylimF7tv1I/AAAAAAAAAMA/31Fti1y7qBU/s640/andromeda1.gif" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-D-cCUllYRsU/TyliWDpUN_I/AAAAAAAAALY/k6d-hF-n210/s1600/andromedaform.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-D-cCUllYRsU/TyliWDpUN_I/AAAAAAAAALY/k6d-hF-n210/s640/andromedaform.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-vpi9Ask8PF8/TyliSEKMeVI/AAAAAAAAALQ/NGaiJB3pQso/s1600/andromedablack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="302" src="http://4.bp.blogspot.com/-vpi9Ask8PF8/TyliSEKMeVI/AAAAAAAAALQ/NGaiJB3pQso/s640/andromedablack.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-Zma2EjjmnTE/Tylii92lZOI/AAAAAAAAAL4/nVb3QzJx-fM/s1600/andromedatasks.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="302" src="http://3.bp.blogspot.com/-Zma2EjjmnTE/Tylii92lZOI/AAAAAAAAAL4/nVb3QzJx-fM/s640/andromedatasks.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-OU2FD8R9neU/TyliZ5daSWI/AAAAAAAAALg/8coZN1yRbDM/s1600/andromedaservice.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="302" src="http://2.bp.blogspot.com/-OU2FD8R9neU/TyliZ5daSWI/AAAAAAAAALg/8coZN1yRbDM/s640/andromedaservice.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
Price list:<br />
<br />
01.* - $200<br />
02.* - not for sale at the moment.<br />
Rebuild for a new URL (main URL) - $10<br />
For each additional reserve URL - $10<br />
<br />
We accept:<br />
<br />
Liberty Reserve (preferred)<br />
Webmoney.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-72555104078848270032012-01-31T05:03:00.000+00:002012-01-31T05:03:15.948+00:00StyxCryptAbout<br /><br />World's first fully automated online obfuscation service is a service to provide a full range of obfuscation services of binary data and source code by nine input data formats.<br />
<br />Currently we support the most demanded spectrum of morphing formats which are demanded by thousands of webmasters:<br />
<br />JavaScript;<br />HTML;<br />EXE;<br />DLL;<br />PDF;<br />SWF;<br />IFrame;<br />PHP;<br />ASP;<br />
<br />Multi Obfuscator has it's own polymorphic engine which enables a possibility to morph a vide range of inupt data. This means every time you morph something you will get absolutely different binary and source code.<br />System provides an external API and gives a possibility to automate software and services for all customers.<br />You will be fully satisfied by morphing quality and speed of updates.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-DbO0yTp1Ucc/Tyd1QyYUiwI/AAAAAAAAAK0/Z1fXTeOuZdM/s1600/styx1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="346" src="http://2.bp.blogspot.com/-DbO0yTp1Ucc/Tyd1QyYUiwI/AAAAAAAAAK0/Z1fXTeOuZdM/s640/styx1.png" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-7PlMtxcKAZ8/Tyd1UstIXcI/AAAAAAAAAK8/b4Be5GOOZc4/s1600/styx2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="586" src="http://4.bp.blogspot.com/-7PlMtxcKAZ8/Tyd1UstIXcI/AAAAAAAAAK8/b4Be5GOOZc4/s640/styx2.png" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-JsjaKA_7FGk/Tyd1XQiajJI/AAAAAAAAALE/2kqBV5DXNQY/s1600/styx3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="548" src="http://1.bp.blogspot.com/-JsjaKA_7FGk/Tyd1XQiajJI/AAAAAAAAALE/2kqBV5DXNQY/s640/styx3.png" width="640" /></a></div>
<br />
<br />FAQ<br /><br />Q: What's this service about?<br />A: Our service is first world-class fully automated multicrypt service. At the moment we have the maximum quantity of morphing input data types, fully automated system based on polymorphic engine and API suported.<br /><br /><br />Q: What types of crypting do you support?<br />A: We support nine morphing data tyes:<br /> <br />HTML: source code with or without JavaScript;<br /><br /><br />JavaScript: inside HTML or standalone (which is helpful for clickunders, popunders and morphing any type of context advertising);<br />EXE and DLL as Windows Coff PE executables;<br />PDF: content morphing;<br />SWF: morping source AS3-scripts;<br />PHP / ASP source scripts;<br /><br /><br />Q: Who are your customers?<br />A: Our customers are partners program, online casino, traffic stocks, banner networks, adult, pharma and so on.<br /><br /><br />Q: What are your benefits compare to private services?<br />Firstly no one of private services can't morph such quantity of data types as we can. We have a polymorphic kernel that guarantees that all output code will be fully different and enthropy will be almost 100%. As we have a polymorphic stub every crypted fule will be unique and can live before reversing and disassembly long time. We have rapid updates and you will not wait and waste your time. Also we have API to automate your services. Hope reasons above will help you to make right decision to work with us.<br /> <br /> <br />Q: Can you guarantee 100% FUD on Coff/PE? Do you provide money back in this case?<br />A: No, we cannot guarantee 100% FUD. Also we don't have money back system (but in any case support can add an amount to your balance by it's own opinion in case of detects). If you can use it — welcome. If you noticed a detect please contact support and tell them details and check URL; it can help to make FUD in a short time. For the projects with huge loads we have private cryptor. Please contact support for it.<br /> <br /> <br />Q: How can I crypt the file?<br />A: To encrypt a file or URL simlpy register in the system, charge your balance, select your tariff and upload a file to crypt in the user menu «Obfuscation».<br />Innovation is an automated service verification, which checks the file after obfuscation, provides a link to check the results of which you can agree (and get a file) or disagree (money back to your balance).<br />Therefore, if the job is "stuck" on the status of "Pending", you simply open the task, click on the link and make sure that you are satisfied.<br /><br />Q: Do you have automation and possibility to work with API?<br />A: Yes, we provide API for development needs and also we have sample PHP library<br /><br />Q: What's the maximum file size?<br />A: EXE / DLL is 160 kilobytes and other crypting services are 1 megabyte. <br /> <br />Q: What are your demands to Coff/PE files?<br />A: Files must be provided as is without packing by any Coff/PE packer like UPX, PECompact and so on.<br /> <br />Q: Can I obfuscate files with greater size?<br />A: Yes, you can. Knock support, it will answer all your questions.<br /> <br />Q: How scheduler works?<br />A: Scheduler morphs your source every time to let you get always new and fresh version. Morphing interval can be selected by customer by adding a new task to morph.<br /><br /><br />Q: What payment methods do you support?<br />A: Currently we support WebMoney in authomatic mode and Leberty Reserve in manual mode.<br /><br /><br />Q: I crypted the file, but not satisfied by result. What should I do?<br />A: You should fill the form in contacts where describe task number and your complain. We will answer in as soon as it will be possible.<br /><br /><br />Q: Did you pass the tests?<br />A: Yes, we did. You can ask public and private links by contacting our support.<br /><br /><br />Q: Is the service anonymous?<br />A: Yes, it's totally anonymous. All files are fully deleted in 30 days.<br /><br /><br />Q: What does it mean - Styx?<br />A: Just read wiki: http://en.wikipedia.org/wiki/Styx<br />The Styx (Greek: Στύξ, also meaning "hate" and "detestation") (adjectival form: Stygian, /ˈstɪdʒi.ən/) is a river in Greek mythology that formed the boundary between Earth and the Underworld (often called Hades which is also the name of this domain's ruler). It circles the Underworld nine times.<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-45720238914758311832012-01-29T19:06:00.000+00:002012-01-29T19:06:23.298+00:00Ann LoaderEnglish Translation by @Sherb1n<br />
<br />
Ann Loader Seller – Noncenz - Adv on Forums<br /><br />You know our team from projects like RedZone password recovery system, MKL professional keylogger, Destination Darkness DDoS bot (aka Optima), PassView password viewer, and others. AnnLoader is a worthy addition to this collection!<br /><br /><strong>[Functionality]</strong><br /><br />• You can set up tasks: X installs in country A, and so on.<br /> • Set task priority<br /> • Edit and re-arrange the tasks<br /> • The build is only 14KB<br /> • The program is written in API<br /> • You can adjust the bot load and set up a white zone<br /> • AnnLoad has a stable, fast, easy-to-use and safe admin panel.<br /> • The control panel does not store your password in the config file, only in cache!<br /> • AnnLoad algorithm does not contain anything that can mess with the encryption process (service mode, tls, etc…)<br /><br /><strong>[Admin panel screenshots]</strong><br /><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-sBI1JFc_81I/TyWVg_RvXSI/AAAAAAAAAJQ/5LPIPm81sFc/s1600/annloader1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="214" src="http://4.bp.blogspot.com/-sBI1JFc_81I/TyWVg_RvXSI/AAAAAAAAAJQ/5LPIPm81sFc/s640/annloader1.png" width="640" /></a></div>
<br />
<br />
<br /><a href="http://3.bp.blogspot.com/-0bKpu7m8Wrs/TyWWaGGBP1I/AAAAAAAAAJk/_snCMMUTO4k/s1600/annloader2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="378" src="http://3.bp.blogspot.com/-0bKpu7m8Wrs/TyWWaGGBP1I/AAAAAAAAAJk/_snCMMUTO4k/s640/annloader2.png" width="640" /></a><br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-l9G0ttlRNOs/TyWWeEGJj6I/AAAAAAAAAJs/NGWjnkrUg-Q/s1600/annloader3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="404" src="http://2.bp.blogspot.com/-l9G0ttlRNOs/TyWWeEGJj6I/AAAAAAAAAJs/NGWjnkrUg-Q/s640/annloader3.png" width="640" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-_l3LzjsB5GE/TyWWg8vpsfI/AAAAAAAAAJ0/HGer1mgD91E/s1600/annloader4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="356" src="http://3.bp.blogspot.com/-_l3LzjsB5GE/TyWWg8vpsfI/AAAAAAAAAJ0/HGer1mgD91E/s640/annloader4.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<br /><strong>[Additional modules]</strong><br /><br />1) ThiefX. Version: 1.3. Password grabber. This module can grab passwords from 14 programs (more can be added upon request):<br /> • Fxp (ftp) <br /> • Total commander (ftp) <br /> • Filezilla (ftp) <br /> • Wsftp (ftp) <br /> • Mozilla Firefox (включая 7-ю версию) (web, forms)<br /> • Opera (включая последние версии) (web, forms, ftp) <br /> • CuteFTP (ftp) <br /> • Qip2005 (icq)<br /> • Qip2010 (icq, eml)<br /> • QipInfium (icq, eml)<br /> • The bat (eml) <br /> • RDP (rdp) <br /> • Google Chrome (web) <br /> • Safari (web)<br /><br />2) Substitution. Version: 1.0. The module allows you to edit/substitute the hosts file on your bots.<br /><br />3) We can create a module that will be modifying the Webmoney purse id in the clipboard. Contact us on ICQ if interested.<br /><br />4) MKL Keylogger. Version: 1.1. Dependable keylogger, supports Cyrillic, can send logs to HTML/FTP.<br /><br /><strong>[License agreement]</strong><br /><br />By accepting the license terms for this software, you acknowledge that you will use AnnLoad exclusively for testing your own systems. Any other use of this software is in violation of this agreement and of the laws of the Russian Federation. If you do not agree to one or more clauses of this agreement, do not use the software in any way or manner.<br /> The DD team shall not be liable for any damage to you or third parties arising from the use of this software.<br /> The product is delivered “as is”.<br /> You may lose your license for violating the terms of this agreement or if such decision is made by the DD team.<br /><br /><strong>[Payment]</strong><br /><br />•WebMoney (WMR/WMZ/WMU/WME).<br /> •Liberty Reserve. (+ 5% of the price)<br /> •Perfect Money.(+ 5% of the price)<br /> •LiqPay. (+6% of the price)<br /> •AlertPay (+6% of the price)<br /> •YouMax (+ 7% of the price)<br /> •Ukash (+5% of the price)<br /> •We can work with an escrow. Escrow fees are paid by the client.<br /> •We do not work with protection.<br /><br /><strong>[Why you should buy from me]</strong><br /><br />• Fairness, friendliness, politeness.<br /> • Honesty (I am ready to work through an escrow, but on your dime).<br /> • I’m often online (daily, with rare exceptions).<br /> • Personal WM passport (BL >120).<br /> • I have been selling software for over 10 months.<br /> • I will always try to answer all your questions, like ‘where to go for hosting’, ‘where to buy installs’, ‘who to order a script from’, etc.<br /><br /><strong>[Referral program]</strong><br /><br />• Very straightforward: bring in a client, get anywhere from $45 to $100. The more clients you bring, the more $$$ you get!<br /><br /><strong>[Price list]</strong><br /><br />• Minimal: Loader, no free updates - $330<br /> • Standard: Loader, +1 month of free updates - $380<br /> • Bronze: Loader, +3 months of free updates, plus 1 fee re-build - $480<br /> • Silver: Loader, +6 months of free updates, plus 2 free re-builds - $530<br /> • Gold: Loader, + free updates forever, + 5% discount on our other products, + 5 free re-builds, + module of your choice for free - $630.<br /> • Platinum: Loader, + free updates, + 25% discount on our other products, + free re-builds, + 2 modules of your choice for free - $725.<br /> • Diamond: Loader, + free unlimited updates, + free unlimited re-builds, + 30% discount on our other products, + all modules for free = $825.<br /> • Updates - $35-$85 (depending on the importance of the update).<br /> • Re-build (change of URL) - $35.<br /> • Source code – contact us.<br /> • New functionality – contact us.<br /><br /><strong>[Modules]</strong><br /><br />• ThiefX. Password grabber - $50<br /> • Subsitution. Hosts file substitution - $35<br /> • MKL Keylogger - $55. This module can be purchased as a stand-alone product for $85.<br /> • New modules request – contact us.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7680346383703191409.post-39288240132824981482012-01-28T21:30:00.003+00:002012-03-19T18:01:26.143+00:00Citadel Zeus botEnglish Translation by @Sherb1n<br />
<br />
- New clone of Zeus after ICE IX<br />
<br />
Coder- Aquabox - Adv on Underground Forums<br />
<br />
<b>Citadel 1.1 - FF/IE/Chrome Grabber + Video Recording & Anti Tracker Protection</b><br />
<br />
We’re offering a great solution for creating and updating your botnet.<br />
We’re not trying to re-invent the wheel or come up with a revolutionary product. We have simply perfected the good old Zeus, making significant functionality improvements, adapting it to the survival conditions of today’s security landscape, and giving it a new name. Originally, we developed it for our own needs; during the development process, we also decided to create a “social circle” of support community, which is described later in this article.<br />
<br />
Changes have been made both to the bot itself and to the web components.<br />
We don’t sell “eye candy”. What you are paying for is the new functionality and coders’ motivation to support the product.<br />
<br />
New features for the bot:<br />
<br />
[+] Fixed VNC bug on Vista/Win7. Internet Explorer is now fully supported (there used to be a rendering problem in IE)<br />
<br />
[+] Added support for Mozilla Firefox 7.0 (recent versions have had problems sending the reports; the problem is now fixed)<br />
<br />
[+] Crypto-protection (the body is decrypted in memory)<br />
<br />
[+] DNS-redirects (not through hosts). Any URL can now be blocked/redirected, undetectable by heuristics. For example, block AV servers or redirect bank pages to a different host.<br />
!BONUS! The list of popular AV server URLs to clock is included.<br />
<br />
[+] Software version is included in the report. The report will contain detailed information on the holder’s browser version. This can be used to imitate the holder’s settings.<br />
<br />
[+] Extra layer of protection from trackers – Login Key.<br />
<br />
[+] Authentication mechanism for config updates (no direct URLs). Adequate protection against established trackers.<br />
<br />
[+] Grabber support for Google Chrome. (tested on latest versions 15.x/16.x)<br />
<br />
[+] Inject support for Google Chrome. (tested on latest versions 15.x/16.x)<br />
<br />
[+] Added function search caching, for faster hook setting in Chrome.<br />
<br />
[+] Added feature: bot can run system CMD commands at startup (the CMDList section) and upload the report to server. For example, you can specify that upon installation your bot should upload the output of “ipconfig /all” or the list of all shared drives. This is a good feature to have when analyzing a company’s internal structure. (For example, you can often see bots with names like ACCOUNTANT_PC, POS_SERV, DATABASE…)<br />
<br />
[+] Added mechanism to check the integrity of hooks in some Windows.<br />
<br />
[+] Environment heuristic analyzer can use a stop-list to terminate undesirable software (significantly improves stealth), all popular AV products are included in the list.<br />
<br />
[+] Small bugs have been fixed.<br />
<br />
[+] Video grabber gives you a unique opportunity to see how your injects work “through the eyes of the holder”. Just specify the list of URLs and the recording time in seconds in the config file, and the bot will start recording video (in MKV format) as soon as the holder visits one of the URLs. Make sure your server can receive files of 10-60MB.<br />
<br />
[+] Removed the “cookie clearing” feature, because it was messing up the machine’s fingerprint.<br />
<br />
[+] Added support for HTTP 1.0 and extended headers (for example, the response doesn’t always look like “HTTP/1.1 200 OK”, sometimes it can be “HTTP/1.1 200 follow document”, where code 200 is followed by a couple of words), this is applicable to Firefox & Chrome<br />
<br />
[+] Added gate generator (in case you want to place files on an intermediary host for redirect)<br />
<br />
[+] All of Zeus’s basic functionality is included. I don’t think it needs to be listed here.<br />
<br />
[+] Fully revamped, more user-friendly web-admin interface.<br />
<br />
<br />
Figure 1. Builder, main screen<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img405.imageshack.us/img405/2131/2812.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="490" src="http://img405.imageshack.us/img405/2131/2812.png" width="640" /></a></div>
<br />
<br />
Figure 2. Web-panel, main screen<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img851.imageshack.us/img851/4718/cpscreen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://img851.imageshack.us/img851/4718/cpscreen.png" width="640" /></a></div>
<br />
<br />
We’re not going to talk about the bot’s uptime, you’ll see it for yourself. Gratitude is accepted in the form of LR tokens.<br />
<br />
This is the basic package. Price: $2,399.00<br />
<br />
Important:<br />
<br />
Our software does not work on Russian-language systems. If a Russian or Ukrainian layout is detected, the bot terminates. <br />
<br />
This is done to prevent installs on CIS systems. You may disagree, but that’s taboo for us.<br />
<br />
If you want to test the bot or develop your own injects – install an English-language system. We will provide URLs to download the OS image and VMWare to save you some time.<br />
<br />
ADDITIONAL MODULES:<br />
<br />
List of new features for web-admin panel (individual modules):<br />
<br />
[+] Full-featured VNC control panel.<br />
Now you can:<br />
- Collect data on specific companies and accounts of interest into a separate DB and a separate script. It has a nice layout, you can see the list of online bots and details of the collected accounts.<br />
- Create a VNC connection to any bot in 2 mouse clicks.<br />
- View stats on active/dead accounts (or bots).<br />
- Add/edit memos to the collected accounts.<br />
- Receive automated Jabber alerts whenever a new account is added or a bot comes online. For convenience, the alert contains the IP:PORT for VNC connection.<br />
- Sort the bots depending on their online/used/unused status.<br />
- Specify a BotID, and have a VNC connection automatically created whenever the bot comes online.<br />
Price: $495.00<br />
<br />
Figure 3. VNC control panel<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://img259.imageshack.us/img259/8664/vnc.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://img259.imageshack.us/img259/8664/vnc.png" width="640" /></a></div>
<br />
<br />
[+] High-quality SOCKS checker module. <br />
You can specify several DBs of different botnets. The module uses web surfing to check the SOCKS, for a 99.9% accuracy.<br />
Price: $49.00<br />
<br />
[+] Executable files auto-encryption module.<br />
Tired of manually encrypting your files or waiting for that encrypter to come back online? Automate the encryption task with this awesome auto-crypt module that will automatically refresh your botnets’ exe files. The script operates through Death’s jabber service called cbot. $15 per encryption.<br />
We are not responsible for the encryption quality. Script is triggered through cron and can encrypt the file as many times as you need.<br />
Price: $395.00<br />
<br />
[+] Log parser module.<br />
Many of you have had this problem: lots of bots generate tons of logs, and today’s DB search technologies take up way too much time. We have developed a script that can look across several DBs simultaneously and extract all http/https URLs and related data.<br />
Additional features: caching and memos, for your convenience.<br />
Price: $295.00<br />
<br />
Modules can be purchased only if you also buy the basic package; they cannot be sold separately. When buying a module, you get the right to receive updates and support for this module.<br />
<br />
CURRENTLY IN DEVELOPMENT:<br />
<br />
[*] Advanced file search and upload. Search masks are specified in the config file. For example, “passwords*.txt”<br />
<br />
[*] Ability to load the video-grabbing module from a remote host, to reduce the size of the build.<br />
<br />
<br />
<b>SERVICE & SUPPORT COMMUNITY (SOCIAL CIRCLE)</b><br />
<br />
It’s hardly a secret that any product in this niche is a pile of junk on somebody’s hard drive unless it’s supported by a group of developers. As time goes on, a product must continue to satisfy the needs of the clients, but usually that’s where the problem occurs: there are lots of clients, but only one developer, and your IMs are often ignored. Time is money, that’s why we have created a social network-like platform for our clients.<br />
<br />
Citadel CRM Store lets you influence the development of the product, namely:<br />
<br />
- Report bugs and errors you discover in our software. All tickets are reviewed by tech support. You will receive a response in a timely manner and will not have to try to catch the developer in ICQ/Jabber.<br />
<br />
- Every client has the right to create an unlimited number of requests and suggestions for new module/functionality. These requests can be public or private (visible to you only).<br />
<br />
- Every client has the right to vote for ideas submitted by other members and to contribute money towards developing the module/functionality. Based on the voting results, the developers decide which module should be built.<br />
<br />
- Every client has the right to comment on requests and talk to other members. Now you can find partners and like-minded people and take an active part in product development discussions.<br />
<br />
- You can see all the stages of the development work if the new module is approved by the community. We provide timely updates on the status and completion date.<br />
<br />
- If the module is approved, you can start making the initial deposits (50%). As soon as the deposits are made, developers start working on the project: the money is paid directly to the coders, and there will be no delays or procrastination. The process is transparent, every stage of the development work is displayed.<br />
<br />
- Convenient notifications via Jabber about new comments or requests.<br />
<br />
You will really appreciate this new approach!<br />
<br />
When buying the basic package, you agree to make monthly maintenance payments of $125 (payments can be made for several months in advance). What’s included in this cost:<br />
<br />
- We’re interested in working with our clients. There are lots of people who promise to “support the product, blah-blah”, but then either their updates come out once every 3 months, or the author just disappears. The problem is, authors need to be motivated. In our case – you support us, and we support you. As simple as that.<br />
<br />
- Every month (around the 20th of the month) you get a builder update, including updated AV protection (bot body encryption, heuristic analysis prior to process injection).<br />
<br />
- You get access to the CRM: a great opportunity to suggest new features and improvements, vote for others’ projects, and communicate with other members of the Citadel CRM Store.<br />
<br />
- You get our support: we answer your questions (via ticketing system), provide installation assistance and usage recommendations. You are prohibited from transferring your personal CRM account to anyone else.<br />
<br />
- In the near future, our CRM will start working with web programmers who will be focused exclusively on injects (including auto-transfers). The CRM allows our clients to create tasks, declare completion dates and prices, so that our coders can work on the approved projects. If you can write high-quality injects, let’s talk.<br />
<br />
Figure 4. Citadel CRM Store<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-JX7R81BMg4Y/TyRlCwPrY8I/AAAAAAAAAJI/8iNo8Yu4Xdg/s1600/democrmscreen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="362" src="http://1.bp.blogspot.com/-JX7R81BMg4Y/TyRlCwPrY8I/AAAAAAAAAJI/8iNo8Yu4Xdg/s640/democrmscreen.png" width="640" /></a></div>
<br />
<br />
Demo access upon request (allow up to 24 hours).<br />
<br />
Builder is tied to your PC; you can create unlimited number of domains.<br />
<br />
We accept LR only. For WM-LR conversions, go to forums like mmgp.ru. We do not accept Webmoney.<br />
<br />
To avoid wasting our time (and yours), don’t send us messages like “You there?”, etc. Just give us your request in this format: “Need to buy basic package, plus VNC, Auto-crypt, and SOCKS modules. What’s the total price with the discount?”<br />
<br />
<strong>Citadel Zeus Bot Version 1.3</strong><br />
<strong><br /></strong><br />
http://cyb3rsleuth.blogspot.co.uk/2012/03/citadel-13.html<strong><br /></strong>Unknownnoreply@blogger.com0