Main Code

Uploading Main code and all binaries. Source codes will be synced next.
2026-02-20 13:50:45 +00:00 · 2014-01-15 11:01:23 +02:00
parent 1a641f9ac1
commit dcb778ccc9
19 changed files with 252 additions and 0 deletions
--- a/2013/CryptoLocker_9-10-2013.pass
+++ b/2013/CryptoLocker_9-10-2013.pass
@@ -0,0 +1 @@
+infected
--- a/2013/CryptoLocker_9-10-2013.sha256
+++ b/2013/CryptoLocker_9-10-2013.sha256
@@ -0,0 +1 @@
+d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9
--- a/2013/CryptoLocker_9-10-2013.zip
+++ b/2013/CryptoLocker_9-10-2013.zip
--- a/2013/CryptoLocker_11-20-2013.pass
+++ b/2013/CryptoLocker_11-20-2013.pass
@@ -0,0 +1 @@
+infected
--- a/2013/CryptoLocker_11-20-2013.sha256
+++ b/2013/CryptoLocker_11-20-2013.sha256
@@ -0,0 +1 @@
+c7dc529d8aae76b4e797e4e9e3ea7cd69669e6c3bb3f94d80f1974d1b9f69378
--- a/2013/CryptoLocker_11-20-2013.zip
+++ b/2013/CryptoLocker_11-20-2013.zip
--- a/Binaries/IllusionBot
+++ b/Binaries/IllusionBot
@@ -0,0 +1 @@
+86a310b96adbf79040f3a25c198674aa
--- a/Binaries/IllusionBot
+++ b/Binaries/IllusionBot
@@ -0,0 +1 @@
+infected
--- a/Binaries/IllusionBot
+++ b/Binaries/IllusionBot
--- a/2013/Zeus_Zbot_Rootkit_Banking_Trojan.pass
+++ b/2013/Zeus_Zbot_Rootkit_Banking_Trojan.pass
@@ -0,0 +1 @@
+infected
--- a/2013/Zeus_Zbot_Rootkit_Banking_Trojan.sha256
+++ b/2013/Zeus_Zbot_Rootkit_Banking_Trojan.sha256
@@ -0,0 +1 @@
+69e966e730557fde8fd84317cdef1ece00a8bb3470c0b58f3231e170168af169
--- a/2013/Zeus_Zbot_Rootkit_Banking_Trojan.zip
+++ b/2013/Zeus_Zbot_Rootkit_Banking_Trojan.zip
--- a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass
+++ b/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.pass
@@ -0,0 +1 @@
+crypted
--- a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar
+++ b/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.rar
--- a/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256
+++ b/Binaries/njRAT-v0.6.4/njRAT-v0.6.4.sha256
@@ -0,0 +1 @@
+a58b71b98182bbb2eb6a3ae42f3f2056b1673c11355dee59afc904df510c2f09
--- a/PackFiles.sh
+++ b/PackFiles.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+ 
+bold=`tput bold`
+normal=`tput sgr0`
+green_plus='\e[00;32m[+]\e[00m'
+
+if [ $# -ne 1 ] ; then
+        echo "No directory choosen."
+        echo "Using `pwd`"
+        current_dir=`pwd` 
+fi
+
+find $pwd -maxdepth 1 -type d | while read folder; do
+	mkdir -p "Compressed/$folder"
+	zip -r --password infected "Compressed/$folder/$folder.zip" "$folder" > /dev/null
+	sha256sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.sha256"
+	md5sum "Compressed/$folder/$folder.zip" > "Compressed/$folder/$folder.md5"
+	echo "infected" > "Compressed/$folder/$folder.pass"
+	echo -e "$green_plus   $folder compressed. "
+	echo -e "$green_plus   Remember that you still need to create index.log :) "
+done
--- a/Rebuild_CSV.sh
+++ b/Rebuild_CSV.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+bold=`tput bold`
+normal=`tput sgr0`
+green_plus='\e[00;32m[+]\e[00m'
+red_min='\e[01;31m[-]\e[00m'
+
+# This file rebuilds the index.csv file based on the local index.log file in each folder.
+
+# Backup previous 
+mv index.csv Index.Backup.csv
+
+# finds all index.log files:
+
+find `pwd` -name 'index.log' > /tmp/indexrebuild.tmp
+touch index.csv
+i=1
+cat /tmp/indexrebuild.tmp | while read file ; do
+	let string="$i"
+	string="$string,`echo "$file"`,`cat "$file"`,"
+	echo -e "$green_plus $i was added successfully"
+	echo "$string" >> index.csv
+	let i=i+1
+done
+
+linesofdb=`wc -l < index.csv`
+
+if [ $linesofdb = 0 ]; then
+	echo ""
+	echo -e "$red_min   No index files were detected!"
+	echo ""
+	exit 0
+fi
+if [ $linesofdb > 0 ]; then
+	echo ""
+	echo -e "$green_plus   Rebuilt index with $linesofdb malwares. Be safe."
+	echo "       Go and have some fun :)"
+	echo ""
+	exit 1
+fi
+
--- a/index.csv
+++ b/index.csv
@@ -0,0 +1,28 @@
+1,Source/Original/Dokan - Dec 2008/index.log,__,Dokan,Unknow,Unknow,C,12/2008,
+2,Source/Original/NBot - July 2008/index.log,Botnet,NBot,Unknow,Unknow,C++,07/2008,
+3,Source/Original/ShadowBot v3 - March 2007/index.log,Botnet,ShadowBot,3,Unknow,C++,03/2007,
+4,Source/Original/rBot 0.3.3 - May 2004/index.log,Botnet,rBot,0.3.3,Unknow,C++,05/2004,
+5,Source/Original/ZeuS 2.0.8.9 - Feb 2013/index.log,botnet,ZeuS,2.0.8.9,Unknow,C,02/2013,
+6,Source/Original/X0R-USB - Virus Version - Jan 2009/index.log,Virus,X0R-USB-Virus,Unknow,Unknow,C,01/2009,
+7,Source/Original/LoexBot1.3 - Sep 2008/index.log,Botnet,LoexBot,1.3,Unknow,C++,09/2008,
+8,Source/Original/ZunkerBot 1.4.5 - Sep 2007/index.log,Botnet,ZunkerBot,1.4.5,Unknow,SQL,09/2007,
+9,Source/Original/DopeBot v0.22 UnCrippled- Feb 2007/index.log,Botnet,DopeBot-UnCrippled,0.22,Unknow,C++,02/2007,
+10,Source/Original/vbBot - Jan 2007/index.log,Botnet,vbBot,Unknow,Unknow,VB,01/2007,
+11,Source/Original/xTBot 0.0.2 - 2 Feb 2002/index.log,Botnet,xTBot,0.0.2,Unknow,C/C++,02/2002,
+12,Source/Original/VBS.Win32.Vabian - Unknown/index.log,VBS-Worm,VBS.Win32.Vabian,Unknow,Unknow,VBS,Unknow,
+13,Source/Original/DopeBot v0.22 Crippled- Feb 2007/index.log,Botnet,DopeBot-Crippled,0.22,Unknow,C++,02/2007,
+14,Source/Original/Win32.MiniPig - Nov 2006/index.log,Worm,Win32.MiniPig,Unknow,Unknow,C,11/2006,
+15,Source/Original/HellBot v3.0 - 10 June 2005/index.log,Botnet,Hellbot,3.0,Unknow,C++,06/2005,
+16,Source/Original/Win32.ogw0rm - Nov 2008/index.log,Worm,Win32.ogwOrm,Unknow,Unknow,C++,11/2008,
+17,Source/Original/DopeBot.B - Dec 2004/index.log,Botnet,DopeBot.B,Unknow,Unknow,C++,12/2004,
+18,Source/Original/LiquidBot - May 2005/index.log,Botnet,LiquidBot,Unknow,Unknow,C++,05/2005,
+19,Source/Original/SpazBot 2.12 - June 2007/index.log,Botnet,SpazBot,2.12,Unknow,VB,06/2007,
+20,Source/Original/DBot v3.1 - March 2007/index.log,Botnet,DBot,3.1,Unknow,C,03/2007,
+21,Source/Original/CyberBot v2.2 - October 2006/index.log,Botnet,CyberBot,2.2,Unknow,C++,10/2006,
+22,Source/Original/DopeBot.A - Dec 2004/index.log,Botnet,DopeBot.A,Unknow,Unknow,C++,12/2004,
+23,Source/Original/MyDoom.A - Jan 2004/index.log,__,MyDoom.A,Unknow,Unknow,C,01/2004,
+24,Source/Original/ShadowBot - Sep 2008/index.log,Botnet,ShadowBot,Unknow,Unknow,C++,09/2008,
+25,Binaries/CryptoLocker Ransomware 20th Nov 2013/index.log,3,ransomeware,CryptoLocker,Unknown,Unknown,bin,20/12/2013,
+26,Binaries/CryptoLocker Ransomware 10th Sep 2013/index.log,2,ransomeware,CryptoLocker,Unknown,Unknown,bin,10/12/2013,
+27,Binaries/IllusionBot - May 2007/index.log,4,botnet,Illusion Bot,Unknown,Unknown,bin,00/05/2007,
+28,Binaries/AndroRat - 6 Dec 2013/index.log,1,botnet,AndroRat,Unknown,Unknown,java,06/12/2013,
--- a/malware-db.py
+++ b/malware-db.py
@@ -0,0 +1,152 @@
+#!/usr/bin/env python
+
+    #Malware DB - the most awesome free malware database on the air
+    #Copyright (C) 2014, Yuval Nativ, Lahad Ludar, 5fingers
+
+    #This program is free software: you can redistribute it and/or modify
+    #it under the terms of the GNU General Public License as published by
+    #the Free Software Foundation, either version 3 of the License, or
+    #(at your option) any later version.
+
+    #This program is distributed in the hope that it will be useful,
+    #but WITHOUT ANY WARRANTY; without even the implied warranty of
+    #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    #GNU General Public License for more details.
+
+    #You should have received a copy of the GNU General Public License
+    #along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import sys
+import getopt
+import inspect
+import subprocess
+import csv
+
+def main():
+	
+	# Set general variables. 
+	version=0.1
+	appname="Malware DB"
+	authors="Yuval Nativ, Lahad Ludar, 5fingers"
+	licensev="GPL v3.0"
+	fulllicense = appname + " Copyright (C) 2014 " + authors + "\n"
+	fulllicense += "This program comes with ABSOLUTELY NO WARRANTY; for details type '" + sys.argv[0] +" -w'.\n"
+	fulllicense += "This is free software, and you are welcome to redistribute it."
+	
+	useage='\nUsage: ' + sys.argv[0] +  ' -s search_query -t trojan -p vb\n\n'
+	useage+='The search engine can search by regular search or using specified arguments:\n\nOPTIONS:\n   -h  --help\t\tShow this message\n   -t  --type\t\tMalware type, can be virus/trojan/botnet/spyware/ransomeware.\n   -p  --language\tProgramming language, can be c/cpp/vb/asm/bin/java.\n   -u  --update\t\tUpdate malware index. Rebuilds main CSV file. \n   -s  --search\t\tSearch query for name or anything. \n   -v  --version\tPrint the version information.\n   -w\t\t\tPrint GNU license.\n'
+	
+	column_for_pl=6
+	column_for_type=2
+	column_for_location=1
+	colomn_for_time=7
+	column_for_version=4
+	column_for_name=3
+	column_for_uid=0
+	
+	def print_license():
+		print ""
+		print fulllicense
+		print ""
+	
+	def versionbanner():
+		print ""
+		print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+		print "\t\t    " + appname
+		print "Built by:\t\t" + authors
+		print "Is licensed under:\t" + licensev
+		print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
+		print fulllicense
+		print useage
+	
+	def checkresults(array):
+		if len(array) == 0:
+			print "No results found\n\n"
+			sys.exit(1)
+	
+	def checkargs():
+		print "Type: " + type_of_mal 
+		print "Lang: " + pl 
+		print "Search: " + search
+		
+	def filter_array(array,colum,value):
+		ret_array = [row for row in array if value in row[colum]]
+		return ret_array
+		
+	def res_banner():
+		# A function to print banner header
+		print "\nUID\tName\t\tVersion\t\tLocation\t\tTime"
+		print "---\t----\t\t-------\t\t--------\t\t----"
+		
+	def print_results(array):
+		# print_results will suprisingly print the results...
+		answer = array[column_for_uid] + "\t" + array[column_for_name]+ "\t" + array[column_for_version] + "\t\t" 
+		answer += array[column_for_location] + "\t\t" + array[colomn_for_time]
+		print answer
+		
+	options, remainder = getopt.getopt(sys.argv[1:], 'hwuvs:p:t:', ['type=', 'language=', 'search=', 'help', 'update', 'version' ])
+	
+	# Zeroing everything
+	type_of_mal = ""
+	pl = ""
+	search = ""
+	new =""
+	update=0
+	m=[];
+	
+	# Get arguments
+	for opt, arg in options:
+		if opt in ('-h','--help'):
+			print fulllicense
+			print useage
+			sys.exit(1)
+		elif opt in ('-u', '--update'):
+			update=1
+		elif opt in ('-v', '--version'):
+			versionbanner()
+			sys.exit(1)
+		elif opt in ('-w'):
+			print_license()
+			sys.exit(1)
+		elif opt in ('-t', '--type'):
+			type_of_mal = arg
+		elif opt in ('-p', '--language'):
+			pl = arg
+		elif opt in ('-s', '--search'):
+			search = arg
+	
+	# Rebuild CSV
+	if update == 1:
+		subprocess.call("./Rebuild_CSV.sh", shell=True)
+		sys.exit(1)
+		
+	# Take index.csv and convert into array m
+	csvReader = csv.reader(open('index.csv', 'rb'), delimiter=',');
+	for row in csvReader:
+		m.append(row);
+	
+	# Filter by type
+	if len(type_of_mal) > 0:
+		m = filter_array(m,column_for_type,type_of_mal)
+		
+	# Filter by programming language
+	if len(pl) > 0:
+		m = filter_array(m,column_for_pl,pl)
+		
+	# Free search handler
+	if len(search) > 0:
+		res_banner()
+		matching =  [y for y in m if search in y]
+		for line in matching:
+			checkresults(matching)
+			print_results(line)
+			
+	if len(search) <= 0:
+		res_banner()
+		for line in m:
+			print_results(line)
+
+
+if __name__ == "__main__":
+	main()
+
				`@@ -0,0 +1 @@`
				`d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9`
				`@@ -0,0 +1 @@`
				`c7dc529d8aae76b4e797e4e9e3ea7cd69669e6c3bb3f94d80f1974d1b9f69378`
				`@@ -0,0 +1 @@`
				`69e966e730557fde8fd84317cdef1ece00a8bb3470c0b58f3231e170168af169`
				`@@ -0,0 +1 @@`
				`a58b71b98182bbb2eb6a3ae42f3f2056b1673c11355dee59afc904df510c2f09`