ytisf / thezoo Goto Github PK

I'm trying to run Petrwrap ransomware but I can't.
027cc450ef5f8c5f653329641ec1fed9.exe informs that is not correct Win32 app, myguy.hta and svchost.exe do nothing, files from .gz files looks like doc/rtf/exe file but do nothing too.
Ransomware.Petya works correctly, both bin files after changing extensions to exe do the job.
What am I doing wrong with Petrwrap?

Create an external repository which malwares would be pull from.

https://www.opensc.ws/showthread.php?t=19475

have versions more updated of aryan.

list;
The pack contains the following sources:
Port Scanner
Dark Crypter
FireFox 3.6 Decrypter
Agony
Aryan RAT v0.3
Aryan RAT v0.4
Aryan RAT v0.5
Basic Keylogger Source
Black Sun
BlindSpot v1.0 (Binder)
Files Merger
Call Of Duty 6 - Modern Warfare 2 - MPHack
Cryptic3 Crypter
DCI Bot
Down Trojan RAT
Client RAT
El Backdoor Small v1/2.0
Example Drag&Drop
F0xit 0.1
FBI RAT
gh0st 3.6
Harvecter bot
hBot Source
JABT1.2 - Justin Another Binder Tool
Juu2 IE7+FF steal
Little Joiner
Loading DLL infect PE
LocustPEA
Mail Sender - C++
Dump MSN Contacts
Nerzhul
Net Bot Attacker 5.5 RAT+DDOS
Polymorphic crypter
ProAgent V1.21
PsyRAT 2
Rat-b
Ratling
Reptile Bot
Rhapsody reverse connecting RAT
ri0tv5 Bot
UDP Tunnel
SpecialTrojan V5.0
Viotto OCX registrator - Source

python theZoo.py -f XtremeRat
...
| 64 | botnet | c        | x86          | win32    | XtremeRat | 

But indeed XtremeRat language is not C.

make an option to update from git.

I was checking the database and the VIP boolean column is not documented. What is the meaning of that? The name doesn't really explain much.

error get command
error get malware failed

As stated in the title, winreadline module does some manipulations that make python.exe crash with Access Violation error (Exception code: 0xc0000005). I'm on Windows 10 and currently I can't tell if it applies to earlier versions too.

I managed to work around this issue by commenting out related lines in terminal_handler.py file (both import at the start of the file and completer setup in Controller init method).

My python version is:

Python 2.7.11 (v2.7.11:6d1b6a68f775, Dec  5 2015, 20:32:19) [MSC v.1500 32 bit (Intel)] on win32

Hello,

I am looking for a client some tool to damage HDD.

Please whats the password for the rig exploit kit zip and also i have a copy of rig exploit kit, i tried installing it which i did successfully but i couldn´t seem to find my way into the admin, i copied the admin password from my database and i decrypt it being MD5# but when i paste the password into the manage area it doesnt log in, can someone show me or tell me a way around this and also, does the copy uploaded here works?

I realize that the cpp file is actually exe file.
But I don't know what is mqjbtxwl.fee file.
What should i do for running?
What I want to do is running reveton ransomware in my VM for dynamic malware analyzing.

Best Regards.
Doyeon

i have tried to open in this folder(Ransomware.Locky.ZIP) it's need password if anyone knows password please send this is my mail id [email protected].

I think it'd make a good addition to this repository. I don't have a copy of it, though.

Channel is "#theZoo-git" on freenode network

Current readme is not updated and documentation is missing.
Need to fix that...

Sorry whats the password? Please help.

I am not sure how I should make such a request and forgive me if this is the incorrect way to ask.

How can I get a copy of the Petya document that was in the word document spread via MeDoc?

I have seen some links but they're dead and I cannot access them.

Does anyone have a copy ?

Change the name "Malware DB" in the README file to current name "theZoo"

Hello, I would like to know what the password is to unlock the device after being infected by Ransomware, I really liked the tool I found very robust, one more thing, I could set a password that only I have access to?

So, I think to avoid confusion as the project is called theZoo the main python should also be named thezoo instead of malware-db, in the Arch AUR package I changed the executable name to the zoo and I think you should consider doing the same for the git.

What say you ?

Convert and use XML as the main configuration file format for theZoo project.

For the past few days ive been trying out ransomware because ive done a lot of pc repair well i stumbled a cross ransomware.jigsaw but i cant seem to figure out how to execute the jigsaw ransomware inside my virtualbox can some one help me out please?

Pleas is there away we can have a chat? pleas or any direct contact private

Hi i found a mega pack of sources of malware.
The page:
https://fuckav.ru/showpost.php?p=146838&postcount=1

Down you can see the link to download the files.

I want to create an AUR PKGBUILD for this project, what does the upgrade interval is going to be ? every month ? 2-4 months ?

Thanks,

This is kind of a semantic question, but I figure there might be an interesting reason why.

https://www.virustotal.com/en/file/7ba09403e9d7122a20fa510de11f7809822e6e11efb164414e2148b762cf4e75/analysis/

this is Dino malware cloud you upload on your malware repository

sorry for asking hear

thanks indeed

you can add from here https://github.com/stamparm/EternalRocks

Title

Is there a reason every time I try to run theZoo.py python crashes in Windows?

The password of the .zip on this github is "infected" as usual but there is a .rar file in that .zip that also has a password...

I have tried these passwords: AndroRat, AndroRAT, androrat, androrat.rar and ANDRORAT.

These were all wrong.

I hope that someone has the password and can solve this issue.

Password for KRBanker.zip file is not "infected". I am not able to unzip the file.

Thank you,
Radhesh

I want to use this framework, other than use command nothing works. Kindly add or share demonstration / usage / tutorial. And cant seem to understand how to use this. Please help.

When you run the python file you get the following output:

File "theZoo.py", line 85
print vars.maldb_banner
^
SyntaxError: Missing parentheses in call to 'print'

I am wondering if someone can provide me some guidance. I am trying to pull some ransomware to load on a VM for educational purposes. I have tried a bunch of different types off https://github.com/ytisf/theZoo/tree/master/malwares/Binaries but none of them seem to load or do anything after they are extracted. I get prompted for the password and the zip files take the password, but I cannot seem to get infected. :)

I am using a Windows 2012R2 vm with no Antivirus/Windows Defender.

I would have thought this would be easy.

Any help would be appreciated.
Thanks,
Greg

Dropper.Taleret password failed

thank you

The password file lists the password as "infected ", but "infected" or infected with the space included at the end do not work. I have experienced the same issue with Dropper.Taleret as well.

theZoo\malwares\Binaries\Dropper.Taleret\Dropper.Taleret.zip
theZoo\malwares\Binaries\Trojan.Tapaoux\Trojan.Tapaoux.zip

I run theZoo.py file by python 2.7 in my virtualbox and accept this EULA ,but don't know how to use the malwares included.Can you tell me the commands to exploit the package?

Hi i saw that you included this malware (poweliks= in your list i think it's available only binaries not source. i'm searching one malware with source that will work like dll to write article. You know someone similar for this? Sorry for asking but it because i dont want to implement at first and maybe in this collection are someone useful with source.

Hi

I just tried to run the virus in a windows vm its not working have you tried the same on a windows vm
dows it work in a virtualized enviorment

https://github.com/alienwithin/0x88

I don't know if you are technically allowed to put a general license on the repository. Even though malware is bad the authors still have copyright power. They probably will never issue any DMCA requests but just for correctness sake you might want to consider handling licensing differently.

Hi,

I wanted to know how to apply or use the malware source files given?

http://ytisf.github.io/theZoo/

Thank You.

Can't create a PR for this at the moment, but if it's not done by the time I have a chance, I'll throw one together. Seems like Dridex/Locky creators have been working on a new strain of Ransomware called Bart:

https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky

Bart Sample from Proofpoint's article:
[hxxps://summerr554fox[.]su/files/6kuTU1.exe]

Haven't tested to see if it's still live.
Looks like you might be able to get a sample of RockLoader as well, since that's the main dropper they use.

JavaScript Rockloader Payload, Use Extreme Caution:
[hxxp://camera-test.hi2[.]ro/89ug6b7ui?voQeTqDw=RUYEzU]

http://a2emrmdsprmm6t7i.onion/viewtopic.php?id=41 a shit load of source code for malware.

hello, I was wondering about the tyupkin folder. i showed it to my friend and he said it was fake...

Screen the repo https://github.com/fdiskyou/malware for possible new content.

Hello! I install it but it's not clear what to specify in the settings as VDS, tell me which php file is responsible for the exploit itself? Proxy.php or download?

What is the password for CryptoLocker? Cant seem to find it.