enemy SSH/Telnet IoT botnet

ssh/telnet self replicating "flame" botnet, features:

• UDP/TCP/ICMP Flooding methods
• mirai syn scanner ran if root
• qbot scanner ran if non root
• skidripped tor cnc from zbot
• custom string encoding (char map lightaidra based)
• custom botkiller strings for memory scanning
• 1s sleep on botkill
• custom passlist for ssh
• custom tor cnc for onion that broadcasts loader server

EXPLOITS

• liferay
• sonicwall
• huawei (not working)

SPECIAL METHODS

• blacknurse
• DNS request flood (with random dns request id per packet)

TODO

• lateral movement accross current ip range

I ASSUME NO RESPONSIBILITY FOR ANY DAMAGES CAUSED BY THIS PROGRAM, SOURCE CODE, OR ASSOCIATED FILES POSTED.

THIS IS POSTED UNDER APACHE LICENSE AND IS ALSO CONSIDERED ART.