DarkenBlack dox - spreading malware on cracked.to and snipr forum, meet Yuri.

[AZATEJ 109]

 

 

 

important links:

https://www.maltiverse.com/sample/2ae4f2068d0124a127a4f861131ec886f9f544d67a81a361b8c1e4ae64ccba73

https://www.reverse.it/sample/ccc862b03ada70eba9999519610fa4c8bda9c4eb3d1409c456c91ac939562203

 

 

Even cyka sabaky shit on this code, idk I barely understand it, I'm a fucking skid, sorry.

Code: 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' ) 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST / api / gate.get? p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 " 501 - 127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( ' POST ' ) 
127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0 HTTP / 1.1" 501 - 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' ) 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get? p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 " 501 - 127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' )
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST / api / gate .get p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 "? 501 - 127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST ' ) 
127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0 HTTP / 1.1" 501 - 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' ) 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get? p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 " 501 - 
127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' )
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST / api / gate .get p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 "? 501 - 127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST ' ) 
127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get?p1=0&p2=0&p3=0&p4=0&p5=0&p6=0&p7=0 HTTP / 1.1" 501 - 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' ) 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST /api/gate.get? p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 " 501 - 
127.0.0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST' ) 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] "POST / api / gate .get? p1 = 0 & p2 = 0 & p3 = 0 & p4 = 0 & p5 = 0 & p6 = 0 & p7 = 0 HTTP / 1.1 " 501 - 
127.0 .0.1 - - [ 22 / Jul / 2018 13 : 18 : 11 ] code 501 , message Unsupported method ( 'POST ' )

Its a victim was the bad guy.

 

After its launch on the victim's computer, collect all the data and transfer it to the server. Admin panel, it's the server part - a remote machine, which will come logs style. Logs come from client machines and are stored on the server until the owner of the method chooses to enter the server. The owner enters a valid login/password and is available to download/delete logs from different client machines. In general, the admin panel and the server part are separate entities. On the server, there is a panel that allows you to perform authorization and editing. But in general, it may not be. Logs - are a zip-archive with information about passwords, cookies, e-wallets, general information about the victim system and a screenshot of the desktop of the infected machine.

Well, I had to break the public law and deface some of his data. Of course in a good will, since I barely know what I'm doing. Shiet.

 

 

https://criminals.host/hfKTY.png[/img]

 

Well, that's what Yuri likes, well I personally like it too, but WELL I DONT FUCKING SHIT AGAINST OTHER SHITTERS, wtf is your peanut brain flying to?

 

https://criminals.host/huhPZ.png[/img]

Home of our friend.

He is sleeping now I think, its deep down nap.

- but i knocked doors several times

- call me Yuri, thanks.

 

 

---

Yuri defaced.

 

Guys, I want to elaborate some part, doxing is not cool, as long as you do this for lulz, without some possible purpose its lame as fuck, and I found doing it as another kid move in playing against others. The only reason to use this kind of gay plays is.. this example. To show other shitters that they as everyone leave some footsteps, and collecting those footsteps results in a privacy breach, and in this guy example - he made a mistake several years ago, and it's not smth I can avoid, you can prevent, and anyone can prevent. Its just all matter of how the fucking deep someone is going to get his motivated ass to get your shit. Doxing for the request, doxing for lulz, doxing anyone without purpose is also good reason to ban, inb4 ban yourself faggot. Well, fact.

 

https://criminals.host/UmTko.png[/img]

https://criminals.host/WgWBU.png[/img]

https://criminals.host/FvfTP.png[/img]

[align=center]

---

[/align]

 

Its location which fits 1:1 location of this profile - and now why out of nowhere I picked this profile, and not some random cyka? Remember that I can also be wrong, it's a bit like 9/1 in that case, but its a random Russian from Siberia, I'm not as much as charming personality to care. But well.

 

https://criminals.host/2YMQw.png[/img]

He is not a guy on the right, guys. On the right, you can see @Royals leaked photo.

 

https://vk.com/odon3419

ODON3419 is a key in the whole case.

 

 

Odon is used password within a lot of time over different Russian mailboxes on different providers.  But it's not enough to call him out for being that specific guy I know; we need a bit more evidence that THIS SPECIFIC guy knows shit about PC, according to his VK - is not apparent.

 

 

And there's a part of a chat where you can get logs over this specific guy VK account. I can deliver more, but I found this enough if you want more - cool. But in SOME RARE accident, it has to be his friend which nickname he used as a password, its possible.

Well, friends sometimes have to take responsibility for our stupid - well I tricked my morality.

 

 

 

---

Remember, don't spread shit on your bed.

Even Mongols as prisoners and shittery as damaged criminals polaks know about this rule. Remember that crackers are broke ass shitters if you want to get good hits - hunt for the big animal, for example, consider developing your wallet and providing it on BTC community.

 

Why not? I won't get mad for being as stupid to get tricked that way; I would admire it - Nah, I would get pissed in real, but who cares. Dont leak it for plebs outside, not because its fucking exlusive, but I dont want to flex around too much, it was about victim care for it, not for your knowledge. 

 

 

I wanted to also show how easy its to take down malware (i dont have any experience, srsly, used few tools + few paid ways) - even if we are potentially infected we can rid of problem, in theory. Most of the time its too late, anyway.  :kek:

[XenonDesign 16]

Yuri is my friend

[AZATEJ 109]

Yuri is my friend

 

Will ask you if still if he gonna get take a revange for it and will start a ddos of mine (in the end yours) server :D

[XenonDesign 16]

He can't anyways, everything is protected from skids like him.

[Her 226]

damn dood gg