Saturday, 11 August 2012

Tick Panel (hermes/tatanga)

If you look for the plugins found inside this panel: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1755#p15106

Dashboard:

You can move them like a widget:

Menus:








Yeah... This post will be long :)

Country:

Build:

Modules:

OS:

Browse bots:

Bot info:

Install graph:

Activity graph:

Death graph:

Infested network:

Bot info:

Build info:

Command:



Search form:

Task:

Bot info:

Upload file:

Module dependency:

Module sets:

Server list:

List drops:

Inject requests:

Page dumper:

Inject dump:

Inject source:

Capcha hosts:

Dumper hosts:

Drop templates:

Utility operation:

MySQL Processes:

MySQL Table:

Delete bot:

Bot files:

Worklogs:

List socks:

FTP Logs:

Search logs:

Parser templates:

Parsed accounts:

Update host:

Users:

Groups:

Menu editor:

Jabber alert:

11 comments:

  1. This looks really scary and advanced. Steven, can you tell us more about this? I'm well aware of all threats out there Zeus/SpyEye/Citadel but I have never seen this. This isn't Carberp is it?

    ReplyDelete
  2. Hi, no it's Tatanga, you can find more info here: http://blog.trendmicro.com/more-on-the-tatanga-banking-trojan/

    ReplyDelete
  3. and unlike SpyEye this malware is 'private' it's not sell on underground forums.

    ReplyDelete
  4. lol private projects and i have src it's
    not new but very cool.

    jabber: gangcash@jabber.org

    ReplyDelete
  5. The filter panel and some tables are familiar to me . Is this a heavy mod of zeus or some else http bot?(at least the panel)

    ReplyDelete
  6. Replies
    1. What do you mean by semi-private?

      Delete
  7. Isnt this the one without any auth?

    ReplyDelete
  8. Isnt this the one without any auth checking on pages?

    ReplyDelete
  9. zzz13 August 2012 13:42

    lol private projects and i have src it's
    not new but very cool.

    jabber: gangcash@jabber.org its a ripped

    ReplyDelete