Taurus Project, SPECTRE v3, Raccoon, Mars, Ficker, REDLINE, SMOKE, VIDAR. Если есть ещё норм паблик софты (желательно не на .net)(стоит ли добавлять WARZONE?) - кидайте ссылку на тред, либо дополняйте таблицу сами. Буду также рад каким-то исправлениям, новым параметрам сравнения. По детектам инфы вообще нет сейчас в таблице. Экспорт через File -> Share table...
По хорошему, стоило бы на tabulator сделать, но там нет онлайн редактирования с простым экспортом. А тут 9000 экспортов (даже в sql и bb-коды, лол...) меня подкупили. А шар по линку вообще максимально удобно.
https://truben.no/table/#t=XQAAQAA8...zFqwCq8F-AqB-ePZ6G0nANdBkkIGraDqF6EFgv__9jnO9
По хорошему, стоило бы на tabulator сделать, но там нет онлайн редактирования с простым экспортом. А тут 9000 экспортов (даже в sql и bb-коды, лол...) меня подкупили. А шар по линку вообще максимально удобно.
https://truben.no/table/#t=XQAAQAA8...zFqwCq8F-AqB-ePZ6G0nANdBkkIGraDqF6EFgv__9jnO9
| upd24.08.21 | Raccoon | VIDAR | Mars | REDLINE | SMOKE | SPECTRE v3 | Ficker | Taurus |
|---|---|---|---|---|---|---|---|---|
| Status: | active | active | active | active | active | abandoned, V4 is in active development | abandoned (last update: 02.10.2020) | abandoned (last update: 09.01.2021) |
| Pricing: | 75$ per week/200$ per month + 50$ per build with clipper | 130$ per week / 300$ per month / 750$ per 3 months; BTC | 140$ per month or 160$ per month for advanced edition (uses social media\any website to obtain gates urls) | 150$ per month / 800$ lifetime (+crypt, loader, dyncheck-scan, .doc joiner); BTC, ETH, XMR, LTC, USDT | bot\loader - 400$ modules: fake dns - 100$ form grabber - 300$ pass sniffer - 100$ stealer - 100$ ddos - 200$ procmon - 50$ remote pc - 150$ keylogger - 100$ grabber - 50$ email grabber - 100$ rebuild - 30$ | 70$ per month + 15-25$ per hosting&domain (optional) + 30$ for demo version (optional, free if buying later); BTC, XMR | 90$ per week / 200$ per month / 900$ per half-year | Lifetime 150$ + 50$ per update\rebuild + 10$ per prefix change; XMR |
| Lang: | C/C++ (no crt)(sqlite lnk, dwns some libs in runtime?) | C++ | C (no crt, no std)(sqlite dwn) | .net | ? | C++ | Rust + ASM | C++17 (no crt)(std, sqlite lnk) |
| Dependencies: | - | - | - | ? | ? | - | - | - |
| Bits: | x32 | x32 | x32 | x32 | x32 | x32 | x32 | x32 |
| Size (no compression): | ~560KB | ~600KB | ~95KB | ~80KB | ~35KB | ~470KB | ~250KB | ~250KB |
| Unavailable countries: | RU, UA, BY, KZ, AM, AZ, KG, MD, TJ, UZ | RU, UA, BY, KZ, AM, AZ, KG, MD, TJ, UZ | RU, UA, BY, KZ, AM, AZ, KG, MD, TJ, UZ | custom | RU | - | RU, UA, BY, KZ, AM, AZ, KG, MD, TJ, UZ | RU, KZ, UA, BY, GE, AM, TJ, UZ. |
| OS: | Windows 7\8\10 | Windows 7\8\10, Server ("all, except we don't test XP but should work too") | Windows 7\8\10, Server | Windows (?) | Windows 7\8\10 | Windows 7\8\10 | Windows XP\7\8\10, Server | Windows (?) |
| Detects: | rt: 13/26; st: 4/26 | rt: 12/23 | rt: 3/23; st: 7/23 | ? | ? | ? | ? | ? |
| Residential: | - (+ with clipper) | - | - | + | + | + | - | - |
| Dashboard tech: | ?. Seller infrastructure. Onion domain, antiddos, 2fa. | ?. Seller infrastructure. Antiddos. | ?. Selfhost. | ?. Selfhost. | ?. Selfhost. | PHP, ?. Seller infrastructure. | Rust + React, some unix (?), 2ram 1cpu. Selfhost, oneliner-install. | Golang, Ubuntu 16, 2ram 2cpu. Selfhost, oneliner-install. |
| Dashboard usage: | JS. Multiuser (no admin; user (you): give log to other user) Top: countries | JS. Singleuser. Top: countries, all time count, all time normal\priority logs proportion, last month graph. | JS. Singleuser. Top: logs since last week\month\all, all passwords count, countries, popular passwords, passwords per browser, last logs with "binance" mention, last logs with "blockchain" mention, last logs with cold wallets | JS. Singleuser (multiuser tg notifs). Top: countries, os versions, anti-viruses. All time count for passwords, autofills, cookies, cc, grabbed files, ftp\im grabbed. | JS? Singleuser. Counts: all time, today online, now online, tasks, loads, runs, updating, doubles, ddos, "sellers" ("prefixes") all time, "sellers" online now. Top: OS versions, bits, privileges, countries, online now countries. Top-stealer: top-10 urls, top-10 software. Last bots (id, ip, country, datetime). | JS. Singleuser. Bot functions. | JS. Singleuser. Top: wallets, logins, countries, cookies, etc (?). | JS. Multiuser (admin (you): change username\pass; user: give log to other user, delete, change log status). Top: countries, builds (prefix), OS versions, wallets, browsers. |
| Logs management: | Rows info: checked\unchecked, double (if someone on raccoon owned same machine), comment, counts (passwords, cookies, CC, autofills), tags, creation date, log size, country. Filter by: rows info CSV export. ZIP export <5kk. | Rows info: marks, country, IP, ID, creation date, priority, paypal (cookie count), unique, counts (wallets, passwords, cc, grabbed files), favorite, domains, comment, passwords per browsers. Filter by: rows info. Preview. Export filtered. Multisearch. | Filter by: log ID, IP, country, comment, system.txt contents, creation date from-to, passwords.txt contents, tags Delete empty logs. Show only with crypto wallets. Show only unique. Export. Passwords preview. Markers (custom colored keywords). | Rows info: ID, HWID, IP, counts (passwords, cookies, CC, wallets), build, country, creation date, comment. Filter by: cookie domain, cookies\passwords count, telegram\steam\files grabbed. Export filtered (by country, build, comment, OS version, domain in passwords, domain in cookies, cc, autofills, grabbed files, grabbed IM&FTP - Multisearch)\all. Sorter (places logs in separate folders by domains presented). Preview (system info, cookies, passwords, cc, ftp, im, files) | Rows info: ID, IP, OS, bits, last online, country, "seller" ("prefix"), privileges. Filter by: id (glob), ip, country, form-grabbed content | Rows info: machine status (idle\active\offline), ip, country, lag, OS version. | Filter by: domain\value in cookie, passwords, countries, ip, have CC\FTP\crypto, comments. Multisearch. Exclude domains. Saved filters. Duplicates hide, empty hide. Export logs by filter. Preview (cookies, passwords, ftp, cc, wallets). | Rows info: build, OS, ip, country, date, comment, counts (passwords, cookies, CC, autofills), last online. Filter by: rows info and - checked\unchecked, passwords for domains, wallets, countries, prefixes, Domain Detect groups, app sessions, software installed, UID, favorites, date (from-to). Frontend-based (=lags). Multisearch. Delete where passwords, cookies, CC, autofills count less than N. Batch commenting, log-preview, favorite logs. |
| Virtual runtime environment detection: | + | + | - | + | + | + | ? | + (c) |
| Reserve C2 domain: | infinite | infinite | some | some | - | + (4 per build) | ? | + (1 per build) |
| Unicode: | + | ? | - (ascii) | ? | ? | ? | ? | + |
| File grabber: | %DSKxxx% | Path, filename mask (glob). | %APPDATA%, %LOCALDATA%, etc CSIDL, filename mask (glob), max filesize (c), recursive (c) | Path, extension. Recursive (c). | Filename mask (glob), max filesize (c). | Path, filename, extension, max filesize (c). Pack in zip. | + | Path, filename mask (glob; multi), content filter (exceptions), max filesize (c), recursive (c), suspendable, matched domains filter. |
| Loader: | Filter (only with domains) .dll and one function from .dll | Filter (marks, countries). | Args, filter (only with domains in passwords\crypto) | RunPE | Filter (coutries: include\exclude). LoadLibrary, regsvr32, RunPE. .bat, .exe, .dll. Public stats. | + | + | Args, filter (countries: include\exclude, only with: domains\crypto), autorun |
| Clipper: | BTC, LTC, ETH, XMR (+donation), DOGE, ADA, BNB, ZEC | - | - | + | - | BTC, ETH, XMR | - | - |
| Clipboard logger | - | - | - | - | - | Live, data + active window title | - | - |
| Keyboard logger: | - | - | - | - | configure processes to log | Offline, on\off, active window title | - | - |
| HVNC\HRDP: | - | - | - | - | - | "Hidden browser" (?) | - | - |
| Run: | - | - | - | - | - | Single, group, mass. Multiple commands per bot (queue). Output available. | - | - |
| Visit url: | - | - | - | + | - | + (headless\using installed browser) | - | - |
| Screenshot burst: | - | - | - | - | - | + (window title match, 3\5\10) | - | - |
| Reverse proxy: | - | - | - | - | - | ? | - | - |
| Web inject: | - | - | - | - | kinda (http only via fake DNS) | - | - | - |
| USB\files propagation: | -\- | -\- | -\- | -\- | -\- | -\- | -\- | -\- |
| Form grabber | - | - | - | - | https support | - | - | - |
| Passwords, cookies, autofills, history, CC from: | no history | also download history | no history | no cc, history, autofills | no history | |||
| Chrome | + | + | + | + (c) | + | + | + | + (c) |
| Firefox | + (no cc) | + | + | + (c) | + | + (no cc) | + | + (c) |
| Edge | + (? "all poplular") | ? ("all popular") | + | + (chrome-based only?) | + | + | + (chrome-based only?) | + (c) |
| IE | - (? "all poplular") | + | + | - | + | - | - | + (c) |
| Opera | + | ? ("all popular") | + | + (c) | - | - | + | + (chromium-based only) (c) |
| Brave | + | ? ("all popular") | + | + (c) | - | ? | + | ? |
| UC/QQ | +/? | ?/? ("all popular") | -/- | +/+ ("asian browsers supported") | -/+ | ?/? | ?/? | ?/? |
| Chromiums | - (? "all poplular") | + ("all popular") | + | + (c) | - (amigo, chromium and yandex only) | - | + ("40+") | + |
| Geckos | - | ? ("all popular") | + | + (c) | - | - | + ("40+") | - |
| Cookies type: | Netscape and json | Netscape and json | ? | ? | ? | ? | ? | Netscape |
| Crypto addons: | see full list of crypto plugins in thread | see full list of crypto plugins and cold wallets in thread | ||||||
| Metamask | + | + | + | + | - | - | - | ? |
| Ronin | + | + | + | + | - | - | - | - |
| Tron Link | + | + | + | + | - | - | - | - |
| Guarda | + | + | + | + | - | - | - | - |
| Binance Chain | + | + | + | + (chrome) | - | - | - | - |
| Brave wallet | + | - | + | + | - | - | - | ? |
| Jaxx Liberty | + | + | + | + | - | - | - | + (c) |
| Crypto cold wallets: | ||||||||
| Bitcoin Core | ? | + ("wallet.dat") | + | + | - | - | ? ("top 15+") | + (c) |
| LiteCoin | ? | + ("wallet.dat") | + | + | - | - | ? ("top 15+") | + (c) |
| ByteCoin | ? | + ("wallet.dat") | + | + | - | - | ? ("top 15+") | + (c) |
| ZCash | - | + ("wallet.dat") | + | - | - | - | ? ("top 15+") | - |
| Dash Core | ? | + ("wallet.dat") | + | - | - | - | ? ("top 15+") | + (c) |
| DogeCoin | - | + ("wallet.dat") | + | + | - | - | ? ("top 15+") | - |
| Electrum | + | + ("wallet.dat") | + | - | - | - | ? ("top 15+") | + (c) |
| Electrum-LTC | + | + ("wallet.dat") | + | - | - | - | ? ("top 15+") | ? |
| Atomic | + | + | + | + | - | - | ? ("top 15+") | + (c) |
| Coinomi | + | + | + | - | - | - | ? ("top 15+") | - |
| Exodus | + | + | + | - | - | - | ? ("top 15+") | + (c) |
| Ethereum | ? | ? | + | - | - | - | ? ("top 15+") | + (c) |
| Multibit | ? | ? | - | - | - | - | ? ("top 15+") | + (c) |
| Jaxx Classic | + | ? | + | - | - | - | ? ("top 15+") | + (c) |
| Wasabi | + | ? | - | - | - | - | ? ("top 15+") | + (c) |
| Daedalus | + | ? | - | - | - | - | ? ("top 15+") | + (c) |
| MyMonero | + | ? | - | - | - | - | ? ("top 15+") | + (c) |
| Electron Cash | + | ? | + | - | - | - | ? ("top 15+") | - |
| Green Address Wallet | + | ? | + | - | - | - | ? ("top 15+") | - |
| MultiDoge | - | ? | + | - | - | - | ? ("top 15+") | - |
| FTP clients: | ||||||||
| WinSCP | - | + | - | + (c)("ftp clients") | + | - | + | + (c) |
| Filezilla | + | + ("ftp") | - | + (c)("ftp clients") | + | + | + | + (c) |
| WinFTP | - | + ("ftp") | - | + (c)("ftp clients") | - | - | - | + (c) |
| Sessions: | see full list of 2fa plugins in thread | |||||||
| Authy | - | - | + | - | - | - | - | + (c) |
| Authenticator | - | - | + | - | - | - | - | - |
| GAuth Authenticator | - | + | + | - | - | - | - | - |
| Telegram | - | + | - | + ("IM clients") | - | - | ? | + (c) |
| Steam | - | - | - | + | - | - | + | + (c) |
| Discord | + | - | - | + | - | - | + | + (c) |
| Pidgin | - | - | - | + ("IM clients") | - | - | + | + (c) |
| Thunderbird | - | - | - | + ("IM clients") | + | - | + | - |
| Psi\Psi+ | - | - | - | + ("IM clients") | - | - | ? | +\+ (c) |
| Foxmail | - | - | - | + ("IM clients") | - | - | ? | + (c) |
| Outlook | - | - | + | + ("IM clients") | + (2007-2016) | - | ? | + (c) |
| PC stats: | "System info" (?) | ? | UID, IP, country, timezone, language, layouts, path to exe, hostname, username, desktop\laptop, CPU, GPU, RAM, OS version, bits, installed software | IP, country, city, zip, username, HWID, layouts, screenshot (c), display resolution, OS version, UAC settings, is running as admin, user-agent, GPU, CPU, anti-virus installed. | ? | Software, "hardware info" (?), process list | CPU, installed software, display resolution. | UID, build ID (aka prefix), creation date, IP, country, OS version, bits, disks, all usernames, hostname, keyboard layout, CPU, GPU, motherboard, RAM, display resolution, execution dir path, installed software, desktop screenshot (c) |
| Selling thread: | https://xss.pro/threads/29414 | https://xss.pro/threads/53183/ | https://xss.pro/threads/51631/ | https://xss.pro/threads/42762 | https://xss.pro/threads/36656 | |||
| Also | MaaS with own gates. DLL build available. Crypt in panel. | MaaS with own gates. Marks\categories system (highlight in rows info, notif - by domain in passwords\cookies\history). Telegram notifs. Public stats per build (c). Ban by IP. | Backend decrypt. | Sending files on the fly. Builder, cert and metadata cloner, size pumper in panel. Wallet.dat balance check. Runtime exceptions. Public link for build stats (c). Telegram notifs (with filters, multiple recipients, etc). HWID blacklist. | Low -> High privileges elevation. | Sending files on the fly, backend decrypt. | Grabs battlenet info (c), skype dialogs (c). History grabbing is (c). Ban rules (country, ip, UID). Rewrited Predator. Probably same team. |
Последнее редактирование:
