DiamondFox Kettu


DiamondFox, a modular botnet offered for sale on various underground forums, is an outstanding demonstration of the many
advantages of this business module. By purchasing a single product, the buyer is granted access to a variety of capabilities,
in the form of plugins, and can plan and execute multiple campaigns: a tailored espionage campaign, a credentials theft
the campaign, which can be the basis of an extensive monetary theft operation, and even a simple, yet highly effective distributed
denial of service (DDoS) attack.

BOT: - NATIVE. Don't need any kind of windows dependencies. - SMALL. Bot with their configurations is ~90kb. - ENCRYPTION. Fully encrypted HTTP communication with the panel and all bot settings and data. - COMPRESSION. All data uploaded and received from the panel is compressed. - MODULAR. The bots works based in a modular system. Modules can be loaded from the panel or loaded locally from the bot body. - ALL WINDOWS. Working with windows versions (7, 8, 8.1, 10, Server 2012 and above) and in both architecture (x86/x64) - USER MODE. No need admin rights to work. - ANTI-ANALYSIS. Avoid the execution of the bot if a debugger, virtual machine or sniffer is present. - CUSTOM INSTALLATION. The installation path, installation name and installation sub folder can be set by the user - MELT. Automatically delete the file after the execution. This can be enabled or disabled. - UNICODE. Working in all language systems (the world is yours!) - CONNECTION. You can set an unlimited gate list, the bot will detect online gates and select the available. - STARTUP. The bot have four startup methods: startup folder and registry keys: run/runonce/polices. - ROUTINES. Each routine can be customized with a time. - SCREENSHOTS. Bot will take and upload to the panel screenshots of the machine. - INFORMATION. The bot grabs and send to the panel the next information about the infected machine: GUID, username, pc name, av installed, operative system version, ram, processor, GPU, HD space, OS architecture, admin/user identification, laptop/PC identification, user domain, local IP, installed software, running tasks, ping, computer inside the same network, screen resolution and environmental variables. - STABLE. Bot will maintain a good communication with the panel. - NAMECOIN DOMAINS SUPPORT. Added support for namecoin domains .bit, .lib, .emc and .coin.   PANEL: - CLEAN CODE. Codded in PHP/JS with AJAX, no ioncube or any other kind of encryption to the panel. - UNICODE. It can show text from any language. - MINIMUM REQUIREMENTS. Only PHP 5.6, MYSQL, ZIP and curl support needed. - MULTI USER. The panel allows you to create and manage more than an user and put limits of the actions of the user can do. Excellent to work with team. - PROTECTION. The panel have auto banning features if detect suspicious activities of a bot (ex. Unauthorized upload attempt) or from an user (ex. Login brute force). This can be enabled/disabled. - NOTIFICATIONS. Real time notification when a bot connects to the panel. It shows a green line and a sound. This can be enabled/disabled. - VIEW. The bots can be viewed in two modes: list (it will show the bots like a list with a short information about it) and grid (this allows you to see a more detailed information about the bot and a desktop preview) - TASKS. Tasks can be set in three modes: Single execution, each restart execution and only new bots. - FILTERS. Tasks can be filter by: HWID, country, av installed, OS version, ram size, processor, GPU, HD size, OS architecture, user privileges, PC/laptop, installed software, running tasks, limit executions or random executions. - STATISTICS. The panel generate statistics about reports, avs installed, os versions, os architecture, user privileges and bot version. It also generate an statistic about the last 7 days of new bots and new USB spreads. - REPORTS. All reports are in order and it can be downloaded or deleted with just a click. In the report page you can see a detailed statistic about reports. - TASKS MANAGER. You can track your tasks in real time and see a log of the last 50 executed tasks to check if it was executed successfully or it failed. - SETTINGS. In this tab you can setup the amount of bots per page, amount of report per page, ajax reload times, change your username or password, maximum login fails and gate file name. IMAGES FROM PANEL: Reveal hidden contents This version it is focused in modules so here is the list of available modules: BROWSER PASSWORD STEALER: - grab stored passwords from browsers. - Working on: Chrome, Firefox, Internet Explorer, Microsoft Edge, Opera, Vivaldi, Waterfox and Seamonkey. FTP PASSWORD STEALER: - grab stored password from ftp clients. - Working on: Filezilla, FTPGetter, FTPExplorer and Frigate. IM PASSWORD STEALER: - Grab stored password from instant messaging clients. - Working on: pidgin, ICQ, Trillian, MSNmessenger and Miranda. EMAIL PASSWORD STEALER: - grab stored passwords from email clients. - Working on: Mozilla thunderbird, hotmail and Outlook (All versions) WINDOWS RDP PASSWORD STEALER: - grab stored passwords from windows RDP. WEB HISTORY GRABBER: - Grabs the web history of the last 6 hours. - Working on Chrome, Firefox, Internet Explorer, Microsoft Edge and Opera. HIDDEN AMMYY ADMIN: - Allows you to view the desktop in real time and explore, download and edit files hidden. - Working from XP to Windows 10 both architecture X86 and X64. - Not working in windows server versions. - screenshots: https://ibb.co/bz90ccv https://ibb.co/18twMjd https://ibb.co/ct2Cdxs https://ibb.co/8XHVHVW REMOTE CONSOLE: - Allows you to send commands and retrieve the response of the remote shell. - Working with all command-line applications. - Can be used for execute command-line software like mimikatz. - screenshot: https://ibb.co/426Dcb9 FILE STEALER: - Allows you to find files in the remote machine and upload it to the panel. - Maximum and minimum size can be set. - File type can be set using wildcards. - You can set a custom path for search. - screenshots: https://ibb.co/tqQ8QYN https://ibb.co/g60KPtF https://ibb.co/jZSYYDN KEYLOGGER: - Sends to the panel all data written with the keyboard of the infected machine. - Grabs windows title, date, hour, clipboard and data written. - You can target the keylogger using the windows title or a word inside it. - Clipboard data can be enabled/disabled. -screenshots: https://ibb.co/8B5X13K https://ibb.co/fQSr1vx https://ibb.co/VpKWmKd https://ibb.co/VWwc70F CRYPTO HIJACKER: - Scan the clipboard data for crypto wallet addresses. - Detect bitcoin, bitcoin cash, litecoin, ethereum, dogecoin, dash, monero, neo and ripple. - When it found a crypto address it will replace the data with your wallet address. USB SPREAD: - Spread the bot using LNK files in the USB drive. - You can track all spreads in your panel. BOLT BUILDER [JS/VBS LOADER]: - Generate a small version of the main bot. - Can be created in Javascript or visual basic script. - Online builder. Create all files you want in the panel. - Online crypter. It generate an encrypted version of the loader ready to spread. - You can download and execute extra files from there. - screenshots: https://ibb.co/vxRztbw https://ibb.co/HH8b81F https://ibb.co/1XhsdFK VIDEO RECORDER: - Create an .avi video of the user actions. - Follow the mouse pointer. - The width and Height can be set by user. - The frames per second can be set by user. - Time for recording can be set by user. - The trigger for recording can be the mouse movement or a custom window title. - Uses the MSC1 encoder provided by microsoft. - Screenshots: https://ibb.co/HKGYMtL https://ibb.co/F7YjFy1 - Video Sample: https://streamable.com/d506f BOTKILLER: - Scan in the startup registry and remove all the created entries for .exe, .com, .pif, .bat, .cmd, .scr. - Clean the startup folder. - Detect and remove script malware in format .js, .vbs and .hta. - Detect and remove fileless malware in the registry. - NOTE: Enabling this module will avoid the installation of extra malware. UAC BYPASSER: - Working from windows 7 to Windows 10 (x86 - x64). - Bypass UAC selecting the best exploit for the current OS. - It use Fileless exploits. - Include wsreset.exe, eventvwr.exe, fodhelper.exe and sdclt.exe exploits. - If a new fileless bypass it is discovered i will add it to the module. PERSISTANCE: - If the main process file is stopped it will be respawned. - If the main bot is deleted it will be restored. COOKIES GRABBER. - Grab stored cookies of: - Firefox - Google Chrome - Microsoft Edge. JABBER NOTIFIER: - receive real-time information from your panel. - Fully customizable actions for notify: - User login in panel. - Favorite client comes online. - Received browsers passwords. - Received FTP passwords. - Received IM passwords. - Received Email passwords. - Received track1/track2 data. WALLET STEALER: - Electrum - ElectrinCash - ElectrumSV - Exodus - Jaxx Liberty - Atomic - Coinomi - MultiBit - Armory - digital - Electrum-LTC - MultiDoge - BitcoinDark - Unobtanium - Dash - Bitcoin - Litecoin - Namecoin - PPCoin - Feathercoin - NovaCoin - Primecoin - Terracoin - Devcoin - Anoncoin - Paycoin - Worldcoin - Quarkcoin - Infinitecoin - DogeCoin - AsicCoin - LottoCoin - DarkCoin - Monacoin DYNCHECK [01.05.2020]: Runtime FULL internet connection (9/23) - https://dyncheck.com/scan/id/b24bf19633f278e24d5fac1311c3f3bb *settings of this built: - Melt=OFF - Antidebug=ON - Install=ON - Startup=ON - bot was crypted.