[Partial] Onliner Spam Network
by Nominal - September 09, 2017 at 07:52 AM
#25
(September 13, 2017 at 03:07 AM)plastic Wrote: Thanks for updating your post. Im interested, were the vulnerabilities you exploited on the C&C host itself (the Netherlands) or one of the relay servers? I tried brute-forcing the path on the C&C server itself but did not get any hit.

I also looked for a malware sample to try find where it was looking but none was public.

The C&C server was offline at the time, likely due to the publicity of the article. I've been testing it periodically, but it hasn't been responding. I have a pretty good idea of what the directory structure should look like.
#26
That's pretty cool. It's indeed trivial to try and get the source files once published, yet you're the only person I've seen here that actually went and got it done- good job man!
#27
thank you very nice ....
#28
thanks , well done!
#29
Gotta give credit where credit is due. Good job Wink
#30
Thanks , amazing share!
#31
Thank you for sharing, hopefully we'll get the full version
#32
Thank you for sharing
#33
Thanks. This is good.
#34
Partial but good ? Because I don't want use my 8 credits for a fake list !!!

(September 09, 2017 at 07:52 AM)Nominal Wrote: Please Read This First!

This is NOT the full leak. Don't download this expecting all the records that Troy Hunt claimed existed. These are very specifically the files from the MailerSMTP module on the servers that benkow_ found. Troy Hunt linked to benkow_'s blog post, and benkow_'s blog post contained a list of servers and vulnerabilities. It was trivial to download the files from the server that were still online. You can easily verify this by downloading them yourself from the same servers. Or, if you don't know how to do that, you can download them here. Either way, same files.

This only has SOME of Troy Hunt's data. I couldn't find the rest. Maybe it was deleted.

If anyone is able to send me a fresh malware or spam sample, I can probably get the full leak, assuming it still exists.

--------------------

Original post:

This isn't the full leak as described by Troy Hunt but it does contain lots of interesting stuff. The servers that were still online when the data was pulled didn't have the big file Troy was talking about. It contains lots of other leaks. I included a file list below. This came from a spam operation, so they were mostly interested in emails. Some files have passwords, some have been stripped down to emails. You can get a good look at how the spam network operates from some of the folders, including all messages, subjects, and from names.

Full list of files: https://ghostbin.com/paste/5ytre
Info about leak: https://archive.fo/4o3OP

Again, this is only a partial leak. I don't have the rest of the data. I personally retrieved the data from the same servers as Troy Hunt, so I know for certain it's the same leak.


Extracted Size: 6.6G
Compressed Size: 1.6G
Compressed Files:
Single:
4bdbf10011317ad918280c97fc201833c136fc1e08b45d7de4daae339f7d8ccd  onliner_spambot.7z

Split:
96199f0fa31aec5f797f0583bdb404e2a04a4d4976f1114f66ab04705902dd2f  onliner_spambot.7z.001
c0022ae32d299e1f473ad1c0d4e652822f88d270959d3a1396f4e798f94ed5c1  onliner_spambot.7z.002
c8d2969e1fd6bd89d8c53cf5267360e2e2e6e905430331f69ef27ec038287187  onliner_spambot.7z.003
cf4ddd0c9ff73d9aa5c767a3176de1272cd5994532649cd25a7487aef02d50f6  onliner_spambot.7z.004
7769c8dae35334661718b01800fcec552366109bc6ac8436f813028e6799087e  onliner_spambot.7z.005
c6543eef5d0d7c4952982b639fdbfce4948251789a8a9c8c7461fcedad8021a1  onliner_spambot.7z.006
6ad502ed3ab476b1b43527dda97e86e9559ebddb89cb3bb033b511b3d7d3f3a2  onliner_spambot.7z.007
055c59701a608004e0da489e2197bccbd85d9c9e1f79d675b4c498a81474d802  onliner_spambot.7z.008
970e5107ebb999900cf4c52a72e51ac9d92bab8311a6d8faca558225025eefe8  onliner_spambot.7z.009
5e16c17a43372818e7914efa27cf43d160d34a4bfb607fbeebe0bc3706039810  onliner_spambot.7z.010
d35269bf163b78b9660a393cf435a7dd742f51159922872f1d35b149efad2064  onliner_spambot.7z.011
d7a5c0bac2aa18a09b67b3c2a5f0f6b533ba8b800f87d63215c56d7d7a9046d6  onliner_spambot.7z.012
3eeabb4c2fa1629b60242c7e3c71d9fc47df3dcb94978d350b54b90ba17ef634  onliner_spambot.7z.013
21e275470cadf54bd5307a80dd047cbac090a2f073d13c0b0bec91c8c9c967e9  onliner_spambot.7z.014
0bef59ae631b415ae8e7a5b9cd5a041cabcd8e277fe2d0c29217a3ffbad4d019  onliner_spambot.7z.015
ceb7d73dfeca9208714b45c8bd752df250e9c3147b51cef10fc65d761e4c71cf  onliner_spambot.7z.016
f4bb8ccc92bf6802fb1920e6733c6bf7135fc3f9d4e088f9888e3955aa0cba7a  onliner_spambot.7z.017

Thanks to you!
#35
Thanks for this file! Looks good.
#36
Thanks for sharing this man, even if it's only a partial, it's still worth a lot.

Possibly Related Threads…
Thread Author Replies Views Last Post
ownedcore 2015 partial fagsio 3 1,921 July 21, 2020 at 11:13 PM
Last Post: Omnipotent
[REPOST] leet.cc (partial) COOTERPOOT 1 197 May 31, 2020 at 11:45 PM
Last Post: FluffyBunnyFufu
[REPOST] Zynga 72,000 Email:Pass lines Private Database (PARTIAL | From DataSense.pw cloud) NationalSecurity 8 428 May 15, 2020 at 08:24 AM
Last Post: FluffyBunnyFufu

 Users browsing this thread: 2 Guest(s)