[C&C: 10178] - [ZbotScan+CCAM: 4350]
[RSS] - [Full List] - [Tracker] - [ZbotScan] - [Submit C&C] - [Tools] - [VX] - [Stats] - [Relax] - [About]


23/03/2017: 1 0 k - c o l l e c t i o n

We reached 10k C&C today.
Small update for the occasion, CSV download are now available.
Thanks for choosing (C)yber(C)rime (T)racker!.

09/02/2017: PhishTracker is live !

Phishtracker is in beta test since the beginning of the year. (2 months now)
If you want to see some live action, we released 2 videos on how things working internally.
- Inside CCAM.
- Inside PhishTracker.

People also requested us to use our logo, you can find a scalable SVG with transparent background here.
The great ANSi was originally made by Tempus Thales of iCE.

07/09/2016: CCAM / CCPM

Since beginning of the week you might have ear of these two mini-trackers on some private mailing-lists.
We are now opening to public CCAM (Atmos tracker) as our previous project (ZbotScan) is still in stand-by.
And CCPM (Pony tracker) Both trackers are in public-beta, RSS feed available as well as sample downloading (send us a mail for access request)
diSPATCHiNG
We are using as engine the tool of JPCERT and ponyExtractor.

07/04/2016: Feed update

The tracker got some minor changes.
If you are running a crawler and use our raw feed you will probably need to update your code.
The list is now with a download header and using this naming convention: CYBERCRiME-04-07-16.txt
Where 04-07-16 stand for m-d-y
A twitter account got also opened, @CyberCrimeWHQ for status update and tracker alerts.
Thanks.

18/11/2015:

ZbotScan is temporarily offline (no idea when it will be back.)
Reason is simple, script is getting old and need to be updated for newest Zeus versions.
Price of the dedic is also part of the problem and some other things.
Generic zeus exploit is also now offline as well as other exploits for preventives reasons.
The beta version proofed that this was working really great.
In fact, it was working so great that we hit a spamhaus zeus honeypot (82.165.37.26)
mins later we got trouble with thoses fuckers, and i had to take actions.
Anyway, tracker is now back to normal, enjoy your stay.

03/07/2014:

ZbotScan reached 2k+ samples !
I added another chart to compare the number of URLs reported VS the number of binaries reported for the Zeus family.
Also regarding the status of certain malware families like 'Stresser' or 'Mailer' they should be considered as illegal or questionable (ethical issue), not necessarily 'malicious'

27/04/2014:

Added 2 geomap for statistical purpose, google geomap rocks!
One is displaying C&C localisations based on IPs [Click Me]
The second geomap is more for me than my visitors, but i put it public anyway [Click Me]
This one is displaying blacklisted IP of CyberCrime-Tracker who attempted to attack the site (sql injections, etc...)

30/03/2014:

1000 Samples reached ZbotScan ! \o/
I wasn't expecting reaching this amount of samples on this short period of time
but i've really worked hard on this tracker and i've passed most of my free time trying to feed the tracker.
Don't blame me if i slowed the pace, i need to breath and stabilize my problems in real life (no job etc...)
We received a lot of mails from people wondering if they can use our feeds into their projects (thanks for asking !).
The informations/feeds provided here are under CC-0, in clear: do what's you want with it, feel free to use the datas provided here for your research or projects.
CC-Zero

One remark though: it's unnecessary to crawl our feeds each 20 secs.
Thanks.


03/03/2014:

ZbotScan service successfully launched and operational. (don't ask for samples, they are flush after being reported)
Added an API feature. (output in JSON)
Usage: http://cybercrime-tracker.net/query.php?url=[IP-OR-URL]
Generic Zeus Exploit added *beta* should work on everything except the zeus version who use rijndael and Citadel.
In addition you can have a look on ZbotScan to get easilly the RC4 Keystream and pwn everything !

11/05/2013:

Moved to OVH for stability purpose
New interface of the tracker
Added an RSS feed feature and some other small things.
1 1

05/05/2013:

Sad day, @stéroH passed away.
Since the beginning that i'm behind a computer, i've meet and learn many things from a lot of exceptional people.
And even if it's virtual, that hurt when you know guys like Rock4eveR or @stéroH who will never be online again.
My condolences to his family and friends.
I've added a small note on the footer, never forget.

03/05/2013:

Emiliano of VirusTotal asked me to participate as URL scanner with CyberCrime in VirusTotal
I've took the decision to remove all private part and sensitive stuff, CyberCrime is now only about C&C tracking and fully open to public
d

09/09/2012:

Huge period of inactivity due to the shutdown of MalwareIntelligence VPS.
The tracker got also damaged with a stupid manipulation, almost everything is lost. (no backup)

14/01/2012:

After monitoring domains and repack of winlocks, XyliThreats goes under the name 'CyberCrime'
It's a reference to an underground BBS created in 1997, CCi: CyberCrime International
The goal have also changed, focused on SpyEye C&C tracking and sample repack
The tracker is also updated automatically via some tools running on MalwareIntelligence VPS.
Weeks later CyberCrime goes into Blackhole tracking and C&C general.
The project turned more personal but the private part of the tracker goes semi-private: access delivered on request
I've also started to work in real life.. less time for the tracker
1 1 1

09/09/2011:

The project moved from malware analysis to TDS monitoring and malware repack (essentially winlocks)
A part of the tracker is closed to public, and is used mainly to monitor the BestAV Affiliate network
1 1

15/09/2010:

Project started under the name XyliThreats
The work is inspired from Secubox Labs

At first the project was not about C&C tracking but malware analysis:


CyberCrime... Not dead yet !

>2017 - inquiries: xylitol☆malwareint.com - R.I.P à notre ami Nico