We reached 10k C&C today.
Small update for the occasion, CSV download are now available.
Thanks for choosing (C)yber(C)rime (T)racker!.
Phishtracker is in beta test since the beginning of the year. (2 months now)
If you want to see some live action, we released 2 videos on how things working internally.
- Inside CCAM.
- Inside PhishTracker.
People also requested us to use our logo, you can find a scalable SVG with transparent background here.
The great ANSi was originally made by Tempus Thales of iCE.
Since beginning of the week you might have ear of these two mini-trackers on some private mailing-lists.
We are now opening to public CCAM (Atmos tracker) as our previous project (ZbotScan) is still in stand-by.
And CCPM (Pony tracker) Both trackers are in public-beta, RSS feed available as well as sample downloading (send us a mail for access request)
We are using as engine the tool of JPCERT and ponyExtractor.
The tracker got some minor changes.
If you are running a crawler and use our raw feed you will probably need to update your code.
The list is now with a download header and using this naming convention: CYBERCRiME-04-07-16.txt
Where 04-07-16 stand for m-d-y
A twitter account got also opened, @CyberCrimeWHQ for status update and tracker alerts.
ZbotScan is temporarily offline (no idea when it will be back.)
Reason is simple, script is getting old and need to be updated for newest Zeus versions.
Price of the dedic is also part of the problem and some other things.
Generic zeus exploit is also now offline as well as other exploits for preventives reasons.
The beta version proofed that this was working really great.
In fact, it was working so great that we hit a spamhaus zeus honeypot (126.96.36.199)
mins later we got trouble with thoses fuckers, and i had to take actions.
Anyway, tracker is now back to normal, enjoy your stay.
ZbotScan reached 2k+ samples !
I added another chart to compare the number of URLs reported VS the number of binaries reported for the Zeus family.
Also regarding the status of certain malware families like 'Stresser' or 'Mailer' they should be considered as illegal or questionable (ethical issue), not necessarily 'malicious'
Added 2 geomap for statistical purpose, google geomap rocks!
One is displaying C&C localisations based on IPs [Click Me]
The second geomap is more for me than my visitors, but i put it public anyway [Click Me]
This one is displaying blacklisted IP of CyberCrime-Tracker who attempted to attack the site (sql injections, etc...)
1000 Samples reached ZbotScan ! \o/
I wasn't expecting reaching this amount of samples on this short period of time
but i've really worked hard on this tracker and i've passed most of my free time trying to feed the tracker.
Don't blame me if i slowed the pace, i need to breath and stabilize my problems in real life (no job etc...)
We received a lot of mails from people wondering if they can use our feeds into their projects (thanks for asking !).
The informations/feeds provided here are under CC-0, in clear: do what's you want with it, feel free to use the datas provided here for your research or projects.
One remark though: it's unnecessary to crawl our feeds each 20 secs.
ZbotScan service successfully launched and operational. (don't ask for samples, they are flush after being reported)
Added an API feature. (output in JSON)
Generic Zeus Exploit added *beta* should work on everything except the zeus version who use rijndael and Citadel.
In addition you can have a look on ZbotScan to get easilly the RC4 Keystream and pwn everything !