Jump to content

Recommended Posts

Posted

That account is permanently banned because it was engaged in illegal activity (malware distribution and storage of stolen data).

Posted
root@tommy [/home/noratek.helioho.st/httpdocs]# ls -l
total 104
drwxr-xr-x.   2 noratek psacln      6 Oct 19 18:51 DVR
-rw-r--r--.   1 noratek psacln     32 Dec 12 13:37 DarkVision.txt   <- Malware config file
-rw-r--r--.   1 noratek psacln     32 Dec 12 13:32 Dcrat.txt        <- Malware config file
-rw-r--r--.   1 noratek psacln     33 Dec 12 13:16 Sori.txt         <- Malware config file
drwxr-xr-x.   2 noratek psacln    148 Dec 22 21:37 Stub             <- Malware binaries posing as a password recovery tool
-rw-r--r--.   1 noratek psacln     33 Dec 12 13:27 Xworm.txt        <- Malware config file
drwxr-x---.   2 noratek psaserv     6 Oct 19 17:10 cgi-bin
drwxr-xr-x.   2 noratek psacln     42 Nov 29 18:27 payload          <- Malware binaries
-rw-r--r--.   1 noratek psacln  69632 Dec 18 08:03 test.exe         <- Malware binaries
-rw-r--r--.   1 noratek psacln    843 Oct 19 18:49 upload.php       <- Receiving script to collect uploaded key logs and data
drwxr-xr-x. 164 noratek psacln  12288 Dec 21 23:26 uploads          <- Stolen data sorted by device hardware ID
drwxr-xr-x.   2 noratek psacln     27 Oct 19 18:41 wordpress        <- WP install presumably used to hide malware activity
root@tommy [/home/noratek.helioho.st/httpdocs]#

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...