bunitu_tests - Scripts for communication with Bunitu Trojan C&Cs.

bunitu_tests – Scripts for communication with Bunitu Trojan C&Cs.

DISCLAIMER! Use at your own risk! This Post/Content Just For Education Purpose ONLY!!

bunitu_tests is a Scripts for communication with Bunitu Trojan C&Cs.
Latest Change 09/29/2015:
– cnc1_test.py [BUGFIX] Display C&C value only if it was used.
– cnc2_test.py: [BUGFIX] Display C&C value only if it was used.
– util.py[FEATURE] Allow defining XOR value as hex.

Files:
– cnc1_test.py – registers your host as a proxy bot in the Bunitu botnet (communicate with C&C#1)

cnc1_test.py - registers your host as a proxy bot in the Bunitu botnet (communicate with C&C#1)

cnc1_test.py – registers your host as a proxy bot in the Bunitu botnet (communicate with C&C#1)

++ How To:
++- registers the local computer as Standard Proxy, that can be visible on the available proxy list, i.e. in VIP72 panel
++- works in an infinite loop, resending beacon after every 10 minutes to keep connection alive.
– cnc2_test.py – checks if the given host is a Bunitu Tunneling C&C (communicate with C&C#2)

cnc2_test.py - checks if the given host is a Bunitu Tunneling C&C (communicate with C&C#2)

cnc2_test.py – checks if the given host is a Bunitu Tunneling C&C (communicate with C&C#2)

— The script sends the registration request once, and waits for the response of the remote server. If the remote server is a Bunitu Tunnel (C&C#2) it responds by the internal protocol (asks the bot to check connection with Google).
++ How To:
++- registers the local computer as Tunneled Proxy.
++- receives initial testing request and displays it.
– bunitucommon.py – set of common functions for scripts to communicate with bunitu C&Cs
– util.py – set of general utility functions for scripts to communicate with bunitu C&Cs

DISCLAIMER! Use at your own risk! This Post/Content Just For Education Purpose ONLY!!

Download : bunitu_test(6.8 zip)
Source : bunitu_test
Authors: hasherezade (Malwarebytes) & Sergei Frankoff (Sentrant)