Helpdesk is Closed!

This helpdesk is closed, I am no longer doing it.

Thanks!

Did you write this? Which rats are you experienced with?

Did you write this? Which rats are you experienced with?

Yes I wrote this. I've heavily used DarkComet (multiple versions), I used CyberGate for a while in the past, I've heavily used Blackshades (multiple versions), and I once used SpyNet for about a few weeks. I've used and configured other less popular RAT programs that I don't remember the names of as well. :) I've also used a countless amount of crypters, both popular and new, to old and unheard of.

I have a question that I just thought of.
If you use let's say darkcomet. You build your file and encrypt it so it becomes fud. Wouldn't it be possible for the av maker to just remove or stop files that install in the same spot as dark comet.

So basically why don't they just check how it behaves and then remove files that behave like that? Or this might already be happening?

I have a question that I just thought of.
If you use let's say darkcomet. You build your file and encrypt it so it becomes fud. Wouldn't it be possible for the av maker to just remove or stop files that install in the same spot as dark comet.

So basically why don't they just check how it behaves and then remove files that behave like that? Or this might already be happening?

Well other programs use folders like AppData and Temp for storing data, Google Chrome and Firefox being two big examples, so they cannot just stop files from going there. Encrypting mixes up the code, so the anti-viruses cannot pick up on any malicious behavior. Coding language works like real language, if you were to take an essay, and take all the letters throughout the essay and mix them around thoroughly, you'd have no fucking idea what the essay was about, or what the content of it was.

I would recommend saying away from Blackshades as there is a lot of evidence suggesting their products are backdoored.

I would recommend saying away from Blackshades as there is a lot of evidence suggesting their products are backdoored.

I've used it tons in the past, nothing really happens. However, if you have thousands of bots, there's rumors that they'll all disappear due to the owners of Blackshades taking them for themselves. But if you use a cracked/older version that doesn't actually connect to Blackshades websites, then this might not be a problem.

I would recommend saying away from Blackshades as there is a lot of evidence suggesting their products are backdoored.

I've used it tons in the past, nothing really happens. However, if you have thousands of bots, there's rumors that they'll all disappear due to the owners of Blackshades taking them for themselves. But if you use a cracked/older version that doesn't actually connect to Blackshades websites, then this might not be a problem.

He has been caught having it in his products twice now and he is closed on hf due to it. I would highly recommend getting your pc cleaned up.

I have a question.
Can you tell me why No-IP is good to use ? As I've been reading around about it being unstabilized. Is it even good to portforward on your own computer, wouldn't it be best to control it over an offshore server?

I have a question.
Can you tell me why No-IP is good to use ? As I've been reading around about it being unstabilized. Is it even good to portforward on your own computer, wouldn't it be best to control it over an offshore server?

The reason why people use No-IP is because it updates to your IP address accordingly. This is useful because when you build your RAT/bot and use your actual current IP/port, if your IP changes, all the connections you had to that IP will be dropped and you'll never see them again. When using No-IP, if your IP changes, you can simply update your No-IP, and all your bots will be redirected to your new IP address. You might want to use No-IP if: You plan on keeping all of your bots for a long period of time, if you have a router that crashes and changes IP a lot, or if you have a dynamic IP that changes on a daily basis. However, port forwarding and self hosting isn't very stable at all. You can do it for maybe a few thousand bots at max if you have an above average internet connection.

Overall, using an offshore server/VPS that allows port forwarding and botnet hosting would be the better choice, simply because it would be more stable and won't have a changing IP address. Especially if you plan on having a large amounts of connections.
EDIT: PLUS, it will hide your real IP address, thus avoiding DDoS attacks from pissed off connections and potentials feds showing up at your doorstep :3.