Tool for dropping malware from EK
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Campaigns
EKs
LICENSE
RC4.php
README.md
Request.php
Share.php
composer.json
main.php

README.md

mal_getter

It is a tool for dropping malware from EK

Currently this tool can analyze

  • Bloodlust
  • Decimal IP
  • Despicable
  • EITest
  • Fobos
  • GoodMan
  • Ngay
  • Rulan
  • Seamless
  • GrandSoft Exploit Kit
  • KaiXin Exploit Kit
  • Rig Exploit Kit
  • Sundown Exploit Kit
  • Terror Exploit Kit

It depends on Campaign and EK implementation,
so the possibility that this will not work is very high.

Require

  • PHP 7
    • cURL
  • Composer

Install

$ git clone https://github.com/koike/mal_getter.git
$ cd mal_getter
$ composer install

Usage

$ php main.php [Campaign] [EK] [Compromised URL]

Example

$ ls
Campaigns  LICENSE  README.md    Share.php      composer.lock  vendor
EKs        RC4.php  Request.php  composer.json  main.php

$ php main.php seamless rig http://[Deleted]/signup1.php
[+] http://[Deleted]/signup1.php
[+] http://188.225.33.138/?OTUxMzI0MDc=&elsa=SwdhzoxeB1hGoqv4j0DXyBfKgJWCrxeOaAtGrpDGEbMziV_3zLBHeckizheBu2BYmOgtYlsgpQhR2a_I&info=MzM3MTAwOTA=&rand=xHzQMrPYbR3FFYDfKPnEUKREMU3WA0SKwY-ZhazVF5-xFDTGpbL1Fx_spVydCFyEmvJvdLMHIwKh1UfA&shld=MzA0MTk4ODI=
[+] http://188.225.33.138/?Njc3NjM3MTM=&info=MTMzOTY5NjU=&rand=xXzQMvWebRXQC53EKvncT6NEMVHRH0CL2YydmrHTefjaeVWkzrLFTF_xozKASASG6_JtdfJSDQOzj&elsa=0bVLgc0yo9cUFtF9amu3EPWwBWe0cSH_B3cYwhGrJuXEbg42Q_9m7MkecImzh-L6GhZxegtDxoR4g&fore=MjY3ODQwMg==
[+] Waiting.....
[!] 4cc6922ec861c67b29d1c60b58aa12f74540dc838e3da8cade8d3c15b308da6e.bin

LICENSE

mal_getter is open-sourced software licensed under the MIT License