Professional Documents
Culture Documents
Botnet Setup
Botnet Setup
Botnet Setup
1
Installation
1. To install the panel, you need to buy a VPS / VDS with the following characteristics::
● RAM 4 GB
● CPU 2 Cores
● SSD disk
● Windows Server OS
2. After you have purchased the server and activated it, press Win+R, then type "mstsc" and press
ENTER.
3. In the "Connect to remote desktop" window, find the "Computer" field and enter the IP address of the
server you purchased, then click "Connect".
4. Enter the username and Password that you received when purchasing the server.
5. After you are logged in to the server, move the Tools folder from your work PC to the server. Copy
the folder and paste it on the server.
6. Run the file on the server “NetFramework48.exe " as an administrator and install it on the server.
7. Run the file on the server “Chrome.exe " and install it on the server.
8. Open the serviceSettings file.JSON and change the localhost value to your Dedic's IP address.
9. Copy the Panel folder to the server, run the file " RedLine.MainPanel.exe” on behalf of the
administrator, in the open window, enter the account details that you registered when purchasing our
program. if you don't have them, then contact the seller to get them, and then click “Sign in” to enter
the panel.
10. If you want to change the port for the panel's operation, open the serviceSettings file.JSON and
change the port value to the desired one and restart the panel.
2
Creating a build
Go to the “Builder " tab.
Icon File - an icon for your build
Server IP - the IP address of your server. If you have multiple domains, then enter them via |
BuildID - a unique identifier for your build. you will use BuildID to understand which file the log came
from.
After entering the Server IP, click on the "Check connection" button to check the connection at the
current address.
After filling in all the fields, click the "Build" button at the bottom of the page and save the file.
Attention! The clipper build doesn't have a built-in autoload. You need to ask the Cryptor to add it
when crypting.
3
Build settings
● Box “to Get Browsers” is responsible for the function of collecting information from browsers
are enabled by default.
● The “JSON Cookies " field is responsible for the mode of saving cookies in JSON format. if the
check box is turned off, then cookies will be saved in Netscape format.
● The “Get ftp clients " field is responsible for collecting information from FTP clients (FileZilla,
etc.). it is enabled by default.
● The “Get IM clients " field is responsible for collecting information from IM clients (Pidgin, etc.).
it is enabled by default.
● The “Get wallets " field is responsible for collecting cold wallets. it is enabled by default.
● The "Grab UserAgent" field is responsible for collecting the browser fingerprint. it allows you
to disguise your browser as the victim's browser. it is enabled by default.
● The “Anti Duplicate " field is responsible for the function of anti-duplicate logs. if the field is
enabled, repeated logs from one victim will not be displayed. by default, it is enabled.
● The “Get files " field is responsible for collecting files from the victim's PC. it is enabled by
default. To configure the list of files that Stiller should collect, fill in the “Get files settings " field.
● The “Get files settings " field. Just below the label is a list of your settings for collecting files.
You can add new settings via the "Enter a search pattern" field.
● The "Enter a search pattern" field is required to add a new setting for collecting the file. The
value in this field must be written in the following format: "Path|Extension|1 or 0”, system variables of
the OS can be used in the path. In the extension, you can write the full name of the file to be found (for
example, wallet. dat), or part of it (*.dat, *wallet*.*,*.*). the value is 1 if you need to search in subfolders
of the specified folder, and 0 if you don't need to search in subfolders. After filling in the field, click on
the " Add " button to add it to the file collection settings. Also, in order not to fill in one value at a time,
you can import these values from the file. Each value must start from a new line. To import values from
a file, click on the "From File" button and select the desired file. You can delete values from settings by
selecting it in the list with the left mouse button, then right-clicking and selecting "Delete".‘
● The “Black list countries " field. Just below the label is a list of your settings for countries where
the build will not work. You can add new settings via the "Enter a country" field.
● The “Black list IPs " field. Just below the label is a list of your settings for IP addresses where
the build will not work. You can add new settings via the "Enter an IP" field.
● The “Enter a country " field is necessary to add a new setting for countries where the build will
not work. The value in this field must be written in the following format: UA, RU, US, and so on. A full
list of countries can be found on the website
https://www.acex.net/ru/useful_information/ISO_country_codes.php. values from column A2. After
filling in the field, click on the " Add " button to add countries to the blacklist settings. You can delete
values from settings by selecting it in the list with the left mouse button, then right-clicking and selecting
"Delete".
● The “Domain Detector settings " field. Just below the label is a list of your settings for collecting
files. You can add new settings via the "Enter a domain pattern" field.
● The “Enter a domain pattern " field is necessary to add a new configuration for domain groups
that will be searched for when logs are received. if a domain from the group is found in the log, it will
show you this in the PDD column (if in passwords), or in the CDD column (if in cookies). The value in
4
this field must be written in the following format:: GROUP NAME=domain
Example 1: CRYPTO=blockchain|hitbtc
Example 2: PP=paypal
After filling in the field, click on the " Add " button to add a new value to the settings. You can delete
values from settings by selecting it in the list with the left mouse button, then right-clicking and selecting
"Delete".
IMPORTANT! For the changes to take effect, click on the “Save Settings " button.”
5
Notifications
The “Notifications " tab is used to display important panel events. It will show you when the task
was completed or when a duplicate log was received
6
Statistics
Go to the “Statistical " tab to see statistics on logs that are located in the panel.
● The “Passwords " field shows the total number of passwords in all logs.
● The "Cookies" field shows the total number of cookies in all logs.
● The "Autofills" field shows the total number of AutoFill forms in all logs.
● The “Credit Cards " field shows the total number of credit cards in all logs.
● The “Files " field shows the total number of files from the grabber in all logs.
● The " FTP " field shows the total number of FTP accounts in all logs.
● The “Cold Wallets " field shows the total number of cold wallets in all logs.
● The “Top 10 of counties " field shows the top 10 countries by the number of logs from these
countries.
● The “Top 10 of OS " field shows the TOP10 operating systems by the number of logs with
these operating systems.
● The “Reset all stats " button is responsible for resetting all statistics, without deleting logs.
Guest statistics for installation fillers can be configured in the “Guest Links " tab.”
A list of active guest links is located at the top of the tab.
To create public statistics for the desired build, fill in the fields :
"BuildID" is the ID of the build whose statistics you want to show. you specified it in the Builder
when creating it.
“Expires DateTime " is needed to limit the time of access to this link. If you want to do this
without restrictions, leave the field empty. if you want the link to work until a certain time, then
the format of the value is 01.01.2020 23: 59
And then click "Create Link".
To get a link, double-click on the desired line in the list of links, and the browser opens with the
link.
7
Checking the balance of a cold BTC wallet
Go to the “Wallet Checker "tab and click on the "Open" button, and then select the cold wallet file.
after successful verification, it will show you the amount of BTC that is available on the balance of this
wallet.
8
Sorting logs
Go to the “Log Sorter " tab, here you will see two types of sorter: the left one, which is necessary
for searching by parameters, or the right one, which sorts logs by the necessary domains.
In the Comment, Skip Comment, BuildID, and Country fields, you can specify multiple values for
sorting, separated by commas.
In the Passwords Contains Domain, Cookies Contains Domain fields, you can specify several
values for the search. you need to enter them via |
To perform sorting, check all the fields for correctness, and then click on the "Sort" button and in
the window select the folder where the files that fit your parameters will be located.
9
10
Description of the upper-right sorter:
In the text box under “Current domain”, enter the domains that you want to search for.
Each domain must be entered from a new line.
A separate folder with logs will be created for each domain.
After filling in the field, click on Sort and select the folder where the logs will be saved.
11
Telegram notifications
1) Go to firewall and add the main EXE of the panel to the white list
2) Then create a bot in telegram (Google to help)
3) Copy the API Token
4) Go to the panel, then the Telegram tab, in the “Bot API Token” field, write this token
5) in the “Message Format” field, write the format of the notification that you want to receive, using
the following variables:
● {BuildID}
● {ID}
● {CDD}
● {PDD}
● {Comment}
● {Country}
● {Creds}
● {HWID}
● {IP}
● {Location}
● {LogDate}
● {OS}
● {PostalCode}
● {TimeZone}
● {Username}
6) Using these variables in the text, you can create the desired format. Example of the format :
Phone number: {ID}
Build: {BuildID}
OS: {OS}
IP: {IP}
Data: {Cred}
Country: {Country}
7) "Send Log File" - is responsible for whether the log file itself will be sent or only the log
message. Enable it only if the log flow is slow. On installations, uncheck this box.
8) Click the "Start" button”
9) log in to your bot, click /start
10) and then /sub
11) If the response says "Successful", then everything is configured successfully
12
Tasks
Go to the “Loader Tasks " tab. In the upper part of the window, you will see a list of existing tasks
for Stiller.
One task is performed only once per victim. After successful execution, the Stiller remembers that
it has completed it and is no longer executing it. The parameter for storing the task is the " ID " field in
the task list.
The “Reset " button is responsible for completely resetting the history of completed tasks, as well
as existing ones. Clears the task list.
The “Refresh list " button updates the data in the task list. Namely, the “Current” and “Status "
fields.
In the lower part of the window, the panel is divided into two parts: the left one is for creating a
task, and the right one is for editing existing ones.
Description of the left part:
The Target field is filled in in a different format depending on the Action field.
Format of the Target field for RunPE: link|file name from a folder
C:\Windows\Microsoft.NET\Framework\v4.0.30319
Example: https://site.ru/filename.exe|AddInProcess32.exe
13
In the "Filter" field, you can write a filter based on the following parameters::
Country, IP, OS, BuildID
The fill-in format is as follows:
Country=RU;BuildID=testid
You don't have to use all filters. You can combine them with each other, or leave them blank
altogether if you want all victims to perform this task.
In the “Domains Check” field, you can enter domains separated by the / separator. if the field is
filled in, the presence of these domains in passwords will be checked, and if they are found, the task
will be completed.
Examples:
paypal.com
paypal.com|amazom.com
To change a task, select the appropriate one in the task list and change the required fields in the
lower-right part, and then click " Save”
To delete an issue, select the appropriate one in the task list and change the "Visible" field in the
lower-right part, and then click " Save”
14
Viewing logs
Go to the “Logs " tab.
A large part of the window is a list of the current logs.
Each line is a unique log with the following fields:
Field " ID” - unique log number in the list
The "HWID" field is a unique identifier based on the victim's OS characteristics
Field " IP” - IP address
Field " OS " - operating system
The "BuildID" field is the build ID that was specified when creating the build
Field "LogDate" - date and time when the log was added to the list
Field " OS " - operating system
Field " Country” - country
The field “Comment” - comment
"PDD" field - this field records the detector domain groups for passwords that you added in the
settings.
"CDD" field-this field records the cookie detector domain groups that you added in the settings.
To search among the list of logs, fill in the “Search filter "field, and then click the "Search" button.
The format of the values:
Country=RU,UA,US;BuildID=test1
In other words, it is similar to the filter used when creating tasks.
To assign a comment to the appropriate log, select the appropriate one from the list, then fill in
the "Enter a comment" field and click "Set".
To save all logs to a folder, click the "Save list" button, and then select the folder where the logs
will be located
To clear the list of all logs, click on the "Clear all logs" button, and then confirm your action.
To view logs directly in the dashboard. select the desired log from the list by left-clicking, and then
right-click on it again. A menu will appear where you can view all the data in this log.
The menu item "System Info" will show you the system log information and a screenshot from the
screen.
The “Save " menu item is needed in order to save this log to the folder that you select.
The "Runtime Exceptions" menu item is used for error diagnostics, only for developers.
The “Delete " menu item deletes the selected log from the list of logs.
The menu item “Viewers " is required to view the collected information:
Passwords - usernames and passwords
Cookies - cookies
Autofills-AutoFill forms
Credit cards - credit cards
FTP-FTP accounts
Files - files
15
16
File hosting
To get a direct link to a file, go to the “Guest Links "tab, click on the" Create Link‘ button at the
bottom, and then select the file that you want to get a direct link to.
If you want your file to have a new md5 checksum every time, check the box “Change checksum".
To delete a link, select the appropriate one from the list, and then right - click and select " Delete”
17
Other things
Go to the “Misc " tab.
The upper part of the window is responsible for creating a clone of another file
Target Path-file to make a copy of
Build Path - your build
“Assembly Info " field-copying the icon and file description
The field “Certificate” - a copy of the certificate
The lower part of the window is responsible for increasing the file weight
Target Path-file to increase the weight of
Bytes count - the number of bytes to add to the weight of your file
18