ShinoBOTCan you detect an APT like me ?
HELP
MANUAL
PREPARING...Please be patient.
QUESTION
Q.How do you make ShinoBOT undetectable from the antivirus products?
A.I am using some obfuscation of string, using the ShinoEncode. But after publishing a new ShinoBOT, the antivirus researchers create a new signature. So I do it again and again. It is like a cat-and-mouse problem.
Q.shinobot.com is blacklisted. How can I evade the detection?
A.I am preparing a proxy called ShinoProxy to evade the URL/IP Address black list based detection. Please wait for a while.
Q.I post ShinoBOT to a Malware Analysis site. So I don't know neither ID or IP address.
A.ShinoBOT writes this registry:
HKEY_CURRENT_USER\Software\SHINOBOT
Name:HID
Name:PID
The value of HID is the host ID and PID is the password.
You may find those registries changed activity from the "Behavioral Analysis" report generated by the Malware Analysis site.
Q.Do you provide the C2 server module ?
A.No. If you want to contribute to ShinoBOT, please contact me.
Q.Do you provide the source code ?
A.No. If you want to contribute to ShinoBOT, please contact me.
CONTACT
@Sh1n0g1