English - עִברִית

Pitraix

• Modern Cross-Platform HTTP-Based P2P Botnet over TOR that cannot be traced nor taken down.

• Design is based off "zero-trust" even malicious peers cannot do any damage while protecting operator identity. for more information check wiki

• Pitraix is able to handle millions of hosts

• You can run Pitraix on a toaster and it will still work just as good with said millions of hosts.

Built-in Crypter and self-spreading

• Pitraix has ability to self-modify own code which results in a completely different executable in terms of hash on every new infection, This means security researchers tracking infections via virustotal and similar are no longer a threat. This also means Anti-Malware cannot detect it. All is done automagically and does not need operator intervention.

• Pitraix has EternalBlue, Follina and UACME 0-days built-in to automagically spread, also has the ability to self-spread to the Host's email and social media contacts.

Cross-platform with some sneaky 1-days

• Pitraix works on Windows 7 all way to Windows 11 as well as linux

• it has ability to automagically privilege escalate in both platforms

• on Linux it does by keylogging password when the host uses "sudo" or "doas"

• on Windows it uses a modified version of UACME (work in progress)

• Mac and *BSD support is work in progress

Dynamic Behaviour

• Pitraix automagically chooses different persistence locations on every host as well as names of config file, pitraix name it's self and more are all dynamically generated to confuse anti-viruses

Anonymous and secure

• All pitraix communications happen over the TOR network and never on clearnet

• Pitraix is coded in Golang which is memory safe, statically linked, and real fast. it's used by important companies such as: Google, Banks, Cloudflare, etc. It uses the same libraries used by those companies, thus guaranteed safe code.

• Hosts (bots) don't know each other. Not even their TOR onion address

• Agents are Hosts that have been given TOR onion addresses of other Hosts, Agents relay instructions from Operative to Hosts. for more techincal information check the wiki

• Operatives appear to others as infected computers, This is to protect against targeted network timing and packets attacks over TOR

Features

• State-of-art encryption using AES-256 and Public-Key cryptography

• Peer-to-Peer over TOR

• Dynamic behaviour

• Built-in crypter

• Built-in 0-Days

• Built-in RDP over TOR (even works on linux too!)

• Built-in keylogger that only picks interesting things

• Built-in ransomware that is incredibly fast and never stores keys on HOST (I am not responsible how you use this)

• Auto disable backup like Volume Shadow Copy, OneDrive and Windows Backup

• Auto spreading to USBs, modified version of EternalBlue, and bunch other 1-days (work in progress)

• Auto privilege escalate on Windows and Linux!

• Can hide from ALL system monitoring tools on Linux! (uses LD_PRELOAD)

• Ability to hijack crypto addresses in clipboard

• Readiable code easy to modify, not alot of scattered files

• Colorful terminal-based interface for operatives

• ZERO read/write to registry, thus lower detection

• Time-based Anti-Debugging detection

• Advanced VM detection

• Extremely low system and internet requirements

• Ability to capture Events. Events are anything interesting that happens on a host computer, currently it's tied only to keylogger

• Ability to capture Logs. Logs are mainly used for debugging behaviour and errors

Picture of working OPER

Trust

• For my GPG key please check gpg.asc

• Anyone who claims to be me and have not signed a message with my key is NOT me

Support

• if you'd like to support me to keep updating, best way is via crypto.

• Monero: 85HjZpxZngajAEy2123NuXgu1PnNyq2DLSkkr93cyT8QQVae1GruhL4hHAtnaFqeCF7Vo9eW2P11Sig8DDqzVzCSE95NaW6

• Bitcoin (segwit): bc1q2dqk9u06vv2j5p6yptj9ex7epfv77sxjygnrnw

Setting it up

• Downloaded from Releases and not master
• Read the wiki for information on how to set up and use properly

Help

• Type "help" in OPER for list of commands

Future & Techincal Terms definition

• Please read Techincal Info for list of terms and their respective meaning alongside tons of useful information for anybody even thinking of editing source code
• Speed may vary due TOR network, TOR is expected to be upgraded soon and thus speed should be greatly improved then
• TOR binary from the Tor Project (which Pitraix uses) is signed and thus does not affect detection rate negatively.

I am not responsible for any damage you do using this!