Modern Self-Modifying Cross-Platform Peer-to-Peer Botnet over TOR
Modern Cross-Platform HTTP-Based P2P Botnet over TOR that cannot be traced nor taken down.
Design is based off "zero-trust" even malicious peers cannot do any damage while protecting operator identity. for more information check wiki
Pitraix is able to handle millions of hosts
You can run Pitraix on a toaster and it will still work just as good with said millions of hosts.
Pitraix has ability to self-modify own code which results in a completely different executable in terms of hash on every new infection, This means security researchers tracking infections via virustotal and similar are no longer a threat. This also means Anti-Malware cannot detect it. All is done automagically and does not need operator intervention.
Pitraix has EternalBlue, Follina and UACME 0-days built-in to automagically spread, also has the ability to self-spread to the Host's email and social media contacts.
Pitraix works on Windows 7 all way to Windows 11 as well as linux
it has ability to automagically privilege escalate in both platforms
on Linux it does by keylogging password when the host uses "sudo" or "doas"
on Windows it uses a modified version of UACME (work in progress)
Mac and *BSD support is work in progress
All pitraix communications happen over the TOR network and never on clearnet
Pitraix is coded in Golang which is memory safe, statically linked, and real fast. it's used by important companies such as: Google, Banks, Cloudflare, etc. It uses the same libraries used by those companies, thus guaranteed safe code.
Hosts (bots) don't know each other. Not even their TOR onion address
Agents are Hosts that have been given TOR onion addresses of other Hosts, Agents relay instructions from Operative to Hosts. for more techincal information check the wiki
Operatives appear to others as infected computers, This is to protect against targeted network timing and packets attacks over TOR
State-of-art encryption using AES-256 and Public-Key cryptography
Peer-to-Peer over TOR
Dynamic behaviour
Built-in crypter
Built-in 0-Days
Built-in RDP over TOR (even works on linux too!)
Built-in keylogger that only picks interesting things
Built-in ransomware that is incredibly fast and never stores keys on HOST (I am not responsible how you use this)
Auto disable backup like Volume Shadow Copy, OneDrive and Windows Backup
Auto spreading to USBs, modified version of EternalBlue, and bunch other 1-days (work in progress)
Auto privilege escalate on Windows and Linux!
Can hide from ALL system monitoring tools on Linux! (uses LD_PRELOAD)
Ability to hijack crypto addresses in clipboard
Readiable code easy to modify, not alot of scattered files
Colorful terminal-based interface for operatives
ZERO read/write to registry, thus lower detection
Time-based Anti-Debugging detection
Advanced VM detection
Extremely low system and internet requirements
Ability to capture Events. Events are anything interesting that happens on a host computer, currently it's tied only to keylogger
Ability to capture Logs. Logs are mainly used for debugging behaviour and errors
Picture of working OPER
For my GPG key please check gpg.asc
Anyone who claims to be me and have not signed a message with my key is NOT me
if you'd like to support me to keep updating, best way is via crypto.
Monero: 85HjZpxZngajAEy2123NuXgu1PnNyq2DLSkkr93cyT8QQVae1GruhL4hHAtnaFqeCF7Vo9eW2P11Sig8DDqzVzCSE95NaW6
Bitcoin (segwit): bc1q2dqk9u06vv2j5p6yptj9ex7epfv77sxjygnrnw
I am not responsible for any damage you do using this!