{ "id": "02129bef-f576-4fb9-a05e-c2c21e72339d", "created_at": "2026-04-06T00:11:07.252929Z", "updated_at": "2026-04-10T13:12:19.782526Z", "deleted_at": null, "sha1_hash": "12aa98d0be27a1fc7700fe61a28519defc73772c", "title": "GitHub - SaturnsVoid/GoBot2: Second Version of The GoBot Botnet, But more advanced.", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 94101, "plain_text": "GitHub - SaturnsVoid/GoBot2: Second Version of The GoBot Botnet, But\r\nmore advanced.\r\nBy SaturnsVoid\r\nArchived: 2026-04-05 21:55:14 UTC\r\nNew project: https://github.com/SaturnsVoid/Project-Whis\r\nAfter seeing another users Go based botnet i wanted to do more work on my GoBot, But i ended up building something a bit\r\nmore. There is issues with this but it more of a advanced PoC.... I am not a good coder but i was able to make this buy doing\r\nsome basic reading online. There was more i wanted to do with this project but i stopped, I am getting out of making\r\nMalware and virus's... I am going to move on to more legitimet things. Though i will be posting some of my old projects on\r\nmy Github, and most of witch are malevolent i am putting them here to make it simpler for the 'good guys' to fight them and\r\nthere kin.\r\nC\u0026C Features:\r\nWritten in Go\r\nCross-Platform\r\nSQL Database for Information\r\nSecure Login System\r\nHard-Coded Login System\r\nSimple to use HTML \u0026 CSS C\u0026C\r\nConsole Based C\u0026C\r\nTight Security (No PHP!)\r\nEncoded and Obfuscated Data\r\nHTTPS or HTTP\r\nSingle, Selected, All Command Issuing\r\nUser-Agent Detection\r\nMore\r\nBot Features\r\nSafe Error Handling\r\nHave Unlimited Panels\r\nEncoding and Obfuscation\r\nUse HTTPS or HTTP\r\nOld (\u003e24Hr) Command Handling (Dont run commands that are old!)\r\nRun PowerShell Scripts (Via URL, Parameters Accepted)\r\nAdvanced Torrent Seeder (uTorrent, BitTorrent Auto Download the client and runs hidden if needed)\r\nDrive Spreader (with Name list)\r\nDropbox Spreader (with Name list)\r\nGoogle Drive Spreader (with Name list)\r\nOneDrive Spreader (with Name list)\r\nAdvanced Keylogger (Handles all keys, Window Titles, Clipboard, AutoStart, +more)\r\nSystem Information (IP, WiFi, User, AV, IPConfig, CPU, GPU, SysInfo, Installed Software, .NET Framework,\r\nRefresher)\r\nScreen Capture (Compression, Timed Capture, +more)\r\nDownload and Run (MD5 Hash Check, URL or Base64, Parameters, UAC Bypass, Zone Remover)\r\nhttps://github.com/SaturnsVoid/GoBot2\r\nPage 1 of 5\n\nDDoS Methods (Threaded /w Interval, HTTPGet, TCPFlood, UDPFlood, Slowloris, HULK, TLSFlood, Bandwidth\r\nDrain, GoldenEye, Ace)\r\nBot Update (MD5 Hash Check, Admin, Zone Remover)\r\nUPnP (Open TCP/UDP Ports)\r\nWeb-Server (Auto-UPnP port 80, Add/Edit Unlimited Pages)\r\nAdd Programs to Windows Firewall\r\nHOST File Editor (Backup and Restore, Replace on Run, DNS Flusher)\r\nRemote CMD\r\nDetect Admin Rights\r\nBot ID Generation (Never the same)\r\nAdvanced Anti-Virus Bypass (Random Memory Allocation, Func HOP, Delays, Runtime Load DLLS /w Obf,\r\nRandom Connection Times, + more)\r\nAdvanced Anti-Debug (isDebuggerPresent, Proc Detection, IP Organization Detection, File Name Detection,\r\nReaction System)\r\nSingle Instance System\r\nReverse HTTP Proxy (Conf. Port, backend Servers)\r\nActive Defense (Active Registry Defense, Active File Defense, Active WatchDog + more) Doesn't want to be killed.\r\nUAC Bypass (Work all versions and current version of Windows 10 Pro 64Bit)\r\nAdvanced Install System (Dynamic Registry Keys, Dynamic File Names, Retain Admin Rights, Campaign Targeting\r\n(Only install in allowed Country's), Zone Remover, Adds self to Firewall)\r\nUninstall System (Removes all Traces)\r\nScripter (Batch, HTML, VBS, PS)\r\nRun Shellcode (ThreadExecute)\r\nPower Options (Shutdown, Restart, Logoff)\r\nStartup Error Message\r\nMessageBox (Returns Reply)\r\nOpen Website (Visible/Hidden)\r\nChange Homepage\r\nChange Background (URL or Base64)\r\nRun .exe (UAC Bypass optimal)\r\nKill Self\r\nCheck if Proc is Running\r\nHide Process /w Active Mode\r\nDisable/Enable (TaskManger, RedEdit, Command Prompt)\r\nFile Dropper (Place evedence on pc with no traces where it came from /w dir selection)\r\nSome Info about the C\u0026C\r\nThe C\u0026C is a program, You can compile it for Windows, Linux, Mac systems. Its a self-running web-server that handles all\r\nconnections on the selected port in the settings. it will serve the HTLM C\u0026C to a connector if you allow it and it saves data\r\nabout account, bots and commands as a SQL database and bots files (screenshots, keylogs, ect) as file under the bots own\r\n\"Profile\"\r\nYou can control the botnet from the program(more secure) or control it from the HTML C\u0026C. The C\u0026C's program is\r\nextremely stable, Go based servers are know for handling millions or requests at once without fail, just make sure you have\r\na good connection.\r\nThe C\u0026C has a build in hard-coded login (kinda like a Backdoor) you can use if you 'forgot' the account login. the C\u0026C can\r\nhave any number of accounts.\r\nWith it being a self-contained program this removes the issue of SQLi attacks on the C\u0026C so its more SECURE.\r\nThe C\u0026C can also run inside a Tor Hidden service if configured right and the client (bot) can connect to it using a onion.to\r\nor onion.cab forwarder if needed. Tor can also be used by the bot via a SOCKS proxy... Simple to do, Google it.\r\nHow to Build and Use\r\nhttps://github.com/SaturnsVoid/GoBot2\r\nPage 2 of 5\n\nBot Settings are located in \"Variables.go\" Server Setting are located in \"Server.go\"\r\nCompile GoBot.go with correct settings, Make a MySQL Database and import db file, Compile Server.go with correct\r\nsettings\r\ngo build -o GoBot.exe -ldflags \"-H windowsgui\" \"C:\\GoBot2\\GoBot.go\"\r\ngo build -0 Server.exe \"C:\\GoBot2\\Console Server\\Server.go\"\r\nAlways compile with '-w -s' ldflags to strip any debug information from the binary.\r\nIncluded Tools\r\nTool for the project (Obfuscator (Char+1) and other crap. w/ source in VB.net)\r\nDownloader.go (GoLANG Download and Run Example)\r\nDownloaderWithUAC.go (GoLANG Download and Run Example with UAC Bypass)\r\nObfuscator\r\nIt not really a Obfuscator all it does it move the Char +1 to and A = B, C = D, ect. Simple but it will slow down people\r\nwanting to mess with the program and also programs that search for keywords...\r\nPackages Used\r\ngithub.com/NebulousLabs/go-upnp\r\ngolang.org/x/sys/windows/registry\r\ngithub.com/AllenDang/w32\r\ngithub.com/atotto/clipboard\r\ngithub.com/StackExchange/wmi\r\nImages\r\nhttp://prnt.sc/d67nh5\r\nhttp://prnt.sc/d67ogh\r\nhttp://prnt.sc/d67oqh\r\nhttp://prnt.sc/d6esj3\r\nCredits and Stuff\r\nhttps://github.com/decred/gominer\r\nhttps://github.com/robvanmieghem/gominer\r\nhttps://astaxie.gitbooks.io/build-web-application-with-golang/content/en/04.5.html\r\nhttp://www.adlice.com/runpe-hide-code-behind-legit-process/\r\nhttp://www.hacking-tutorial.com/tips-and-trick/how-to-enable-remote-desktop-using-command-prompt/\r\nhttps://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/\r\nhttps://mholt.github.io/json-to-go/\r\nhttps://sentinelone.com/blogs/anti-vm-tricks/\r\nhttp://hackforums.net/showthread.php?tid=5383448\r\nhttps://github.com/grafov/hulk\r\nhttps://github.com/nhooyr/dos\r\nhttps://github.com/marcelki/sockstress\r\nhttps://github.com/ammario/ssynflood\r\nhttps://github.com/matishsiao/goInfo/blob/master/goInfo_windows.go\r\nhttps://github.com/iamacarpet/go-win64api\r\nhttps://github.com/oneumyvakin/initme/blob/master/windows.go\r\nhttps://github.com/LOLSquad/DDoS-Scripts\r\nhttps://github.com/SaturnsVoid/GoBot2\r\nPage 3 of 5\n\nhttps://github.com/vbooter/DDoS-Scripts\r\nhttps://github.com/natefinch/pie\r\nhttps://www.windows-commandline.com/enable-remote-desktop-command-line/\r\nhttps://www.socketloop.com/tutorials/golang-secure-tls-connection-between-server-and-client\r\nhttps://github.com/lextoumbourou/goodhosts\r\nhttps://github.com/YinAndYangSecurityAwareness/dreamr-botnet\r\nhttps://github.com/mauri870/ransomware\r\nhttp://www.devdungeon.com/content/making-tor-http-requests-go\r\nhttp://www.darul.io/post/2015-07-22_go-lang-simple-reverse-proxy\r\nhttps://github.com/mauri870/powershell-reverse-http\r\nhttps://github.com/gh0std4ncer/lizkebab/blob/master/client.c\r\nhttps://github.com/EgeBalci/EGESPLOIT\r\nhttps://github.com/EgeBalci/HERCULES\r\nhttps://github.com/andrewaeva/gobotnet\r\nhttps://github.com/SaturnsVoid/GoBot\r\nhttps://github.com/petercunha/GoAT\r\nhttps://github.com/huin/goupnp\r\nhttps://github.com/ytisf/theZoo/tree/master/malwares/Source/Original\r\nhttps://github.com/malwares/Remote-Access-Trojan\r\nhttps://github.com/kardianos/service\r\nhttps://github.com/vova616/screenshot/blob/master/screenshot_windows.go\r\nhttp://hackforums.net/showthread.php?tid=5040543\r\nhttp://www.calhoun.io/5-useful-ways-to-use-closures-in-go/\r\nhttps://blogs.technet.microsoft.com/ilikesql_by_dandyman/2013/03/10/how-to-install-a-msi-file-unattended/\r\nhttps://github.com/tadzik/simpleaes\r\nhttps://guitmz.com/win32-liora-b/\r\nhttps://github.com/rk/go-cron\r\nhttps://breakingmalware.com/vulnerabilities/elastic-boundaries-elevating-privileges-by-environment-variables-expansion/\r\nhttps://breakingmalware.com/malware/ardbot-a-malware-under-construction/\r\nhttps://breakingmalware.com/malware/furtim-malware-avoids-mass-infection/\r\nhttps://www.pugetsystems.com/labs/support-software/How-to-disable-Sleep-Mode-or-Hibernation-793/\r\nhttps://files.sans.org/summit/Digital_Forensics_and_Incident_Response_Summit_2015/PDFs/TheresSomethingAboutWMIDevon\r\nhttps://github.com/jasonlvhit/gocron\r\nOther\r\nGo is a amazing and powerful programming language. If you already haven't, check it out; https://golang.org/\r\nDonations\r\nPlease Donate To Bitcoin Address: 1AEbR1utjaYu3SGtBKZCLJMRR5RS7Bp7eE\r\nNews\r\nI just read a article on Bleeping Computer, https://www.bleepingcomputer.com/news/security/backdoored-torrents-infect-movie-tv-fans-with-gobot2-malware/ Seems someone has found a use for this project... I have no involvment with this group\r\nor person. I have nothing more to say on this matter.\r\n-Crab Crab\r\n----------Update Log---------------------\r\nhttps://github.com/SaturnsVoid/GoBot2\r\nPage 4 of 5\n\n03/15/2017: Intial Upload...\r\nSource: https://github.com/SaturnsVoid/GoBot2\r\nhttps://github.com/SaturnsVoid/GoBot2\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://github.com/SaturnsVoid/GoBot2" ], "report_names": [ "GoBot2" ], "threat_actors": [ { "id": "eb3f4e4d-2573-494d-9739-1be5141cf7b2", "created_at": "2022-10-25T16:07:24.471018Z", "updated_at": "2026-04-10T02:00:05.002374Z", "deleted_at": null, "main_name": "Cron", "aliases": [], "source_name": "ETDA:Cron", "tools": [ "Catelites", "Catelites Bot", "CronBot", "TinyZBot" ], "source_id": "ETDA", "reports": null }, { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "f9806b99-e392-46f1-9c13-885e376b239f", "created_at": "2023-01-06T13:46:39.431871Z", "updated_at": "2026-04-10T02:00:03.325163Z", "deleted_at": null, "main_name": "Watchdog", "aliases": [ "Thief Libra" ], "source_name": "MISPGALAXY:Watchdog", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434267, "ts_updated_at": 1775826739, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/12aa98d0be27a1fc7700fe61a28519defc73772c.pdf", "text": "https://archive.orkl.eu/12aa98d0be27a1fc7700fe61a28519defc73772c.txt", "img": "https://archive.orkl.eu/12aa98d0be27a1fc7700fe61a28519defc73772c.jpg" } }