Wednesday, April 30, 2014

Citadel & ZA eFile Tax Phishing

KINS (Citadel) C&C listed on ZeuS Tracker




Was looking for a KINS panel, but its Citadel.

So I break in and look around.





Also found on this server:
(SARS) South Africa Revenue Service phishing page, shell, and "hacked by" page.

SARS phishing landing page


Some dude was here already:


..to make me laugh :-)


Some mailer settings:

define("EMAIL", "naks@top2roues.com,garicofa@blumail.org");

$recipient = "fof204@gmail.com";



A shell:



No comments:

Post a Comment