Wednesday, April 30, 2014

Citadel & ZA eFile Tax Phishing

KINS (Citadel) C&C listed on ZeuS Tracker

Was looking for a KINS panel, but its Citadel.

So I break in and look around.

Also found on this server:
(SARS) South Africa Revenue Service phishing page, shell, and "hacked by" page.

SARS phishing landing page

Some dude was here already: make me laugh :-)

Some mailer settings:

define("EMAIL", ",");

$recipient = "";

A shell:

No comments:

Post a Comment