Hunting via Hybrid Analysis I identified persistent offender(s) storing content on a panel. I kept my eye on it for a while, and when it was busy enough, I managed to get the entire server configuration panels.
- Loki admin
- Pony admin
Usernames, passwords for MySQL and database configurations, over 100 lists of target applications, BTC wallets, FTP clients, browsers, games
The most interesting thing for was that Loki has a POS module.
Here is the contents, ping me it become unavailable
- https://drive.google.com/open?id=1l3vcGBnbknVhu-Fe6KZ5XB9LLEYx8Pua
- SHASUM: 591cc7fe34d5cd76c7bd8be4ee9d94741e293946
Have fun.