Zyklon HTTP leaked version 1.3.0.1 leaked on opensc forum and other forums. The leaked version of the bot I tested in a virtual machine appears to be backdoored as you can't successfully uninstall the bot without it coming online a few minutes later. The newest version I am currently aware of version 1.4.0.0 boasts of a native loader without the need for .NET which is a huge deal considering it's accessible price point at around $125.00 with option for 3 .onion domains
Zyklon HTTP Change Log
v1.4.0.0
-Added on connect tasks [You are now able to create tasks that will execute as soon as the client is first seen in the panel]
-Task execution is now faster [No more delays when executing multiple tasks]
-Native loader is completely recoded
-Added UAC bypass
-Botkiller module optimized
-Better persistence [System wide injection only for x86 processes for now]
-Tor is no longer injected and instead is run in the address space of current executable
-Tor updated to newer version
-Added option to choose if you want to run Zyklon H.T.T.P main process in the address space of system process
-Downloaded plugins are now stored encrypted with key derived from machine hwid and with file name dervied from machine hwid [No more filename based detections]
-Added support for https links when downloading files
-Normal version file size is reduced to less than 200kb
-Better crypter compatibility
-Added new filters in the panel when creating new tasks
-Various panel bugfixes and improvements
-The client now connects to index.php instead of gate.php
v1.3.0.0
-Added native loader [The bot now works on all .NET framework versions, persistence works even if there is no .NET framework installed]
-Improved stability
-Auto logout after 10min of inactivity in the panel
-Keylogger added
-Reverse socks proxy added
-Miner removed
-Fixed bug with UDP flood where port was always 80
-Added automatic updater to make easier to update your clients
-Added download files over tor
-Added update on the fly [Zyklon H.T.T.P will just download the file from specified link and replace the installed file.]
-Added option to create cron jobs in the installer
-World map can show only online or all clients.
-Added help page with some explanations [More will come in the future]
-Added a % next to a numbers in the statistics page
-Added options to check keylogger logs and recovered browser passwords when you click client IP
-Panel now sanitize all user input variables before displaying them to the end user
-Fixed bug where the submenu would collapse when the page was selected
-Optimized persistence module
-Added option to download tor from the server using tor2web and simillar proxy. [Tor version stub size reduced from 1.3mb to 280kb]
-Added few new database options
-Fixed the bug where you could put string as parameters in knock time, offlline time, dead time and botkiller cycle.
-Fixed the bug with cloud based malware inspection where api key were not set correctly.
-Limited cloud based malware inspection only to startup items [This is because VT allows only 4 requests per minute using one api]
-Fixed the issue with downloading logs on some systems.
-Changed the way the settings were passed to the client. The client receives the new settings as soon they are applied in the panel. No need to wait for restart.
-Various other code optimizations and small bugfixes
v1.2.0.0
-Added option to change socks proxy port in the panel
-Botkiller Optimized
-Improved stability
-Password recovery module updated
-Added a few new database options in the panel
-Various bugs fixes and minor code changes
-Tor module optimized, faster connection to the Tor network
-Added option to group clients
v1.1.0.0
-Added Tor support [Nothing is dropped or downloaded]
-Added Botkiller [It will detect injected processes]
-Client basecode optimized
-Added various new options in the panel
-Updated password recovery for newest Mozilla Firefox and various other software.
-CloudFlare support added
v1.0.1.0
-Improved persistence [The bot now injects watchdog threads into other processes that protect the main process, startup regkeys/files and main file]
-Improved crypter compatibility
-Fixed a bug where bot was not uninstalling correctly
-Socks5 proxy optimized for better performance
-Added multiple startup methods
v1.0.0.0
-Initial Release
