Darknet Advertising and Features Overview
It is said that Proofpoint originally found Buer on August 28 this year. At the time, it was mainly used by some attackers to download and run Dreambot (a variant of the banking Trojan Ursnif).
After searching on the dark web, Proofpoint quickly discovered Buer's sales ads.
Buer is priced at $ 400, and includes installation services, which means that you only need to pay for it. It is up to the seller to install Buer on the target computer and ensure normal operation.
Not only that, the seller also said that subsequent updates and BIG repairs are all free, but the "new address" requires a $ 25 surcharge.
All in all, the seller wants to emphasize that due to the choice of programming language, both the client and server of Buer have higher performance.
It is worth mentioning that the virus is set to not run on computers in CIS countries (formerly Soviet Union countries, such as Russia).
As mentioned above, since the control panel is written in .NET Core, it can be easily installed on Ubuntu / Debian Linux systems.
The control panel provides a large amount of statistical information, including the number of online / active / offline / total infected hosts, real-time updates of the infected host list, file download counters, and also supports pairs of operating system types, access permissions, and logical CPU cores Screening for infected hosts.
Figure 4. Infected host statistics page of Buer dashboard

Figure 5. Filter display page of the Buer control panel (filter by "Microsoft Windows")

Figure 6. Task creation page of Buer dashboard
