Skip to content

Instantly share code, notes, and snippets.

View BushidoUK's full-sized avatar
🔎

BushidoToken BushidoUK

🔎
560 followers · 74 following
View GitHub Profile
@BushidoUK
BushidoUK / Israel_Palestine_Hacktivism_OSINT
Created October 8, 2023 15:26
Israel_Palestine_Hacktivism_OSINT
Twitter Accounts
https://twitter.com/ReVolution44Tm
https://twitter.com/barbbyofficial
https://twitter.com/Team_insane_pk1
https://twitter.com/anonymusweare
https://twitter.com/PalCyberNews
https://twitter.com/AnonAnonymous
Telegram Channels
https://t.me/s/CyberAv3ngers
@BushidoUK
BushidoUK / Akira Threat Reports.txt
Created September 15, 2023 23:58
Akira Threat Reports
7 May 2023 https://www.bleepingcomputer.com/news/security/meet-akira-a-new-ransomware-operation-targeting-the-enterprise/
9 May 2023 https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/
10 May 2023 https://blog.reconinfosec.com/emergence-of-akira-ransomware-group
10 May 2023 https://cyble.com/blog/unraveling-akira-ransomware/
19 May 2023 https://securitynews.sonicwall.com/xmlpost/akira-ransomware-double-extortion-scheme-encrypts-and-publicly-leaks-sensitive-data/
26 May 2023 https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/
28 June 2023 https://blog.cyble.com/2023/06/28/akira-ransomware-extends-reach-to-linux-platform/
29 June 2023 https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/#how_to
11 July 2023 https://twitter.com/TrendMicroRSRCH/status/1678811395448504325
21 July 2023 https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVA01&VACODE=CIVA-2023-2113
@BushidoUK
BushidoUK / gist:20b81335c6729dc8e0b5997ca83fa35f
Created September 14, 2023 20:24
BlackCat/ALPHV - MGM
Statement on MGM Resorts International: Setting the record straight
9/14/2023, 7:46:49 PM
We have made multiple attempts to reach out to MGM Resorts International, "MGM". As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight.
No ransomware was deployed prior to the initial take down of their infrastructure by their internal teams.
MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers sniffing passwords of people whose passwords couldn't be cracked from their domain controller hash dumps. Resulting in their Okta being completely locked out. Meanwhile we continued having super administrator privileges to their Okta, along with Global Administrator privileges to their Azure tenant. They made an attempt to evict us after discovering that we had access to their Okta environment, but things did not go according to plan.
On Sunday night, MGM implement
@BushidoUK
BushidoUK / RedZeiUpdate1H2023.txt
Created July 11, 2023 10:15
RedZei Number 1H 2023
Number MNO Voice Mail Theme
+44 24 7522 9208 IP Voice Networks Ltd Unknown (Chinese)
+44 7404 008579 Lycamobile UK Limited Visa Information
+44 7424 407427 Lycamobile UK Limited Visa Information
+44 7405 901628 Lycamobile UK Limited Visa Information
+44 7496 139575 EE Limited ( TM) Unknown (Chinese)
+44 7526 013110 Telefonica UK Limited Chinese Embassy
+44 7526 057134 Telefonica UK Limited Chinese Embassy
+44 20 8072 0091 TAP GATEWAY LTD Unknown (Chinese)
+44 7478 993982 Hutchison 3G UK Ltd Unknown (Chinese)
@BushidoUK
BushidoUK / BYOVA Collection.txt
Created June 17, 2023 17:24
Collection of Vulnerable Legit Applications used for DLL side-loading or search-order hijacking
Valid signed file by Symantec, Symantec Antivirus Installer
61d1943f0b702f4c16bb37228ade1d8f0ef4675b480921950d026c82e4a65fde
Valid signed file by Venta Association, VentaFax MAPI client
390d75e6c7fc1cf258145dc712c1fac1eb183efccee1b03c058cec1d790e46b1
Valid signed file by Vivaldi Technologies, Vivaldi.exe
58e7af5eb1acb5c9bee821d59054c69263aed3dce1b95616255dea7114ad8494
Valid signed file by Invincea, Inc. Sandboxie
@BushidoUK
BushidoUK / Malicious Hostnames.txt
Created June 14, 2023 21:19
Malicious Hostnames belonging to Malware Operators, Ransomware Groups, and Advanced Persistence Threats
WIN-QQ80VPAFRNH
84.252.95.225 - SolarMarker
37.120.237.251 - SolarMarker
217.138.205.170 - Ursnif
185.236.202.184 - Pegasus, NSO Group
DESKTOP-2NFCDE2
94.142.138.32 - Aurora Stealer
45.15.156.250 - Aurora Stealer
45.15.156.40 - Raccoon Stealer
@BushidoUK
BushidoUK / RaspberryRobin_C2Domains.yara
Created May 3, 2023 00:51
import "vt"
rule RaspberryRobin_C2Domains{
meta:
description = "Checks for Files with RaspberryRobin C2 domains"
author = "Will Thomas (@BushidoToken), Equinix Threat Analysis Center (ETAC)"
date = "2023-APRIL-14"
tlp = "CLEAR"
adversary = "DEV-0856"
strings:
@BushidoUK
BushidoUK / Ransomware Victims on Shodan
Created March 27, 2023 23:12
Loki
https://www.shodan.io/search?query=%22Loki+Locker%22
BlackBit
https://www.shodan.io/search?query=%22Encrypted+by+BlackBit%22
BlackHunt
https://www.shodan.io/search?query=%22Your+Network+Infected+with+BlackHunt+Ransomware+Team%22
Amelia, Proxima
@BushidoUK
BushidoUK / Royal_Ransomware_hashes_Dec_2022
Created January 2, 2023 17:50
1.exe | Netherlands | First seen : 2022-12-23
de025f921dd477c127fba971b9f90accfb58b117274ba1afb1aaf2222823b6ac
qut.dll | Australia | First seen : 2022-12-23
8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648
gdr.exe | Argentina | First seen : 2022-12-21
bc06587b96b2628480d47579bcc2519a9da2b55aa037a49af4cd03811c534f66
windows_encryptor.exe | Hong Kong | First seen : 2022-12-18
@BushidoUK
BushidoUK / CN_Scammer_Numbers.txt
Last active December 30, 2022 16:56
Chinese scammers targeting Chinese students in the UK
+44 7737 359848 Three
+44 7521 967428 O2
+44 7415 787846 EE
+44 7523 322875 O2
+44 7419 756102 EE
+44 7575 186994 Three
+44 7497 580997 EE
+44 7544 631585 O2
+44 70 3401 7692 "Protected" / Unknown
+353 (89) 499 6551 Liffey Telecom / Tesco Mobile