└── README.md /README.md: -------------------------------------------------------------------------------- 1 | #Research #Analysis #Advisory #Malware #Threat #Encryption #CyberSecurity #CyberArmour General Overview Cyber Warfare is a free and open source international intrusion detection and prevention advisory Cyber Security Analyst & Research organization. Analysing malware threat. Repository for code samples for Cyber Warfare against individualts, corporations and government organizations. 2 | 3 | Join our forum on Linkedin "Quantum Blockchain & Artificial Intelligence" at https://www.linkedin.com/groups/8371715/ 4 | 5 | Specialities 6 | 7 | Tokens, most token based on the old ERC20 standard has design mistakes including tokens issued by the major players. Learn more at https://cryptortrust.com/2018/11/20/erc20-token-design-mistakes-vs-erc223-token/ 8 | Cryptocurrencies, many cryptocurrencies is clones of early cryptocurrencies issues. Thus they have heritages issues lurking to ermerge in the future. 9 | Malware, prepare for malware attack against your org. and systems. 10 | Open source code of major threat is free for educational purposes. Contact us for advisory. Retainer is USD 5.000 paid in advance. 11 | 12 | 13 | # Overview 14 | Overview of actors, tools, how they operate 15 | Articles 16 | 17 | Facts about cryptocurrency theft methods 18 | https://www.cryptolinenews.com/industry-analysis/facts-about-cryptocurrency-theft-methods/ 19 | https://bitcoinmagazine.com/articles/how-the-plustoken-scam-absconded-with-over-1-percent-of-the-bitcoin-supply 20 | 21 | 22 | 23 | What is a Botnet HTTP-Botnets: The Dark Side of a Standard Protocol! 24 | https://securityaffairs.co/wordpress/13747/cyber-crime/http-botnets.html 25 | https://usa.kaspersky.com/resource-center/threats/botnet-attacks 26 | 27 | How to build your own botnet, a framework for security researchers and developers to build and operate a basic botnet 28 | https://www.youtube.com/watch?v=TBSh_w0I-z8 29 | https://www.wired.com/story/opinion-bitcoins-greatest-feature-is-also-its-existential-threat/ 30 | 31 | 32 | What is a Trojon Virus 33 | https://usa.kaspersky.com/resource-center/threats/trojans 34 | 35 | Hos to make a Trojan Virus 36 | https://usa.kaspersky.com/resource-center/threats/trojans 37 | using Phyton 38 | https://www.youtube.com/watch?v=eSPLRuOezGc 39 | 40 | Trojans - Vidar information-stealing Trojan / Qulab trojans 41 | https://cointelegraph.com/news/new-malware-campaign-spreads-trojans-through-clone-crypto-trading-website 42 | - https://www.group-ib.com/blog/moneytaker 43 | Cerberus Banking Trojan 44 | https://thehackernews.com/2019/08/cerberus-android-banking-trojan.html 45 | https://cointelegraph.com/news/threat-alert-new-trojans-targeting-major-crypto-exchanges-apps-discovered 46 | 47 | 48 | RAT (Remote Access Trojan), which they named InnfiRAT 49 | https://bitcoinist.com/a-new-malware-can-steal-data-from-crypto-wallets/ 50 | 51 | Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection 52 | https://thehackernews.com/2021/03/hackers-now-hiding-obliquerat-payload.html 53 | 54 | The Rise of Super-Stealthy Digitally Signed Malware—Thanks to the Dark Web 55 | https://thehackernews.com/2017/11/malware-digital-certificate.html 56 | 57 | 58 | Best Torrent sites 59 | https://thehackernews.com/2016/12/kickass-torrents-site.html 60 | 61 | Deep Web Search Engines to Explore the Hidden Internet 62 | https://thehackernews.com/2016/02/deep-web-search-engine.html 63 | 64 | Grams - First Search Engine for Underground Black Markets 65 | https://thehackernews.com/2014/04/grams-first-search-engine-for.html 66 | 67 | 68 | 69 | New Android Malware Framework Turns Apps Into Powerful Spyware 70 | https://thehackernews.com/2018/08/android-malware-spyware.html 71 | https://www.theverge.com/2019/7/10/20688885/agent-smith-android-malware-25-million-infections 72 | 73 | 74 | 75 | Hackers Are Using These Tools to Reel in New Victims 76 | https://darkwebnews.com/hacking/hacking-tools-used-by-hackers/ 77 | https://www.fortinet.com/blog/threat-research/jbifrost-yet-another-incarnation-of-the-adwind-rat.html 78 | https://darknetlive.com/post/what-to-do-when-dread-goes-down/ 79 | 80 | 81 | 82 | Ethereum and Tokens Attacks 83 | 84 | Tokens 85 | https://cryptortrust.com/2018/11/20/erc20-token-design-mistakes-vs-erc223-token/ 86 | 87 | Wallets 88 | https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/ 89 | 90 | Mining Attacks 91 | https://www.cryptolinenews.com/2018/11/ethereum-network-token-attacked-by-malicious-minting-attack/?fbclid=IwAR2C-r1X8cuy0gdkq2U91DhNvHjDjsbOtLfYRnA50bFixuFH9oB1if1TRsM 92 | A New Wave of Attacks on Ethereum Mining Rigs 93 | https://cryptonews.com/news/a-new-wave-of-attacks-on-ethereum-mining-rigs-3055.htm 94 | https://blog.quillhash.com/potential-attack-on-ethereum-network-to-mint-gastokens/ 95 | 96 | 97 | Hacking a Blockchain vs a DApp 98 | https://hackernoon.com/hacking-a-blockchain-vs-hacking-a-dapp-a-response-to-mike-orcutts-mit-article-7dfc6973df52 99 | 100 | 101 | Virtual Kidnapping 102 | https://edition.cnn.com/2019/05/15/tech/virtual-kidnapping/index.html?utm_source=digg&utm_medium=email 103 | 104 | 105 | 106 | 107 | RANSOMEWARE 108 | https://dwealth.news/2021/05/colonial-pipeline-ransomware-bad-guys-unmasked/ 109 | CryptON Ransomware Installed Using Hacked Remote Desktop Services 110 | https://www.bleepingcomputer.com/news/security/crypton-ransomware-installed-using-hacked-remote-desktop-services/ 111 | 112 | Locky Ransomware Information, Help Guide, and FAQ 113 | https://www.bleepingcomputer.com/virus-removal/locky-ransomware-information-help 114 | https://beincrypto.com/russian-nationals-bitcoin-ransomware-trial-begins-in-paris/ 115 | 116 | 117 | CryptoLocker Ransomware Information Guide and FAQ 118 | https://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information 119 | 120 | CryptorBit and HowDecrypt Information Guide and FAQ 121 | https://www.bleepingcomputer.com/virus-removal/cryptorbit-ransomware-information 122 | 123 | 124 | CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ 125 | https://www.bleepingcomputer.com/virus-removal/cryptodefense-ransomware-information 126 | 127 | U-Boot's Trusted Boot Validation Bypassed 128 | https://www.bleepingcomputer.com/news/security/u-boots-trusted-boot-validation-bypassed/ 129 | 130 | Locky Poser, PyLocky Ransomware 131 | https://blog.trendmicro.com/trendlabs-security-intelligence/a-closer-look-at-the-locky-poser-pylocky-ransomware/ 132 | 133 | Viro Botnet 134 | https://blog.trendmicro.com/trendlabs-security-intelligence/virobot-ransomware-with-botnet-capability-breaks-through/ 135 | 136 | Ubuntu Botnet 137 | https://hackernoon.com/is-this-a-ubuntu-based-botnet-deploying-tor-relays-and-bridges-b4ce1a612039 138 | 139 | Linux - Phyton Botnet 140 | https://www.f5.com/labs/articles/threat-intelligence/new-python-based-crypto-miner-botnet-flying-under-the-radar 141 | 142 | Mirai Botnet (semiautonomously - seeking out targets and spreading itself) 143 | https://www.bloomberg.com/news/features/2019-12-20/spiderman-hacker-daniel-kaye-took-down-liberia-s-internet 144 | https://krebsonsecurity.com/2017/07/who-is-the-govrat-author-and-mirai-botmaster-bestbuy/ 145 | 146 | Necur 147 | https://threatpost.com/necurs-botnet-in-crosshairs-of-global-takedown-offensive/153607/ 148 | 149 | 150 | DDG botnet 151 | https://www.forbes.com/sites/leemathews/2020/04/10/a-sinister-new-botnet-could-prove-nearly-impossible-to-stop/?fbclid=IwAR1WOSx76zeSvkcQ9cz42VdQnNiks3krdJh5DqFuMITVQzZ3dYVFdeeiSmY#1530df537c5c 152 | https://threatpost.com/p2p-ddg-botnet-unstoppable/154650/ 153 | 154 | 155 | 156 | Cerber Ransomware steals bitcoin wallets 157 | https://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/ 158 | 159 | 160 | 161 | Ryyuk Ransomware (Very profitable) 162 | https://cointelegraph.com/news/research-suggests-russian-based-hackers-behind-ryuk-ransomwares-25-million-gains 163 | https://www.csoonline.com/article/3541810/ryuk-ransomware-explained-a-targeted-devastatingly-effective-attack.html 164 | 165 | 166 | 167 | Gustuff 168 | https://www.bleepingcomputer.com/news/security/gustuff-android-malware-targets-100-banking-and-32-cryptocurrency-apps/ 169 | 170 | 171 | Baldr Malware https://darkwebnews.com/hacking/baldr-malware-circulation-in-hacking-forums/ 172 | 173 | GoldBrute 174 | https://thehackernews.com/2019/06/windows-rdp-brute-force.html 175 | 176 | Shade Ransomeware 177 | https://threatpost.com/shade-ransomware-expands-us/145020/ 178 | 179 | Scranos Malware 180 | https://www.zdnet.com/article/this-data-stealing-malware-has-returned-with-new-attacks-and-nasty-upgraded-features/ 181 | 182 | Zeppelin ransomware 183 | https://krebsonsecurity.com/2022/11/researchers-quietly-cracked-zeppelin-ransomware-keys/ 184 | 185 | 186 | 187 | 188 | Turla 189 | https://www.wired.com/story/turla-history-russia-fsb-hackers/ 190 | https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/ 191 | 192 | GoldenJackal APT group 193 | https://securelist.com/goldenjackal-apt-group/109677/ 194 | 195 | 196 | Botnets 197 | Smominru Botnet MyKings (alternatively as DarkCloud or Smominru pt Hexmen) 198 | https://thehackernews.com/2019/09/smominru-botnet.html 199 | https://cointelegraph.com/news/monero-malware-botnet-lurks-behind-taylor-swift-jpegs 200 | https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophoslabs-uncut-mykings-report.pdf 201 | https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-a-mykings-variant-with-bootloader-persistence-via-managed-detection-and-response/ 202 | https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/ 203 | https://www.guardicore.com/2016/06/the-photominer-campaign/ 204 | https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators 205 | https://s.tencent.com/research/report/765.html 206 | https://www.zscaler.com/blogs/research/darkcloud-bootkit 207 | https://vms.drweb.com/virus/?_is=1&i=14934685 208 | https://www.antiy.com/response/20190822.html 209 | https://securitynews.sonicwall.com/xmlpost/new-variant-pcshare-trojan-with-ups2-version-1-0-2-server-dec-2018/ 210 | https://www.cyber.nj.gov/threat-profiles/botnet-variants/smominru 211 | https://www.cyberscoop.com/mykings-botnet-sophos-smominru/ 212 | https://www.itspmagazine.com/from-the-newsroom/top-3-crypto-mining-botnets-smominru-ddg-and-adbminer 213 | https://www.wired.com/story/opinion-bitcoins-greatest-feature-is-also-its-existential-threat/ 214 | https://blogs.akamai.com/sitr/2021/02/bitcoins-blockchains-and-botnets.html 215 | 216 | 217 | 218 | 219 | Bulehero Botnet 220 | https://forums.juniper.net/t5/Threat-Research/Anatomy-of-the-Bulehero-Cryptomining-Botnet/ba-p/458787 221 | 222 | 223 | Mokes" and "Netwire 224 | https://cointelegraph.com/news/report-record-breaking-coincheck-hack-perpetrated-by-virus-tied-to-russian-hackers 225 | 226 | 227 | LockBit Ransomware Gang 228 | https://www.wired.co.uk/article/lockbit-ransomware-attacks 229 | https://www.chainalysis.com/blog/nca-ofac-sanctions-dmitry-khoroshev-lockbit-ransomware-2024/ 230 | 231 | 232 | 233 | MINING 234 | Beapy File based mining. Most lucrative mining strategy 235 | https://bitcoinmagazine.com/articles/new-cryptojacking-campaign-infects-asia-using-more-profitable-tactics/ 236 | https://www.symantec.com/blogs/threat-intelligence/beapy-cryptojacking-worm-china 237 | https://www.symantec.com/blogs/threat-intelligence/cryptojacking-modern-cash-cow 238 | https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/istr-cryptojacking-modern-cash-cow-en.pdf 239 | 240 | https://www.vanityfair.com/news/2019/11/the-big-bitcoin-heist 241 | 242 | Hacker Tools Top Ten 243 | Our Recommended Pentesting Tools and Hacking Software For 2018 244 | https://www.concise-courses.com/hacking-tools/top-ten/ 245 | 246 | https://en.wikipedia.org/wiki/Hacking_tool 247 | https://www.cybersecuritymastersdegree.org/2017/11/top-ten-tools-for-cybersecurity-pros-and-black-hat-hackers/ 248 | https://www.guru99.com/learn-everything-about-ethical-hacking-tools-and-skills.html 249 | https://www.darknet.org.uk/category/hacking-tools/ 250 | https://fossbytes.com/best-hacking-tools-of-2016-windows-linux-mac-osx/ 251 | https://www.greycampus.com/blog/information-security/top-wireless-hacking-tools 252 | 253 | WhatsApp / Whatsup 254 | https://www.linkedin.com/pulse/new-hacks-modify-whatsup-chat-ajay-upadhyay/ 255 | 256 | 257 | LocalBitcoin https://bitcoinmagazine.com/articles/phishing-scam-hits-localbitcoins-clients-lose-funds/ 258 | 259 | 260 | Android 261 | https://www.linkedin.com/pulse/new-man-in-the-disk-attack-leaves-millions-android-phones-upadhyay/ 262 | https://thehackernews.com/2019/10/remove-xhelper-android-malware.html 263 | https://threatpost.com/xhelper-russian-nesting-doll-android-malware/154519/ 264 | 265 | 266 | Iphone 267 | https://www.vanityfair.com/news/2016/11/how-bill-marczak-spyware-can-control-the-iphone 268 | 269 | 270 | Windows 271 | Windows Torrent File Malware Can Swap Out Crypto Addresses, Researcher Warns 272 | https://cointelegraph.com/news/windows-torrent-file-malware-can-swap-out-crypto-addresses-researcher-warns 273 | https://www.techrepublic.com/article/nasty-botnet-uses-wannacry-exploit-to-mine-cryptocurrency-from-your-servers/ 274 | https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/#intcid=recommendations_wired-homepage-right-rail-popular_8647e7a8-5e06-4f07-99c2-569573f1586b_popular4-1 275 | 276 | 277 | CISCO Router https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor/ 278 | 279 | Bitcoin ATM Hacks 280 | https://bravenewcoin.com/insights/bitcoin-atm-numbers-are-booming 281 | 282 | 283 | Github 284 | https://www.darkreading.com/application-security/its-time-to-take-github-threats-seriously/a/d-id/1331577 285 | 286 | 287 | Kraken Cryptor is able to prey on victims and gain revenue through its affiliate program, a ransomware-as-a-service (RaaS) model 288 | https://darkwebnews.com/dark-web/kraken-darknet-expansion/ 289 | 290 | Monappy Wallet Provider 291 | https://coinfomania.com/18-year-old-monacoin-theft-japan/?fbclid=IwAR3SW4HigAczkr5o9MSzVLWHnrFcsEIbXxRPFst0kAZ-i0CaTUOM4XJfpvQ 292 | 293 | Phishing 294 | https://darknetlive.com/post/empire-phishing/ 295 | https://darknetlive.com/post/a-warning-about-darkweb-market-phishing-sites 296 | Weird ‘null address’ iVest hack, millions of PCs still vulnerable to ‘Sinkclose’ malware: Crypto-Sec 297 | https://cointelegraph.com/magazine/ivest-hacked-sinkclose-affects-amd-devices-usdt-phishing/ 298 | 299 | 300 | 301 | Malware market - New market 302 | https://www.cryptolinenews.com/2018/06/cryptocurrencies-have-given-birth-to-another-market/ 303 | 304 | Mobile Network Hacking of Crypto Currencies 305 | https://coinfomania.com/nicholas-truglia-convicted-for-crypto-theft/?fbclid=IwAR3_1ClKPdN14F6B1hrH4UXmgMgQyjka2Aj9L0O3zLkS120hSfPmJ8Sf1VY 306 | https://breakermag.com/doctored-images-are-yet-another-way-for-hackers-to-steal-your-crypto/ 307 | 308 | 309 | SamSam Randsomware 310 | https://blog.malwarebytes.com/cybercrime/2018/05/samsam-ransomware-need-know/ 311 | 312 | 313 | GameOver ZeuS Botnet / Evgeniy Bogachev - one of the most successful hackers 314 | http://nautil.us/issue/66/clockwork/the-100-million-bot-heist?utm_source=digg&utm_medium=email 315 | 316 | 317 | 318 | Inside North Korea’s Hacker Army (Lazarus Hacker Group) 319 | https://www.bloomberg.com/news/features/2018-02-07/inside-kim-jong-un-s-hacker-army 320 | https://coinidol.com/north-korean-lazarus/ 321 | https://thehackernews.com/2019/05/north-korean-hacking-tool.html 322 | https://www.wired.com/story/how-north-korea-robs-banks-around-world/ 323 | https://www.wsj.com/articles/north-korea-is-suspected-in-bitcoin-heist-1522303177 324 | https://thenextweb.com/hardfork/2018/10/19/cryptocurrency-attack-report/ 325 | https://tokenhell.com/us-authority-charged-two-chinese-officials-with-laundering-cryptocurrency-worth-100m/ 326 | https://www.the-blockchain.com/2020/03/13/two-chinese-nationals-charged-with-hacking-cryptocurrency-exchange-and-laundering-over-100-million-in-cryptocurrency/ 327 | https://www.altfi.com/article/9685_more-than-540m-laundered-through-renbridge 328 | https://www.infosecurity-magazine.com/news/lazarus-dtrack-target-europe-and/ 329 | Lazarus Group Poses as VC Firms to Spread Malware 330 | https://decrypt.co/118031/north-korea-linked-lazarus-group-poses-as-vc-firms-to-spread-malware 331 | https://securelist.com/the-lazarus-group-deathnote-campaign/109490/ 332 | 333 | 334 | 335 | Inside Iran's Hacker Army 336 | Holmium Group / APT33 Group 337 | https://www.marketscreener.com/MICROSOFT-CORPORATION-4835/news/Microsoft-Iranian-Hackers-Have-Hit-Hundreds-of-Companies-in-Past-Two-Years-2nd-Update-28123238/ 338 | https://portswigger.net/daily-swig/iranian-cyber-threat-groups-make-up-for-lack-of-technical-sophistication-with-social-engineering-trickery 339 | 340 | 341 | Inside Russia's Hacker Army 342 | https://www.bloomberg.com/news/articles/2021-06-11/russian-hackers-thrive-as-putin-prepares-to-meet-with-u-s-president-biden 343 | APT28 / Russia's 'Fancy Bear' Hackers 344 | https://www.wired.com/story/fancy-bear-hotel-hack/ 345 | Russia's Evil Corp / Using Dridex malware (Also known as Bugat / Cridex) 346 | https://www.bloomberg.com/news/articles/2019-12-05/u-s-sanctions-evil-corp-blamed-for-100-million-cyber-theft 347 | https://blog.chainalysis.com/reports/ofac-sanction-suex-september-2021/ 348 | https://blog.chainalysis.com/reports/eastern-europe-cryptocurrency-geography-report-2021-preview/ 349 | https://blog.chainalysis.com/reports/ofac-sanction-chatex-revil-sodinokibi-november-2021/ 350 | https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-russia-ransomware-money-laundering/?fbclid=IwAR08fTQ64VEqYnDBraTRx5q-Yv5p7tcHGGLGWW3IF3sQIfQpGaFoM8uKTOY 351 | New TRM Report Reveals Russian-speaking Groups Dominate Ransomware 352 | https://www.trmlabs.com/post/new-trm-report-reveals-russian-speaking-groups-dominate-ransomware 353 | 354 | 355 | 356 | Inside Indias Hacker Army 357 | https://portswigger.net/daily-swig/indian-cyber-espionage-activity-rising-amid-growing-rivalry-with-china-pakistan 358 | 359 | 360 | 361 | Inside Chinas Hacker Army 362 | https://portswigger.net/daily-swig/behind-the-great-firewall-chinese-cyber-espionage-adapts-to-post-covid-world-with-stealthier-attacks 363 | 364 | 365 | 366 | 367 | Lurk Group 368 | https://securityaffairs.co/wordpress/67262/cyber-crime/wannacry-lurk-group.html 369 | 370 | 371 | 372 | 373 | 374 | 375 | DARKNET MARKETS Darknet Ecommerce, Hydra, Empire Market Bypass Shop, etc. 376 | 377 | Hydra 378 | https://www.elliptic.co/blog/5-billion-darknet-market-hydra-seized-by-german-authorities 379 | https://www.wired.com/story/hydra-market-shutdown/ 380 | https://medium.com/@Nethone_/russian-darknet-market-hydra-is-expanding-whats-the-threat-d0613d34a358 381 | https://portswigger.net/daily-swig/authorities-seize-hydra-servers-in-bust-against-darknet-cybercrime-marketplace 382 | 383 | 384 | 385 | DeSnake / AlphaBay 386 | https://www.wired.com/story/alphabay-desnake-dark-web-interview/ 387 | https://www.wired.com/story/alphabay-series-part-2-pimp-alex-91/ 388 | https://www.wired.com/story/alphabay-series-part-3-alpha-male/ 389 | https://www.wired.com/story/alphabay-series-part-4-face-to-face/ 390 | https://www.wired.com/story/alphabay-series-part-5-takedown/ 391 | https://www.wired.com/story/alphabay-series-part-6-endgame/ 392 | 393 | Other 394 | https://www.expressvpn.com/blog/best-onion-sites-on-dark-web/ 395 | http://s4k4ceiapwwgcm3mkb6e4diqecpo7kvdnfr5gg7sph7jjppqkvwwqtyd.onion/ Overview of onion links 396 | 397 | 398 | Stateown Intelligence Agencies: Russian Intelligence Agency, Federal Security Bureau (FSB) 399 | https://www.cryptoknowmics.com/news/bbc-russian-service-450-million-worth-of-bitcoin-connected-to-russia 400 | https://wearechange.org/10-things-you-didnt-know-about-the-cia-before-yesterday/?fbclid=IwAR0QMLBXXE6vbBAC5HEaZMnYskb5Ydfc4oGsrT_AOMgfJvQeARcMmF8tzyk 401 | https://www.bloomberg.com/news/articles/2020-11-13/a-russian-cyber-guru-finds-ways-to-distance-company-from-kremlin?srnd=premium-europe 402 | https://portswigger.net/daily-swig/who-is-behind-apt29-what-we-know-about-this-nation-state-cybercrime-group 403 | 404 | 405 | Sandworm may be best known for the NotPetya ransomware attack 406 | https://techcrunch.com/2022/04/27/state-sandworm-russian-hackers-ukraine/ 407 | 408 | 409 | 410 | Inside China's Hacker Army 411 | https://portswigger.net/daily-swig/behind-the-great-firewall-chinese-cyber-espionage-adapts-to-post-covid-world-with-stealthier-attacks 412 | 413 | 414 | 415 | Cubas's Hacker Army 416 | https://www.infosecurity-magazine.com/news/cuba-ransomware-actors-pocket-60m/ 417 | 418 | 419 | FIN7 Hacker group (Also known to others as Cobalt Strike or Carbanak) 420 | https://darkwebnews.com/hacking/researchers-claim-hacking-group-fin7-still-on-loose/ 421 | https://www.wired.com/story/fin7-carbanak-hacking-group-behind-a-string-of-big-breaches/ 422 | https://www.wired.com/story/jackpotting-atm-hacks/ 423 | 424 | 425 | Hacker providers 426 | https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ?il=0 427 | 428 | 429 | 430 | Wordfence 431 | https://www.wordfence.com/blog/2018/12/wordpress-botnet-attacking-wordpress/?utm_source=list&utm_medium=email&utm_campaign=120518b&_hsenc=p2ANqtz--jcl1J96VqQy3hm-sqWtfR8Nubmaca5rZOoWM7u6NaDeNnW5nGU2gBce5lCBfw93LjYx99hKfCLFWKUVqUC3VJPxZAQA&_hsmi=68097177 432 | 433 | 434 | Whonix or Tails? https://darkwebnews.com/anonymity/whonix-or-tails/ 435 | 436 | Sim Card teft 437 | https://www.digitaltrends.com/mobile/sim-swap-fraud-explained/ 438 | https://coinfomania.com/20-year-old-dawson-bakies-accused-crypto-theft/?fbclid=IwAR2BKqr8NecknuA7Wyxj4a0dTA5jpnVytab5w35S91zNjDp_Ca8jBhr4Q00 439 | 440 | 441 | Domain Squatting https://darkwebnews.com/scams/btc-scammer-made-760k-through-darknet-typosquatting/ 442 | https://cointelegraph.com/news/europol-arrests-six-people-allegedly-behind-27-million-bitcoin-theft?fbclid=IwAR2IFxAx_2mCM-VwUIasko61tcJ8g_4vSb7n0zy_2y1szHhRbw2VmfZvR1A 443 | https://portswigger.net/daily-swig/dark-web-typosquatters-raking-in-a-fortune 444 | 445 | 446 | New Advanced Malware Targeting Windows Computers Available on the Dark Web 447 | https://darkwebnews.com/hacking/malware-targeting-windows-computers/ 448 | 449 | 450 | New Trends https://bitcoinmagazine.com/articles/2019-saw-most-exchange-attacks-ever-with-hackers-becoming-more-savvy 451 | https://bitcoinmagazine.com/articles/cryptomining-attacks-remain-one-of-the-nastiest-malware-threats-of-2019 452 | 453 | 454 | 455 | MINING ON OTHER PEOPLES COMPUTOR 456 | Crypto Illegal Mining Beating Ransomware as Top Cyber Threat 457 | https://www.bloomberg.com/news/articles/2018-12-14/crypto-illegal-mining-seen-beating-ransomware-as-cyber-threat?srnd=premium-europe 458 | https://www.csoonline.com/article/3253572/internet/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html 459 | https://www.zdnet.com/article/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency/ 460 | https://www.siliconrepublic.com/enterprise/wannamine-smominru-botnets-cryptocurrency 461 | https://www.infosecurity-magazine.com/news/hackers-malicious-file-systems/ 462 | 463 | Mining on other peoples computer - pirate Bay, mining Monero 464 | https://www.zdnet.com/article/how-much-does-the-pirate-bays-cryptocurrency-miner-make/ 465 | https://steemit.com/news/@runicar/pirate-mining-cryptojacking-your-cpu-to-mine-crypto-is-your-pc-under-attack-soultions-how-to-stop-it 466 | https://hackernoon.com/how-to-block-hackers-from-mining-cryptocurrency-on-your-computer-and-smartphones-c0c485b6eae6 467 | 468 | 469 | 470 | 471 | Private Surveillance Is a Lethal Weapon Anybody Can Buy 472 | https://www.nytimes.com/2019/07/19/opinion/private-surveillance-industry.html?action=click&module=Opinion&pgtype=Homepage&utm_source=digg&utm_medium=email 473 | 474 | 475 | Monero 476 | https://www.zdnet.com/article/ransomware-why-the-crooks-are-ditching-bitcoin-and-where-they-are-going-next/ 477 | https://blog.barracuda.com/2017/03/23/kirk-ransomware-does-things-differently/ 478 | https://cointelegraph.com/news/new-instance-of-monero-malware-sees-cryptojackers-target-linux-users 479 | https://cointelegraph.com/news/research-warns-familiar-monero-mining-malware-is-infecting-windows-systems 480 | https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/ 481 | https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/Trojan.Win32.MIMIKATZ.ADU?_ga=2.67727382.60182665.1551811519-1187802437.1551811518 482 | https://github.com/search?q=smominru&type=Code 483 | https://www.techrepublic.com/article/nasty-botnet-uses-wannacry-exploit-to-mine-cryptocurrency-from-your-servers/ 484 | https://cointelegraph.com/news/monero-malware-botnet-lurks-behind-taylor-swift-jpegs 485 | https://www.guardicore.com/2016/06/the-photominer-campaign/ 486 | https://www.forbes.com/sites/leemathews/2020/04/10/a-sinister-new-botnet-could-prove-nearly-impossible-to-stop/?fbclid=IwAR1WOSx76zeSvkcQ9cz42VdQnNiks3krdJh5DqFuMITVQzZ3dYVFdeeiSmY#1530df537c5c 487 | https://decrypt.co/44005/a-monero-malware-has-been-upgraded-and-can-now-steal-passwords 488 | https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/ 489 | https://cointelegraph.com/news/alarming-growth-of-difficult-to-detect-lemon-duck-crypto-mining-botnet 490 | https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html 491 | https://decrypt.co/44005/a-monero-malware-has-been-upgraded-and-can-now-steal-passwords 492 | https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/ 493 | 494 | 495 | 496 | Bitcoin 497 | https://www.globalbankingandfinance.com/bitcoin-stealers-are-back-hunt-for-users-cryptosavings-continues/ 498 | https://www.wired.com/story/opinion-bitcoins-greatest-feature-is-also-its-existential-threat/ 499 | 500 | 501 | 502 | Tether 503 | https://bitfinexed.medium.com/bitfinex-and-tether-is-unauditable-why-they-will-never-do-a-real-audit-3324e002b185 504 | https://bitfinexed.medium.com/understanding-bogus-usd-crypto-currency-volume-why-you-should-disregard-fakeusd-prices-and-c0933c72e3e5 505 | https://bitfinexed.medium.com/spoiler-alert-the-institution-buying-tethers-is-bitfinex-themselves-f56af29ce60c 506 | https://bitfinexed.medium.com/bitfinex-never-repaid-their-tokens-bitfinex-started-a-ponzi-scheme-86a9291add29 507 | https://bitfinexed.medium.com/fake-it-till-you-make-it-when-bitfinex-themselves-used-to-spoof-their-entire-orderbook-18294585338 508 | https://bitfinexed.medium.com/wash-trading-bitcoin-part-ii-who-and-why-is-someone-wash-trading-on-bitfinex-e1c7b5e0b3bb 509 | https://medium.com/hackernoon/the-curious-tale-of-tethers-6b0031eead87 510 | https://medium.com/hackernoon/meet-spoofy-how-a-single-entity-dominates-the-price-of-bitcoin-39c711d28eb4 511 | https://www.nytimes.com/2017/11/21/technology/bitcoin-bitfinex-tether.html 512 | https://www.forbes.com/sites/stevenehrlich/2022/12/21/inside-tether-cryptos-so-far-unbreakable-buck/?sh=1e2a6e0173fa&fbclid=IwAR3mhXp76afQ2EX7Yj5l0tnjPtCfjybhbO1dqA3icP587EoKrSvG4Oy0cMg 513 | 514 | 515 | 516 | 517 | https://thehackernews.com/2019/09/smominru-botnet.html 518 | 519 | 520 | Malware that mines the privacy-focused open source cryptocurrency turtlecoin (TRTL) https://cointelegraph.com/news/researchers-say-50-000-servers-worldwide-infected-with-privacy-coin-cryptojacking-malware 521 | 522 | 523 | IOTA 524 | https://coinfomania.com/missing-11-million-iota-tokens-recovered-report/?fbclid=IwAR2RLRl3CDFeVK9C_7UwYtaMYe7KS3TTE5ebHsVluB3OQl0s0XkYzeGL8_c 525 | 526 | 527 | The Leaked NSA Spy Tool That Hacked the World 528 | https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/ 529 | 530 | Shadow Brokers 531 | https://en.wikipedia.org/wiki/The_Shadow_Brokers 532 | https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1 533 | https://twitter.com/shadowbrokerss 534 | https://steemit.com/shadowbrokers/@theshadowbrokers/theshadowbrokers-monthly-dump-service-july-2017 535 | 536 | 537 | 538 | 539 | WIFI sniffers 540 | https://www.crc.id.au/tracking-people-via-wifi-even-when-not-connected/ 541 | https://hackerfall.com/story/passive-wifi-tracking 542 | 543 | 544 | Emailsscam committed through a wide array of “sextortion” blackmail strategies, which included the weaponization of emails 545 | https://bitcoinmagazine.com/articles/report-claims-that-sextortionists-absconded-with-over-300000-in-crypto-in-2018/ 546 | 547 | Fake Tor Browser https://cointelegraph.com/news/fake-tor-browser-steals-bitcoin-from-darknet-users-warns-eset 548 | 549 | 550 | Google Store / Google Chrome 551 | https://cointelegraph.com/news/fake-ledger-live-chrome-extension-stole-14m-xrp-researchers-claim 552 | 553 | 554 | Bots 555 | https://ice9bot.blogspot.com/ 556 | https://readwrite.com/2013/07/31/how-to-build-a-botnet-in-15-minutes/ 557 | 558 | TrickBot 559 | https://www.csoonline.com/article/3599908/trickbot-gets-new-uefi-attack-capability-that-makes-recovery-incredibly-hard.html 560 | https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ 561 | 562 | 563 | IPFS 564 | https://www.technadu.com/cybercriminals-cloudflares-ipfs-gateway-phishing-attacks/43456/ 565 | 566 | 567 | Deep Learing Resources/ Artificial Intelligence 568 | https://www.edureka.co/blog/deep-learning-with-python/ 569 | https://www.cybersecurity-insiders.com/the-malware-of-the-future-will-be-independent-and-adaptable/ 570 | https://www.rebellionresearch.com/blog/ai-security-with-adversarial-robustness-and-explainable-ai 571 | https://www.rebellionresearch.com/blog/ai-vs-fraud 572 | https://portswigger.net/daily-swig/trojannet-a-simple-yet-effective-attack-on-machine-learning-models 573 | Growing underground market for rogue AI sparks cyber-security concerns 574 | https://www.straitstimes.com/singapore/growing-underground-market-for-rogue-ai-sparks-cyber-security-concerns 575 | 576 | 577 | Hide Your IP address / Anonoumus DNS providers https://darkwebnews.com/anonymity/dns-providers-that-dont-log-queries/ 578 | 579 | 580 | Exchanges Hacked / Fake / leaking 581 | https://medium.com/@info_85454/idax-pro-scammed-crypto-projects-for-up-to-5-000-000-usd-c2d10a0dd14e 582 | https://www.rollingstone.com/culture/culture-news/the-rise-and-fall-of-a-bitcoin-kingpin-43198/ 583 | https://cointelegraph.com/news/researchers-claim-crypto-exchange-hacks-happen-in-three-ways 584 | https://cointelegraph.com/news/kucoin-hack-unpacked-more-crypto-possibly-stolen-than-first-feared 585 | https://valid.network/post/financially-exploiting-the-blockchain-with-frontrunning?utm_source=social&utm_medium=share&utm_campaign=blog 586 | 587 | 588 | 589 | 590 | DAO hacking 591 | https://www.forbes.com/sites/laurashin/2022/02/22/exclusive-austrian-programmer-and-ex-crypto-ceo-likely-stole-11-billion-of-ether/?sh=c39325c7f589 592 | 593 | 594 | 595 | Website hijacking 596 | https://www.wired.com/2016/10/anonymous-notorious-hacker-back-hes-gone-legit/#intcid=recommendations_wired-homepage-right-rail_b25757e7-e0bf-40bc-a95d-aeb6f786c6e6_popular4-1 597 | 598 | 599 | Ponzi scheme 600 | https://bitcoinmagazine.com/articles/did-the-plustoken-scam-cause-a-bitcoin-price-dip 601 | https://news.8btc.com/crypto-wallet-plustoken-a-3-billion-ponzi-scheme-went-bust 602 | https://news.8btc.com/just-vanished-wallet-tokenstore-sued-by-2100-victims 603 | 604 | 605 | Bridges - also works as mixing services 606 | https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack 607 | https://www.elliptic.co/blog/540-million-stolen-from-the-ronin-defi-bridge 608 | https://www.altfi.com/article/9685_more-than-540m-laundered-through-renbridge 609 | Ren Bridge 610 | https://www.coindesk.com/business/2022/02/23/ren-labs-raises-75m-for-catalog-cross-chain-exchange/ 611 | 612 | 613 | Mixing services like CoinJoin, CoinShuffle. TumbleBit, NTumbleBit, Tornado Cash 614 | https://bitcoinmagazine.com/guides/bitcoin-anonymous 615 | https://bitcoinmagazine.com/articles/better-bitcoin-privacy-scalability-developers-are-making-tumblebit-reality/ 616 | https://bitcoinmagazine.com/articles/darknet-markets-cant-live-with-or-without-bitcoin 617 | https://bitcoinmagazine.com/guides/what-are-bitcoin-mixers 618 | POSSIBLE? ANONYMOUS TRANSACTIONS https://pragmaticcoders.com/blog/anonymous-transactions-on-the-public-blockchain/ 619 | https://bitcoinmagazine.com/articles/do-coinjoin-mixes-really-require-equal-transaction-amounts-for-privacy-part-two-knapsack 620 | https://bitcoinmagazine.com/articles/how-payswap-can-confuse-blockchain-analysts-benefiting-bitcoin-privacy-for-all 621 | https://bitcoinmagazine.com/articles/maintaining-transaction-privacy-in-the-age-of-government-blockchain-analysis 622 | https://bitcoinmagazine.com/articles/coinjoins-first-steps-how-dark-wallet-paved-the-way-for-a-more-private-bitcoin 623 | https://cryptonews.com/news/incognito-launches-anonymous-way-to-swap-monero-with-bitcoin-5876.htm 624 | https://cointelegraph.com/news/coin-mixers-record-breaking-month-proves-bitcoin-users-want-anonymity 625 | https://medium.com/tozex/how-do-criminals-launder-money-through-blockchain-dc66916b5d81 626 | https://cointelegraph.com/news/bitmex-faces-lawsuit-for-alleged-racketeering-and-extensive-illicit-activities 627 | https://bitcoinmagazine.com/articles/the-human-rights-foundation-is-now-funding-bitcoin-privacy-development-starting-with-coinswap 628 | https://github.com/AdamISZ/CoinswapCS 629 | https://news.bitcoin.com/john-mcafee-announces-privacy-coin-airdrop-today/ 630 | https://mcafeedex.com/#/erc20 631 | https://www.coindesk.com/us-officials-arrest-alleged-operator-of-336m-bitcoin-mixing-service 632 | https://www.coindesk.com/darknet-markets-are-mixing-bitcoins-at-blistering-pace-report 633 | https://medium.com/meetbitfury/darknet-use-and-bitcoin-a-crypto-activity-report-by-crystal-blockchain-353a8678730 634 | https://www.elliptic.co/blog/bitcoin-money-laundering 635 | https://dwealth.news/2021/05/colonial-pipeline-ransomware-bad-guys-unmasked/ 636 | https://cointelegraph.com/news/alameda-wallets-funnel-over-1-7m-via-crypto-mixers-overnight 637 | https://www.forbes.com/sites/thomasbrewster/2023/03/15/us-shuts-down-crypto-mixer-chipmixer-used-by-russian-and-north-korea-spies/?utm_medium=browser_notifications&utm_source=pushly&utm_campaign=2780664&sh=54928aa35721 638 | 639 | 640 | Etereum Mixers 641 | https://www.coindesk.com/hacker-drains-defi-liquidity-balancer 642 | https://medium.com/@tornado.cash/introducing-private-transactions-on-ethereum-now-42ee915babe0 643 | https://medium.com/@tornado.cash/how-to-stay-anonymous-with-tornado-cash-and-similar-solutions-efdecdbd7d37 644 | https://uniswap.info/home 645 | RenBTC is wrapped Bitcoin. Hackers will swap ETH for renBTC, then unwrap the asset on the native Bitcoin blockchain. 646 | https://weissratings.com/en/weiss-crypto-daily/ftx-account-drainer-puts-sell-pressure-on-eth 647 | 648 | Tornado Cash 649 | https://blog.chainalysis.com/reports/tornado-cash-sanctions-challenges/ 650 | https://decrypt.co/108159/professor-republishes-tornado-cash-code-following-github-takedown 651 | https://github.com/orgs/tornado-repositories/repositories?type=all 652 | https://archive.softwareheritage.org/browse/search/?q=tornadocash&with_visit=true&with_content=true 653 | https://beincrypto.com/learn/tornado-cash/ 654 | https://www.coindesk.com/tech/2023/03/06/tornado-cash-fork-privacy-pools-deployed-on-optimism-testnet/ 655 | https://www.immunebytes.com/blog/what-is-tornado-cash-why-is-it-popular-with-hackers/ 656 | https://etherscan.io/address/0x910cbd523d972eb0a6f4cae4618ad62622b39dbf contract 657 | https://blog.chainalysis.com/reports/tornado-cash-sanctions-challenges/#:~:text=The%20user%20can%20then%20either,0.05%25%20to%200.2%25%20fee. 658 | https://tornadocash.sh/docs/general/how-to-use-tornado-cash-with-tor/ 659 | https://tornadocash.sh/docs/how-does-tornado.cash-work/ 660 | https://github.com/tornadocash-community/docs/blob/en/general/how-to-use-tornado-cash-with-tor.md 661 | https://tornadocash.gitbook.io/docs/generals/introduction-to-tornado-cash 662 | https://nova.tornadocash.eth.link/ tornadocash on web3 663 | https://www.coindesk.com/tech/2022/01/25/tornado-cash-co-founder-says-the-mixer-protocol-is-unstoppable/ 664 | https://www.reddittorjg6rue252oqsxryoxengawnmo46qy4kyii5wtqnwfj4ooad.onion/r/ethdev/comments/g0jehk/why_i_think_using_tornadocash_might_be_a_bad_idea/ 665 | Swap with monero as an alt. 666 | https://www.reddit.com/r/tornado_cash/ 667 | https://www.reddit.com/r/ethereum/comments/xlwkzn/can_i_use_tornado_cash/ 668 | https://github.com/AthanorLabs/atomic-swap 669 | 670 | 671 | Mixing to crypto to USD 672 | https://www.southworld.net/mexico-of-the-cyber-narcos-cartels/ 673 | Russian-Speaking Hackers Bag 70% Of Crypto Proceeds – Exchange that work 674 | https://bitcoinist.com/russian-speaking-hackers-bag-70-of-crypto-proceeds/ 675 | 676 | 677 | 678 | 679 | Telegram 680 | https://gbhackers.com/masad-stealer/ 681 | https://www.coindesk.com/business/2022/12/07/attacker-targets-wealthy-crypto-funds-using-telegram-chats/ 682 | 683 | 684 | 685 | Cybersecurity firms 686 | https://www.newyorker.com/magazine/2019/11/04/a-cybersecurity-firms-sharp-rise-and-stunning-collapse?utm_source=digg&utm_medium=email 687 | 688 | 689 | 690 | https://assets.ctfassets.net/kisruz03w7zs/1Mg3NZrElrcbkGZdYhsgql/0f5798852c0ab67b950252ee410eac16/Nethone_-_Brief_history_of_the_biggest_Eng_and_Rus_DNMs.pdf 691 | https://dwealth.news/2021/05/colonial-pipeline-ransomware-bad-guys-unmasked/ 692 | 693 | 694 | 695 | 696 | 697 | Forums 698 | https://chklst.ru/discussion/1596/maynery-kriptovalyut-ispolzuyut-eternalblue-doublepulsar 699 | https://gbhackers.com/ 700 | https://hackforum.pro/ 701 | 702 | 703 | Future Dissident tech development 704 | https://bitcoinmagazine.com/articles/amir-taaki-on-bitcoin-and-building-dissident-technology-in-2020 705 | 706 | 707 | LOST YOUR BITCOIN? HERE IS HOW YOU CAN RECOVER IT 708 | https://bitcoinist.com/lost-your-bitcoin-here-is-how-you-can-recover-it/ 709 | 710 | 711 | Surveilence / monitoring transactions 712 | SHADOWY US SPY FIRM PROMISES TO SURVEIL CRYPTO USERS FOR THE HIGHEST BIDDER 713 | https://www.mintpressnews.com/anomaly-6-surveil-crypto-users-highest-bidder/283036/ 714 | 715 | 716 | 717 | Artificial Intelligence AI 718 | Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots. Cybercriminals have started using OpenAI’s artificially intelligent chatbot ChatGPT to quickly build hacking tools. Scammers are also testing ChatGPT’s ability to build other chatbots designed to impersonate young females to ensnare targets, one expert monitoring criminal forums told Forbes. 719 | https://www.forbes.com/sites/thomasbrewster/2023/01/06/chatgpt-cybercriminal-malware-female-chatbots/?utm_medium=browser_notifications&utm_source=pushly&utm_campaign=2591994&sh=afb904f55349 720 | 721 | 722 | Darknet Exchanges for drugs, etc. using Tor 723 | https://bitcoinist.com/us-doj-100m-in-crypto-dark-web-drug-trafficking/ 724 | https://www.justice.gov/opa/pr/incognito-market-owner-arrested-operating-one-largest-illegal-narcotics-marketplaces 725 | 726 | 727 | 728 | 729 | 730 | 731 | 732 | 733 | --------------------------------------------------------------------------------