recruitee.comSocket.io
| Rules | |
| WHAT'S REALLY GOING ON? | |
| - We completed a security audit of your network, conducted a thorough investigation, downloaded all confidential, private, proprietary, legal, financial, compromising information of you, your customers and employees, including databases and all documents of value to you and your customers to show insecurity of your infrastructure. | |
| - Encrypted your data with a very strong AES+RSA algorithm, making it impossible to view or use by anyone but us. | |
| - Deleted all backups. | |
| - We have compiled a security report and are waiting for your payment for our services to recover and protect your sensitive information from exposure. | |
| - How can I get my organization back to normal operations and avoid long-term losses due to sensitive data leakage and loss of access to encrypted files forever? |
| ossec-win32 used by Storm-0501 | |
| https://www.ossec.net/about/ | |
| OSQuery used by Storm-0501 | |
| https://www.osquery.io/ | |
| GitGuardian used by Scattered Spider* | |
| https://www.gitguardian.com/ | |
| MAGNET RAM Capture used by Scattered Spider* |
| Twitter Accounts | |
| https://twitter.com/ReVolution44Tm | |
| https://twitter.com/barbbyofficial | |
| https://twitter.com/Team_insane_pk1 | |
| https://twitter.com/anonymusweare | |
| https://twitter.com/PalCyberNews | |
| https://twitter.com/AnonAnonymous | |
| Telegram Channels | |
| https://t.me/s/CyberAv3ngers |
| 7 May 2023 https://www.bleepingcomputer.com/news/security/meet-akira-a-new-ransomware-operation-targeting-the-enterprise/ | |
| 9 May 2023 https://news.sophos.com/en-us/2023/05/09/akira-ransomware-is-bringin-88-back/ | |
| 10 May 2023 https://blog.reconinfosec.com/emergence-of-akira-ransomware-group | |
| 10 May 2023 https://cyble.com/blog/unraveling-akira-ransomware/ | |
| 19 May 2023 https://securitynews.sonicwall.com/xmlpost/akira-ransomware-double-extortion-scheme-encrypts-and-publicly-leaks-sensitive-data/ | |
| 26 May 2023 https://labs.k7computing.com/index.php/akira-ransomware-unleashing-chaos-using-conti-leaks/ | |
| 28 June 2023 https://blog.cyble.com/2023/06/28/akira-ransomware-extends-reach-to-linux-platform/ | |
| 29 June 2023 https://decoded.avast.io/threatresearch/decrypted-akira-ransomware/#how_to | |
| 11 July 2023 https://twitter.com/TrendMicroRSRCH/status/1678811395448504325 | |
| 21 July 2023 https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVA01&VACODE=CIVA-2023-2113 |
| Statement on MGM Resorts International: Setting the record straight | |
| 9/14/2023, 7:46:49 PM | |
| We have made multiple attempts to reach out to MGM Resorts International, "MGM". As reported, MGM shutdown computers inside their network as a response to us. We intend to set the record straight. | |
| No ransomware was deployed prior to the initial take down of their infrastructure by their internal teams. | |
| MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking on their Okta Agent servers sniffing passwords of people whose passwords couldn't be cracked from their domain controller hash dumps. Resulting in their Okta being completely locked out. Meanwhile we continued having super administrator privileges to their Okta, along with Global Administrator privileges to their Azure tenant. They made an attempt to evict us after discovering that we had access to their Okta environment, but things did not go according to plan. | |
| On Sunday night, MGM implement |
| Number MNO Voice Mail Theme | |
| +44 24 7522 9208 IP Voice Networks Ltd Unknown (Chinese) | |
| +44 7404 008579 Lycamobile UK Limited Visa Information | |
| +44 7424 407427 Lycamobile UK Limited Visa Information | |
| +44 7405 901628 Lycamobile UK Limited Visa Information | |
| +44 7496 139575 EE Limited ( TM) Unknown (Chinese) | |
| +44 7526 013110 Telefonica UK Limited Chinese Embassy | |
| +44 7526 057134 Telefonica UK Limited Chinese Embassy | |
| +44 20 8072 0091 TAP GATEWAY LTD Unknown (Chinese) | |
| +44 7478 993982 Hutchison 3G UK Ltd Unknown (Chinese) |
| Valid signed file by Symantec, Symantec Antivirus Installer | |
| 61d1943f0b702f4c16bb37228ade1d8f0ef4675b480921950d026c82e4a65fde | |
| Valid signed file by Venta Association, VentaFax MAPI client | |
| 390d75e6c7fc1cf258145dc712c1fac1eb183efccee1b03c058cec1d790e46b1 | |
| Valid signed file by Vivaldi Technologies, Vivaldi.exe | |
| 58e7af5eb1acb5c9bee821d59054c69263aed3dce1b95616255dea7114ad8494 | |
| Valid signed file by Invincea, Inc. Sandboxie |
| WIN-QQ80VPAFRNH | |
| 84.252.95.225 - SolarMarker | |
| 37.120.237.251 - SolarMarker | |
| 217.138.205.170 - Ursnif | |
| 185.236.202.184 - Pegasus, NSO Group | |
| DESKTOP-2NFCDE2 | |
| 94.142.138.32 - Aurora Stealer | |
| 45.15.156.250 - Aurora Stealer | |
| 45.15.156.40 - Raccoon Stealer |