I hereby claim:
- I am thez3r0 on github.
- I am anir0y (https://keybase.io/anir0y) on keybase.
- I have a public key whose fingerprint is C2DD 925A E4EA 4B4B 64F3 0522 EA60 6F14 2CBC AFD7
To claim this, I am signing this object:
z3r0 thez3r0
thez3r0
/ keybase.md
Created
May 5, 2017 13:48
thez3r0
/ whatsapp_phone_enumerator_floated_div.js
Created
May 13, 2017 17:58
PoC WhatsApp enumeration of phonenumbers, profile pics, about texts and online statuses (floated div)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| PoC WhatsApp enumeration of phonenumbers, profile pics, about texts and online statuses | |
| Floated div edition | |
| 01-05-2017 | |
| (c) 2017 - Loran Kloeze - [email protected] | |
| This script creates a UI on top of the WhatsApp Web interface. It enumerates certain kinds | |
| of information from a range of phonenumbers. It doesn't matter if these numbers are part | |
| of your contact list. At the end a table is displayed containing phonenumbers, profile pics, | |
| about texts and online statuses. The online statuses are being updated every |
thez3r0
/ Sinholer.bat
Created
May 13, 2017 18:21
Check weter your AV block the Kill Switch URL or not
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @Echo off | |
| mode 50,9 | |
| title WannaCry SinkHoler | |
| color 02 | |
| cls | |
| ECHO. | |
| echo **************************** | |
| echo * WannaCry SinkHoler | |
| echo * Author: .anir0y | |
| echo * Follow: fb.com/anir0y |
thez3r0
/ JAF Ransomware - FactSheet.md
Last active
May 18, 2017 19:24
Jaff - New Ransomware From the Actors Behind the Distribution of Dridex, Locky, and Bart
Jaff ransomware makes entries in the Windows Registry to achieve a form of persistence, and even launch and repress processes inside the Windows Operating System. Some of these entries are designed in a way that will start the virus automatically with every launch of Windows. One registry entry reported to be implemented by this ransomware is the following:
→HKCU\Control Panel\Desktop\Wallpaper “C:\ProgramData\Rondo\WallpapeR.bmp”
The ransom note will be displayed after the encryption process is complete. It will be put in three identical files which are ReadMe.bmp, ReadMe.html and ReadMe.txt. Inside them there will be instructions.
Jaff Ransomware Indicators of Compromise (IOCs) IOC IOC Type Description