Go Back   Carding Forum ¤ (carding forum, card fraud, carding board, darknet forum, darknet markets, credit card fraud, fraud, atm fraud, cvv shop, atm skimmers, emv chip dumps, dumps shop, credit cards cvv, credit cards cvv2, dumps, dumps with pin, cvv2, buy dumps, buy credit cards, dumps with pin for sale, fresh stuff, dumps 101, dumps 201, dumps+pin, buy dumps with pin) > English-speaking carders > Carding News
Members List Search Today's Posts Mark Forums Read

Carding News News about carding and carders.

Thread Tools
Old 14-05-2017, 10:05 PM   #1
Junior Member
Join Date: Apr 2016
Posts: 5
Reputation: 0
Question Who such Shadow Brokers?

Who such Shadow Brokers? From where ShadowBrokers?

VladimirPutin is offline Add Infraction for VladimirPutin   Reply With Quote
Old 15-05-2017, 01:15 AM   #2
Junior Member
Join Date: Aug 2016
Posts: 22
Reputation: 0

Originally Posted by VladimirPutin View Post
Who such Shadow Brokers? From where ShadowBrokers?
The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing some of the National Security Agency (NSA)'s hacking tools, including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products. The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA's Tailored Access Operations unit.

Several news sources noted that the group's name was likely in reference to a character from the Mass Effect series. Matt Suiche quoted the following description of that character: "The Shadow Broker is an individual at the head of an expansive organization which trades in information, always selling to the highest bidder. The Shadow Broker appears to be highly competent at its trade: all secrets that are bought and sold never allow one customer of the Broker to gain a significant advantage, forcing the customers to continue trading information to avoid becoming disadvantaged, allowing the Broker to remain in business."

James Bamford along with Matt Suiche speculated that an insider, "possibly someone assigned to the [NSA’s] highly sensitive Tailored Access Operations", stole the hacking tools. In October 2016, The Washington Post reported that Harold T. Martin III, a former contractor for Booz Allen Hamilton accused of stealing approximately 50 terabytes of data from the National Security Agency (NSA), was the lead suspect. The Shadow Brokers continued posting messages that were cryptographically-signed and were interviewed by media while Martin was detained.

Theory on ties to Russia
Edward Snowden stated on Twitter on August 16, 2016 that "circumstantial evidence and conventional wisdom indicates Russian responsibility" and that the leak "is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server" summarizing that it looks like "somebody sending a message that an escalation in the attribution game could get messy fast".

The New York Times put the incident in the context of the Democratic National Committee cyber attacks and hacking of the Podesta emails. As US intelligence agencies were contemplating counter-attacks, the Shadow Brokers code release was to be seen as a warning: "Retaliate for the D.N.C., and there are a lot more secrets, from the hackings of the State Department, the White House and the Pentagon, that might be spilled as well. One senior official compared it to the scene in The Godfather where the head of a favorite horse is left in a bed, as a warning."
Paoko is offline Add Infraction for Paoko   Reply With Quote
Old 15-05-2017, 03:45 PM   #3
Super Moderator
Join Date: Oct 2009
Posts: 347
Reputation: 134
Default Exploits List Shadow Brokers

Exploits List Shadow Brokers:

EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
ECHOWRECKER remote Samba 3.0.x Linux exploit.
EASYBEE appears to be an MDaemon email server vulnerability
EASYFUN EasyFun 2.2.0 Exploit for WDaemon / IIS MDaemon/WorldClient pre 9.5.6
EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges (MS17-010)
EDUCATEDSCHOLAR is a SMB exploit (MS09-050)
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 (MS10-061)
EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino 6.6.4 to 8.5.2
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0 (MS17-010)
ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1 (MS17-010)
ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later (MS08-067)
ETRE is an exploit for IMail 8.10 to 8.22
ETCETERABLUE is an exploit for IMail 7.04 to 8.05
FUZZBUNCH is an exploit framework, similar to MetaSploit
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
EAGERLEVER NBT/SMB exploit for Windows NT4.0, 2000, XP SP1 & SP2, 2003 SP1 & Base Release
EASYFUN WordClient / IIS6.0 exploit

PASSFREELY utility which "Bypasses authentication for Oracle servers"
SMBTOUCH check if the target is vulnerable to samba exploits like ETERNALSYNERGY, ETERNALBLUE, ETERNALROMANCE
ERRATICGOPHERTOUCH Check if the target is running some RPC
IISTOUCH check if the running IIS version is vulnerable
RPCOUTCH get info about windows via RPC
DOPU used to connect to machines exploited by ETERNALCHAMPIONS
NAMEDPIPETOUCH Utility to test for a predefined list of named pipes, mostly AV detection. User can add checks for custom named pipes.
ADVs is offline   Reply With Quote
Old 15-05-2017, 03:55 PM   #4
Junior Member
Join Date: Aug 2015
Location: MONTREAL
Posts: 6
Reputation: 0

A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back.
Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to "Equation Group" – an elite cyber attack unit linked to the NSA.
Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million).
However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000).
Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.
The password mentioned above for the encrypted NSA files was made public through a blog post published today.
The blog post, titled "Don't Forget Your Base," has been written as an open letter to President Donald Trump, containing political views expressed by the Shadow Brokers on Trump's recent policies and events, like the Goldman Sach, the air strike against Syria and removal of Steve Bannon from the National Security Council, among others.
A security researcher, who uses Twitter handle x0rz, has uploaded all files after decryption on Github and confirmed that the archive includes:
rpc.cmsd a remote root zero-day exploit for Solaris – Oracle-owned Unix-based operating system.
The TOAST framework that NSA's TAO (Tailored Access Operations) team used to clean logs of Unix wtmp events.
The Equation Group's ElectricSlide tool that impersonates a Chinese browser with fake Accept-Language.
The evidence of the NSA operators' access inside the GSM network of Mobilink, one of the Pakistan's popular mobile operator companies.
More key findings will come as soon as other security researchers delve into the dump.
At the time, it's not confirmed whether the group holds more NSA hacking tools and exploits or this is the last batch of documents the Shadow Brokers stole from the United States intelligence organization.
ACKERMANN is offline Add Infraction for ACKERMANN   Reply With Quote
Old 11-06-2017, 10:15 PM   #5
Junior Member
Join Date: Jun 2017
Posts: 12
Reputation: 0
Default WannaCry (Shadow Brokers) list bitcoin address

For a global attack WannaCry they have not collected a lot of bitcoin yet. Results as of 06:00 GMT

Address 1: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

live link: http://blockchain.info/address/12t9Y...9p7AA8isjr6SMw

106 transactions = 17.25276073 BTC

Address 2: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

live link: http://blockchain.info/address/115p7...jcRdfJNXj6LrLn

110 transactions = 14.36567602 BTC

Wallet 3: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

live link: http://blockchain.info/address/13AM4...kHSQuy6NgaEb94

125 transactions = 19.74374082 BTC

~ 51.36 BTC x $2,986 per BTC = $153.360 ransom paid thus far.

Add more addresses as you find them
Sotek is offline Add Infraction for Sotek   Reply With Quote
Old 10-07-2017, 11:20 AM   #6
Junior Member
Join Date: Jul 2017
Posts: 7
Reputation: 0

Real hackers
jobcenter is offline Add Infraction for jobcenter   Reply With Quote
Old 27-07-2017, 04:01 PM   #7
Junior Member
Join Date: Jun 2017
Posts: 12
Reputation: 0
Post The Shadow Brokers — Cyber Fear Game Changers

Today, we presented our presentation about TheShadowBrokers at BlackHat in Las Vegas, even though TSB expressed in a tweet (now deleted), they would rather have seen the presentation at DEF CON.

Who are/is TheShadowBrokers? We have no clue. Nobody really does. The Shadow Brokers are one of most controversial characters of this Cyber-Era. The mysterious group emerged mid-summer 2016 when they started to anonymously, publicly drop tools and operational notes that allegedly belonged to the NSA Tailored Access Operations unit. This group referred to itself as The Shadow Brokers and quickly became the NSA’s worst nightmare since Edward Snowden.
Previous whistle blowers released documents redacted of sensitive nature, such as authors. But with The Shadow Brokers, what emerged was a different level of dangerous and more aggressive leaks that didn’t only release highly sensitive tools, but also revealed a wide range of modus operandi that included agents’ names and the full disclosure of the NSA’s complex (and many argue irresponsible) attack against the backbone of the Middle East’s financial institutions. For now, The Shadow Brokers are happy to have the general public guessing their identity and true origins. Is it an intelligence organization running a highly complex set of misdirection and penetration? Is it a second Snowden with access to the NSA’s most sensitive cyber weapons? We may never know. What is certain, is that the emergence of The Shadow Brokers is a game-changer and presents a massively embarrassing (and dangerous) breach for the NSA, the world’s most advanced signal intelligence agency and best resourced government backed hacking organization. This embarrassment became a muse for the most destructive and fast-spreading ransomware (WannaCry) in History, shutting down hospitals and companies across the Globe. Followed one month later by NotPetya, another highly destructive malware disguised as a ransomware which spread primarily in Ukraine.

TheShadowBrokers Activity Timeline

TSB — Wine of the Month Club Timeline
Sotek is offline Add Infraction for Sotek   Reply With Quote
Old 07-08-2017, 05:49 PM   #8
Junior Member
Join Date: Jun 2017
Posts: 12
Reputation: 0
Post EXPLORE COUPONS Search News & Analysis / Hackers Cash Out WannaCry Bitcoin Wallets

The hackers had amassed more than $144,000 worth of bitcoin in three accounts. But on Wednesday evening, they quickly emptied them.

This site may earn affiliate commissions from the links on this page. Terms of use.

Those behind the massive WannaCry ransomware attack earlier this year are making moves to protect their windfall.

On Wednesday evening, the hackers emptied three bitcoin addresses known to be associated with the WannaCry ransomware, according to Elliptic, a company that identifies illicit bitcoin activity.

According to Elliptic's data, the hackers amassed more than $144,000 worth of bitcoin in the three accounts. But on Wednesday evening, they quickly emptied them.

A Twitter bot set up by Quartz to monitor the WannaCry-affiliated bitcoin wallets showed that the owners of the accounts started withdrawing the money around 11:10 p.m. ET last night in increments of around $20,000 to $30.000. After 15 minutes and seven withdrawals, the accounts were empty.

7.34128314 BTC ($20,055.52 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/115p7...jcRdfJNXj6LrLn

8.73261636 BTC ($23,856.48 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/12t9Y...9p7AA8isjr6SMw

9.67641378 BTC ($26,434.83 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/13AM4...kHSQuy6NgaEb94

7.06939288 BTC ($19,318.06 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/115p7...jcRdfJNXj6LrLn

10.06868926 BTC ($27,514.04 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/13AM4...kHSQuy6NgaEb94

9.03851401 BTC ($24,698.95 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/12t9Y...9p7AA8isjr6SMw

9.67641378 BTC ($26,508.37 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. http://blockchain.info/address/13AM4...kHSQuy6NgaEb94

"The money was likely sent through a bitcoin mixer, a process that obscures its trail from bitcoin to hard currency," Quartz wrote. "The process is a sort of laundering operation for digital currency."

The report notes that security experts and government agencies believe North Korea was responsible for the attack, which was likely "more political than money-driven."

Meanwhile, Elliptic's co-founder Tom Robinson told CNBC the funds were likely converted into a different cryptocurrency. "We believe some of these funds are being converted into Monero, a privacy-focused cryptocurrency," he told the news outlet. Elliptic is working with law enforcement to help track down the owners of the accounts, he added.

WannaCry first hit computers in Europe and Asia on May 12 before spreading to hundreds of thousands of PCs around the world and throwing government agencies and private businesses into disarray. Those who were infected found their computers locked, with hackers demanding a $300 ransom to unlock the device and its files.
Sotek is offline Add Infraction for Sotek   Reply With Quote
Old 13-11-2017, 04:38 PM   #9
VIP member
Join Date: Apr 2012
Location: US/MD/RU
Age: 32
Posts: 148
Reputation: 38
Default Re: Who such Shadow Brokers?

Shadow Brokers Facebook https://facebook.com/shadowbrokerss/
DiB is offline Add Infraction for DiB   Reply With Quote


#shadow brokers , #shadowbroker , #shadowbrokers , #theshadowbroker , #theshadowbrokers , shadow broker , shadow brokers , shadowbroker , shadowbrokers , theshadowbroker , theshadowbrokers

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Committee of 300 (aka Olympians) Know your enemy Shadow government objectionable Flooding & Offtopic 10 14-07-2012 12:26 PM

All times are GMT -5. The time now is 12:24 AM.