5 minute read
Welcome back to The Underground Economist: Volume 2, Issue 18, an intelligence focused blog series illuminating dark web findings in digestible tidbits from ourZeroFox Dark Ops intelligence team. The Dark Ops team scours the dark web, extending visibility and engagement into places traditional security teams can’t reach to share meaningful and insightful intelligence on the trends and tactics threat actors are leveraging across the dark web and criminal underground. Here’s the latest for the week of September 30, 2022.
Multifunctional Exploit Software For Sale
Untested threat actor “killerAV” advertised their new multifunctional exploit software, dubbed “PenTestSoftware,” designed to compromise Windows machines, on the predominantly Russian language Dark Web forum “RAMP.” While it is common for threat actors to leverage commercial penetration testing software, like Cobalt Strike, for their operations, ZeroFox researchers note that this is a rare instance where a threat actor has claimed to independently develop their own tool with similar functionality.
In addition to gaining unauthorized access to target machines, the actor claims the software exploits unnamed vulnerabilities in Windows to escalate privileges. This increases a threat actor’s chances of launching successful attacks with the tool. Additional features of the software include:
Obfuscates payloads to avoid detection by most antivirus products’ runtime scansDelivers payloads via spam modulesUnlocks password-protected filesSteals login credentials and additional system information from target machineDetects active hosts on network
The actor had three, ten-day licenses available for $10,000 USD each.
Despite their lack of reputation on the forum,