A threat actor (TA), by the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums. The TA claims that the deposit has been made for the purchase of Zero Day Exploits from any forum member.
Refer to Figure 1 to check the TA’s post in the forum.
The TA has joined the forum in September 2012 and seems to have gained a high reputation over the course of time. The TA also has accounts on another cybercrime forum since Oct 2012.
Refer to Figure 2 to see the TA’s profile on the cybercrime forum.
The TA is willing to buy the following things with the deposited money.
- Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
- Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
- Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.
Zero-day vulnerabilities enable TAs to take advantage of security blind spots. The significant amount deposited as escrow for obtaining these vulnerabilities/exploits goes to show the TA’s seriousness about the use case for these exploits.
04-30-2025, 01:47 AM
Hybrid Mode
