Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   solarleaks.net (https://forum.exetools.com/showthread.php?t=19755)

new_profile 01-14-2021 00:08

solarleaks.net
 
Hi,
What do you think about the files available for sale at http://solarleaks.net?
Are they bluffing or do you think it's real ?

Cheers

Fyyre 01-14-2021 04:19

Probably real. Again, who know; until someone makes purchase, or leaks to the public... anyways; some archives to store for hope of future leakage.

Noticed the mega.nz links are dead, is here as well:

hxxp://solarleaks.net/feye.tgz.enc
hxxp://solarleaks.net/msft.tgz.enc
hxxp://solarleaks.net/csco.tgz.enc
hxxp://solarleaks.net/swi.tgz.enc

P.S. this nonsense made me laugh:

"The domain is 1 day old and registered through NJALLA. Njalla is a favorite registrar from Fancy Bear and Cozy Bear. This alone already shows that the people behind this site have at least some knowledge of Russian MO."

Anyone who engage in black/grey areas know of njal.. what makes it "Russian MO" is beyond me, haha.

Quote:

Originally Posted by new_profile (Post 122270)
Hi,
What do you think about the files available for sale at http://solarleaks.net?
Are they bluffing or do you think it's real ?

Cheers


deepzero 01-14-2021 05:38

Site seems down now...

Rasmus 01-14-2021 06:28

Quote:

Originally Posted by deepzero (Post 122273)
Site seems down now...

Site is up again but... Leaks costing over half a million dollars each. Only the solarwinds one appears to be true. The rest are apparently fake. Someone out to make a quick buck by dangling a carrot with 1 real and remaining fakes. A classic case.

LordGarfio 01-14-2021 06:37

deepzero:

I have looked at the site out of curiosity. Below the text that contains the referenced.

https://www.upload.ee/files/12762395/solarleaks.net.html

deepzero 01-14-2021 07:11

Quote:

Send exactly 100 XMR to the address below, add a payment id with your email address so we can contact you back.
Ok, now it sounds like a scam...

Rasmus 01-14-2021 11:00

Quote:

Originally Posted by deepzero (Post 122276)
Ok, now it sounds like a scam...

Yes some of it leaked elsewhere and the "microsoft source code" that they claimed to sell is nothing but the combined dump of the Windows XP/2000 etc leaked older sources. Similar for other stuff too.
It also appears that protonmail cooperated and gave out some of the details about them to the LEAs, after closing out their accounts.

MrScotc 01-15-2021 09:44

https://github.com/bf/solarleaks-crawler/tree/main

Fyyre 01-27-2021 16:47

I managed to obtain the fire eye tools via a friend. Not exactly usable out of the package, requires research etc.

PermaNull 02-12-2021 05:52

Quote:

Originally Posted by Fyyre (Post 122377)
I managed to obtain the fire eye tools via a friend. Not exactly usable out of the package, requires research etc.

From my understanding, none of them were really crazy, useful, or impactful anyway I saw them get posted in a few different places I'm in and haven't bothered looking.

Rasmus 02-12-2021 08:23

Quote:

Originally Posted by PermaNull (Post 122462)
From my understanding, none of them were really crazy, useful, or impactful anyway I saw them get posted in a few different places I'm in and haven't bothered looking.

Fully agree. Most of them are not as impactful as they claim them to be! By now they are posted in the private sections of many forums also.

Fyyre 04-04-2021 08:35

Quote:

Originally Posted by Rasmus (Post 122463)
Fully agree. Most of them are not as impactful as they claim them to be! By now they are posted in the private sections of many forums also.

Most of the tools were from GitHub to be honest. Typical Fire Eye .NET crap, and so forth.


All times are GMT +8. The time now is 13:23.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX