Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-14-2021, 00:08
new_profile new_profile is offline
VIP
 
Join Date: Aug 2002
Posts: 142
Rept. Given: 26
Rept. Rcvd 7 Times in 7 Posts
Thanks Given: 39
Thanks Rcvd at 32 Times in 15 Posts
new_profile Reputation: 7
solarleaks.net

Hi,
What do you think about the files available for sale at http://solarleaks.net?
Are they bluffing or do you think it's real ?

Cheers
Reply With Quote
  #2  
Old 01-14-2021, 04:19
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 204
Rept. Given: 51
Rept. Rcvd 71 Times in 33 Posts
Thanks Given: 62
Thanks Rcvd at 257 Times in 88 Posts
Fyyre Reputation: 71
Probably real. Again, who know; until someone makes purchase, or leaks to the public... anyways; some archives to store for hope of future leakage.

Noticed the mega.nz links are dead, is here as well:

hxxp://solarleaks.net/feye.tgz.enc
hxxp://solarleaks.net/msft.tgz.enc
hxxp://solarleaks.net/csco.tgz.enc
hxxp://solarleaks.net/swi.tgz.enc

P.S. this nonsense made me laugh:

"The domain is 1 day old and registered through NJALLA. Njalla is a favorite registrar from Fancy Bear and Cozy Bear. This alone already shows that the people behind this site have at least some knowledge of Russian MO."

Anyone who engage in black/grey areas know of njal.. what makes it "Russian MO" is beyond me, haha.

Quote:
Originally Posted by new_profile View Post
Hi,
What do you think about the files available for sale at http://solarleaks.net?
Are they bluffing or do you think it's real ?

Cheers
__________________
-Fyyre

--
"Expert RCE, old school. People claiming to know me and speak for me, do neither."

https://github.com/Fyyre
Reply With Quote
The Following User Says Thank You to Fyyre For This Useful Post:
niculaita (01-14-2021)
  #3  
Old 01-14-2021, 05:38
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 277
Rept. Given: 104
Rept. Rcvd 62 Times in 40 Posts
Thanks Given: 131
Thanks Rcvd at 167 Times in 79 Posts
deepzero Reputation: 62
Site seems down now...
Reply With Quote
  #4  
Old 01-14-2021, 06:28
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 152
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 43
Thanks Rcvd at 70 Times in 43 Posts
Rasmus Reputation: 4
Quote:
Originally Posted by deepzero View Post
Site seems down now...
Site is up again but... Leaks costing over half a million dollars each. Only the solarwinds one appears to be true. The rest are apparently fake. Someone out to make a quick buck by dangling a carrot with 1 real and remaining fakes. A classic case.
Reply With Quote
  #5  
Old 01-14-2021, 06:37
LordGarfio LordGarfio is offline
Friend
 
Join Date: Jan 2005
Posts: 23
Rept. Given: 7
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 57
Thanks Rcvd at 5 Times in 3 Posts
LordGarfio Reputation: 1
deepzero:

I have looked at the site out of curiosity. Below the text that contains the referenced.

https://www.upload.ee/files/12762395/solarleaks.net.html
Reply With Quote
  #6  
Old 01-14-2021, 07:11
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 277
Rept. Given: 104
Rept. Rcvd 62 Times in 40 Posts
Thanks Given: 131
Thanks Rcvd at 167 Times in 79 Posts
deepzero Reputation: 62
Quote:
Send exactly 100 XMR to the address below, add a payment id with your email address so we can contact you back.
Ok, now it sounds like a scam...
Reply With Quote
  #7  
Old 01-14-2021, 11:00
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 152
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 43
Thanks Rcvd at 70 Times in 43 Posts
Rasmus Reputation: 4
Quote:
Originally Posted by deepzero View Post
Ok, now it sounds like a scam...
Yes some of it leaked elsewhere and the "microsoft source code" that they claimed to sell is nothing but the combined dump of the Windows XP/2000 etc leaked older sources. Similar for other stuff too.
It also appears that protonmail cooperated and gave out some of the details about them to the LEAs, after closing out their accounts.
Reply With Quote
  #8  
Old 01-15-2021, 09:44
MrScotc MrScotc is offline
Friend
 
Join Date: Dec 2017
Posts: 25
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 17
Thanks Rcvd at 32 Times in 10 Posts
MrScotc Reputation: 1
https://github.com/bf/solarleaks-crawler/tree/main
Reply With Quote
  #9  
Old 01-27-2021, 16:47
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 204
Rept. Given: 51
Rept. Rcvd 71 Times in 33 Posts
Thanks Given: 62
Thanks Rcvd at 257 Times in 88 Posts
Fyyre Reputation: 71
I managed to obtain the fire eye tools via a friend. Not exactly usable out of the package, requires research etc.
__________________
-Fyyre

--
"Expert RCE, old school. People claiming to know me and speak for me, do neither."

https://github.com/Fyyre
Reply With Quote
The Following User Gave Reputation+1 to Fyyre For This Useful Post:
niculaita (01-27-2021)
The Following 3 Users Say Thank You to Fyyre For This Useful Post:
argie (01-28-2021), niculaita (01-27-2021), SinaDiR (01-30-2021)
  #10  
Old 02-12-2021, 05:52
PermaNull PermaNull is offline
Friend
 
Join Date: Nov 2019
Posts: 3
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
PermaNull Reputation: 0
Quote:
Originally Posted by Fyyre View Post
I managed to obtain the fire eye tools via a friend. Not exactly usable out of the package, requires research etc.
From my understanding, none of them were really crazy, useful, or impactful anyway I saw them get posted in a few different places I'm in and haven't bothered looking.
Reply With Quote
  #11  
Old 02-12-2021, 08:23
Rasmus Rasmus is offline
Friend
 
Join Date: Jul 2019
Posts: 152
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 43
Thanks Rcvd at 70 Times in 43 Posts
Rasmus Reputation: 4
Quote:
Originally Posted by PermaNull View Post
From my understanding, none of them were really crazy, useful, or impactful anyway I saw them get posted in a few different places I'm in and haven't bothered looking.
Fully agree. Most of them are not as impactful as they claim them to be! By now they are posted in the private sections of many forums also.
Reply With Quote
  #12  
Old 04-04-2021, 08:35
Fyyre's Avatar
Fyyre Fyyre is offline
Fyyre
 
Join Date: Dec 2009
Location: 0°N 0°E / 0°N 0°E / 0; 0
Posts: 204
Rept. Given: 51
Rept. Rcvd 71 Times in 33 Posts
Thanks Given: 62
Thanks Rcvd at 257 Times in 88 Posts
Fyyre Reputation: 71
Quote:
Originally Posted by Rasmus View Post
Fully agree. Most of them are not as impactful as they claim them to be! By now they are posted in the private sections of many forums also.
Most of the tools were from GitHub to be honest. Typical Fire Eye .NET crap, and so forth.
__________________
-Fyyre

--
"Expert RCE, old school. People claiming to know me and speak for me, do neither."

https://github.com/Fyyre
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 02:25.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )