31 skills found · Page 1 of 2
ethereal-vx / Antivirus ArtifactsAnti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.
hwbp / CLR UnhookModern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that function.
efchatz / Bypassing Av DetectionBypassing antivirus detection: old-school malware, new tricks
malwarekid / Nim BackdoorThe provided Python program, Nim-Backdoor.py, generates a Nim program that operates as a backdoor, allowing remote command execution via a netcat-like session. This tool is designed to work on both Linux and Windows systems. Notably, it has been engineered to bypass popular antivirus software such as Microsoft Defender, Bitdefender, and Kaspersky.
stalkrmaxwell6 / Bitdefender Total Security Ultimate ProtectionGet Bitdefender Total Security Ultimate on GitHub: a complete, high-performance toolkit for seamless malware defense and professional protection. #Antivirus
plackyhacker / Unhook BitDefenderUnhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.
a0rtega / Bdldrbdldr is an unofficial engine loader for Bitdefender ® for Linux
Nate0634034090 / Bug Free Memory # Ukraine-Cyber-Operations Curated Intelligence is working with analysts from around the world to provide useful information to organisations in Ukraine looking for additional free threat intelligence. Slava Ukraini. Glory to Ukraine. ([Blog](https://www.curatedintel.org/2021/08/welcome.html) | [Twitter](https://twitter.com/CuratedIntel) | [LinkedIn](https://www.linkedin.com/company/curatedintelligence/))   ### Analyst Comments: - 2022-02-25 - Creation of the initial repository to help organisations in Ukraine - Added [Threat Reports](https://github.com/curated-intel/Ukraine-Cyber-Operations#threat-reports) section - Added [Vendor Support](https://github.com/curated-intel/Ukraine-Cyber-Operations#vendor-support) section - 2022-02-26 - Additional resources, chronologically ordered (h/t Orange-CD) - Added [Vetted OSINT Sources](https://github.com/curated-intel/Ukraine-Cyber-Operations#vetted-osint-sources) section - Added [Miscellaneous Resources](https://github.com/curated-intel/Ukraine-Cyber-Operations#miscellaneous-resources) section - 2022-02-27 - Additional threat reports have been added - Added [Data Brokers](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/README.md#data-brokers) section - Added [Access Brokers](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/README.md#access-brokers) section - 2022-02-28 - Added Russian Cyber Operations Against Ukraine Timeline by ETAC - Added Vetted and Contextualized [Indicators of Compromise (IOCs)](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv) by ETAC - 2022-03-01 - Additional threat reports and resources have been added - 2022-03-02 - Additional [Indicators of Compromise (IOCs)](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2011) have been added - Added vetted [YARA rule collection](https://github.com/curated-intel/Ukraine-Cyber-Operations/tree/main/yara) from the Threat Reports by ETAC - Added loosely-vetted [IOC Threat Hunt Feeds](https://github.com/curated-intel/Ukraine-Cyber-Operations/tree/main/KPMG-Egyde_Ukraine-Crisis_Feeds/MISP-CSV_MediumConfidence_Filtered) by KPMG-Egyde CTI (h/t [0xDISREL](https://twitter.com/0xDISREL)) - IOCs shared by these feeds are `LOW-TO-MEDIUM CONFIDENCE` we strongly recommend NOT adding them to a blocklist - These could potentially be used for `THREAT HUNTING` and could be added to a `WATCHLIST` - IOCs are generated in `MISP COMPATIBLE` CSV format - 2022-03-03 - Additional threat reports and vendor support resources have been added - Updated [Log4Shell IOC Threat Hunt Feeds](https://github.com/curated-intel/Log4Shell-IOCs/tree/main/KPMG_Log4Shell_Feeds) by KPMG-Egyde CTI; not directly related to Ukraine, but still a widespread vulnerability. - Added diagram of Russia-Ukraine Cyberwar Participants 2022 by ETAC - Additional [Indicators of Compromise (IOCs)](https://github.com/curated-intel/Ukraine-Cyber-Operations/blob/main/ETAC_Vetted_UkraineRussiaWar_IOCs.csv#L2042) have been added #### `Threat Reports` | Date | Source | Threat(s) | URL | | --- | --- | --- | --- | | 14 JAN | SSU Ukraine | Website Defacements | [ssu.gov.ua](https://ssu.gov.ua/novyny/sbu-rozsliduie-prychetnist-rosiiskykh-spetssluzhb-do-sohodnishnoi-kiberataky-na-orhany-derzhavnoi-vlady-ukrainy)| | 15 JAN | Microsoft | WhisperGate wiper (DEV-0586) | [microsoft.com](https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/) | | 19 JAN | Elastic | WhisperGate wiper (Operation BleedingBear) | [elastic.github.io](https://elastic.github.io/security-research/malware/2022/01/01.operation-bleeding-bear/article/) | | 31 JAN | Symantec | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [symantec-enterprise-blogs.security.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine) | | 2 FEB | RaidForums | Access broker "GodLevel" offering Ukrainain algricultural exchange | RaidForums [not linked] | | 2 FEB | CERT-UA | UAC-0056 using SaintBot and OutSteel malware | [cert.gov.ua](https://cert.gov.ua/article/18419) | | 3 FEB | PAN Unit42 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [unit42.paloaltonetworks.com](https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/) | | 4 FEB | Microsoft | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [microsoft.com](https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/) | | 8 FEB | NSFOCUS | Lorec53 (aka UAC-0056, EmberBear, BleedingBear) | [nsfocusglobal.com](https://nsfocusglobal.com/apt-retrospection-lorec53-an-active-russian-hack-group-launched-phishing-attacks-against-georgian-government) | | 15 FEB | CERT-UA | DDoS attacks against the name server of government websites as well as Oschadbank (State Savings Bank) & Privatbank (largest commercial bank). False SMS and e-mails to create panic | [cert.gov.ua](https://cert.gov.ua/article/37139) | | 23 FEB | The Daily Beast | Ukrainian troops receive threatening SMS messages | [thedailybeast.com](https://www.thedailybeast.com/cyberattacks-hit-websites-and-psy-ops-sms-messages-targeting-ukrainians-ramp-up-as-russia-moves-into-ukraine) | | 23 FEB | UK NCSC | Sandworm/VoodooBear (GRU) | [ncsc.gov.uk](https://www.ncsc.gov.uk/files/Joint-Sandworm-Advisory.pdf) | | 23 FEB | SentinelLabs | HermeticWiper | [sentinelone.com]( https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/ ) | | 24 FEB | ESET | HermeticWiper | [welivesecurity.com](https://www.welivesecurity.com/2022/02/24/hermeticwiper-new-data-wiping-malware-hits-ukraine/) | | 24 FEB | Symantec | HermeticWiper, PartyTicket ransomware, CVE-2021-1636, unknown webshell | [symantec-enterprise-blogs.security.com](https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia) | | 24 FEB | Cisco Talos | HermeticWiper | [blog.talosintelligence.com](https://blog.talosintelligence.com/2022/02/threat-advisory-hermeticwiper.html) | | 24 FEB | Zscaler | HermeticWiper | [zscaler.com](https://www.zscaler.com/blogs/security-research/hermetic-wiper-resurgence-targeted-attacks-ukraine) | | 24 FEB | Cluster25 | HermeticWiper | [cluster25.io](https://cluster25.io/2022/02/24/ukraine-analysis-of-the-new-disk-wiping-malware/) | | 24 FEB | CronUp | Data broker "FreeCivilian" offering multiple .gov.ua | [twitter.com/1ZRR4H](https://twitter.com/1ZRR4H/status/1496931721052311557)| | 24 FEB | RaidForums | Data broker "Featherine" offering diia.gov.ua | RaidForums [not linked] | | 24 FEB | DomainTools | Unknown scammers | [twitter.com/SecuritySnacks](https://twitter.com/SecuritySnacks/status/1496956492636905473?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | | 25 FEB | @500mk500 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/500mk500](https://twitter.com/500mk500/status/1497339266329894920?s=20&t=opOtwpn82ztiFtwUbLkm9Q) | | 25 FEB | @500mk500 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/500mk500](https://twitter.com/500mk500/status/1497208285472215042)| | 25 FEB | Microsoft | HermeticWiper | [gist.github.com](https://gist.github.com/fr0gger/7882fde2b1b271f9e886a4a9b6fb6b7f) | | 25 FEB | 360 NetLab | DDoS (Mirai, Gafgyt, IRCbot, Ripprbot, Moobot) | [blog.netlab.360.com](https://blog.netlab.360.com/some_details_of_the_ddos_attacks_targeting_ukraine_and_russia_in_recent_days/) | | 25 FEB | Conti [themselves] | Conti ransomware, BazarLoader | Conti News .onion [not linked] | | 25 FEB | CoomingProject [themselves] | Data Hostage Group | CoomingProject Telegram [not linked] | | 25 FEB | CERT-UA | UNC1151/Ghostwriter (Belarus MoD) | [CERT-UA Facebook](https://facebook.com/story.php?story_fbid=312939130865352&id=100064478028712)| | 25 FEB | Sekoia | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/sekoia_io](https://twitter.com/sekoia_io/status/1497239319295279106) | | 25 FEB | @jaimeblascob | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/jaimeblasco](https://twitter.com/jaimeblascob/status/1497242668627370009)| | 25 FEB | RISKIQ | UNC1151/Ghostwriter (Belarus MoD) | [community.riskiq.com](https://community.riskiq.com/article/e3a7ceea/) | | 25 FEB | MalwareHunterTeam | Unknown phishing | [twitter.com/malwrhunterteam](https://twitter.com/malwrhunterteam/status/1497235270416097287) | | 25 FEB | ESET | Unknown scammers | [twitter.com/ESETresearch](https://twitter.com/ESETresearch/status/1497194165561659394) | | 25 FEB | BitDefender | Unknown scammers | [blog.bitdefender.com](https://blog.bitdefender.com/blog/hotforsecurity/cybercriminals-deploy-spam-campaign-as-tens-of-thousands-of-ukrainians-seek-refuge-in-neighboring-countries/) | | 25 FEB | SSSCIP Ukraine | Unkown phishing | [twitter.com/dsszzi](https://twitter.com/dsszzi/status/1497103078029291522) | | 25 FEB | RaidForums | Data broker "NetSec" offering FSB (likely SMTP accounts) | RaidForums [not linked] | | 25 FEB | Zscaler | PartyTicket decoy ransomware | [zscaler.com](https://www.zscaler.com/blogs/security-research/technical-analysis-partyticket-ransomware) | | 25 FEB | INCERT GIE | Cyclops Blink, HermeticWiper | [linkedin.com](https://www.linkedin.com/posts/activity-6902989337210740736-XohK) [Login Required] | | 25 FEB | Proofpoint | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com/threatinsight](https://twitter.com/threatinsight/status/1497355737844133895?s=20&t=Ubi0tb_XxGCbHLnUoQVp8w) | | 25 FEB | @fr0gger_ | HermeticWiper capabilities Overview | [twitter.com/fr0gger_](https://twitter.com/fr0gger_/status/1497121876870832128?s=20&t=_296n0bPeUgdXleX02M9mg) | 26 FEB | BBC Journalist | A fake Telegram account claiming to be President Zelensky is posting dubious messages | [twitter.com/shayan86](https://twitter.com/shayan86/status/1497485340738785283?s=21) | | 26 FEB | CERT-UA | UNC1151/Ghostwriter (Belarus MoD) | [CERT_UA Facebook](https://facebook.com/story.php?story_fbid=313517477474184&id=100064478028712) | | 26 FEB | MHT and TRMLabs | Unknown scammers, linked to ransomware | [twitter.com/joes_mcgill](https://twitter.com/joes_mcgill/status/1497609555856932864?s=20&t=KCIX_1Ughc2Fs6Du-Av0Xw) | | 26 FEB | US CISA | WhisperGate wiper, HermeticWiper | [cisa.gov](https://www.cisa.gov/uscert/ncas/alerts/aa22-057a) | | 26 FEB | Bloomberg | Destructive malware (possibly HermeticWiper) deployed at Ukrainian Ministry of Internal Affairs & data stolen from Ukrainian telecommunications networks | [bloomberg.com](https://www.bloomberg.com/news/articles/2022-02-26/hackers-destroyed-data-at-key-ukraine-agency-before-invasion?sref=ylv224K8) | | 26 FEB | Vice Prime Minister of Ukraine | IT ARMY of Ukraine created to crowdsource offensive operations against Russian infrastructure | [twitter.com/FedorovMykhailo](https://twitter.com/FedorovMykhailo/status/1497642156076511233) | | 26 FEB | Yoroi | HermeticWiper | [yoroi.company](https://yoroi.company/research/diskkill-hermeticwiper-a-disruptive-cyber-weapon-targeting-ukraines-critical-infrastructures) | | 27 FEB | LockBit [themselves] | LockBit ransomware | LockBit .onion [not linked] | | 27 FEB | ALPHV [themselves] | ALPHV ransomware | vHUMINT [closed source] | | 27 FEB | Mēris Botnet [themselves] | DDoS attacks | vHUMINT [closed source] | | 28 FEB | Horizon News [themselves] | Leak of China's Censorship Order about Ukraine | [TechARP](https://www-techarp-com.cdn.ampproject.org/c/s/www.techarp.com/internet/chinese-media-leaks-ukraine-censor/?amp=1)| | 28 FEB | Microsoft | FoxBlade (aka HermeticWiper) | [Microsoft](https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/?preview_id=65075) | | 28 FEB | @heymingwei | Potential BGP hijacks attempts against Ukrainian Internet Names Center | [https://twitter.com/heymingwei](https://twitter.com/heymingwei/status/1498362715198263300?s=20&t=Ju31gTurYc8Aq_yZMbvbxg) | | 28 FEB | @cyberknow20 | Stormous ransomware targets Ukraine Ministry of Foreign Affairs | [twitter.com/cyberknow20](https://twitter.com/cyberknow20/status/1498434090206314498?s=21) | | 1 MAR | ESET | IsaacWiper and HermeticWizard | [welivesecurity.com](https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/) | | 1 MAR | Proofpoint | Ukrainian armed service member's email compromised and sent malspam containing the SunSeed malware (likely TA445/UNC1151/Ghostwriter) | [proofpoint.com](https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails) | | 1 MAR | Elastic | HermeticWiper | [elastic.github.io](https://elastic.github.io/security-research/intelligence/2022/03/01.hermeticwiper-targets-ukraine/article/) | | 1 MAR | CrowdStrike | PartyTicket (aka HermeticRansom), DriveSlayer (aka HermeticWiper) | [CrowdStrike](https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/) | | 2 MAR | Zscaler | DanaBot operators launch DDoS attacks against the Ukrainian Ministry of Defense | [zscaler.com](https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense) | | 3 MAR | @ShadowChasing1 | Gamaredon/Shuckworm/PrimitiveBear (FSB) | [twitter.com/ShadowChasing1](https://twitter.com/ShadowChasing1/status/1499361093059153921) | | 3 MAR | @vxunderground | News website in Poland was reportedly compromised and the threat actor uploaded anti-Ukrainian propaganda | [twitter.com/vxunderground](https://twitter.com/vxunderground/status/1499374914758918151?s=20&t=jyy9Hnpzy-5P1gcx19bvIA) | | 3 MAR | @kylaintheburgh | Russian botnet on Twitter is pushing "#istandwithputin" and "#istandwithrussia" propaganda (in English) | [twitter.com/kylaintheburgh](https://twitter.com/kylaintheburgh/status/1499350578371067906?s=21) | | 3 MAR | @tracerspiff | UNC1151/Ghostwriter (Belarus MoD) | [twitter.com](https://twitter.com/tracerspiff/status/1499444876810854408?s=21) | #### `Access Brokers` | Date | Threat(s) | Source | | --- | --- | --- | | 23 JAN | Access broker "Mont4na" offering UkrFerry | RaidForums [not linked] | | 23 JAN | Access broker "Mont4na" offering PrivatBank | RaidForums [not linked] | | 24 JAN | Access broker "Mont4na" offering DTEK | RaidForums [not linked] | | 27 FEB | KelvinSecurity Sharing list of IP cameras in Ukraine | vHUMINT [closed source] | | 28 FEB | "w1nte4mute" looking to buy access to UA and NATO countries (likely ransomware affiliate) | vHUMINT [closed source] | #### `Data Brokers` | Threat Actor | Type | Observation | Validated | Relevance | Source | | --------------- | --------------- | --------------------------------------------------------------------------------------------------------- | --------- | ----------------------------- | ---------------------------------------------------------- | | aguyinachair | UA data sharing | PII DB of ukraine.com (shared as part of a generic compilation) | No | TA discussion in past 90 days | ELeaks Forum \[not linked\] | | an3key | UA data sharing | DB of Ministry of Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | an3key | UA data sharing | DB of Ukrainian Ministry of Internal Affairs (wanted\[.\]mvs\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (40M) of PrivatBank customers (privatbank\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | DB of "border crossing" DBs of DPR and LPR | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (7.5M) of Ukrainian passports | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB of Ukrainian car registration, license plates, Ukrainian traffic police records | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (2.1M) of Ukrainian citizens | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (28M) of Ukrainian citizens (passports, drivers licenses, photos) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (1M) of Ukrainian postal/courier service customers (novaposhta\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (10M) of Ukrainian telecom customers (vodafone\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (3M) of Ukrainian telecom customers (lifecell\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | CorelDraw | UA data sharing | PII DB (13M) of Ukrainian telecom customers (kyivstar\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | danieltx51 | UA data sharing | DB of Ministry of Foreign Affairs of Ukraine (mfa\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | DueDiligenceCIS | UA data sharing | PII DB (63M) of Ukrainian citizens (name, DOB, birth country, phone, TIN, passport, family, etc) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | Featherine | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | FreeCivilian | UA data sharing | DB of Ministry for Internal Affairs of Ukraine public data search engine (wanted\[.\]mvs\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | FreeCivilian | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | FreeCivilian | UA data sharing | DB of Motor Insurance Bureau of Ukraine (mtsbu\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | FreeCivilian | UA data sharing | PII DB of Ukrainian digital-medicine provider (medstar\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | FreeCivilian | UA data sharing | DB of ticket.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of id.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of my.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of portal.kyivcity.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of anti-violence-map.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dopomoga.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of e-services.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of edu.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of education.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of ek-cbi.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mail.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of portal-gromady.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of web-minsoc.msp.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of wcs-wim.dsbt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of bdr.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of motorsich.com | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dsns.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mon.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of minagro.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of zt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of kmu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dsbt.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of forest.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of nkrzi.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dabi.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of comin.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dp.dpss.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of esbu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mms.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mova.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mspu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of nads.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of reintegration.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of sies.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of sport.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mepr.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mfa.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of va.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mtu.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of cg.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of ch-tmo.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of cp.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of cpd.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of hutirvilnij-mrc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dndekc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of visnyk.dndekc.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of dpvs.hsc.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of odk.mvs.gov.ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of e-driver\[.\]hsc\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of wanted\[.\]mvs\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of minregeion\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of health\[.\]mia\[.\]solutions | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mtsbu\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of motorsich\[.\]com | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of kyivcity\[.\]com | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of bdr\[.\]mvs\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of gkh\[.\]in\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of kmu\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mon\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of minagro\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | FreeCivilian | UA data sharing | DB of mfa\[.\]gov\[.\]ua | No | TA discussion in past 90 days | FreeCivilian .onion \[not linked\] | | Intel\_Data | UA data sharing | PII DB (56M) of Ukrainian Citizens | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | Kristina | UA data sharing | DB of Ukrainian National Police (mvs\[.\]gov\[.\]ua) | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | NetSec | UA data sharing | PII DB (53M) of Ukrainian citizens | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | Psycho\_Killer | UA data sharing | PII DB (56M) of Ukrainian Citizens | No | TA discussion in past 90 days | Exploit Forum .onion \[not linked\] | | Sp333 | UA data sharing | PII DB of Ukrainian and Russian interpreters, translators, and tour guides | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | Vaticano | UA data sharing | DB of Ukrainian 'Diia' e-Governance Portal for Ministry of Digital Transformation of Ukraine \[copy\] | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | | Vaticano | UA data sharing | DB of Ministry for Communities and Territories Development of Ukraine (minregion\[.\]gov\[.\]ua) \[copy\] | No | TA discussion in past 90 days | RaidForums \[not linked; site hijacked since UA invasion\] | #### `Vendor Support` | Vendor | Offering | URL | | --- | --- | --- | | Dragos | Access to Dragos service if from US/UK/ANZ and in need of ICS cybersecurity support | [twitter.com/RobertMLee](https://twitter.com/RobertMLee/status/1496862093588455429) | | GreyNoise | Any and all `Ukrainian` emails registered to GreyNoise have been upgraded to VIP which includes full, uncapped enterprise access to all GreyNoise products | [twitter.com/Andrew___Morris](https://twitter.com/Andrew___Morris/status/1496923545712091139) | | Recorded Future | Providing free intelligence-driven insights, perspectives, and mitigation strategies as the situation in Ukraine evolves| [recordedfuture.com](https://www.recordedfuture.com/ukraine/) | | Flashpoint | Free Access to Flashpoint’s Latest Threat Intel on Ukraine | [go.flashpoint-intel.com](https://go.flashpoint-intel.com/trial/access/30days) | | ThreatABLE | A Ukraine tag for free threat intelligence feed that's more highly curated to cyber| [twitter.com/threatable](https://twitter.com/threatable/status/1497233721803644950) | | Orange | IOCs related to Russia-Ukraine 2022 conflict extracted from our Datalake Threat Intelligence platform. | [github.com/Orange-Cyberdefense](https://github.com/Orange-Cyberdefense/russia-ukraine_IOCs)| | FSecure | F-Secure FREEDOME VPN is now available for free in all of Ukraine | [twitter.com/FSecure](https://twitter.com/FSecure/status/1497248407303462960) | | Multiple vendors | List of vendors offering their services to Ukraine for free, put together by [@chrisculling](https://twitter.com/chrisculling/status/1497023038323404803) | [docs.google.com/spreadsheets](https://docs.google.com/spreadsheets/d/18WYY9p1_DLwB6dnXoiiOAoWYD8X0voXtoDl_ZQzjzUQ/edit#gid=0) | | Mandiant | Free threat intelligence, webinar and guidance for defensive measures relevant to the situation in Ukraine. | [mandiant.com](https://www.mandiant.com/resources/insights/ukraine-crisis-resource-center) | | Starlink | Satellite internet constellation operated by SpaceX providing satellite Internet access coverage to Ukraine | [twitter.com/elonmusk](https://twitter.com/elonmusk/status/1497701484003213317) | | Romania DNSC | Romania’s DNSC – in partnership with Bitdefender – will provide technical consulting, threat intelligence and, free of charge, cybersecurity technology to any business, government institution or private citizen of Ukraine for as long as it is necessary. | [Romania's DNSC Press Release](https://dnsc.ro/citeste/press-release-dnsc-and-bitdefender-work-together-in-support-of-ukraine)| | BitDefender | Access to Bitdefender technical consulting, threat intelligence and both consumer and enterprise cybersecurity technology | [bitdefender.com/ukraine/](https://www.bitdefender.com/ukraine/) | | NameCheap | Free anonymous hosting and domain name registration to any anti-Putin anti-regime and protest websites for anyone located within Russia and Belarus | [twitter.com/Namecheap](https://twitter.com/Namecheap/status/1498998414020861953) | | Avast | Free decryptor for PartyTicket ransomware | [decoded.avast.io](https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/) | #### `Vetted OSINT Sources` | Handle | Affiliation | | --- | --- | | [@KyivIndependent](https://twitter.com/KyivIndependent) | English-language journalism in Ukraine | | [@IAPonomarenko](https://twitter.com/IAPonomarenko) | Defense reporter with The Kyiv Independent | | [@KyivPost](https://twitter.com/KyivPost) | English-language journalism in Ukraine | | [@Shayan86](https://twitter.com/Shayan86) | BBC World News Disinformation journalist | | [@Liveuamap](https://twitter.com/Liveuamap) | Live Universal Awareness Map (“Liveuamap”) independent global news and information site | | [@DAlperovitch](https://twitter.com/DAlperovitch) | The Alperovitch Institute for Cybersecurity Studies, Founder & Former CTO of CrowdStrike | | [@COUPSURE](https://twitter.com/COUPSURE) | OSINT investigator for Centre for Information Resilience | | [@netblocks](https://twitter.com/netblocks) | London-based Internet's Observatory | #### `Miscellaneous Resources` | Source | URL | Content | | --- | --- | --- | | PowerOutages.com | https://poweroutage.com/ua | Tracking PowerOutages across Ukraine | | Monash IP Observatory | https://twitter.com/IP_Observatory | Tracking IP address outages across Ukraine | | Project Owl Discord | https://discord.com/invite/projectowl | Tracking foreign policy, geopolitical events, military and governments, using a Discord-based crowdsourced approach, with a current emphasis on Ukraine and Russia | | russianwarchatter.info | https://www.russianwarchatter.info/ | Known Russian Military Radio Frequencies |
eugenekolo / Linux Ransomware DecrypterBitdefender's Linux.Encoder.1 Decrypter
RedyOpsResearchLabs / CVE 2020 8103 Bitdefender Antivirus Free EoPCVE-2020-8103 Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free
malice-plugins / BitdefenderMalice Bitdefender AntiVirus Plugin
lilygrace454 / Mcafee.com ActivateThe Best Antivirus and Total Protection for Mac! What's the Best Malware Protection? Malware, Spyware, and Adware Protection Antivirus programming is basic for each PC. Without it, you hazard losing your own data, your records, and even the money from your financial balance. We've tried in excess of 40 utilities to enable you to pick the best antivirus security for your PCs. Malware, Spyware, and Adware Protection Summer is practically here, and we're all anticipating a stunning get-away, be it at the shoreline, in the mountains, or even on a journey. Malware coders get-aways, as well. Theirs is an occupation, similar to some other, from numerous points of view. In any case, that doesn't mean you'll be sheltered from infections, ransomware, bots, and other malware this late spring. The malware office director timetables get-aways, much the same as any office supervisor, to ensure someone's at work, making new assaults on your gadgets and your information. Before you head out, check your antivirus membership to ensure it won't take its very own get-away soon. In case you're not ensured at this point, put introducing an antivirus on your agenda. We've tried and McAfee com activate antivirus instruments so you can pick one and unwind with no stresses. We call it antivirus, yet in truth it's far-fetched you'll get hit with a real PC infection. Malware nowadays is tied in with profiting, and there's no simple method to take advantage of spreading an infection. Ransomware and information taking Trojans are considerably more typical, as are bots that let the bot-herder lease your PC for loathsome purposes. Current antivirus utilities handle Trojans, rootkits, spyware, adware, ransomware, and that's only the tip of the iceberg. PCMag has explored in excess of 40 distinctive business antivirus utilities, and that is not notwithstanding checking the many free antivirus devices. Out of that broad field we've named fourEditors' Choice items. mcafee activate product key antivirus utilities demonstrated powerful enough to procure an astounding four-star rating nearby their progressively conventional partners. VoodooSoft VoodooShield puts together its security with respect to stifling every obscure program while the PC is in a powerless state, for example, when it's associated with the web, and furthermore acts to identify known malware. The Kure resets the PC to a known safe state on each reboot, consequently wiping out any malware. On the off chance that you have malware, one of the ten items in the graph above should deal with the issue. You may see that one item in the outline earned simply 3.5 stars. The diagram had space for one more, and of the seven 3.5-star items, the labs just focus on F-Secure and G Data. F-Secure has the additional fillip of costing the equivalent for three licenses as most items charge for only one, so it advanced into the diagram. The blurbs at the base of this article incorporate each business antivirus that earned 3.5 stars or better. www.mcafee.com/activate offer insurance past the antivirus incorporated with Windows 10; the best free antivirus utilities additionally offer more. In any case, Microsoft Windows Defender Security Center is looking somewhat better recently, with some awesome scores from free testing labs. In our grasp on tests, it demonstrated a checked improvement since our past audit, enough to at long last bring it up to three stars. Tune in to the Labs We take the outcomes announced by free antivirus testing labs in all respects truly. The basic reality that a specific merchant's item appears in the outcomes is a demonstration of positive support, of sorts. It implies the lab considered the item huge, and the merchant felt the expense of testing was advantageous. Obviously, getting great scores in the tests is additionally significant. We pursue four labs that normally discharge nitty gritty reports: SE Labs, AV-Test Institute, MRG-Effitas, and AV-Comparatives. We likewise note whether sellers have contracted with ICSA Labs and West Coast labs for affirmation. We Test Malware, Spyware, and Adware Defenses We additionally subject each item to our very own hands-on trial of malware assurance, to a limited extent to get an inclination for how the item functions. Contingent upon how altogether the item averts malware establishment, it can acquire up to 10 for malware assurance. Our malware assurance test fundamentally utilizes a similar arrangement of tests for quite a long time. To check an item's treatment of fresh out of the box new malware, we test every item utilizing 100 amazingly new malware-facilitating URLs provided by MRG-Effitas, taking note of what level of them it blocked. Items get equivalent kudos for anticipating all entrance to the vindictive URL and for clearing out the malware during download. A few items win completely outstanding evaluations from the autonomous labs, yet don't toll too in our grasp on tests. In such cases, we concede to the labs, as they carry altogether more prominent assets to their testing. Need to know more? You can dive in for a point by point portrayal of how we test security programming. Multilayered Malware Protection Antivirus items separate themselves by going past the fundamentals of on-request examining and ongoing malware insurance. Some rate URLs that you visit or that appear in indexed lists, utilizing a red-yellow-green shading coding framework. Some effectively square procedures on your framework from associating with known malware-facilitating URLs or with false (phishing) pages. Programming has imperfections, and here and there those blemishes influence your mcafee security. Judicious clients keep Windows and all projects fixed, fixing those imperfections at the earliest opportunity. The defenselessness output offered by some antivirus items can check that every vital patches are available, and even apply any that are absent. Spyware comes in numerous structures, from concealed projects that log your each keystroke to Trojans that take on the appearance of legitimate projects while mining your own information. Any antivirus should deal with spyware, alongside every other sort of malware, yet some incorporate specific segments gave to spyware insurance. You expect an antivirus to recognize and dispose of terrible projects, and to disregard great projects. Shouldn't something be said about questions, programs it can't distinguish as positive or negative? Conduct based discovery can, in principle, secure you against malware that is so new scientists have never experienced it. In any case, this isn't generally an unmixed gift. It's normal for social discovery frameworks to hail numerous harmless practices performed by genuine projects. Whitelisting is another way to deal with the issue of obscure projects. A whitelist-based security framework just permits realized great projects to run. Questions are prohibited. This mode sometimes falls short for all circumstances, however it very well may be helpful. Sandboxing gives obscure projects a chance to run, however it segregates them from full access to your framework, so they can't do lasting damage. These different added layers serve to upgrade your assurance against malware. What's the Best Malware Protection? mcafee.com/activate antivirus would it be advisable for you to pick? You have an abundance of choices. Kaspersky Anti-Virus and Bitdefender Antivirus Plus routinely take impeccable or close ideal scores from the autonomous antivirus testing labs. A solitary membership for AntiVirus Plus gives you a chance to introduce security on the majority of your Windows, Android, Mac OS, and iOS gadgets. What's more, its unordinary conduct based recognition innovation implies Webroot SecureAnywhere Antivirus is the most diminutive antivirus around. We've named these four Editors' Choice for business antivirus, however they're by all account not the only items worth thought. Peruse the surveys of our top of the line items, and afterward settle on your own choice. Note that we have assessed a lot more antivirus utilities than we could incorporate into the diagram of top items. On the off chance that your preferred programming isn't recorded there, odds are we reviewed it. The blurbs beneath incorporate each item that oversaw 3.5 stars or better. Every one of the utilities recorded in this component are Windows antivirus applications. In case you're a macOS client, don't lose hope, be that as it may; PCMag has a different gathering devoted exclusively to the best Mac antivirus programming.
0xZ0F / BitdefenderEvaderNo description available
HydraDragonAntivirus / AntivirusBypassBitdefender, Kaspersky, Malwarebytes, Avast, Webroot, Windows Defender, ESET, Avira, McAfee, ZoneAlarm etc. buster with general antivirus bypass. This is fully undetectable malware.
bitdefender / Boxv2 FirmwareOpenWRT-based OS for Bitdefender BOXv2
sntcz / BitdefenderBitdefender GravityZone API commandlets for PowerShell
Hue-Jhan / Syscalls Thread HijackingThread Hijacking malware using direct/indirect syscalls, ntdll and low level utilities, undetected by Windows Defender and BitDefender
Hue-Jhan / Direct Syscall Dll InjectionDll injection using direct System Calls, undetected by Windows Defender & Bitdefender
PHP-AntiVirus / PLED PHP Linux.Encoder DecrypterThis is PHP fork of the decrypter CLI script for "Linux.Encoder" ransomware malware. Original Python version of the decrypter was written by Bitdefender Labs Team.
Altair47 / BitDefender ScriptsNo description available
