Video wird geladen...

Video konnte nicht geladen werden

Zur Startseite

🚨 THREAT INTELLIGENCE ALERT 🚨 The tool 🇨🇳 KernelGhost820 is being actively sold on the underground market for US$ 2,500, complete with full source code. This is a professional-grade suite with an intuitive graphical interface and six advanced modules, specifically designed for EDR evasion and sophisticated ransomware operations with...

40,619 Aufrufe • vor 2 Monaten •via X (Twitter)

0 Kommentare

Keine Kommentare verfügbar

Kommentare vom Original-Post werden hier angezeigt

Ähnliche Videos

⚠️ A defense evasion tool called ExEngine is being sold as a service, marketed as an AV/EDR killer that disables mainstream consumer security software including Windows Defender, Malwarebytes, Bitdefender, and Avast. The tool combines AV termination with a Ring-3 rootkit, UAC bypass, and decoy payload delivery to support stealthy initial access operations. ⠀ ‣ Threat Actor: ryewx1 ‣ Category: Defense Evasion Tool / Killer ‣ Offering: ExEngine AV/EDR Killer ‣ Industry: Malware Tooling ⠀ The seller claims ExEngine actively terminates security software rather than only obfuscating payloads, granting attackers a longer window of undetected operation. The tool supports Windows 10 and 11 builds and is sold per-build at $150 to $250. ⠀ Advertised capabilities: ⠀ ▪️ AV/EDR termination with primary and fallback techniques ▪️ UAC bypass with automatic privilege escalation ▪️ Ring-3 rootkit functionality to hide files, processes, registry keys, and network connections ▪️ Discord webhook logging for victim machine info and execution status ▪️ Secondary decoy payload (game/document/installer) to keep targets unaware ▪️ Persistence across reboots and logouts ▪️ Anti-VM and anti-debug detection with fake error message exit ▪️ Universal Windows 10/11 support, all payload types ⠀ Risk to defenders: ⠀ ▪️ Active termination of consumer AV products including Windows Defender means traditional endpoint protections cannot be relied on once ExEngine executes successfully ▪️ Decoy payload pattern is designed to delay user-driven incident reporting, lengthening attacker dwell time ▪️ Ring-3 rootkit hiding of files, processes, and network connections complicates incident response triage on compromised hosts ▪️ Discord webhook telemetry indicates the operator is targeting consumer and SMB victims at scale rather than running individual targeted campaigns ▪️ Sold per-build at low cost ($150 to $250), making it accessible to low-skill operators who can pair it with commodity stealers, RATs, or loaders

Dark Web Informer

23,210 Aufrufe • vor 2 Monaten

‼️A malware binder tool branded "Universal File Binder 2026" is being sold on a popular cybercrime forum, advertised as fully undetectable and designed to disguise executable payloads as common file types including documents, images, and videos. ⠀ ‣ Threat Actor: Davina Keenan ‣ Category: Malware Tool Sale / Payload Binder ‣ Product: Universal File Binder 2026 ‣ Industry Impact: Phishing, Social Engineering, Initial Access ⠀ The tool is marketed as a payload binder, a category of malware used to attach executable code to a legitimate looking file so that opening the file triggers both the decoy document and the hidden payload. A video demo is attached to the listing and this post. ⠀ Advertised features: ⠀ ▪️ Claimed "100% FUD" (Fully Undetectable) against major antivirus engines including Windows Defender, Avast, and Kaspersky, at both scantime and runtime ▪️ Bind payloads to .jpg, .png, .pdf, .docx, .pptx, .mp4, and .mp3 files ▪️ Icon and extension spoofing, including double extension tricks ▪️ Lightweight stub with small footprint ▪️ Stated compatibility with Windows 10 and Windows 11 ⠀ Pricing: ⠀ ▪️ Single build: $100 ▪️ Lifetime access with updates: $1,000 ⠀ Binders of this type are a common component of commodity phishing kits, used primarily to deliver RATs, stealers, and ransomware via email attachments or messaging platforms. "FUD" claims on public forums are typically short lived and degrade within days or weeks of release as antivirus vendors collect samples.

Dark Web Informer

25,017 Aufrufe • vor 2 Monaten