• Stars
    star
    263
  • Rank 155,624 (Top 4 %)
  • Language
    Python
  • Created 9 months ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

I-SOON/Anxun leak related stuff

Original leak

https://github.com/I-S00N/I-S00N

Anxun-isoon

The iSoon/Anxun leak in a single json file (cn_extracted_messages.json)

What this json tells us:

  • The user identified as lengmo is the top sender, with a total of 4981 messages. This indicates that lengmo is the most active participant in the conversation.
  • The most frequent communication pair is between lengmo and Shutd0wn, with lengmo sending 4635 messages to Shutd0wn. This suggests a significant amount of interaction between these two users.

This data implies a strong communication link between lengmo and Shutd0wn, potentially indicating a key relationship or hierarchy within the group. lengmo's high level of activity could suggest a leadership or central role in the conversation dynamics.

image

The analysis of working hours by examining the distribution of message times

0      279
1      723
2     1146
3     1645
4     1386
5      843
6     1415
7     1167
8     1538
9     1430
10    1025
11     742
12     611
13     708
14     441
15     409
16     140
17       6
18       4
20       1
21       2
22      18
23      64
Name: hour, dtype: int64

The distribution of messages per hour shows a pattern that can help infer the working hours. Here's a summary:

  • Peak Activity Hours: From the early morning hours around 2 AM, increasing to a peak at 3 AM, and then gradually decreasing after 5 AM. There's another peak starting from 8 AM and extending through 10 AM.
  • Lower Activity Hours: Activity significantly drops after 4 PM, with minimal to no messages after 5 PM.

Initial hot takes

  • https://twitter.com/DE7AULTsec/status/1759388057323618611
  • https://news.risky.biz/risky-biz-briefing-the-i-soon-data-leak: The i-SOON data also includes files that appear to be documentation or more technical business pitches that describe products of an extremely broad range of capabilities. These include:
    • Malware designed to run on Windows, macOS, Linux, iOS, and Android;
    • A platform to collect and analyse email data;
    • A platform to hack into Outlook accounts;
    • A Twitter monitoring platform;
    • An reconnaissance platform using OSINT data;
    • Physical hardware devices meant to be used for on-premises hacking, typically targeting WiFi networks;
    • Communications equipment using a Tor-like network for agents working abroad.
  • https://www.malwarebytes.com/blog/news/2024/02/a-first-analysis-of-the-i-soon-data-leak: Some of the tools that i-Soon used are impressive enough. Some highlights:
    • Twitter (now X) stealer: Features include obtaining the user’s Twitter email and phone number, real-time monitoring, reading personal messages, and publishing tweets on the user’s behalf.
    • Custom Remote Access Trojans (RATs) for Windows x64/x86: Features include process/service/registry management, remote shell, keylogging, file access logging, obtaining system information, disconnecting remotely, and uninstallation.
    • The iOS version of the RAT also claims to authorize and support all iOS device versions without jailbreaking, with features ranging from hardware information, GPS data, contacts, media files, and real-time audio records as an extension. (Note: this part dates back to 2020)
    • The Android version can dump messages from all popular Chinese chatting apps QQ, WeChat, Telegram, and MoMo and is capable of elevating the system app for persistence against internal recovery.
    • Portable devices for attacking networks from the inside.
    • Special equipment for operatives working abroad to establish safe communication.
    • User lookup database which lists user data including phone number, name, and email, and can be correlated with social media accounts.
    • Targeted automatic penetration testing scenario framework.

Initial machine translations

More Repositories

1

Mirai-Botnet

Mirai Botnet Client, Echo Loader and CNC source code (for the sake of knowledge)
C
83
star
2

TeamsNTLMLeak

Leak NTLM via Website tab in teams via MS Office
78
star
3

CitrixSecureAccessAuthCookieDump

Dump Citrix Secure Access auth cookie from the process memory
C#
73
star
4

Vault-8-Hive

Hive solves a critical problem for the malware operators at the CIA.
C
62
star
5

RansomwareMonitor

A ransomware group monitoring bot written in C#.
C#
55
star
6

Leaked-Password

A database containing 22409485 clear and equivalent sha256 hash passwords
36
star
7

RansomwareSimulator.public

Ransomware simulator written in C#
C#
34
star
8

RemoteShellCodeInjection

This will help you inject a shellcode hosted as text remotly into a process
C#
28
star
9

AD-Pentest-Cheatsheet

AD Pentest Cheatsheet by BlackWasp
21
star
10

ransomware_Incident_Response_FR

petit "playbook" qui pourrait servir de base à une réponse à incident lors d'une attaque de type ransomware
21
star
11

ContiLeaks

19
star
12

MagentoScanner

Magento Security Scanner
C#
15
star
13

Digital-Forensics-Incident-Response

This post is inspired by all the hard working DFIR, and more broadly security professionals, who have put in the hard yards over the years to discuss in depth digital forensics and incident response. (by Jai Minton)
12
star
14

HttpRquestPlayer

This small utility could help you to find authorization bugs.
C#
9
star
15

Valkyrie

Another OSINT tool
JavaScript
8
star
16

sqlmap-cheat-sheet

sqlmap cheat sheet
6
star
17

ESXi_ransomware_bitcoinWallets

ESXi semi-automated ransomware attacks bitcoin wallets
5
star
18

CitrixSecureAccessSAML

Citrix Secure Access SAML abuse
4
star
19

ICMP

Send file over ICMP (reverse shell)
PowerShell
3
star
20

randomLists

Random wordlists (dirs,files,xss...)
2
star
21

Ysoserial

Compiled jar version ysoserial (java payloads)
2
star
22

xss-cheat-sheet

Ultimate Cross Site Scripting Attack Cheat Sheet
1
star
23

Windows-Phonne-Logical-Forensic

WP Logical - A Windows Phone 8.1 Contacts and Appointments logical acquisition tool
C#
1
star
24

RemoteAssemblyLoader

C#
1
star
25

RandomCreditCardNumberGenerator

This is a port of the port of of the Javascript credit card number generator now in C# by Kev Hunter https://kevhunter.wordpress.com
C#
1
star