{ "id": "4bcbae5a-d5ed-4b74-9887-e9541a765a02", "created_at": "2026-04-06T00:07:51.533236Z", "updated_at": "2026-04-10T03:29:45.28567Z", "deleted_at": null, "sha1_hash": "2bb2c5c809a8eefce7c9e517cb4ca2cf0dccfdbc", "title": "ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 198425, "plain_text": "ShadowBrokers are back demanding nearly $4m and offering 2\r\ndumps per month\r\nBy Pierluigi Paganini\r\nPublished: 2017-09-06 · Archived: 2026-04-05 14:01:31 UTC\r\n Pierluigi Paganini September 06, 2017\r\nThe dreaded hacking group ShadowBrokers posted a new message, promising to\r\ndeliver two data dumps a month as part its monthly dumps.\r\nThe notorious group ShadowBrokers is back with announcing new interesting changes to their Dump Service.\r\nThe hackers published a new message on the Steemit platform announcing new changed to their service.\r\n“Missing theshadowbrokers? If someone is paying then theshadowbrokers is playing.”\r\nThe hacker group made headlines in April after publicly leaking exploits allegedly stolen from the NSA-Linked\r\ngroup Equation Group.\r\nThe changes for the Dump Service included 2 dumps per month and the possibility to pay only with ZCash\r\ncryptocurrency:\r\nTwo dumps per month\r\nZcash only, no Monero, delivery email in encrypted memo field\r\nDelivery email address clearnet only, recommend tutanota or protonmail, no need exchange secret, no i2p,\r\nno bitmessage, no zeronet\r\nhttp://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html\r\nPage 1 of 3\n\nPrevious dumps now available, send correct amount to correct ZEC address\r\nSeptember dumps is being exploit\r\nBelow the “price list” shared by the group, it includes old dumps and future dumps, from June 30 until November\r\n15.\r\nThe amount of money requested by ShadowBrokers is substantially increased compared to the initial demand of\r\n100 ZEC (~24k USD) in June, when the hackers started their first monthly dump service. Now, the hackers are\r\noffering the exploits for 16,000 ZEC, which amounts to $3,914,080.\r\nShadowBrokers leaked the manual for the NSA exploit dubbed UNITEDRAKE, it is one of the implants used by\r\nthe NSA’s elite hacking unit TAO (Tailored Access Operations).\r\nhttps://twitter.com/josephfcox/status/905338616813150208\r\nAccording to the leaked manual, UNITEDRAKE implant is a “fully extensible remote collection system designed\r\nfor Windows targets”.\r\nFiles, Signed Message, Manual to August Dump:\r\nhttps://mega.nz/#F!QGAyVTJL!0cJlvWpQ4dPcKLu-oN766w\r\nStay Tuned!\r\nWritten by: @GranetMan and Pierluigi Paganini\r\nGranet is a young and Junior IT Security Researcher, he is passionate in Linux, Arduino, Digital\r\nForensics, Cyber Security, Free software and Malware Analysis\r\nhttp://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html\r\nPage 2 of 3\n\n[adrotate banner=”9″]\r\nSource: http://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html\r\nhttp://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "ETDA", "Malpedia" ], "references": [ "http://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html" ], "report_names": [ "shadowbrokers-return.html" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "171b85f2-8f6f-46c0-92e0-c591f61ea167", "created_at": "2023-01-06T13:46:38.830188Z", "updated_at": "2026-04-10T02:00:03.114926Z", "deleted_at": null, "main_name": "The Shadow Brokers", "aliases": [ "Shadow Brokers", "ShadowBrokers", "The ShadowBrokers", "TSB" ], "source_name": "MISPGALAXY:The Shadow Brokers", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "08623296-52be-4977-8622-50efda44e9cc", "created_at": "2023-01-06T13:46:38.549387Z", "updated_at": "2026-04-10T02:00:03.020003Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "Tilded Team", "EQGRP", "G0020" ], "source_name": "MISPGALAXY:Equation Group", "tools": [ "TripleFantasy", "GrayFish", "EquationLaser", "EquationDrug", "DoubleFantasy" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b", "created_at": "2024-05-01T02:03:08.144214Z", "updated_at": "2026-04-10T02:00:03.674763Z", "deleted_at": null, "main_name": "PLATINUM COLONY", "aliases": [ "Equation Group " ], "source_name": "Secureworks:PLATINUM COLONY", "tools": [ "DoubleFantasy", "EquationDrug", "EquationLaser", "Fanny", "GrayFish", "TripleFantasy" ], "source_id": "Secureworks", "reports": null }, { "id": "e0fed6e6-a593-4041-80ef-694261825937", "created_at": "2022-10-25T16:07:23.593572Z", "updated_at": "2026-04-10T02:00:04.680752Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "APT-C-40", "G0020", "Platinum Colony", "Tilded Team" ], "source_name": "ETDA:Equation Group", "tools": [ "Bvp47", "DEMENTIAWHEEL", "DOUBLEFANTASY", "DanderSpritz", "DarkPulsar", "DoubleFantasy", "DoubleFeature", "DoublePulsar", "Duqu", "EQUATIONDRUG", "EQUATIONLASER", "EQUESTRE", "Flamer", "GRAYFISH", "GROK", "OddJob", "Plexor", "Prax", "Regin", "Skywiper", "TRIPLEFANTASY", "Tilded", "UNITEDRAKE", "WarriorPride", "sKyWIper" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434071, "ts_updated_at": 1775791785, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2bb2c5c809a8eefce7c9e517cb4ca2cf0dccfdbc.pdf", "text": "https://archive.orkl.eu/2bb2c5c809a8eefce7c9e517cb4ca2cf0dccfdbc.txt", "img": "https://archive.orkl.eu/2bb2c5c809a8eefce7c9e517cb4ca2cf0dccfdbc.jpg" } }