{
	"id": "205df1d7-1f7b-4180-9bc6-7bb27ca29153",
	"created_at": "2026-04-06T00:17:15.370629Z",
	"updated_at": "2026-04-10T13:11:31.089067Z",
	"deleted_at": null,
	"sha1_hash": "5fb13fe1beb2470ebb078804f91a71c5f7fc2a7b",
	"title": "Dark Peep #2: War and a Piece of Hilarity",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 68321,
	"plain_text": "Dark Peep #2: War and a Piece of Hilarity\r\nPublished: 2023-10-17 · Archived: 2026-04-02 12:37:40 UTC\r\n1. Home\r\n2. Blog\r\n3. Dark Web\r\n4. Dark Peep #2: War and a Piece of Hilarity\r\nThe Dark Web is not standing still, with the Israel-Palestine Conflict, the cyber world has become even more\r\nactive, and we can say that interesting behaviors that attract our attention are on the rise. As the SOCRadar team,\r\nwe continue to keep up to date on this issue, and in this blog post, we have brought you the news that attracted our\r\nattention in the last two weeks.\r\nFig. 1. Illustration of Tolstoy writing the “War and a Piece of Hilarity” Story of Dark Peep\r\n(generated using OpenAI’s DALL-E 3)\r\nRADIUS Riddled: Moroccan Ghosts Unmask System Weakness!\r\nIn a turn of events that might make tech companies re-evaluate their security measures, the group ‘Moroccan\r\nGhosts’ claimed responsibility for penetrating the RADIUS system. With no sophisticated hacking tools in their\r\narsenal, these digital phantoms relied solely on mental prowess and coding acumen.\r\nFig.2. Moroccan Ghosts Telegram post about RADIUS\r\nThis spectral breach serves as a reminder: In the digital realm, sometimes the most significant threats aren’t\r\ninvisible; they’re right before our eyes. The “ghosts” have issued a chilling warning: beef up your defenses, or\r\nprepare for more unexpected “visitations” in the future.\r\nStucx Team Endorses MyOPECS’ Mobile Magic: PenTest Tool App\r\nMyOPECS has just heralded its grand entry into the world of mobile penetration testing. With the showing off of\r\ntheir new application and the sharing of the APK file of the first version on their Telegram channel, smartphone\r\nusers will soon be able to access it via both Google Play Store and Apple App Store.\r\nFig. 3. STUCX Team shared the screenshots of PenTest Tool App developed by MyOPECS\r\nStay tuned to their “development feed” journey, as MyOPECS promises real-time updates for this groundbreaking\r\nPenTest Tool. And for those eager to get ahead of the curve, the latest version of the app is available for download\r\nin the official MyOPECS group.\r\nFig. 4. MyOPECS’ Telegram post of describing its PenTest Tool App and sharing the App’s APK file\r\nhttps://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/\r\nPage 1 of 4\n\nUnder development key features of this app are:\r\nDDoS Toolkit\r\nDNS Enum\r\nPort Scanner\r\nDir Buster\r\nPassword Attack\r\nThreat Actors Are Now Sharing Videos, Like Influencers\r\nThe Indonesian hacktivist group AnonGhost posted a video of themselves using their own video to show that they\r\nhave followers who identify themselves as AnonGhost and that their real account is the one that posted the video.\r\nFig. 5. AnonGhost’s Telegram post contains the group’s video\r\nThreat actors have reached such a stage that people have started to operate under the names of known groups,\r\ninteresting…\r\nWar Spilled Over Into “Humor”\r\nIn a turn of events showcasing the profound effects of the ongoing Israel-Palestine conflict on the digital front, the\r\nwebsite “Humor.co.il” recently faced a cyberattack. The KEP TEAM claimed responsibility for the breach,\r\nindicating the intersection of political tensions and cyber warfare. As real-world disputes intensify, it appears no\r\ndomain, not even those meant for levity and laughter, is immune from the reach of hackers. The incident serves as\r\na stark reminder of the blurred lines between online platforms and geopolitical disputes, emphasizing the need for\r\nheightened cyber vigilance.\r\nFig. 6. KEP TEAM’s Telegram post about leaked data of humor.co.il\r\nIt is Important to Take the Decision From the Followers\r\nThe UserSec Collective recently conducted an anonymous poll. The question at hand? Whether to breathe new\r\nlife into an alliance that’s been dormant. With two straightforward options, “Yes” and “No”, members were\r\nprompted to voice their opinions on the proposed resurgence. It’s a testament to the fact that even in the digital\r\nrealm, collective decisions hinge on the perspectives of individual members. The number of votes already pouring\r\nin showcases the engagement and investment of the community in the UserSec’s future decisions.\r\nFig. 7. UserSec’s anonymous poll post on Telegram\r\nIt is Possible to Become a Threat Actor by Participating in a Giveaway!\r\nThe threat actor Shad0de is known for distributing RDP access via Telegram, and his latest post is about RDP\r\naccess to a Turkish language operating system server with an Intel Xeon processor. Good luck to the participants\r\nof the giveaway!\r\nFig. 8. Shad0de’s free RDP access giveaway post on Telegram\r\nhttps://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/\r\nPage 2 of 4\n\nHacktivist Takes a Day Off\r\nHacktivist Aceh, the founder of a renowned hacking group, took to the digital realm to make a personal\r\nannouncement. Despite the often depersonalized nature of cyber-activities, this message brings a touch of\r\neveryday humanity to the forefront. Citing a personal event at home, the hacktivist made a candid request for\r\nunderstanding, emphasizing the need for a break from their usual activities. The announcement serves as a quirky\r\nreminder that behind every digital persona, there lies an individual navigating the complexities of daily life.\r\nSometimes, even the most dedicated hacktivists need a day off for family events.\r\nFig. 9. Aceh’s Telegram post about Aceh’s day off\r\nParticipate in the War, but If No One Sees It, There’s No Point, Right?\r\nThe Islamic Cyber Team, a hacktivist group known for executing DDoS attacks and leaking data targeting Israel,\r\nhas limited followers. Recognizing this shortfall, the group is actively seeking more supporters to ensure the\r\nimpact of their activities isn’t wasted.\r\nFig. 10. Islamic Cyber Team’s Telegram post of seeking more supporters\r\nCVEs Are Floating on the Dark Web\r\nThe AnonGhost group shared the PoC of CVE-2023-29489 in the form of a Python script on its Telegram channel.\r\nWe assume this is intended to encourage its followers to exploit the cPanel’s Cross-site Scripting (XSS)\r\nvulnerability discovered in April.\r\nFig. 11.  AnonGhost’s Telegram post of CVE-2023-29489’s PoC\r\nFig. 12. CVE-2023-29489’s information page of SOCRadar XTI’s Vulnerability Intelligence Page of\r\nCTI Module (Source: SOCRadar)\r\nREvil Resurfaces or Just a Shadow’s Trick?\r\nA recent Telegram post that looks like from REvil, we are not sure, has left the cybersecurity community in a\r\ndilemma: Is this the real deal Ransomware Evil “REvil” making a return, or is it the work of a copycat, trying to\r\nride on the infamous group’s fame? The message suggests a possible alliance with Killnet and even jests about\r\nrobbing banks across Europe. While it’s laced with REvil’s characteristic audacity, only time will tell if this is\r\ngenuinely their work or an imitation act hoping to gain fame in the world of the Dark Web.\r\nFig. 13. REvil’s Telegram post about their come back and targeting European banks\r\nLike Everyone Else, Hacktivists Also Need a Digital Detox\r\nIn a world that’s always online, even the most dedicated of teams need a moment to disconnect and reboot. Team\r\nAnon Force, known for their hacktivist activities, recently dropped on their Telegram group a status update that’s\r\nless binary and more human. They’re “powering down” for a brief 4-day getaway.\r\nhttps://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/\r\nPage 3 of 4\n\nFig. 14. Team Anon Force’s Telegram post about the group’s vacation\r\nEven Ransomware Groups Aren’t Safe in Cyberwarfare\r\nThe Ukrainian Cyber Alliance, a group of cyber activists, successfully breached the servers of the Trigona\r\nransomware gang. Utilizing a public exploit tied to a critical vulnerability, they accessed the gang’s\r\ninfrastructure, copied all essential data, and subsequently wiped the servers.\r\nFig. 15. Trigona Ransomware’s TOR site defaced by Ukrainian Cyber Alliance (Source:\r\nbleepingcomputer)\r\nThe Dark Web is not at rest and we don’t expect it to become slower. You can use Dark Web News in SOCRadar\r\nXTI’s Cyber Threat Intelligence module to keep up to date with developments on the Dark Web:\r\nFig. 14. SOCRadar XTI’s Dark Web News page under the CTI Panel (Source: SOCRadar)\r\nSource: https://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/\r\nhttps://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://socradar.io/dark-peep-2-war-and-a-piece-of-hilarity/"
	],
	"report_names": [
		"dark-peep-2-war-and-a-piece-of-hilarity"
	],
	"threat_actors": [
		{
			"id": "a3917c91-ec7d-485f-8784-bfb1b1a78359",
			"created_at": "2023-11-08T02:00:07.13872Z",
			"updated_at": "2026-04-10T02:00:03.424164Z",
			"deleted_at": null,
			"main_name": "UserSec",
			"aliases": [],
			"source_name": "MISPGALAXY:UserSec",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "4a73cb62-be05-49d2-9dbb-1298606ec0a3",
			"created_at": "2025-03-07T02:00:03.799095Z",
			"updated_at": "2026-04-10T02:00:03.827106Z",
			"deleted_at": null,
			"main_name": "Ukrainian Cyber Alliance",
			"aliases": [
				"UCA"
			],
			"source_name": "MISPGALAXY:Ukrainian Cyber Alliance",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "98cd3bc4-fd41-4087-be03-f6f8f3be7b67",
			"created_at": "2025-05-29T02:00:03.220566Z",
			"updated_at": "2026-04-10T02:00:03.871851Z",
			"deleted_at": null,
			"main_name": "Cyber Alliance",
			"aliases": [],
			"source_name": "MISPGALAXY:Cyber Alliance",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "b4a6d558-3cba-499c-b58a-f15d65b7a604",
			"created_at": "2023-01-06T13:46:39.346924Z",
			"updated_at": "2026-04-10T02:00:03.295317Z",
			"deleted_at": null,
			"main_name": "Killnet",
			"aliases": [],
			"source_name": "MISPGALAXY:Killnet",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434635,
	"ts_updated_at": 1775826691,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5fb13fe1beb2470ebb078804f91a71c5f7fc2a7b.pdf",
		"text": "https://archive.orkl.eu/5fb13fe1beb2470ebb078804f91a71c5f7fc2a7b.txt",
		"img": "https://archive.orkl.eu/5fb13fe1beb2470ebb078804f91a71c5f7fc2a7b.jpg"
	}
}