{
	"id": "d7b174e5-a2df-4edf-bf08-1628dbd5dce2",
	"created_at": "2026-04-06T00:09:42.431941Z",
	"updated_at": "2026-04-10T03:24:51.080443Z",
	"deleted_at": null,
	"sha1_hash": "a10e9f3797fc4394e9a8b51c9853b64954007c94",
	"title": "NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 7961798,
	"plain_text": "NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling\r\nAgainst AI\r\nBy Jim Walter\r\nPublished: 2024-07-16 · Archived: 2026-04-05 13:24:15 UTC\r\nExecutive Summary\r\nSentinelLABS has identified a new cybercriminal threat group, NullBulge, which targets AI- and gaming-focused\r\nentities\r\nIn July 2024, the group released data allegedly stolen from Disney’s internal Slack communications.\r\nNullBulge targets the software supply chain by weaponizing code in publicly available repositories on GitHub and\r\nHugging Face, leading victims to import malicious libraries, or through mod packs used by gaming and modeling\r\nsoftware.\r\nThe group uses tools like Async RAT and Xworm before delivering LockBit payloads built using the leaked Lockbit\r\nBlack builder.\r\nNullBulge demonstrates a shift in the ransomware ecosystem where actors adopt hacktivist causes for financial gain.\r\nOverview\r\nBetween April and June 2024, the NullBulge group emerged targeting users in AI-centric application and gaming\r\ncommunities. The NullBulge persona has showcased creative methods of distributing malware targeting said tools and\r\nplatforms. Though the group projects an image of activism claiming to be “protecting artists around the world” and claims to\r\nbe motivated by a pro-art, anti-AI cause, rather than profit, other activities tied to this threat actor may indicate otherwise.\r\nNullBulge Logo (July 2024)\r\nNullBulge’s services via the group’s DLS\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 1 of 14\n\nOne service the group offers is described as “payback through honeypots and malicious mods.” The group is delivering on\r\nthis claim by targeting extensions and modifications of commonly used AI-art-adjacent applications and games. This has\r\nbeen their main area of focus recently, delivering a small variety of malware payloads.\r\nNullBulge’s attacks are characterized by ‘poisoning the well’: the group targets the software supply chain by injecting\r\nmalicious code into legitimate software distribution mechanisms, exploiting trusted platforms like GitHub, Reddit and\r\nHugging Face to maximize their reach. NullBulge announces their leaks via their own DLS/blog site, alongside occasional\r\n4chan threads. Further, the group is using customized LockBit ransomware builds to maximize the impact of their attacks. In\r\nthis post, we provide an overview of the NullBulge group’s malicious activities, and technical details of their LockBit\r\npayloads.\r\nDiscord, Reddit, and GitHub Code Distribution\r\nThe NullBulge group carried out a series of malicious campaigns targeting the supply chain of AI tools and platforms across\r\nMay and June 2024. This includes the compromise of the ComfyUI_LLMVISION extension on GitHub. Additionally, the\r\nthreat actor distributed malicious code through BeamNG mods on Hugging Face and Reddit. The GitHub-centric\r\n( ComfyUI_LLMVISION ) campaigns and Hugging Face-centric campaigns are characterized by Python-based payloads\r\nexfiltrating data via Discord webhook. The group’s other campaigns resulted in the distribution of more malware, including\r\nAsync RAT and Xworm.\r\nGitHub repository for malicious libraries\r\nThese campaigns resulted in malicious Python scripts which harvest and transmit data via Discord webhook. The threat\r\nactor modified the included ‘ requirements.txt ’ file to include custom Python wheels to integrate precompiled malicious\r\nversions of libraries from Anthropic and OpenAI. For example, the malicious wheels referenced a fake version of the\r\nOpenAI library (1.16.3). These trojanized libraries contain Python code (e.g., Fadmino.py ), which harvests and logs\r\nChrome and Firefox browser data via Network Security Services (NSS). Additional scripts, including e.g., admin.py , are\r\nused to interpret and transmit the data via Discord webhook URL.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 2 of 14\n\nadmin.py with encrypted Discord URL\r\nIn these campaigns, admin.py and Fadmino.py worked in concert to gather local, sensitive, system data, organize and\r\nprepare the data, and then finally transmitted the harvested data to an external server via HTTP POST requests to the\r\nDiscord webhook URL.\r\ncadmino.py extended data collection scripts\r\nThe general flow in these scripts is:\r\n1. Data Discovery/Extraction: admin.py and Fadmino.py gather browser login data (Chrome and Firefox usernames\r\nand passwords).\r\n2. Data Aggregation: admin.py and Cadmino.py gather, parse, and extract the data. Cadmino.py extends on the data\r\ndiscovery to include geographic information and expanded system information along with installed applications. This\r\nincludes data pertaining to security products and financial data.\r\n3. Data Transmission: admin.py constructs the transmission URLS from an encrypted Discord webhook and performs\r\nthe actual exfiltration.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 3 of 14\n\nDecrypted Discord URL from admin.py\r\nThe NullBulge group has also distributed malicious code via Hugging Face. These include the maliciously-crafted tools\r\n“SillyTavern Character Generator” and “Image Description with Claude Models and GPT-4 Vision”. These tools contain\r\nmalicious dependencies in an approach similar to that seen with the compromise of ComfyUI_LLMVISION repository. The\r\nmalicious payloads delivered in these campaigns function in an identical way to those observed in the ComfyUI_LLMVISION\r\nrepository, which uses malicious wheels.\r\nDistribution via HuggingFace\r\nThe AppleBotzz Identity\r\nAcross the GitHub and Hugging Face repository-centric attacks, the AppleBotzz identity is used to host the code in both the\r\ncompromised repositories in addition to the posts on ModLand. Some discussions focused on the possibility of AppleBotzz\r\nand the NullBulge threat actor being one and the same. NullBulge has claimed to control the ComfyUI_LLMVISION GitHub\r\nrepository for the duration of it being active. There was never any non-malicious code posted in that repository, prompting\r\nskepticism around whether AppleBotzz and NullBulge are truly separate entities.\r\nNullBulge made a statement on their blog indicating that they are separate entities and that the original maintainer of the\r\nComfyUI_LLMVISION GitHub repository was previously compromised by the group. The original mantaner’s credentials\r\nwere compromised as a result, enabling the NullBulge threat actor to post the malicious code to the GitHub repository.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 4 of 14\n\nNullBulge statement on AppleBotzz identity\r\nA similar statement was posted to the original ComfyUI_LLMVISION GitHub by the threat actor:\r\nArchived statement on ComfyUI_LLMVISION GitHub\r\nThe AppleBotzz identity was also used on ModLand and similar platforms used to spread malicious BeamNG mods.\r\nThe threat actors claim that they were able to take over all accounts previously controlled by AppleBotzz on platforms like\r\nHugging Face, GitHub, ModHub, and ModLand. A more probable scenario is that NullBulge controls the AppleBotzz\r\nidentity, which is central to its malware staging and delivery process. However, there’s insufficient evidence to confirm this\r\nhypothesis at this time.\r\nMalware Delivery | Async RAT and Xworm\r\nNullBulge has targeted users of BeamNG, a vehicle simulation game that uses soft-body physics to realistically model\r\nvehicle dynamics, collisions, and deformations in an open-world sandbox environment. On June 4, 2024, a thread was\r\nposted in the BeamNG communities forum titled “BeamNG mods are not safe anymore,” highlighting an emerging concern\r\nover specific mods for BeamNG. This compromise was further detailed in a YouTube video from Eric Parker. The attack is\r\ndescribed as originating from malicious LUA code delivered in a BeamNG mod file. Obfuscated powershell was injected\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 5 of 14\n\ninto the mod files that subsequently downloaded Async RAT or Xworm, which in turn led to the deployment of their\r\ncustomized LockBit payloads.\r\nInitial distribution of the trojanized mods occurs via base64-encoded links across social media profiles setup by the threat\r\nactor. The malicious mods were also distributed via ModLand and similar BeamNG-related communities.\r\nMalicious ModLand post, AppleBotzz identity\r\nBase64-encoded link for malicious BeamNG mod distribution\r\nThese encoded links decode malicious links hosted on a variety of services including modsfire and pixeldrain. Examples are\r\nas follows:\r\nhttps[:]//modsfire[.]com/IzozIsm52J72cWM\r\nhttps[:]//modsfire[.]com/1Nhyzs0OpLDu204\r\nhttps[:]//modsfire[.]com/IzpzklsmT2jz7W1\r\nhttp[:]//pixeldrain[.]com/api/file/HnEcyLBm\r\nhttps[:]//pixeldrain[.]com/api/file/SoRcBJnZ\r\nThese now defunct links led to Async RAT payloads.\r\nThe malicious BeamNG mods were distributed via torrent or zip archive across BeamNG-focused forums and subreddits.\r\nThe maliciously-crafted mods contain Lua code which is executed upon ingestion of the mod file by BeamNG.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 6 of 14\n\nThe malicious Lua code is placed into the various Lua ‘extensions’ packaged into the BeamNG mod (example:\r\nVersionCheck.lua : 5c61e08914d4108aa52401412a61ddbbb68ca7cc)\r\nObfuscated Powershell in malicious BeamNG mod\r\nThe Lua files contain base64-encoded PowerShell that, when decoded, downloads and executes the Async RAT sample (via\r\nInvoke-WebRequest ). The specific string in the previous image decodes to the download request below.\r\nIn this case, the Async RAT instance is downloaded from a pixeldrain[.]com address and executed under the process name\r\nBeamNG.UI.exe.\r\nCustom LockBit Payloads\r\nNullBulge is delivering LockBit ransomware payloads to their Async and Xworm victims as a later-stage infection. This\r\nportion of the attack is also discussed in the aforementioned Eric Parker video.\r\nNullBulge payloads are built using the LockBit 3.0 (aka LockBit Black) builder aside from a customized configuration file\r\n( config.json ).\r\nSHA1: bca6d4ab71100b0ab353b83e9eb6274bb018644e\r\nName: LockBit3Builder.zip\r\nAlong with config.json , NullBulge is built with builder.exe , keygen.exe and build.bat , a batch file for automated\r\nbuilds of paired encryptor and decryptor executables. Build.bat (804a1d0c4a280b18e778e4b97f85562fa6d5a4e6) is also\r\nunchanged from standard leaked bundles of the LockBit 3.0/LockBit Black builder.\r\nUnmodified build.bat from the NullBulge builder archive\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 7 of 14\n\nThe config.json (705d068fb2394be5ea3cb8ba95852f4a764653a9) file contains settings for the payload UID along with\r\nall the behavioral components to be controlled upon building of the payloads. This includes the following configuration\r\nsettings:\r\n\"encrypt_mode\": \"auto\",\r\n\"encrypt_filename\": false,\r\n\"impersonation\": true,\r\n\"skip_hidden_folders\": false,\r\n\"language_check\": false,\r\n\"local_disks\": true,\r\n\"network_shares\": true,\r\n\"kill_processes\": true,\r\n\"kill_services\": true,\r\n\"running_one\": true,\r\n\"print_note\": true,\r\n\"set_wallpaper\": true,\r\n\"set_icons\": true,\r\n\"send_report\": false,\r\n\"self_destruct\": true,\r\n\"kill_defender\": true,\r\n\"wipe_freespace\": false,\r\n\"psexec_netspread\": false,\r\n\"gpo_netspread\": true,\r\n\"gpo_ps_update\": true,\r\n\"shutdown_system\": false,\r\n\"delete_eventlogs\": true,\r\n\"delete_gpo_delay\": 1\r\nIn the provided configuration, encryption is set to auto as opposed to fast mode. The option to encrypt network shares\r\nis enabled, along with the standard encryption of local volumes. The malware is also configured to self-delete post-execution\r\nand to send ransom notes to attached printers.\r\nThe configuration also outlines which files and folders are included or excluded from encryption, along with what processes\r\nto terminate. The contents of the ransom note are defined in the config.json file.\r\nNullBulge config.json\r\nThe ransom note construction is also handled via the config.json file, which is customized with NullBulge’s identifying\r\nmodifications.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 8 of 14\n\nNullBulge ransom note configuration\r\nData Leak Sites and Recent Targeting\r\nNullBulge has multiple active leak sites. Its initial .com and .onion sites went live in late May 2024. As of July 2024, the\r\n.se and .co domains are active and updated on an ongoing basis. Their domains include:\r\ngroup.goocasino[.]org\r\nnullbulge[.]com\r\nnullbulge[.]se\r\nnullbulge[.]co\r\nnullblgtk7dwzpfklgktzll27ovvnj7pvqkoprmhubnnb32qcbmcpgid[.]onion\r\nAs of this writing, the NullBulge DLS has listed multiple victims. Most of the site is dedicated to documenting their cause\r\nalong with standard rules of engagement.\r\nAt the end of June 2024, the NullBulge group announced a leak of information from Disney, which allegedly included .web\r\npublishing certificates and sprites from the animated series DuckTales.\r\nDisney releases from NullBulge\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 9 of 14\n\nDisney releases from NullBulge\r\nThe Disney leaks were later updated with a “Release is Close” post. This updated post contained a base64-encoded link to a\r\n~670MB file, DuckTales_Isolated.zip hosted on pixeldrain[.]com .\r\nLeaked Disney data on pixeldrain\r\nThis archive contains multiple PhotoShop Document (PSD) files related to the DuckTales series. These leaks were also\r\nposted to 4chan under the !!z694g7GKz7l identity. The posts contain base64-encoded strings, which link to the leaked data.\r\nNullBulge announcing Disney leaks on 4chan\r\nOn July 12, the NullBulge group released a ~1.2TB archive purportedly containing multiple years of Disney’s internal Slack\r\ndata. The release of this data was preceded by countdown posts across the threat actor’s online profiles. NullBulge claims\r\nthey obtained the data using compromised corporate account credentials.\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 10 of 14\n\nCountdown timer, July 11 2024\r\nProfiles and Other Activities\r\nIn addition to 4chan posts under !!z694g7GKz7l , NullBulge maintains active profiles across multiple common underground\r\nforums. They have a history of selling infostealer logs from their custom stealer on the CRACKED[.]io forum.\r\nNullBulge selling infostealer logs on cracked[.]io forum\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 11 of 14\n\nThe actor also has a history of selling stolen OpenAI API keys in these forums. This demonstrates that NullBulge’s\r\nmalicious activity is not limited to those that protect artists rights. Its activities are financially focused, and it is able to\r\ndevelop or acquire whatever tools needed to further this cause. The actor behind NullBulge also maintains a GitHub\r\nrepository under the name NullBulgeOfficial, containing their Discord webhook libraries, along with their custom Python\r\nlibrary for interacting with the AvCheck API. Additionally, NullBulge has a mysellix[.]io profile, which has been used to\r\nsell OpenAI API keys.\r\nNullBulge OpenAI API key sales\r\nConclusion\r\nNullBulge is a low-sophistication actor, targeting an emerging pool of victims with commodity malware and ransomware.\r\nThe group’s invasive targeting of AI-centric games and applications poses a threat to those working with such technologies\r\nand highlights an intriguing area of focus for threat actors. Its methods of staging and delivering malicious code – such as\r\nobfuscated code in public repositories – is not new, but the target demographic is an emerging sector which is increasingly\r\nbeing targeted. Groups like NullBulge represent the ongoing threat of low-barrier-of-entry ransomware, combined with the\r\nevergreen effect of infostealer infections.\r\nWell-seasoned malware families like Xworm and Async RAT are used by NullBulge and similar threat actors. These tools\r\ngenerate infostealer logs that can fuel bigger and more elaborate attacks as demonstrated in the recent attack against\r\nSnowflake. Additionally, the attack surface for platforms like BeamNG are ripe for exploitation. In the BeamNG scenario,\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 12 of 14\n\nattackers execute privileged code via PowerShell through ‘trusted’ Lua scripts when installing the game mods. This is a very\r\nattractive mechanism for malicious actors, and not dissimilar to software supply-chain attacks that deliver payloads through\r\nNPM packages, which we have discussed previously.\r\nTo reduce your organization’s exposure to techniques used by NullBulge, consider the following security measures:\r\n1. API Key Management: Store API keys securely and avoid hardcoding them in your code. Use environment variables\r\nor secure vaults to manage sensitive information. Regularly rotate API keys to minimize the potential impact of a\r\ncompromise.\r\n2. Code Review and Verification: Routinely examine third-party code elements for any obfuscated or otherwise\r\nsuspicious content. Pay close attention to dependencies in support files like requirements.txt and equivalent.\r\nEnsure that third-party code is ingested from a trusted and verified source. Routinely review commit histories and\r\nhave a clear understanding of active contributors, so as to be able to spot ‘suspicious’ commits or inquiries. Be wary\r\nof installing code from public sources that are subject to low or no scrutiny.\r\nIndicators of Compromise\r\nSHA1 Description\r\nf37da01783982b7b305996a23f8951693eb78f72 Async RAT (via Pixeldrain)\r\n0cd5dc12bca41f6667547aa10b9cf1d989ba30a0 Async RAT (via Pastebin)\r\n843d0df759ffd79b00f0adef3371e003a3539977 Xworm (via Pastebin)\r\nc6a884dcf21c44de3e83427a28428c24582a8b6f anthropic-0.21.3-py3-none-any.whl\r\n5a18ba89c118a7c31f3e8f674727da08779421ce openai-1.16.2-py3-none-any.whl\r\n89d9b7c3eff0a15dc9dbbfe2163de7d5e9479f58 LockBit 3.0\r\n93460d0789dce9cf65a90e542424b0ac057e1dc5 admin.py\r\ndcb47900458692589a594a293c1c7c2559cc4cbe Fadmino.py\r\n9eb83ab3f53e99cdc9948a6123c7c90fad9e3991 cadmino.py\r\n2d1dca9c10996143b698a9351d1eb446c19f92a7 VersionCheck.lua\r\n756e6c96d1dd75e4d27af7c36da751ab496cedb8 VersionCheck.lua\r\n304f71ccf9d533d0cdeba97546addcac6d6b53e7 (Ransom note)\r\n705d068fb2394be5ea3cb8ba95852f4a764653a9 (LockBit builder config JSON)\r\nbca6d4ab71100b0ab353b83e9eb6274bb018644e (LockBit3Builder.zip)\r\n804a1d0c4a280b18e778e4b97f85562fa6d5a4e6 (build.bat)\r\nec03fd1551d31486e2f925d9c2db3b87ffcd7018 (keygen.exe)\r\n8899fe6ecfe7b517a4c80ebb3b5c50e6e93b7294 (LockBit_NullBulge payload)\r\n2a8951d35e853b2c2fd5753b686dd132f20ac355 (LockBit_NullBulge payload)\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 13 of 14\n\n3f6c619bdc7d931a9a9f82dfc77963a02ab9c2bf (LockBit_NullBulge payload)\r\n886e3667273e50a7295224332084d7fde8836546 (LockBit_NullBulge payload)\r\n4b53022bf125bd789ef43271666ac960f841c4f9 (LockBit_NullBulge payload)\r\n4fdc357f1dfc54a19e31c210f0783dffc77039d9 (LockBit_NullBulge payload)\r\nde256f9d30b0dca87f8127323271f7196fe0f262 Malicious BeamNG Mod\r\n5c61e08914d4108aa52401412a61ddbbb68ca7cc VersionCheck.lua\r\n28b5aaab8fa92aeade193dc13feca491559fc88f Malicious BeamNG Mod\r\n3e417d9bb9f6ce10b9c66b468b9fe79d8f06c36b Malicious BeamNG Mod\r\nc8e93fc737e6c7822de62a969e9c0048847dabc5 Malicious BeamNG Mod\r\n0cbac9e999094d8a3bd3da985c57031dd7614f20 Malicious BeamNG Mod\r\nNetwork\r\ngroup.goocasino[.]org\r\nnullbulge[.]com\r\nnullbulge[.]se\r\nnullbulge[.]co\r\n86[.]107.168.9\r\nnullblgtk7dwzpfklgktzll27ovvnj7pvqkoprmhubnnb32qcbmcpgid[.]onion\r\nXMR (Monero) Address\r\n45i7kjWZuzJ4PdSbandaaE8S6mQATmneTYEpgsaaCqDmc7foEJDXwxd3ABR8bn6YE4c7hZ2dYEEr1CwG48gAknPL6zUpYyV\r\nSource: https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nhttps://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/\r\nPage 14 of 14",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"MITRE",
		"Malpedia"
	],
	"references": [
		"https://www.sentinelone.com/labs/nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai/"
	],
	"report_names": [
		"nullbulge-threat-actor-masquerades-as-hacktivist-group-rebelling-against-ai"
	],
	"threat_actors": [
		{
			"id": "d997a1d5-b410-42c4-a490-90f287ad3034",
			"created_at": "2024-07-21T02:00:04.751362Z",
			"updated_at": "2026-04-10T02:00:03.675263Z",
			"deleted_at": null,
			"main_name": "Nullbulge",
			"aliases": [],
			"source_name": "MISPGALAXY:Nullbulge",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434182,
	"ts_updated_at": 1775791491,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a10e9f3797fc4394e9a8b51c9853b64954007c94.pdf",
		"text": "https://archive.orkl.eu/a10e9f3797fc4394e9a8b51c9853b64954007c94.txt",
		"img": "https://archive.orkl.eu/a10e9f3797fc4394e9a8b51c9853b64954007c94.jpg"
	}
}