{ "id": "8cd52d9c-d043-417e-883c-7fd130056c01", "created_at": "2026-04-06T00:06:25.929296Z", "updated_at": "2026-04-10T03:26:53.329878Z", "deleted_at": null, "sha1_hash": "b16f9617fca09ba4300b14f623059186d2f7bf6f", "title": "New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 107050, "plain_text": "New NSA Data Dump: ShadowBrokers Release UNITEDRAKE\r\nMalware\r\nPublished: 2017-09-07 · Archived: 2026-04-05 16:05:06 UTC\r\nThe ShadowBrokers is a group of hackers known for leaking exclusive information about the National\r\nSecurity Agency – NSA’s hacking tools and tactics.\r\nIn their latest leak, they have released the UNITEDRAKE NSA exploit, which is a remote access and control tool\r\nthat can remotely target Windows-based systems to capture desired information and transfer it to a server. It\r\ncaptures information using plugins to compromise webcam and microphone output along with documenting log\r\nkeystrokes, carrying out surveillance and access external drives.\r\nThe modular malware UNITEDRAKE is compatible with systems running on Microsoft Windows XP, Vista, 7, 8\r\nup to Windows Server 2012. UNITEDRAKE is described as a “fully extensible” data collection tool that is\r\nspecifically developed for Windows machines to allow operators the chance of controlling a device completely.\r\nAs cited by ZDNet, the malware modules like FOGGYBOTTOM and GROK can successfully listen to and\r\nmonitor communications, and keep a check on keystrokes, webcam, and microphone. When the task is completed,\r\nthe malware is able to self-destruct. Understandably, the NSA developed this tool to carry out mass surveillance\r\nand performed bulk hacking.\r\nWe first heard about UNITEDRAKE RAT back in 2014 when former NSA contractor Edward Snowden exposed\r\nan array of confidential documents in a high-profile scandal exposing the espionage tactics used by the NSA for\r\ndecades. Snowden revealed a glaring truth related to NSA spying tactics that the agency had been using multiple\r\nmalware programs to infect not hundreds or thousands but millions of computers across the globe to acquire\r\nvaluable, sensitive data.\r\nOn the other hand, ShadowBrokers group made headlines in 2016 when it claimed to have robbed various\r\nexploitation tools used by the NSA including the notorious ETERNALBLUE that was a vital component in the\r\nWannaCry ransomware campaign causing damages to systems worldwide. The claim was proved to be authentic\r\nby security experts as well.\r\nShadowBrokers has now decided to release two data dumps every month dubbed as the Monthly Dump Service.\r\nFor its latest data dump, the group is expecting to receive 500 Zcash, a type of cryptocurrency, which facilitates\r\nsecure, private transactions. It is worth noting that the current rate of Zcash is US$248 per unit or A$309.50 per\r\nunit.\r\nhttps://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/\r\nPage 1 of 2\n\nScreenshot from ShadowBrokers’s post on Steemit.\r\nDiscover more\r\nSecure cloud storage\r\nBlockchain technology courses\r\nHacking \u0026 Cracking\r\nThe data dump also includes a UNITEDRAKE manual, which means the group is trying to generate additional\r\ninterest among cyber criminals, vendors, and government groups to subscribe to services which provide access to\r\nthe stolen exploits and malware models.\r\nAccording to ShadowBrokers, five NSA data dumps are in the pipeline currently and the group is demanding a\r\nwhopping 16,000 Zcash for files to be released on November 15. Moreover, to further enlarge the profits,\r\nShadowBrokers intend to make previous data dumps available again for purchase and this time the price range\r\nwill be somewhere between 100 ZEC ($24,000) and 1600 ZEC ( $3.8m).\r\nThe group’s subscription service is currently operating discreetly. However, the members have started\r\ncomplaining about the tools not working as expected. A few months back one of its subscribers came out in public\r\nand complained that the “Wine of the month” club was a fake scheme.\r\nSource: https://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/\r\nhttps://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia", "MISPGALAXY" ], "references": [ "https://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/" ], "report_names": [ "nsa-data-dump-shadowbrokers-expose-unitedrake-malware" ], "threat_actors": [ { "id": "171b85f2-8f6f-46c0-92e0-c591f61ea167", "created_at": "2023-01-06T13:46:38.830188Z", "updated_at": "2026-04-10T02:00:03.114926Z", "deleted_at": null, "main_name": "The Shadow Brokers", "aliases": [ "Shadow Brokers", "ShadowBrokers", "The ShadowBrokers", "TSB" ], "source_name": "MISPGALAXY:The Shadow Brokers", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775433985, "ts_updated_at": 1775791613, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b16f9617fca09ba4300b14f623059186d2f7bf6f.pdf", "text": "https://archive.orkl.eu/b16f9617fca09ba4300b14f623059186d2f7bf6f.txt", "img": "https://archive.orkl.eu/b16f9617fca09ba4300b14f623059186d2f7bf6f.jpg" } }