The member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.
The threat actor aims at buying malware with zero detection. The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.
- Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
- Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
- Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.
The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.
Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future..