s3n4t0r-0x0 Goto Github PK

am0n-eye

AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts & BOF is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV while allowing the operator to continue using the tools

amon-eye

AM0N-Eye is the decompiled from Cobaltsetrike and has been modified and developed through several aggressor scripts. is project based on a combination of different ideas and projects used by the threat actor where we observe a set of techniques to evasion EDR and AV

apt28-adversary-simulation

This is a simulation of attack by Fancy Bear group (APT28) targeting high-ranking government officials Western Asia and Eastern Europe

apt29-adversary-simulation

This is a simulation of attack by the Cozy Bear group (APT-29) targeting diplomatic missions

berserk-bear-apt

This is a simulation of attack by (Berserk Bear) APT group targeting critical infrastructure and energy companies around the world, primarily in Europe and the United States

checkmate

payload Execution by Fake Windows SmartScreen with requires Administrator privileges & Turn off real SmartScreen Filter

diablo

This script is a basic implementation of a C2 (Command-and-Control) connecting to a AM0N-Eye client that connects to a remote server specified by the IP address and port number provided as command-line arguments. Once connected, the client receives a payload of executable code from the server and executes it.

ember-bear-apt

This is a simulation of attack by (Ember Bear) APT group targeting energy Organizations in Ukraine the attack campaign was active from least March 2021, The attack chain starts wit spear phishing email sent to an employee of the organization, which used a social engineering theme that suggested the individual had committed a crime

energetic-bear-apt

This is a simulation of attack by Energetic Bear APT group targeting “eWon” is a Belgian producer of SCADA and industrial network equipmen

gossamer-bear-apt

This is a simulation of attack by (Gossamer Bear) APT group targeting Institutions logistics support and defense to Ukraine the attack campaign was active from April 2023

initial-registry

It is a registry file that performs malicious activities when the fresh button is pressed, Such as start a malicious link, making an execution for payload, or running a malicious command line in CMD or PowerShell

jicop-h00k

contains the core files required to create a Beacon Object File (BOF) for use with AM0N-Eye. BOFs are compiled C programs written in a specific convention that allows them to execute within a Beacon process and use internal Beacon APIs. BOFs provide a fast and efficient way to extend the Beacon

marionette

contains a C code snippet that can be used to connect to an AM0N-Eye and Cobalt Strike beacon using a TCP socket on Linux.

matryoshka

This repository contains a C++ program that can be used to simulate malware that exploits the messaging platforms Telegram or Discord to achieve its programmed goals. In this case, the program exploits "Maga" to dump data

primitive-bear-apt

This is a simulation of attack by (Primitive Bear) APT group targeting the State Migration Service of Ukraine

s3n4t0r-0x0

venomous-bear-apt

This is a simulation of attack by (Venomous Bear) APT group targeting U.S.A, Germany and Afghanista attack campaign was active since at least 2020, The attack chain starts with installed the backdoor as a service on the infected machine

voodoo-bear-apt

This is a simulation of attack by (Voodoo Bear) APT group targeting entities in Eastern Europe the attack campaign was active as early as mid-2022, The attack chain starts with backdoor which is a DLL targets both 32-bit and 64-bit Windows