Confuser and Oilrig – Iranian Hacks

This is a bit disjointed at this time and is raw data. This is not intelligence, has not been analyzed but does tie directly to Oilrig.

A powerful program to pack your apps. With this program, you can pack programs in C # and VB.Net

Confuser – Confuser program zipped. For download and analysis

a1ir3z4-HK Frequently found on,, formerly of the Kalli Hack Team (kallihack),

Others in the mix: XVII_Hacker, #XVII_Roman & #BlackErroR1 & #sorblack


Bitcoin Cracker Performance Test via Telegram: @ a1ir3z4HK @ a1ir3z4_HK_bot
Using temp emails here:
Sprinkle the effort with a bit of Russian for flavoring

Cʏʙᴇʀ Cʀᴀᴄᴋɪɴɢ | سایبر کرکینگ\administrator;1qaz@WSX3edc\administrator;1qaz@WSX3edc\administrator;1qaz@WSX3edc\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;123qwe!@#\administrator;123qwe!@#\administrator;1234qwer!@#$\administrator;1qaz!QAZ\administrator;1qaz!QAZ\administrator;1qaz!QAZ\administrator;1qazXSW@\administrator;1qazXSW@\administrator;1qazXSW@\administrator;!QAZ2wsx\administrator;!QAZ2wsxЧитать полностью…\administrator;1qaz@WSX3edc\administrator;1qaz@WSX3edc\administrator;1qaz@WSX3edc\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;1qaz@WSX\administrator;123qwe!@#\administrator;123qwe!@#\administrator;1234qwer!@#$\administrator;1qaz!QAZ\administrator;1qaz!QAZ\administrator;1qaz!QAZ\administrator;1qazXSW@\administrator;1qazXSW@\administrator;1qazXSW@\administrator;!QAZ2wsx\administrator;!QAZ2wsxЧитать полностью…\administrator;p@ssw0rd\administrator;Pass@word1\administrator;P@ssw0rd\administrator;P@ssw0rd\administrator;P@ssw0rd\administrator;P@ssw0rd\administrator;P@ssw0rd\administrator;P@ssw0rd\administrator;Admin@123\administrator;Admin@123\administrator;Admin@123\administrator;Admin@123\administrator;Admin@123\administrator;Admin123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;admin@123\administrator;Passw0rd1\administrator;password@123\administrator;password@123\administrator;password@123\administrator;P@ssw0rd@123\administrator;password@1234\administrator;abc@123\administrator;\administrator;\administrator;
Beast Trojan Builder – (change to .rar to unzip) Use at own risk.
Featured post

Treadstone 71 Selected to Deliver at the RSA Conference 2018 San Francisco

Foundations for a Strong Intelligence Program
April 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

Cyber CounterIntelligence – Deception, Distortion, Dishonesty
April 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Featured post

Dragonfly 2.0? Delta Elektroniks and Pre-embedded Malware

Delta Elektroniks highly likely supported by the Russian government and a direct threat to energy sector supply chain operations

Treadstone 71 asserts with high confidence that Delta Elektroniks (DE) is likely a front company directly associated with Energetic Bear (Dragonfly). The equipment purchased from DE is vulnerable to supply chain threats due to malware embedded in the Taiwanese Delta Electronics (T-DE) programmable logic controller (PLC) software. T-DE is not aware of the infections allowing customers to download and install infected PLC software for the initial purposes of cyber espionage. Long-term intentions include possible physical sabotage operations and the potential to manipulate markets through false accidents (real but not due to human error or technology failure) to artificially drive up stocks (or down). Speculation of oil prices targeted to drive revenue when the price per barrel is too low to sustain economic plans. The PLCs appear to be genuine production parts with malware introduced post-production. Verification of Oleg Vladimirovich Strekozov’s identity is incomplete; the name is likely fictitious and probably state-sponsored. Evidence that suggests this outcome:

+++++++++++++++++++++++UPDATE+++++++++++++++++++ 1/4/2018+++++++++

Purely a Treadstone 71 effort


Malware Targets SCADA Devices

  • TTPs are like Dragonfly (Strekozov as defined) or Energetic Bear (B2)
  • Targeting SCADA devices is consistent with espionage practices (B2)
    • Provides hackers a foothold into US critical infrastructure via trusted downloads – Delta Website in Taiwan (as one of many)
  • A copycat website in Russia is suspicious and consistent with masquerade techniques (C3)
  • A legitimate Russian business would not conduct themselves in such a way (C2)
  • Multiple other sites deliver the same software (C3) …

NOTE: It is possible that the T-DE PLC software is poorly written and vulnerable by default. Scans from the T-DE website indicate website vulnerabilities including SQL injection weaknesses.

The full report: Treadstone 71Intelligence Games in the Power Grid PDF

The associated PPTX: Treadstone 71 Intelligence Games in the Power Grid

Our defenses are built for outside in. This is already in. Anti-virus scanners do not detect any of this only sandbox analysis. ‘Trusted’ software is being downloaded from multiple different sites in multiple different languages covering multiple different industries. Data centers, buildings, power plants, hospitals, public safety, dams, nuclear facilities, financial services data centers, oil pipelines, military facilities, hotels, industrial automation, building automation, energy and ICT infrastructure, embedded power, automotive electronics (ships/boats), embedded power, various components thereof, merchant and mobile power, telecom energy, and renewable energy non-inclusively.

Recent reports from Symantec (outside in): RELEASED OCTOBER 20/21

Treadstone 71 Announces Cyber Intelligence Capability Maturity Model

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Treadstone 71 Cyber Intelligence Maturity Model


Featured post

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.

Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.
Featured post

2017 Training Courses – Treadstone 71

2017 Training Dates

Main Page to Treadstone 71 Training – 2017

(or on demand including in-house or by location)

Treadstone 71 is working with FS-ISAC for training in London, Singapore, Malaysia, and Australia.

FS-ISAC Sponsored Courses:

Cyber Intelligence Tradecraft Training
3-7 April | Reston, VA
More | Register
Cyber Intelligence Tradecraft Training
8-12 May | London
More | Register
Cyber Intelligence Tradecraft Training
19-23 June | Reston, VA
More | Register
Cyber Intelligence Tradecraft Training
21-25 August | Reston, VA
More | Register

Featured post

Full Suite of Cyber-Threat Intelligence and Counterintelligence Courses Ready for Global Delivery

Treadstone 71 today announced a full suite of Cyber and Threat Intelligence and CounterIntelligence training courses. The courses drive the expansion of Treadstone 71’s accelerated, academically validated, intelligence training to global markets. Treadstone 71 delivers courses in California, Virginia, Canada, the United Kingdom, and the Netherlands and is set to expand to the Middle East and Asia later this year. (

Treadstone 71 offers a compelling business model that delivers rapid cyber and threat intelligence strategic planning, program build, and targeted training in sectors such as financial services, government, healthcare, energy, and other critical infrastructure verticals. Treadstone 71’s format, curriculum, and instruction model are helping meet critical global demand for cyber and threat intelligence and analysis expertise. Treadstone 71 training provide graduates with an attractive pathway to compensation increases, career progression, and much-needed attention to intelligence. The organization has been teaching cyber intelligence at the Master’s level and commercially for seven years. New courses include a focus on campaign management, the use of Tor, Tails, I2P, and Maltego as well as covering persona development and management. Students create a series of identities, character development, and dimensions, storyline, plot synopsis, story drive and limit, story weaving, applicability, scope, tools to be used, methods of interaction with other identities, engaging secondary characters, refining targeting while developing a campaign to gain street credentials.

“Our courses provide academic instruction combined with real-world, hands-on collection, analysis, analytic writing, dissemination, and briefings that many liken to an apprenticeship,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “Our curriculum follows the teachings of Sherman Kent and Richards Heuer giving students the tools necessary to perform targeted collection, structured analysis while authoring reports modeled after intelligence community standards. We teach methods of cyber infiltration, information and influence operations, counterintelligence strategies, mission based counterintelligence, denial and deception, and counter-denial and deception.”

Treadstone 71 courses are validated and proven by intelligence professionals creating job-ready threat intelligence professionals for global organizations suffering a talent shortage. “Intelligence analysis as an inherently intellectual activity that requires knowledge, judgment, and a degree of intuition,” continued Bardin. “Treadstone 71’s intelligence, counterintelligence, and clandestine cyber HUMINT training and services help organizations transform information into intelligence pertinent to their organization.”

Analysis includes integrating, evaluating, and analyzing all available data — which is often fragmented and even contradictory — and preparing intelligence products. Despite all the attention focused on the operational (collection) side of intelligence, analysis is the core of the process to inform corporate stakeholders. Analysis as more than just describing what is happening and why; identifying a range of opportunities… Intelligence Analysis is the key to making sense of the data and finding opportunities to take action. Analysis expands beyond the technical focus of today providing organizations with core capabilities for business, competitive, cyber, and threat intelligence.

Treadstone 71’s Cyber Intelligence Tradecraft Certification is the gold standard in the industry today derived from both academia and from Treadstone 71’s experience in building cyber intelligence programs at Fortune 500 organizations worldwide.

Treadstone 71

888.714.0071 – osint@treadstone71.com

Featured post

The 12 Days of Cyber Christmas

…or What I want for Cyber Security and Intelligence Christmas 2016

  1. All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

    9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls. 

    10. New regulations to enforce security and privacy, demanding disclosure of breaches,    fining companies and individuals for negligence are put in place, at once.

    11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.

  12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Merry Cyber Christmas from Treadstone 71


Featured post

Blog at

Up ↑

%d bloggers like this: