Incident Overview

A threat actor using the handle "sha256sum" claims to be selling an advanced payload delivery method that bypasses all Windows security measures. The delivery system is designed to circumvent SmartScreen, Mark of the Web (MOTW), and Windows Defender, making it ideal for spear phishing campaigns. Unlike older LNK file delivery methods, this system can also be delivered via landing pages or other browser-based methods that rely on immediate payload execution after the user clicks the install button.

• Delivery Method: Advanced payload delivery system
• Security Bypasses: Windows SmartScreen, Mark of the Web (MOTW), Windows Defender
• Use Case: Ideal for spear phishing campaigns, particularly targeting Gmail users without triggering panic
• Delivery Channels: Landing pages and other browser-based methods
• Execution: Payload runs immediately after user clicks install button
• Package Contents: Full source code and step-by-step instruction guide
• Instructions: Detailed guide on how to create and deliver the payload successfully
• Video Demo: Available on request for potential trusted buyers
• Sale Terms: Sold at once to one buyer only, topic closed after purchase
• Transaction: Deal done only via Exploit.IN Escrow system without any exception
• Price: 10,000 USD