UPDATE: Shadow Brokers Now Accepting Payment in Monero for Release of Zero-day Exploits

Last week, the LMNTRIX team reported on an ICS system infected by a Crypto mining Trojan which used the system’s CPU and GPU to mine crypto currency in the Monero Mining pool.

The growing popularity of the Monero crypto currency has not gone unnoticed by the Shadow Brokers group as well who have seemed to have just switched to Monero as their crypto currency of choice. 

This is the same group involved in leaking the NSA tool and exploits which the hackers took advantage to exploit the Windows SMB vulnerability resulting in Global WanaCrypt ransomware attack which affected millions of machines worldwide.

The Shadow Brokers group came into action in the last week of May 2017 to announce their intention to provide more NSA’s zero-day vulnerability exploits and hacking tools for a monthly membership fee of 100 ZEC (Zcash) (approx. $21,519 USD).

The Shadow Brokers group now seems to have changed their mind in terms of a payment method and has decided to receive the same via Monero Crypto Currency (probably because it is more anonymous than other digital currencies like Bitcoin or ZEC).

In a new public press release, the Shadow Brokers team announced the method for accepting the payment sum of 500 XMR in the specified Monero payment ID:

TheShadowBrokers is making decide to be accepting Monero. For subscribe sending 500 XMR to the following address.

41jwGGMNRBKNurVnuo7ZW4HqrgPnfiJbfHUi3k46b5nFhvbpwcK6KdTSjvTRdbzdEzZbQ1t5GWhsW7scxcNv2adUJSbtExP

The Email Address you including in “Payment ID” is needing be converted to hexadecimal

ascii to hex.

username@domain.com = 75 73 65 72 6e 61 6d 65 40 64 6f 6d 61 69 6e 2e 63 6f 6d

Monero requires Payment ID to be 32 bytes or 64 hex characters so pad difference with 00

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32


75 73 65 72 6e 61 6d 65 40 64 6f 6d 61 69 6e 2e 63 6f 6d 00 00 00 00 00 00 00 00 00 00 00 00 00

“757365726e616d6540646f6d61696e2e636f6d00000000000000000000000000”

Tags: No tags

Comments are closed.