TheShadowBrokers
TheShadowBrokers is described as a mysterious group that repeatedly published what it claimed were NSA hacking tools. In the provided reporting, the group is specifically linked to disclosure of security holes and alleged NSA-associated tools several weeks before the 2017 WannaCry/WannaCrypt ransomware outbreak. The content states that the Windows vulnerabilities exploited by WannaCry were tied to tools disclosed by TheShadowBrokers, and that Microsoft had already issued patches for supported systems shortly after those disclosures. No additional high-confidence information about the group's origin, sponsorship, targets, sub-groups, or broader operations is directly provided in the content. Known alias in the content: theshadowbrokers.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Published alleged NSA hacking tools that exposed security holes later associated with the WannaCry outbreak.
Published/disclosed alleged NSA hacking tools and related vulnerabilities that were later leveraged in the WannaCry ransomware outbreak.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.