14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Today the United States Department of Justice unveiled the leader of Lockbit ransomware group.
Читать полностью…
In roughly 9 hours the United States Department of Justice is scheduled to unveil the identit(ies) of Lockbit ransomware group leadership.
Through extensive research and investigation we have several theories on whom the leader(s) really are.
We share information on someone getting hacked, or a cute kitty cat, or a meme, 10000000+ likes and retweets.
We work hard to add data and it's crickets.
"Can Java be in the light bulb?", asked like a true degenerate internet nerd
Читать полностью…
Today Lockbit ransomware group began listing dozens of ransomed companies. Let's review them!
Posts today that are new or not indexed:
- HtcInc (new and/or not indexed)
- Irc Be (new and/or not indexed)
- GeoTechEnv (new and/or not indexed)
- Svenskakyrkan (new and/or not indexed)
- TDT Aero (new and/or not indexed)
- Kras hr (new and/or not indexed)
- Eviivo (new and/or not indexed)
Websites that don't exist (???):
- Sunray-dot-com (website listed doesn't exist)
Data posted but its repeat data:
- ChuzeFitness (originally posted 2023-12-19)
- FoxSemicon (originally posted 2024-01-19)
- Alfiras (originally posted 2024-02-09)
- Smbw (originally posted 2023-12-26)
- Cms Law (originally posted 2023-12-13)
- Denave (originally posted 2023-12-07)
- SunnyDesigns (originally posted 2023-04-25)
- PTOW (originally posted 2023-04-25)
- Peachtree-Medical (originally posted 2023-04-25)
- AtlanticEye (originally posted 2023-04-25)
- Central-K12-OR-US (originally posted 2024-03-05)
An unknown Threat Actor(s) claims to have compromised International Baccalaureate Organization (IBO), a nonprofit foundation headquartered in Geneva, Switzerland.
We have briefly reviewed the data and from a high-level overview this breach looks legitimate and like they've got everything... They've released nearly 100 photos as proof and the proof is damning
Today we spoke with Lockbit ransomware group administrative staff regarding the return of the old domain and new messages from FBI, NCA UK, and EURPOL.
Lockbit ransomware group states law enforcement is lying.
Lockbit also said and quote: "I don't understand why they're putting on this little show. They're clearly upset we continue to work."
Lockbit insists they will continue to work and will continue to "bring" new victims.
In roughly 36 hours the FBI, NCA UK, and EUROPOL hint at unveiling the identity of the leader(s) of Lockbit ransomware group and the identities of more ransomware affiliates.
Nevermind, they got bonked now – was enjoying some ice cream and watching Brooklyn Nine-Nine until nerds began blowing up the phone.
Читать полностью…
Today Lockbit ransomware group's website has been seized (again).
The new server hijack mocking asks Lockbit ransomware group administrative "What have we learned?" and states they will unveil more identities of ransomware operators behind Lockbit (possibly the leaders too)
Hello, how are you?
We hope everyone had a good week and is enjoying their weekend thus far. Today is the day of rest.
Enjoy your Sunday.
Yesterday (or whenever, we don't care enough to get the exact date) F-Society ransomware group claimed to have compromised Bitfinex.
This compromise is a hoax. Bitfinex was not compromised. The 'stolen data' is just a list of username:password combinations from GitHub.
Underground ransomware group, a relatively new group which first appeared roughly March 21, 2024, has claimed to have ransomed Synology.
Synology is a Taiwanese corporation that specializes in network-attached storage appliances. Many nerds are familiar with them.
Underground ransomware group claims to have exfiltrated 51GBs of data. Upon review of leaked data snippets it appears they've primarily exfiltrated data off of user workstations. It is also in German. We aren't going to translate German into English (it's Saturday) – so we can't weight in on the validity or the value of the data.
Interestingly, the date of the data shows 2023-07-18. We aren't sure if they've had access to Synology for several months, or they've simply grabbed older data.
Unlike most traditional ransomware groups they also have a Telegram channel.
These government e-mails, which can used for social engineering, can be sold for as low as $1 – in some cases they're free because of how many are available.
tl;dr their problem is your problem because they will use it against your company or end users
(we're not the fancy smart looking dude in the suit)
Читать полностью…
Today we learned that the United States Justice for Rewards program, ran by the U.S. Department of State, follows us on Twitter.
We retract every meme we've made about the U.S. government. Please don't send us to Guantanamo Bay.
We are also sorry you have to see our shit posts
CrowdStrike has made a badass ... statue? Doll? For Scattered Spider at RSA conference.
Thank you ddd1ms for the photo. You knew we'd love to see some shrines
Hello, we have a large update.
We've updated the vx-underground malware samples collection:
- Bazaar.2024.04
- Virussign.2024.04.28
- Virussign.2024.04.29
- Virussign.2024.04.30
- Virussign.2024.05.01
- Virussign.2024.05.02
- Virussign.2024.05.03
- Virussign.2024.05.04
- Android.Mobtes
* Tomorrow 39 new APT papers and/or samples will be added for the month of April, 2024
Paper updates:
- The Old New Thing – April, 2024
* Tomorrow 200+ malware reverse engineering or detection papers will be added for the month of April, 2024
Mildly interesting note: Lockbit ransomware group keeps posting ransomed companies. 75% we've seen before. However, the recent listing of 'Yucatan' was initially ransomed by ALPHV on 2023-04-13
(unless it's a different Yucatan)
Hello, how are you?
We are returning to our scheduled day of rest.
PLEASE – no one else do anything crazy. It's been an abnormally crazy Sunday. Everyone put their metaphorical internet cyber guns down and relax.
Have a nice day and/or evening.
Will law enforcement actually unveil the leadership behind Lockbit ransomware group?
Will law enforcement indict more ransomware operators?
What has law enforcement secretly been doing?
What will the press release say?
Find out on the next episode of Dragon Ball Z
FBI and NCA UK right now after seizing Lockbit ransomware groups website for a 2nd time 😭😭
Читать полностью…
It is the day of rest. However, the FBI and NCA UK apparently do not believe in this. We are upset by this. Both organizations can now redeem one (1) monkey bonk at their time of choosing.
Читать полностью…
Telegram nerds,
Per request (multiple requests...) we will enable comments on posts on Telegram. We will do it some time next week, whenever we get around to it. Please try to keep it civil (we know you won't, you're all a bunch of degenerates, but please try).
Have a nice day.
If you or someone you know recently commented on this situation without verifying the validity of the data please deploy one (1) monkey bonk.
Thanks,
Update:
Someone asked for a comment from Synology. Synology confirmed they were targeted by (what they believe to be) a spear-phishing campaign in April, 2023.
tl;dr the data is old. No ransomware was deployed. The company is not impacted.
Thank you to the people who enjoy calling us 'fart faces' and 'stinky' from compromised government e-mails. It's fun:)
It's also painstakingly obvious that less-developed countries run rampant with stealer malware and it poses a serious security threat
When you're a degenerate nerd but corporate asks you to go to a conference
Читать полностью…