14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Meanwhile there is a Lockbit impersonator on Telegram scamming people out of $150 😂😂😂
Читать полностью…
Today UnitedHealth Group, a large health insurance provider in the United States, submitted an SEC Form 8K - they've been compromised.
The report does not indicate who is responsible for the attack.
More information: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm
We've updated the vx-underground malware families collection
- Kutaki
- RogueRobin
- zLoader
- Qealler
- QuasarRAT
- RhadamanthysLoader
- Ryuk
- Stealc
- Emotet
- IcedId
- VenomRAT
- Glupteba
- CactusRansomware
- AsyncRAT
- DarkBitRansomware
- Amadey
- Pikabot
🫡🫡🫡
Earlier we spoke with ALPHV ransomware group. We asked their opinion on the recent takedown of the Lockbit ransomware group website.
ALPHV, their long time competitor, offered words of encouragement for their competitor. They said and quote: "Lockbit is a pussy"
Today Poland's CBZC (Centralne Biuro Zwalczania Cyberprzestępczości, Central Bureau for Combating Cybercrime) released footage of a Lockbit affiliate arrest.
Читать полностью…
Today the Ukraine police announced they have arrested a Father-and-Son duo who were Lockbit affiliates.
More information: https://www.npu.gov.ua/news/slidchi-natspolitsii-prypynyly-diialnist-transnatsionalnoho-khakerskoho-uhrupovannia-lockbit-v-ukraini
We've updated the vx-underground malware sample collection.
- File name corrections to Bazaar collection
- More samples added to VirusSign collection
- 18,000+ new samples syncing with VXDB
Check it out here: https://vx-underground.org/Samples/VirusSign%20Collection/2024.02
Today the Russian government announced the arrest of an individual from SugarLocker ransomware group a/k/a Encoded01
More information: https://www.facct.ru/media-center/press-releases/sugarlocker-ransomware/
Journalists asking Threat Intel vendors what they're going to monitor now since the Big 3 (Conti, ALPHV, Lockbit) have been taken down
Читать полностью…
Today was a big day for the United States government and United Kingdom government. The Federal Bureau of Investigation and U.K. National Crime Agency’s (NCA) Cyber Division unveiled a massive, multi-year long investigation which has led to a catastrophic blow to Lockbit ransomware group and affiliates.
The Lockbit ransomware group Tor domain name displays a list of posts announcing activity performed by law enforcement agencies. It is written in Lockbit format, illustrating they have full control over Lockbit ransomware groups infrastructure.
Law enforcement has done the following
1. Law enforcement agencies will be unveiling sensitive information on Lockbit cryptocurrency and money operations February 23th, 2024
2. Law enforcement, with SecureWorks, will be revealing information on Lockbit tradecraft February 22nd, 2024
3. Law enforcement will be unveiling Lockbit affiliate infrastructure February 21st, 2024
4. Law enforcement, with TrendMicro, will be releasing a detailed analysis on Lockbit future-iterations February 22nd, 2024
5. Law enforcement will be unveiling information on Lockbit's StealBit data exfiltration tool February 21st, 2024
6. Law enforcement will be unveiling sanctions on Lockbit ransomware group at 15:30UTC today
7. Law enforcement, in conjunction with Japanese partners, has released a Lockbit decryptor tool
8. An individual in Poland has been arrested
9. An individual in Ukraine has been arrested
10. Law enforcement plans on unveiling the identity of the Lockbit ransomware group administration February 23rd, 2024
11. The United States government unveiled the indictement of two individuals associated with Lockbit ransomware group: Artur Sungatov and Ivan Kondratyev
12. The United Kingdom NCA has unveiled sensitive information on the Lockbit backend: the administration panel, the blog backend, and the blog source functionality. This includes the images of the source code.
"We may be in touch with you very soon" - National Crime Agency of the UK, the FBI, Europol, Operation Cronos Law Enforcement Task Force
Them getting in touch:
Lockbit ransomware group has issued a message to individuals on Tox.
"ФБР уебали сервера через PHP, резервные сервера без PHP не тронуты"
"The FBI fucked up servers using PHP, backup servers without PHP are not touched"
Lockbit ransomware group administrative staff has confirmed with us their websites have been seized.
Читать полностью…
Every single known Lockbit ransomware group website is either offline or displaying a seized by EUROPOL page.
It appears law enforcement has seized and/or taken down, at minimum, 22 Tor sites, in what is labeled 'Operation Cronos'.
We stayed up to 2am for the FBI / NCA UK / EUROPOL "Who is LockbitSupp?" reveal.
They extended the deadline 😡😡😡
We had a real chance at love. A mystery woman offered us $600/week.
All we did is ask for the malware and she blocked us:(
Reports are surfacing that every large-scale cell phone provider in the United States is experiencing technical issues or outages this morning.
https://apnews.com/article/cellular-att-verizon-tmobile-outage-02d8dfd93019e79e5e2edbeed08ee450
We've updated the vx-underground Windows malware paper collection
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
Today we spoke with Lockbit ransomware group administrative staff regarding the recent arrests of their affiliates. Lockbit administration told us several things.
1. They assert the individuals arrested are the wrong people and the multi-agencies involved arrested innocent people.
2. They assert the FBI / NCA UK / EUROPOL do not have know their information. They state they are willing to double the bounty of $10,000,000. They state they will place a $20,000,000 bounty on their own head if anyone can dox them.
3. They state the FBI / NCA UK / EUROPOL are not skilled pentesters, and their success was only due to their administrations laziness.
Today the United States government, or UK government, or EUROPOL, ... whoever is administrating the Lockbit blog... announced there is now a reward up to $10,000,000 for the identification of leadership behind Lockbit ransomware
Affiliates are worth up to $5,000,000
Just now the US government, in conjunction with the UK and EUROPOL, released more information on Lockbit ransomware group.
The information released is minor, and some information is already available publicly. However, they did unveil Lockbit employs 193 affiliates.
What it's like talking to Threat Actor's in Russia:
> Serious conversations
> Straight to the point
> Business only
What it's like talking to Threat Actor's in America, Canada, and Europe:
> Trust established by volume of kitty pictures sent
> Kitty picture spamming
We made a Get Well Soon card for Lockbit and affiliates
Читать полностью…
You nerds are a bunch of degenerates, the memes are already flooding in 😭
Читать полностью…
Lockbit ransomware group administration claims that law enforcement agencies compromised them by exploiting CVE-2023-3824
More information: https://nvd.nist.gov/vuln/detail/CVE-2023-3824
When a Lockbit affiliate tries to log into the Lockbit panel this is what they see
Читать полностью…
Trying to understand how in 1 single day it is
- I-S00N leaks
- Lockbit ransomware group website seizure
- President's Day in America
"We can confirm that Lockbit's services has been disrupted as a result of International Law Enforcement action - this is an ongoing and developing operation.
Return here for more information at:
11:30 GMT on Tuesday 20th Feb"
Lockbit ransomware groups website has been seized by EUROPOL.
Читать полностью…