14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Conor Fitzpatrick, the previous administrator of BreachedForum, is being pulled back into court.
Upon pleading guilty, he was sentenced to 20 years supervised release. The United States government is not happy with this sentencing and is making an appeal to the higher courts.
> Get United States court system RSS feed
> Monitor each District Court (updates every 24hrs)
> Find non-DOJ announcements on cyber criminals
Hello,
We are trying to get enough followers on Twitch to unlock some Twitch features. If you're a person who uses Twitch and would like to support us please follow vx-underground here:
https://www.twitch.tv/vxunderground_live/
a vx-underground member is currently stranded because the EV charging station they use is offline (???)
tl;dr ChargePoint is cool and badass
It is honestly insulting someone would use our name and deface it with shitty AI art and ... Netflix fraud? Really?
Читать полностью…
We will be hosting our first ever VXUG trivia night. On March 8th teams of friends (or cats?) will answer malware and/or Threat Intel related questions for a chance to win money.
1st place: $500
2nd place: $250
3rd place: $100
Sponsored by Malcore 🙏
(More info soon)
exciting news coming
(if you have friends and like cash prizes)
cya soon
We recently had a few people ask us if we dislike CTI (Cyber Threat Intelligence) because we occasionally meme them online.
No, in fact we very much like them. We enjoy reading the DFIR reports, notes and theories on how financially motived and/or state-sponsored groups operate, and we enjoy reading the geopolitical backgrounds and/or influences on groups. This field of research is profoundly valuable to our line of work because these factors influence malware development in more ways than one. We are big fans of research performed by groups such as Mandiant, Cisco Talos, Recorded Future (and/or Insikt Group), Intel471, CrowdStrike, and Threat Intel adjacent groups like TheDFIRReport.
Our primarily criticism of Threat Intel is not the large vendors, it is the trickle down effect from Threat Intel. For example: Mandiant may publish a paper on APT28. Following the release of their research it is inevitable that a smaller or lesser known Threat Intelligence company(ies) will regurgitate Mandiant's findings, only to slightly distort it, thus making it inaccurate or altered in some form from the initial source. As this trickle down effect continues the information becomes more and more distorted and inaccurate leading to misinformation.
We also just meme and shit post because our online account is ran by 3 people with a combined IQ of spaghetti. Sometimes we put little-to-no thought into how people will respond to memes.
Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders.
In summary: they claim they failed to keep their systems up-to-date because they had become 'lazy', and they had become complacent. They believe they were compromised by CVE-2023-3824, but are not totally sure. They also speculate it could have been a 0day exploit. They also speculate other RaaS groups (their competitors) may have been compromised.
They also speculate the reason why the FBI took such aggressive action was because a recent ransomware attack performed by one of their affiliates had sensitive information on former President Donald J. Trump. They state they believe their affiliates should target government entities more often to illustrate government vulnerabilities and flaws.
It is an incredibly long read with lots of speculation and attempts to discredit law enforcement agencies.
You can read the full post here: https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour.
Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown.
Stay tuned for the next episode of Dragon Ball Z
Hello harddrive purchasers,
All remaining international harddrives have been mailed, except 2 in Germany because the "ß" letter angered the post office and we have to redo the label. Oopsies. We learned the "ß" has to be written as "ss". 😡
North American harddrives will be shipped the coming week.
We've also dramatically improved our process for cloning, packaging, and shipping. In the future delivery will be much faster. We bought a bunch of stuff to make labels, package stuff, etc =D
Breached, the infamous forum where individuals buy, sell, leak, and trade data, recently made some modifications to their rules.
Breached now forbids ransomware sales, recruitment, development, and ransomware-adjacent extortion.
See attached image for more information
lozaning is a nuisance to society. We gotta stop them. They've created the Toothbrush Botnet!
Читать полностью…
This week has been fundamentally similar to HBO's Game of Thrones.
It started off strong, had a wonderful plot and development. It had twists, turns, cool cameo appearances. Then it suddenly ended and you say, "what the fuck is that"
On Monday when the Lockbit ransomware group website was seized by FBI, NCA UK, and EUROPOL, they made a post titled "Who is Lockbitsupp?" - this post indicated that law enforcement could potentially unveil key leadership behind the organization.
During the week we spoke with Lockbit ransomware group administrative staff. They stated they did not believe law enforcement know his/her/their identities. They even boastfully raised the bounty of their head to $20,000,000.
Today we finally get to see the "Who is Lockbitsupp?" post. The post is very short. It states Lockbit does not live in the United States or Netherlands. It also states he drives a Mercedes. They end the post with a picture of "Tox Cat" - an emoji frequently used by Lockbit ransomware group administrative staff and state Lockbit ransomware group administrative staff has 'engaged' with law enforcement.
tl;dr Lockbit ransomware group called their bluff and succeeded
March 1st, 2024 Yaroslav Vasinskyi, the individual responsible for the REvil Kaseya supply chain attack will be sentenced.
His sentencing has been continuously been post-poned and rescheduled since 2022. He has been sitting in a county jail waiting for almost 2 years.
American Fast Food restaurant Wendy's CEO announced they're considering introducing 'price surging', where food prices fluctuate based on demand
pov: in line watching baconator cheeseburger go from $5 to $20 in-real-time
very cool, no charging station for 3186mi (5127km)
Читать полностью…
This isn't real but it is insanely funny
"When we catch you, me and NCA are going to take turns running you over with your own Mercedes."
😂😂😂😂😂😂
4th place will be a coupon to Taco Bell, or Robux or a crusty sock, or something, we haven't gotten that far yet
Читать полностью…
We've updated the vx-underground malware sample collection.
- Virusshare.00485
- Virusshare.00486
- 92,000+ new samples
All samples have been synced the VXDB 🫡
We've updated the vx-underground Crime/Legal rulings collection. We've completed years 2020 - 2024. Documented cases cover:
- Dark Overlord Group
- CardPlanet
- Equifax Hack
- Helix Mixer
- The Twitter Hack
- FastPOS
- Team Xecuter
- QQAAZZ Group
- FIN7
- Bitcoin Fog
- Trickbot
- Kelihos Botnet
- REvil ransomware
- Hydra Market
- Sandworm a/k/a Cyclops Blink
- Ryuk ransomware
- Netstalker ransomware
- Lockbit ransomware
- BreachedForums
- RaidForums
- Mt. Gox Hack
- Conti ransomware
- Callisto Group
- WarzoneRAT
- RaccoonStealer
- Lazarus Group
- APT41
... and a lot more
Check it out here: https://vx-underground.org/Crime/Legal%20Rulings
The malware samples we archive are not toolkits. Please do not execute them on your machine.
Thanks,
Will Lockbit admit defeat? Will the FBI summon the energy to complete the spirit bomb? Will Lockbit call in for back up? and who is this rumored legendary Super Saiyan?!
Читать полностью…
We've updated the vx-underground Crime/Legal Ruling section. We've archived Department of Justice indictments for 2024 (so far), 2023, 2022, and 2021.
Cases are formatted as follows:
[date] - United States v [Person(s)] ( [Reason] )
It should be noted that modification of the rules was not exclusive to ransomware. Breached also forbids:
- Drug sales
- Weapon sales
- Violence-as-a-Service (VaaS)
- Selling credit card or debit cards
- Selling Real IDs or documentation
- Drainers or recruitment of drainers
January 24th, 2024 RisePro, an infostealer that competes with stealers such as RedLine, had it's second iteration leaked online. It is the builder, toolkit, documentation, and proxies.
We have archived it: "Win32.RisePro.b"
https://vx-underground.org/Archive/Builders
Apparently on LinkedIn Lockbit, ALPHV, and HIVE are actually all the same group
Читать полностью…
We asked Lockbit ransomware group administration their thoughts on this past week.
Lockbit ransomware group said they will make formal reply to law enforcement once they're finished restoring their infrastructure
ALPHV said: "My Mercedes drives Lockbit"
Today the FBI, NCA UK, and EUROPOL, partnering with Chainalysis, revealed information on Lockbit ransomware group money flow.
The following data was retrieved from July, 2022 - February 2024. Lockbit was first observed in late 2019. This analysis only covers 18 months of a 4 year crime spree.
They reviewed 30,000 Bitcoin addresses, with over 500 Bitcoin addresses active. Those 500+ wallets have received over $120,000,000+. The analysis also shows over $114,000,000 is still unspent (approx. 2,200 BTC unspent, numbers will vary based on price of Bitcoin).
A large portion of this money was the 20% paid to Lockbit ransomware group administrative staff. This indicates the total money stolen could be in excess of $1,000,000,000 from July, 2022 - February, 2024. This means Lockbit ransomware group may have done multi-billion dollars worth of theft internationally.