14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
You can contact the LockBit boss on the contacts below, waiting for an answer can take some time from 1 minute to several days depending on the workload.
With questions about decryption to write only in a chat on the site, if the person who encrypted your network does not answer you more than two days or you have any other problems, you can contact me.
Please write a single message and state the whole point, do not write just "hello", "here?", "can I ask you a question?" and other similar messages.
PGP KEY, for encryption of some very important messages or files, the private key is in the hands of one person, on an encrypted computer of the main developer and organizer of the affiliate program, without access to the Internet, PGP KEY has never been transferred and will not be transferred to other people.
Please expect an answer, absolutely everyone and always gets an answer, regardless of the question.
=================================
Tox
https://tox.chat/download.html
Tox ID Support
3085B89A0C515D2FB124D645906F5D3DA5CB97CEBEA975959AE4F95302A04E1D9287582D6FCB
=================================
XMPP
XMPP Clients:
https://pidgin.im
https://adium.im/
https://psi-plus.com/wiki/en:downloads
https://monal-im.org/
https://f-droid.org/packages/eu.siacs.conversations/
XMPP servers:
https://anonym.im/
https://www.jabbim.com/
lockbit@anonym.im
lockbitapt@jabb.im
=================================
Briar
https://briarproject.org
LockBit Briar ID
briar://abv3rrd62jpln5tyk6nbwospngef5ropu7gkrhnsjn5nvqglek3e2
=================================
Forum profile
http://rampjcdlqvgkoz5oywutpo6ggl7g6tvddysustfl6qzhr5osr24xxqqd.onion/members/lockbit.9/
=================================
https://telegram.org/
Telegram (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
@foxwm_apt
Telegram channel (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
Fox William Mulder
/channel/foxwmapt
=================================
https://www.signal.org/
Signal (Experimental way of communication, I want to check how much these messengers are censored and controlled by the FBI, this way of communication can be blocked by the FBI at any time)
@lockbit20.19
=================================
PGP PUBLIC KEY
http://lockbit3753ekiocyo5epmpy6klmejchjtzddoekjlnt6mu3qh4de2id.onion/pgp.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
After nearly two weeks of radio silence from Lockbit ransomware group they've returned with a Telegram account, a Briar account, a Signal account, and an XMPP account
They also immediately threw shade at RansomHub by accusing them of being a rebrand of ALPHV.
Updates to vx-underground:
- 2024-07-02 - Exposing FakeBat loader: Distribution methods and adversary infrastructure
- 2024-06-30 - Deep Analysis of Snake (404 keylogger)
- 2024-06-27 - Poseidon Stealer malspam campaign targeting Swiss macOS users
- 2024-07-02 - The LandUpdate808 Fake Update Variant
- 2024-06-24 - ‘Poseidon’ Mac stealer distributed via Google ads
- 2024-07-02 - Kematian Stealer forked from PowerShell Token Grabber
The only thing keeping vx-underground HQ from metaphorically burning to the ground is grotesque quantities of alprazolam
Читать полностью…
> login
> check news
> riteaid breached
> trello api abused to scrape emails
> more new ransomware groups
> more 8k sec filing
> more malware being the malware
> ???
Throwback to when some nerd found a tomato garden on Shodan
Читать полностью…
💻 Programmers! 💻
What's stopping you from coding like this? 🙏
The coolest part is the existence IWshShell, IWshShell2, and IWshShell3. All of them the exact same, except each one has an extra method present. IWshShell3 exposes an Exec method which is almost identical to IWshShell::Run
Читать полностью…
Currently exploring some COM stuff – found a cute trick to read registry keys.
The COM interface expects a WCHAR string (BSTR). But then... it converts it to a CHAR string to invoke RegQueryValueExA
This was almost a paid advertisement
(we said no because we have no problem giving smaller conferences publicity)
(we aren't financially motivated)
"Can I advertise our drainer?"
"Can I advertise my new Breached-like forum?"
"Can I advertise my Infostealer?"
Bro, we're probably on every watchlist on the planet. The very nanosecond we took dirty money we'd hear helicopters and the "COPS" theme song.
We've seen a lot of people discussing the Disney compromise. Let's talk about it.
tl;dr prolly data stealer, not insider threat, leak is real but not going to destroy walt disney
First, the individual(s) who take credit for the compromise allege they had help from an insider. We don't believe this to be true. When the Threat Actor(s) asserted they received insider help, they also openly distributed this individuals PII – including medical information. This is not indicative of an Insider Threat. A Threat Actor(s) weaponizing an Insider Threat is going to bleed their insider dry (e.g. more data) and an Insider Threat is (probably) going to remain anonymous. Very rarely is an Insider Threat going to openly operate under their real identity (unless they're happy to get raided).
Secondly, and regarding the data, we have not reviewed the data. It's over 1TB of Slack conversations and we're not going to pull all of that. But, while there is indeed a leak, 1TB of Slack conversations isn't necessarily going to result in the downfall of the Disney corporation. Any involuntary disclosure of information is bad, but Slack conversations will primarily be project discussion, meeting scheduling, and generic day-to-day work-related conversations. Following the leak we have not seen any evidence of damaging information disclosure – no Star wars films, no video games, no unreleased content, etc.
Third and finally, if this was the result of an Insider Threat, more information would be disclosed. Not Slack conversations. You would expect Jira data, or source code, or hidden secrets, or something other than people chatting.
Our guess is that this Disney employee was hit by an Information Stealer. Their Slack session was stolen, or some stored credentials locally which do not require MFA was stolen. This is sufficient enough to scrape data. If this data was indeed a result an Insider Threat – they did a terrible job as an Insider Threat because nobody cares about work banter.
Xitter is currently experiencing technical difficulties following the attempted assassination of Donald J. Trump.
Читать полностью…
Be thankful you nerds have so much information readily available. The 90's sucked, it was impossible to find good documentation, people on IRC were often wrong (also crazy), and the internet was sooooo slow
Читать полностью…
If non-nerdy people saw the pure chaos that we see everyday their hair would fall out their head, their eyes would wither up into the skull, and their skin would turn into dust
Читать полностью…
The real Lockbit ransomware group Telegram channel and their first fancy little message. Interesting times we live in, seeing them pivot to Telegram.
Читать полностью…
Wikipedia has introduced dark mode into their website.
Читать полностью…
good morning, or good night, to the 345,958 people living in my phone
Читать полностью…
Today it was reported by AT&T (via email to customers) that an individual involved in the recent AT&T data breach has been arrested.
Читать полностью…
Today Kaspersky issued a goodbye letter to it's American customers.
We are going to miss Kaspersky.
Kaspersky was always a solid AV product and the research they conducted was always excellent.
Microsoft is being criticized (again) because Administrator-to-Kernel mode execution is not considered a security boundary.
Researchers noted that home users, who often run as administrator, could be a victim of this lack-of security boundary.
Researchers asked Microsoft why?
You can do some goofy stuff and run a executable with it (wraps to ShellExecuteEx)
https://pastebin.com/raw/V1jmkp39
Dulgex making fire for x64dbg
(x64dbg is gangsta af fr fr ong)
There's a cool and badass cybersecurity conference taking place in Amsterdam, the Netherlands on September 5th. It is called OrangeCon
Tickets are cheaper for students.
We weren't paid to bring attention to this conference, but we wish we were.
https://orangecon.nl/
We're seeing people on Xitter discuss being approached by brands and companies – offering them thousands of dollars for a single tweet.
This is absolutely disgusting. Why aren't we being approached?
The only people offering us large sums of money are criminals 😂😂😂
Today is the day of rest.
We hope all of you have had a good week.
We'll see all of you tomorrow morning.
Updates to vx-underground:
Malware collections:
- InTheWild.0128
- Bazaar.2024.06
- Virussign.2024.07.03
- Virussign.2024.07.04
- Virussign.2024.07.05
- Virussign.2024.07.06
- Virussign.2024.07.07
- Virussign.2024.07.08
- Virussign.2024.07.09
- Virussign.2024.07.10
- Virussign.2024.07.11
- Virussign.2024.07.12
Administrative:
- Black Mass Volume III is being developed
- Large addition of malware papers in queue
- The new Eminem album is almost not bad
When we began programming and delving into the hobby of malware development – YouTube and StackOverflow didn't exist.
Our only source of information was zines, IRC, MSDN documentation (sometimes distributed via ISO files in case your internet sucked), and VxHeaven.
> announce at&t sec 8k form on compromise, text and phone call logs stolen
> non-nerds: REEEEE OMFG!!111
> non-nerds: *screams at the sky*
> nerds: lol das crazy
> nerds: another day another breach
> nerds: *keeps doom scrolling*
(non-nerds don't know this happens everyday)