14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
we are trying to sleep.
everytime we check twitter we see more arrests or high profile breaches
everyone just clam down for a second ok
ok ttyl
If you're interested in keeping up with ransomware attacks and/or ransomware victims, a group of researchers have ported the vx-underground ransomware news bot over to Telegram
tl;dr monitors ransomware group sites near-in-real-time for latest listings
/channel/RansomwareNewsVX
The United States Department of Justice has been arresting and/or indicting individuals involved in cyber criminals left-and-right.
They've indicted 8 individuals within the past 2 weeks.
Individuals arrested and/or indicted:
- "R" a/k/a "R$" a/k/a "ElSwapo1"
- "Em"
- "Carti" a/k/a/ "Punslayer"
- "Snoopy"
- "TheMFNPlug"
- "Joey"
- "Sosa" a/k/a "Elijah" a/k/a "King Bob"
- "The Real Jewt King"
NOTE: Reposted, phrasing improved
We met a wonderful man on Telegram yesterday. He currently resides in a level 5 maximum security prison. He is serving 30 years in prison.
His associate smuggled a cell phone into prison, presumably through his anus, so they could do things on the internet.
Very cool 👍
In the past we've tried to prevent Lockbit ransomware group from attacking healthcare facilities and non-profit institutions. We have never had success.
The reason why derives from either ignorance on their end (intentional, or not, it's up to your interpretation), and ambiguity of their ruleset from affiliates.
Recently Lockbit ransomware group attacked a non-profit healthcare institute in Chicago. The facility is Saint Anthony Hospital. The facility clearly states they're a non-profit and religious institution. Attacking this facility is a blatant violation of the Lockbit ruleset which is defined by their administrative staff.
However, when we approached the Lockbit administration we received a reply with a link to the organizations financial disclosures. Lockbit ransomware group believes that a non-profit institution in the United States means employees are not paid and the organization quite literally has no money.
In other words, they will not ransom a company if they quite literally have no money.
If you attempt to educate and present information to Lockbit administrative staff on non-profit institution laws in the United States they will state the organization is corrupt and they will imply (directly or indirectly) it is a money laundering operation and the facility is dirty and deserves to be ransomed.
In summary: the rules are a facade
We've added a new linux malware paper. Yes, they exist.
2024-01-30 - Implementing Remote Persistent Keylogger Executing in User-Space exploiting Utilities in GNU Linux Operating Systems
It is a lengthy paper title.
Check it out here: https://vx-underground.org/Papers/Linux/Persistence
Today the United States Department of Justice announced the arrest of two individuals tied to compromising a Fantasy Sports website and a betting website.
The individuals arrested were Nathan Austad a/k/a "Snoopy" and Kamerin Stokes a/k/a TheMFNPlug
More information: https://www.justice.gov/usao-sdny/pr/two-more-men-charged-hacking-fantasy-sports-and-betting-website
We received another handcrafted phishing e-mail!
The spoofed headers is cool, and the CloudFlare Ipfs is cute. Thank you, we appreciate it.
We feel so special, we are blushing.
Thank you, sweetie pie
🚨 BREAKING 🚨
Lockbit ransomware group confirms they have taken an L.
🙏🙏🙏🙏
We've updated the vx-underground malware families collection
- Ryuk
- IronWind
- Mirai
- Volgmer
- ShadowPad
- FabookieStealer
- KandyKorn
- SIGNBT
- SmokeLoader
- HijackLoader
- PhobosRansomware
- RedLine
- BiBiWiper
- IcedId
- PikaBot
- AkiraRansomware
Have a nice day.
Taking a break from work to play some video games with friends
Читать полностью…
Hi,
Harddrive orders 1659, 1660, 1661, 1663, 1664, 1666, 1670, 1671, 1688 were mailed last week.
Harddrives 1696, 1699, 1704, 1704, and 1705 are cloned and ready to be shipped
Harddrives 1707, 1711, 1712, 1715, 1718, 1727, 1729, 1732, 1734, and 1747 are in queue to be cloned
We're in the process of uploading an additional 125,000 malware samples to vx-underground and the VXDB.
Hope everyone has had a good week thus far.
Love you
We are approaching 300,000 followers on Twitter, so we decided to consult with a psychic cat to determine our fate
Yes, your donation money funded this
January 12th, Microsoft discloses that they were compromised by APT29 a/k/a/ Midnight Blizzard and state the group got access to emails for corporate leadership, cyber security personnel, and legal.
January 24th, Hewlett-Packard discloses that they were compromised by APT29 a/k/a/ Midnight Blizzard and state the group got access to emails for cyber security personnel, 'go-to-market', business segments (?), and more
Microsoft believes they were compromised roughly November, 2023
Hewlett-Packard believes they were compromised roughly May, 2023
Coincidence? ¯\_(ツ)_/¯
Accidentally ran two instances of Microsoft Teams at once
Читать полностью…
Free Joey D! He didn't do anything wrong!
*Joey is serving 30 years in a maximum security prison for shooting, and nearly killing, 3 people during a drug deal gone bad
Additionally, it should be stated that this pseudo-ruleset applies to educational institutions as well. We are aware of several instances where affiliates ransomed public education facilities (K-12 schools).
When we bring up the fact these are state-funded educational facilities and have no money, they do not believe us or they assert that they do have money because the facility owns computers.
"If they money for computers, they have money to pay me"
Thank you to Hannah Montana Linux for letting us know our license key has expired.
Читать полностью…
You're all so goofy, it's unbelievable.
You've all been reported to the cyber police and it WILL be backtraced!!!!111
Valentines day came early for us.
We are absolutely flattered one of you would hand craft a phishing e-mail specifically targeting us.
The small vx-underground favicon was a nice touch too. However, we don't have a support center, or webmail through vx-underground
7/10
We have some updates on vx-underground staff member Toast. He is in a box.
Additionally, we have a new member named Flame. He is not on fire.
Microsoft has announced their plan to retire WMIC. It will be replaced with an alternative in Powershell.
WMI will still be accessible with COM API
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/wmi-command-line-wmic-utility-deprecation-next-steps/ba-p/4039242
We've updated the vx-underground MacOS malware paper collection
- 2020-03-28 - Learn XPC exploitation - Part 1 - Broken cryptography
- 2020-04-23 - Learn XPC exploitation - Part 2 - Say no to the PID
- 2020-06-29 - Learn XPC exploitation - Part 3 - Code injections
random_phisher requested we do a second interview with the SIM swapper we met.
He told us about the struggles of hacking, his communications with Morpheus, and his problem with women
January 11th, the United States Department of Justice announced the indictment of a United States SIM swapped named Noah Urban ...
a/k/a “Sosa”
a/k/a “Elijah”
a/k/a “King Bob”
He is accused of $800,000 of theft via SIM swapping
https://www.justice.gov/usao-mdfl/pr/palm-coast-man-arrested-wire-fraud-and-aggravated-identity-theft-charges
Today Hewlett-Packard disclosed to the SEC that they were compromised by APT29 a/k/a/ Cozy Bear a/k/a/ Midnight Blizzard
Information via pancak3lullz
More information: https://www.sec.gov/ix?doc=/Archives/edgar/data/1645590/000164559024000009/hpe-20240119.htm