14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Breached, the infamous forum where individuals buy, sell, leak, and trade data, recently made some modifications to their rules.
Breached now forbids ransomware sales, recruitment, development, and ransomware-adjacent extortion.
See attached image for more information
lozaning is a nuisance to society. We gotta stop them. They've created the Toothbrush Botnet!
Читать полностью…
This week has been fundamentally similar to HBO's Game of Thrones.
It started off strong, had a wonderful plot and development. It had twists, turns, cool cameo appearances. Then it suddenly ended and you say, "what the fuck is that"
On Monday when the Lockbit ransomware group website was seized by FBI, NCA UK, and EUROPOL, they made a post titled "Who is Lockbitsupp?" - this post indicated that law enforcement could potentially unveil key leadership behind the organization.
During the week we spoke with Lockbit ransomware group administrative staff. They stated they did not believe law enforcement know his/her/their identities. They even boastfully raised the bounty of their head to $20,000,000.
Today we finally get to see the "Who is Lockbitsupp?" post. The post is very short. It states Lockbit does not live in the United States or Netherlands. It also states he drives a Mercedes. They end the post with a picture of "Tox Cat" - an emoji frequently used by Lockbit ransomware group administrative staff and state Lockbit ransomware group administrative staff has 'engaged' with law enforcement.
tl;dr Lockbit ransomware group called their bluff and succeeded
Meanwhile there is a Lockbit impersonator on Telegram scamming people out of $150 😂😂😂
Читать полностью…
Today UnitedHealth Group, a large health insurance provider in the United States, submitted an SEC Form 8K - they've been compromised.
The report does not indicate who is responsible for the attack.
More information: https://www.sec.gov/Archives/edgar/data/731766/000073176624000045/unh-20240221.htm
We've updated the vx-underground malware families collection
- Kutaki
- RogueRobin
- zLoader
- Qealler
- QuasarRAT
- RhadamanthysLoader
- Ryuk
- Stealc
- Emotet
- IcedId
- VenomRAT
- Glupteba
- CactusRansomware
- AsyncRAT
- DarkBitRansomware
- Amadey
- Pikabot
🫡🫡🫡
Earlier we spoke with ALPHV ransomware group. We asked their opinion on the recent takedown of the Lockbit ransomware group website.
ALPHV, their long time competitor, offered words of encouragement for their competitor. They said and quote: "Lockbit is a pussy"
Today Poland's CBZC (Centralne Biuro Zwalczania Cyberprzestępczości, Central Bureau for Combating Cybercrime) released footage of a Lockbit affiliate arrest.
Читать полностью…
Today the Ukraine police announced they have arrested a Father-and-Son duo who were Lockbit affiliates.
More information: https://www.npu.gov.ua/news/slidchi-natspolitsii-prypynyly-diialnist-transnatsionalnoho-khakerskoho-uhrupovannia-lockbit-v-ukraini
We've updated the vx-underground malware sample collection.
- File name corrections to Bazaar collection
- More samples added to VirusSign collection
- 18,000+ new samples syncing with VXDB
Check it out here: https://vx-underground.org/Samples/VirusSign%20Collection/2024.02
Today the Russian government announced the arrest of an individual from SugarLocker ransomware group a/k/a Encoded01
More information: https://www.facct.ru/media-center/press-releases/sugarlocker-ransomware/
Journalists asking Threat Intel vendors what they're going to monitor now since the Big 3 (Conti, ALPHV, Lockbit) have been taken down
Читать полностью…
Today was a big day for the United States government and United Kingdom government. The Federal Bureau of Investigation and U.K. National Crime Agency’s (NCA) Cyber Division unveiled a massive, multi-year long investigation which has led to a catastrophic blow to Lockbit ransomware group and affiliates.
The Lockbit ransomware group Tor domain name displays a list of posts announcing activity performed by law enforcement agencies. It is written in Lockbit format, illustrating they have full control over Lockbit ransomware groups infrastructure.
Law enforcement has done the following
1. Law enforcement agencies will be unveiling sensitive information on Lockbit cryptocurrency and money operations February 23th, 2024
2. Law enforcement, with SecureWorks, will be revealing information on Lockbit tradecraft February 22nd, 2024
3. Law enforcement will be unveiling Lockbit affiliate infrastructure February 21st, 2024
4. Law enforcement, with TrendMicro, will be releasing a detailed analysis on Lockbit future-iterations February 22nd, 2024
5. Law enforcement will be unveiling information on Lockbit's StealBit data exfiltration tool February 21st, 2024
6. Law enforcement will be unveiling sanctions on Lockbit ransomware group at 15:30UTC today
7. Law enforcement, in conjunction with Japanese partners, has released a Lockbit decryptor tool
8. An individual in Poland has been arrested
9. An individual in Ukraine has been arrested
10. Law enforcement plans on unveiling the identity of the Lockbit ransomware group administration February 23rd, 2024
11. The United States government unveiled the indictement of two individuals associated with Lockbit ransomware group: Artur Sungatov and Ivan Kondratyev
12. The United Kingdom NCA has unveiled sensitive information on the Lockbit backend: the administration panel, the blog backend, and the blog source functionality. This includes the images of the source code.
January 24th, 2024 RisePro, an infostealer that competes with stealers such as RedLine, had it's second iteration leaked online. It is the builder, toolkit, documentation, and proxies.
We have archived it: "Win32.RisePro.b"
https://vx-underground.org/Archive/Builders
Apparently on LinkedIn Lockbit, ALPHV, and HIVE are actually all the same group
Читать полностью…
We asked Lockbit ransomware group administration their thoughts on this past week.
Lockbit ransomware group said they will make formal reply to law enforcement once they're finished restoring their infrastructure
ALPHV said: "My Mercedes drives Lockbit"
Today the FBI, NCA UK, and EUROPOL, partnering with Chainalysis, revealed information on Lockbit ransomware group money flow.
The following data was retrieved from July, 2022 - February 2024. Lockbit was first observed in late 2019. This analysis only covers 18 months of a 4 year crime spree.
They reviewed 30,000 Bitcoin addresses, with over 500 Bitcoin addresses active. Those 500+ wallets have received over $120,000,000+. The analysis also shows over $114,000,000 is still unspent (approx. 2,200 BTC unspent, numbers will vary based on price of Bitcoin).
A large portion of this money was the 20% paid to Lockbit ransomware group administrative staff. This indicates the total money stolen could be in excess of $1,000,000,000 from July, 2022 - February, 2024. This means Lockbit ransomware group may have done multi-billion dollars worth of theft internationally.
We stayed up to 2am for the FBI / NCA UK / EUROPOL "Who is LockbitSupp?" reveal.
They extended the deadline 😡😡😡
We had a real chance at love. A mystery woman offered us $600/week.
All we did is ask for the malware and she blocked us:(
Reports are surfacing that every large-scale cell phone provider in the United States is experiencing technical issues or outages this morning.
https://apnews.com/article/cellular-att-verizon-tmobile-outage-02d8dfd93019e79e5e2edbeed08ee450
We've updated the vx-underground Windows malware paper collection
- 2024-01-24 - How to perform a Complete Process Hollowing
- 2024-02-02 - Bypassing EDRs With EDR-Preloading
- 2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method
Today we spoke with Lockbit ransomware group administrative staff regarding the recent arrests of their affiliates. Lockbit administration told us several things.
1. They assert the individuals arrested are the wrong people and the multi-agencies involved arrested innocent people.
2. They assert the FBI / NCA UK / EUROPOL do not have know their information. They state they are willing to double the bounty of $10,000,000. They state they will place a $20,000,000 bounty on their own head if anyone can dox them.
3. They state the FBI / NCA UK / EUROPOL are not skilled pentesters, and their success was only due to their administrations laziness.
Today the United States government, or UK government, or EUROPOL, ... whoever is administrating the Lockbit blog... announced there is now a reward up to $10,000,000 for the identification of leadership behind Lockbit ransomware
Affiliates are worth up to $5,000,000
Just now the US government, in conjunction with the UK and EUROPOL, released more information on Lockbit ransomware group.
The information released is minor, and some information is already available publicly. However, they did unveil Lockbit employs 193 affiliates.
What it's like talking to Threat Actor's in Russia:
> Serious conversations
> Straight to the point
> Business only
What it's like talking to Threat Actor's in America, Canada, and Europe:
> Trust established by volume of kitty pictures sent
> Kitty picture spamming
We made a Get Well Soon card for Lockbit and affiliates
Читать полностью…
You nerds are a bunch of degenerates, the memes are already flooding in 😭
Читать полностью…
Lockbit ransomware group administration claims that law enforcement agencies compromised them by exploiting CVE-2023-3824
More information: https://nvd.nist.gov/vuln/detail/CVE-2023-3824