vx-underground

11 Mar 2024 07:54

Hello,

If you like vx-underground please consider donating. Every dollar helps us and allows us to do cool stuff like archive more malware, archive more stuff from pacer, and do giveaways.

Thank you. I love you.

Become a monthly donor here: https://donorbox.org/vxug-monthly

vx-underground

10 Mar 2024 18:31

Why are these dorks selling stuff off vx-underground? Also, those are builders, not the source code. The source code is on GitHub

vx-underground

09 Mar 2024 06:23

Let's address the elephant in the room.

If a ransomware group resided in the United States, publicly swore allegiance to the United States and all allies of the United States, and only deployed ransomware to Russia — would Law Enforcement or Cyber Threat Intelligence care?

vx-underground

08 Mar 2024 18:24

No updates today

I love you

vx-underground

07 Mar 2024 19:55

We are postponing vx-underground trivia night to March 15th, 2024. Helen got COVID19 😭

vx-underground

07 Mar 2024 18:16

In the entire document Lockbit is noted 7 times, Conti is listed 4 times, ALPHV is never mentioned. There references to Lockbit are often looked over as a note, not really described in detail. They're seen as 'encryption programs'.

vx-underground

07 Mar 2024 18:01

Russia-based Cyber Threat Intelligence firms have an APT name designated for the United States government: Sand Eagle

vx-underground

07 Mar 2024 00:20

whoever decided to implement SecureBoot for Windows OS' should be thrown out of a helicopter while they're kicking and screaming

vx-underground

06 Mar 2024 19:49

Microsoft has discovered nobody actually wanted to install Uber Eats and micro-transaction-pay-to-win mobile games on their desktop computer

RIP Windows Subsystem for Android
2021-10-20 - 2025-03-05

vx-underground

06 Mar 2024 11:19

Woke up this morning to an individual informing us they compromised a penis medical implant website

vx-underground

05 Mar 2024 21:19

Just saw a large group of people, probably age 55+, on Twitter angrily tagging Joe Biden and blaming him for Facebook and Instagram having connectivity issues.

The internet is cool and badass

vx-underground

05 Mar 2024 15:39

We have seen the rise and fall of REvil, HIVE, Conti, and ALPHV. Will Lockbit ransomware group be able to deter law enforcement agencies? Will a new ransomware group arrive to fill the vaccuum left by the other Titan's falling?

Find out on the next episode of Dragon Ball Z

vx-underground

05 Mar 2024 04:26

The dork who leaked classified United States military documents on a Minecraft Discord server has plead guilty. He is facing 10 years in prison.

https://www.justice.gov/opa/pr/air-national-guardsman-agrees-plead-guilty-unlawfully-disclosing-classified-national-defense

vx-underground

04 Mar 2024 22:08

Update: the is not about ransomware, or cyber attacks in the traditional sense, Mr. Meek Mill's frustration derives from a recent leak which some people allege him to be a homosexual

¯\_(ツ)_/¯

vx-underground

04 Mar 2024 16:43

Following the FBI takedown Lockbit ransomware group no longer supports Lockbit Red (formerly known as Lockbit 2.0) and they no longer support StealBit

vx-underground

11 Mar 2024 05:38

No updates again this Sunday.

I love you so much, omg

vx-underground

09 Mar 2024 06:29

Our opinion: probably not. However, they would 100% care about the money laundering and/or tax evasion. The United States IRS doesn't mess around. They WILL get their money one way or another.

vx-underground

09 Mar 2024 04:43

1 like = 1 malware 🙏

vx-underground

08 Mar 2024 06:19

Today it was announced Akira Toriyama, the creator of Dragon Ball, passed away. Today will act as an international day of mourning for all Dragon Ball nerds for all memories and memes Mr. Toriyama brought us.

More information: https://en.dragon-ball-official.com/news/01_2499.html

vx-underground

07 Mar 2024 18:24

"The ransomware is always encryption software on the other side", - Vladimir Vladimirovich Putin, probably

vx-underground

07 Mar 2024 18:11

Russia-based Cyber Threat Intelligence firms do not list Lockbit or Babuk ransomware group as financially motivated or state-sponsored Threat Actors - they're tools. See attached image #3 for list of known ransomware groups 🤔🤔🤔🤔

vx-underground

07 Mar 2024 11:13

We continue to receive hateful remarks from individuals because of the vx-uwu logo - most notably we are called 'trannies' and are told to 'kys'.

Dorks terrified of vx-uwu colors and anime

vx-underground

06 Mar 2024 22:45

Today the United States Department of Justice announced the indictment of Linwei Ding. He's charged with 4 counts of theft of trade secrets.

tl;dr he was sending Google AI secrets to Chinese based AI companies he was secretly working at

https://www.justice.gov/opa/pr/chinese-national-residing-california-arrested-theft-artificial-intelligence-related-trade

vx-underground

06 Mar 2024 15:11

We've updated the VXUG malware collection

- Bazaar.2024.02
- Virussign.2024.02.28
- Virussign.2024.02.29
- Virussign.2024.03.01
- Virussign.2024.03.02
- Virussign.2024.03.03
- Virussign.2024.03.04
- Virussign.2024.03.05
- InTheWild.0112
- InTheWild.0113

71,000+ new samples

vx-underground

06 Mar 2024 03:36

We've made some updates to vx-underground

- The Old New Thing for February, 2024
- MyloBot
- Stealc
- Truebot
- zgRAT
- Remcos
- QakBot
- RedLine
- Pikabot
- LilithBot
- ParadiseRansomware
- Bandook
- Android.HookBot
- Atharvan
- AgentTesla
- Android.Coper

vx-underground

05 Mar 2024 18:31

There are rumors of a DDoS attack against social media giant Meta (formerly Facebook). We don't know if it's true. However, as is tradition, we just assume it to be a DNS issue.

Cheers

vx-underground

05 Mar 2024 15:16

Good morning, and welcome to your daily dose of internet-true-crime-drama

tl;dr nerds think ALPHV is doing exit scam, ALPHV blames FBI

March 3rd an ALPHV affiliate went onto RAMP and claimed that ALPHV administrative staff scammed them. They alleged they were responsible for the attack against Change Healthcare and, when trying to log into their panel, noticed their ALPHV affiliate account was suspended. To show proof of this they shared an alleged ALPHV wallet. Researchers believe Change Healthcare paid $22,000,000. Change Healthcare has not publicly confirmed or denied paying the ransom. ALPHV administration displayed a status online saying "Everything is off, we decide". Shortly after it was changed to "GG" - 'Good Game'.

Later on, on March 4th, "Affiliate Plus" ALPHV account holders expressed frustration that their accounts were suddenly closed - unable to perform their ransomware attacks. They claimed ALPHV administrative staff was ignoring them.

Later, later, later on March 4th, ALPHV administrative staff relayed an ambiguous message. They stated that the United States Federal Bureau of Investigation was responsible (for ???). We are not sure if they are saying the RAMP post was the FBI, trying to damage their reputation, or if ALPHV administrative staff is claiming the FBI intentionally attacked American critical infrastructure.

Later, later, later, later on March 4th, ALPHV put the source code to ALPHV ransomware for sale for $5,000,000.

Today, March 5th, the ALPHV domain shows an FBI seizure message. However, researchers have indicated that the HTML source code looks suspicious and they believe this is a phony FBI seizure page. There has not been any official announcement from the United States Department of Justice to confirm or deny this seizure notice on the ALPHV domain.

vx-underground

05 Mar 2024 03:33

We have a lot of updates for vx-underground.

Unfortunately, these updates have not been pushed because we're in the middle of a galactic war (for democracy) and are actively trying to liberate Meridia from Terminids

vx-underground

04 Mar 2024 21:54

If we had to guess, we assume famous American rapper Meek Mill is conveying his frustration with ransomware groups.

Unfortunately, what MeekMill does not know, is it is going to take more than a private detective (or 100's) to dismantle ransomware groups.

¯\_(ツ)_/¯

vx-underground

04 Mar 2024 16:39

tl;dr it is Monday, another day, another ransomware conflict