Note/Update: Per BleepinComputer Lockbit ransomware group denies conducting the attack. When we reached out to Lockbit, Lockbit stated they were unfamiliar with the Royal Mail

This is technically possible - the Lockbit Black Builder was recently leaked.

Regarding the Lockbit attack on the Royal Mail

Lockbit ransomware group (again) denies the attack on the Royal Mail ... but invites the attackers to formally join their organization

Intel via 3xp0rtblog

More malware and more archives in queue.

░░╚══╗░╔═╔════╝
╚═╦═╗╠═╩═╩╗╔═╦═╗
░░║▒╠╣▒▒▒▒╠╣▒║▒║
╔═╩═╝╠═╦═╦╝╚═╩═╝
░░╔══╝░╚═╚════╗

We are happy to report we have not had anyone seriously ask for the password to malware archives in over 30 days.

But, this has been replaced with you filthy degenerate nerds spamming us with password memes.

JustineTunney has created a 116kb WASM build of Blink that allows you run x86_x64 Linux binaries in a web browser. It supports 500 instructions and 130 system calls.

They are successfully resurrected Linux malware from the dead and god bless

More info: https://github.com/jart/blink/issues/8#issuecomment-1381748163

Original thread with more information and insights:

https://twitter.com/JustineTunney/status/1613895681038770182

A brief video explaining how 0days work

dope is street slang for malware

If you follow GuidedHacking on Twitter you can watch the owner, Rake, slowly descend into lunacy.

We've updated the vx-underground InTheWild collection. We've added volumes 0029, 0030, and 0031. Thsi is 60,000 unique malicious binaries.

Special thanks to petikvx for the hard work and staying on top of sample aggregation for us.

Have a nice day.

https://www.vx-underground.org/malware.html

Earlier today Jon DiMaggio released an article titled: "Ransomware Diaries: Part 1". This article is one of the most comprehensive papers on Lockbit ransomware group we have ever seen.

Our personal 2-extra-cents on the paper: the article states the Lockbit Black source code was leaked - this is incorrect. Additionally, the author cites John Hammond for releasing a tweet on the Lockbit Black leak - although the truth is John Hammond archived a tweet we deleted. The image posted in the article is directly from us - we typically use HasteBin to display text-images.

For those questioning why we deleted the tweet: Lockbit is notorious for chasing individuals down, and is sometimes bloodthirsty. We will spare the details - but we decided it would be best to not involve ourselves in ransomware conflict which directly impacts their operations.

We spoke with LB0, the individual who we believe is the troll of LockbitSupp. vx-underground staff and LB0 spoke - we came to a mutual agreement to not leak the Lockbit Black builder until someone else did (if it did). We did not want drama. We are a library, not a battlestation.

Finally, and in conclusion, Jon DiMaggio's paper is wonderful and spot on. Thank you, Jon, for detailing the history and evolution of this group.

Link: https://analyst1.com/ransomware-diaries-volume-1/

We've updated the vx-underground The Old New Thing archive. We have completed archiving years 2012 and 2011.

We have successfully archived over 10 years of blog posts from Raymond Chen. 7 years are remaining!

Check it out here: https://www.vx-underground.org/the_old_new_thing.html

Shoutout to the person impersonating us on Telegram.

It's a ballsy move trying to scam malware researchers... with your... *checks notes* ... crypto scam?

https://assetssecuritybackup[.]com

Reminder: vx-underground will never individually message all 14,000 people that follow this Telegram account ... because we could just send a post a message to relay "crucial information" on our "chan-nel".