vx-underground
Breached, the infamous forum where individuals buy, sell, leak, and trade data, recently made some modifications to their rules. Breached now forbids ransomware sales, recruitment, development, and ransomware-adjacent extortion. See attached image for moreβ¦
It should be noted that modification of the rules was not exclusive to ransomware. Breached also forbids:
- Drug sales
- Weapon sales
- Violence-as-a-Service (VaaS)
- Selling credit card or debit cards
- Selling Real IDs or documentation
- Drainers or recruitment of drainers
- Drug sales
- Weapon sales
- Violence-as-a-Service (VaaS)
- Selling credit card or debit cards
- Selling Real IDs or documentation
- Drainers or recruitment of drainers
π€―52π’17π16β€1
Hello harddrive purchasers,
All remaining international harddrives have been mailed, except 2 in Germany because the "Γ" letter angered the post office and we have to redo the label. Oopsies. We learned the "Γ" has to be written as "ss". π‘
North American harddrives will be shipped the coming week.
We've also dramatically improved our process for cloning, packaging, and shipping. In the future delivery will be much faster. We bought a bunch of stuff to make labels, package stuff, etc =D
All remaining international harddrives have been mailed, except 2 in Germany because the "Γ" letter angered the post office and we have to redo the label. Oopsies. We learned the "Γ" has to be written as "ss". π‘
North American harddrives will be shipped the coming week.
We've also dramatically improved our process for cloning, packaging, and shipping. In the future delivery will be much faster. We bought a bunch of stuff to make labels, package stuff, etc =D
β€52π€£31π14π₯5π3π2π±1π’1
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour.
Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown.
Stay tuned for the next episode of Dragon Ball Z
Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown.
Stay tuned for the next episode of Dragon Ball Z
π€£139π₯22π10β€8β€βπ₯3π3π±3π₯°1π€1
vx-underground
Season 2 of FBI vs Lockbit ransomware group is scheduled to premier in roughly 1 hour. Lockbit has restored their servers (new Tor domains) and is planning on making a statement to the FBI regarding last weeks takedown. Stay tuned for the next episode ofβ¦
Will Lockbit admit defeat? Will the FBI summon the energy to complete the spirit bomb? Will Lockbit call in for back up? and who is this rumored legendary Super Saiyan?!
π₯94π€£50π€4π€4β€βπ₯2π1
Lockbit ransomware group administrative staff have released a lengthy response to the FBI and bystanders.
In summary: they claim they failed to keep their systems up-to-date because they had become 'lazy', and they had become complacent. They believe they were compromised by CVE-2023-3824, but are not totally sure. They also speculate it could have been a 0day exploit. They also speculate other RaaS groups (their competitors) may have been compromised.
They also speculate the reason why the FBI took such aggressive action was because a recent ransomware attack performed by one of their affiliates had sensitive information on former President Donald J. Trump. They state they believe their affiliates should target government entities more often to illustrate government vulnerabilities and flaws.
It is an incredibly long read with lots of speculation and attempts to discredit law enforcement agencies.
You can read the full post here: https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
In summary: they claim they failed to keep their systems up-to-date because they had become 'lazy', and they had become complacent. They believe they were compromised by CVE-2023-3824, but are not totally sure. They also speculate it could have been a 0day exploit. They also speculate other RaaS groups (their competitors) may have been compromised.
They also speculate the reason why the FBI took such aggressive action was because a recent ransomware attack performed by one of their affiliates had sensitive information on former President Donald J. Trump. They state they believe their affiliates should target government entities more often to illustrate government vulnerabilities and flaws.
It is an incredibly long read with lots of speculation and attempts to discredit law enforcement agencies.
You can read the full post here: https://samples.vx-underground.org/tmp/Lockbit_Statement_2024-02-24.txt
β€103π€£55π€13π10β€βπ₯6π₯6π5π€1π±1
The malware samples we archive are not toolkits. Please do not execute them on your machine.
Thanks,
Thanks,
π€£181π19β€11π€―5π€4π€3π₯1
We recently had a few people ask us if we dislike CTI (Cyber Threat Intelligence) because we occasionally meme them online.
No, in fact we very much like them. We enjoy reading the DFIR reports, notes and theories on how financially motived and/or state-sponsored groups operate, and we enjoy reading the geopolitical backgrounds and/or influences on groups. This field of research is profoundly valuable to our line of work because these factors influence malware development in more ways than one. We are big fans of research performed by groups such as Mandiant, Cisco Talos, Recorded Future (and/or Insikt Group), Intel471, CrowdStrike, and Threat Intel adjacent groups like TheDFIRReport.
Our primarily criticism of Threat Intel is not the large vendors, it is the trickle down effect from Threat Intel. For example: Mandiant may publish a paper on APT28. Following the release of their research it is inevitable that a smaller or lesser known Threat Intelligence company(ies) will regurgitate Mandiant's findings, only to slightly distort it, thus making it inaccurate or altered in some form from the initial source. As this trickle down effect continues the information becomes more and more distorted and inaccurate leading to misinformation.
We also just meme and shit post because our online account is ran by 3 people with a combined IQ of spaghetti. Sometimes we put little-to-no thought into how people will respond to memes.
No, in fact we very much like them. We enjoy reading the DFIR reports, notes and theories on how financially motived and/or state-sponsored groups operate, and we enjoy reading the geopolitical backgrounds and/or influences on groups. This field of research is profoundly valuable to our line of work because these factors influence malware development in more ways than one. We are big fans of research performed by groups such as Mandiant, Cisco Talos, Recorded Future (and/or Insikt Group), Intel471, CrowdStrike, and Threat Intel adjacent groups like TheDFIRReport.
Our primarily criticism of Threat Intel is not the large vendors, it is the trickle down effect from Threat Intel. For example: Mandiant may publish a paper on APT28. Following the release of their research it is inevitable that a smaller or lesser known Threat Intelligence company(ies) will regurgitate Mandiant's findings, only to slightly distort it, thus making it inaccurate or altered in some form from the initial source. As this trickle down effect continues the information becomes more and more distorted and inaccurate leading to misinformation.
We also just meme and shit post because our online account is ran by 3 people with a combined IQ of spaghetti. Sometimes we put little-to-no thought into how people will respond to memes.
β€141π€£36π17π₯°7π€5π±1
We've updated the vx-underground Crime/Legal rulings collection. We've completed years 2020 - 2024. Documented cases cover:
- Dark Overlord Group
- CardPlanet
- Equifax Hack
- Helix Mixer
- The Twitter Hack
- FastPOS
- Team Xecuter
- QQAAZZ Group
- FIN7
- Bitcoin Fog
- Trickbot
- Kelihos Botnet
- REvil ransomware
- Hydra Market
- Sandworm a/k/a Cyclops Blink
- Ryuk ransomware
- Netstalker ransomware
- Lockbit ransomware
- BreachedForums
- RaidForums
- Mt. Gox Hack
- Conti ransomware
- Callisto Group
- WarzoneRAT
- RaccoonStealer
- Lazarus Group
- APT41
... and a lot more
Check it out here: https://vx-underground.org/Crime/Legal%20Rulings
- Dark Overlord Group
- CardPlanet
- Equifax Hack
- Helix Mixer
- The Twitter Hack
- FastPOS
- Team Xecuter
- QQAAZZ Group
- FIN7
- Bitcoin Fog
- Trickbot
- Kelihos Botnet
- REvil ransomware
- Hydra Market
- Sandworm a/k/a Cyclops Blink
- Ryuk ransomware
- Netstalker ransomware
- Lockbit ransomware
- BreachedForums
- RaidForums
- Mt. Gox Hack
- Conti ransomware
- Callisto Group
- WarzoneRAT
- RaccoonStealer
- Lazarus Group
- APT41
... and a lot more
Check it out here: https://vx-underground.org/Crime/Legal%20Rulings
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
β€41π19π₯8β€βπ₯6
exciting news coming
(if you have friends and like cash prizes)
cya soon
(if you have friends and like cash prizes)
cya soon
β€70π€28π5π5π’4π3
We will be hosting our first ever VXUG trivia night. On March 8th teams of friends (or cats?) will answer malware and/or Threat Intel related questions for a chance to win money.
1st place: $500
2nd place: $250
3rd place: $100
Sponsored by Malcore π
(More info soon)
1st place: $500
2nd place: $250
3rd place: $100
Sponsored by Malcore π
(More info soon)
π52β€28π16π₯°1
vx-underground
We will be hosting our first ever VXUG trivia night. On March 8th teams of friends (or cats?) will answer malware and/or Threat Intel related questions for a chance to win money. 1st place: $500 2nd place: $250 3rd place: $100 Sponsored by Malcore π (Moreβ¦
4th place will be a coupon to Taco Bell, or Robux or a crusty sock, or something, we haven't gotten that far yet
π66π€£10β€8π4π₯°2π―1
Hello,
We are trying to get enough followers on Twitch to unlock some Twitch features. If you're a person who uses Twitch and would like to support us please follow vx-underground here:
https://www.twitch.tv/vxunderground_live/
We are trying to get enough followers on Twitch to unlock some Twitch features. If you're a person who uses Twitch and would like to support us please follow vx-underground here:
https://www.twitch.tv/vxunderground_live/
Twitch
vxunderground_live - Twitch
The largest collection of malware source code, samples, and papers on the internet.
β€53π€£24π«‘12π8π€7π₯3π2π€©2π€2π2π’1
March 1st, 2024 Yaroslav Vasinskyi, the individual responsible for the REvil Kaseya supply chain attack will be sentenced.
His sentencing has been continuously been post-poned and rescheduled since 2022. He has been sitting in a county jail waiting for almost 2 years.
His sentencing has been continuously been post-poned and rescheduled since 2022. He has been sitting in a county jail waiting for almost 2 years.
π€42π’18π7π€£7π€7β€1
Conor Fitzpatrick, the previous administrator of BreachedForum, is being pulled back into court.
Upon pleading guilty, he was sentenced to 20 years supervised release. The United States government is not happy with this sentencing and is making an appeal to the higher courts.
Upon pleading guilty, he was sentenced to 20 years supervised release. The United States government is not happy with this sentencing and is making an appeal to the higher courts.
π€£119π«‘15π€―10π7π’7π₯6π₯°1π€1