Hello, how are you?
tl;dr tl;dr I'm sick, update on ransomware leak, update on video game 0day, stuff
Apologies for so many delayed communications — I have contracted some sort of viral infection. My sinus' have begun draining fluid into my esophagus. tl;dr Sinusitis. As this post is being written, I have consumed enough Robitussin to kill an Elephant.
Anyway, regarding the ransomware leaks, the data is a result of an unknown person(?) compromising ransomware threat actor VPS'. Once the individual compromised the VPS' they decided to forfeit the data over to law enforcement (anonymously) which they believe resulted in the apprehension of individuals and the takedown of several onion domains. Following the takedown and arrests, this person (people?) decided to gift the data to us to study or distribute to others. They believed that, due to the size of our audience, us announcing it and sharing it would disseminate information faster. Because this person(s) compromised a VPS, it has a great deal of victim PII present — it appears they compromised some of their hosts mid-ransomware campaign or attack. In order for us to share it, we need to scrub the victim PII. We still haven't done that (see why in first paragraph).
However, we have decided we will share the data to Threat Intelligence vendors, or anti-virus vendors, or whomever to study, review, blah blah blah. We believe these companies, which typically offer anti-ransomware services, will make good use of this information and data. Truthfully, we ourselves have not reviewed the data in totality. Our domain of study typically revolves around malware development — reviewing VPS data is kind of a Threat Intel / DFIR thing, so there is a lot someone could probably find that we would probably miss. If your organization is interested in the data to do a review, or write-up, or whatever, shoot us an e-mail or a DM or something. You'll need to show us proof you're from a legitimate vendor.
We have no timeline on a public release. I don't feel like scrubbing the PII, maybe someone else in our group feels like it, I don't know, I haven't asked because I've been sick. I could probably ask right now, but I'm not.
About the video game 0day, very few people are aware of its existence and we believe it will cause a mini-shit storm online. It's high severity, but it's impact is limited to a relatively small userbase. I've sworn on the Old Robitussin bottle and the New Robitussin bottle (Game of Thrones reference) to not disclose more information. Regardless, you'll all have a nice chuckle. It's disclosure timeline is roughly 7 - 14 days. The person who found the exploit is doing a writeup. Upon release, the exploit will not be patched.
Finally, we've got lots of updates to vx-underground. I haven't pushed any to prod yet (despite the pile up from petik, Bradley, and GuessThePwd), because I've been sick.
Have a nice day,
- smelly
tl;dr tl;dr I'm sick, update on ransomware leak, update on video game 0day, stuff
Apologies for so many delayed communications — I have contracted some sort of viral infection. My sinus' have begun draining fluid into my esophagus. tl;dr Sinusitis. As this post is being written, I have consumed enough Robitussin to kill an Elephant.
Anyway, regarding the ransomware leaks, the data is a result of an unknown person(?) compromising ransomware threat actor VPS'. Once the individual compromised the VPS' they decided to forfeit the data over to law enforcement (anonymously) which they believe resulted in the apprehension of individuals and the takedown of several onion domains. Following the takedown and arrests, this person (people?) decided to gift the data to us to study or distribute to others. They believed that, due to the size of our audience, us announcing it and sharing it would disseminate information faster. Because this person(s) compromised a VPS, it has a great deal of victim PII present — it appears they compromised some of their hosts mid-ransomware campaign or attack. In order for us to share it, we need to scrub the victim PII. We still haven't done that (see why in first paragraph).
However, we have decided we will share the data to Threat Intelligence vendors, or anti-virus vendors, or whomever to study, review, blah blah blah. We believe these companies, which typically offer anti-ransomware services, will make good use of this information and data. Truthfully, we ourselves have not reviewed the data in totality. Our domain of study typically revolves around malware development — reviewing VPS data is kind of a Threat Intel / DFIR thing, so there is a lot someone could probably find that we would probably miss. If your organization is interested in the data to do a review, or write-up, or whatever, shoot us an e-mail or a DM or something. You'll need to show us proof you're from a legitimate vendor.
We have no timeline on a public release. I don't feel like scrubbing the PII, maybe someone else in our group feels like it, I don't know, I haven't asked because I've been sick. I could probably ask right now, but I'm not.
About the video game 0day, very few people are aware of its existence and we believe it will cause a mini-shit storm online. It's high severity, but it's impact is limited to a relatively small userbase. I've sworn on the Old Robitussin bottle and the New Robitussin bottle (Game of Thrones reference) to not disclose more information. Regardless, you'll all have a nice chuckle. It's disclosure timeline is roughly 7 - 14 days. The person who found the exploit is doing a writeup. Upon release, the exploit will not be patched.
Finally, we've got lots of updates to vx-underground. I haven't pushed any to prod yet (despite the pile up from petik, Bradley, and GuessThePwd), because I've been sick.
Have a nice day,
- smelly
❤118🤣16👍8🤔8🤓6🙏4😢2
vx-underground
> "smelly can i have {free merch} for {thing}? " > "sure" > "nice try u fuckn fed ur never gettin my dox"
Why even ask us for merchandise, or stickers, if you're going to freak out when we say yes? How are we going to physically mail you something if you can't provide us a physical address?
real world things require real world address, the real world isnt the internet ok
real world things require real world address, the real world isnt the internet ok
🤓76🤣51👏8❤7😁5😎5❤🔥1😢1
Good evening,
We've got a bunch of malware in queue. Some has already been pushed to prod. It is over 1,000,000 malwares.
Additionally, please give us time to review the over 700 animal pictures we received. We didn't anticipate so many critter pictures.
Thanks,
We've got a bunch of malware in queue. Some has already been pushed to prod. It is over 1,000,000 malwares.
Additionally, please give us time to review the over 700 animal pictures we received. We didn't anticipate so many critter pictures.
Thanks,
🤓58❤🔥15🥰7🔥4😢3👍1
The AI girlfriend website got compromised.
It's all over for lonely degenerates. Say a prayer 🙏
https://www.404media.co/hacked-ai-girlfriend-data-shows-prompts-describing-child-sexual-abuse-2/
It's all over for lonely degenerates. Say a prayer 🙏
https://www.404media.co/hacked-ai-girlfriend-data-shows-prompts-describing-child-sexual-abuse-2/
404 Media
Hacked ‘AI Girlfriend’ Data Shows Prompts Describing Child Sexual Abuse
A hacked database from AI companion site Muah.ai exposes peoples' particular kinks and fantasies they've asked their bot to engage in. It also shows many of them are trying to use the platform to generate child abuse material.
🤣90😢28😱20🤯11🙏8🫡6❤3👍3🤔3🎉1💯1
We are considering implementing a clause where companies with a specific amount of revenue must pay for the right to download malware from us.
It's irritating seeing multi-million or multi-billion dollar companies profit off our work
tl;dr becoming a villain
It's irritating seeing multi-million or multi-billion dollar companies profit off our work
tl;dr becoming a villain
💯243👏27👍21❤14🤣11🫡9🔥3❤🔥2😢1😘1
vx-underground
We are considering implementing a clause where companies with a specific amount of revenue must pay for the right to download malware from us. It's irritating seeing multi-million or multi-billion dollar companies profit off our work tl;dr becoming a villain
We love hearing that students, the morbidly curious, and independent researchers use our website.
We don't like watching your multi-million dollar company scrape our malware collection for their 'AI' training set.
We don't like watching your multi-million dollar company scrape our malware collection for their 'AI' training set.
👍138👏22💯21❤13🤣7😱3❤🔥1🔥1🥰1😢1😎1
Malware Ingestion statistics, August 2024:
2024-08-01: 15,604
2024-08-02: 13,593
2024-08-03: 12,354
2024-08-04: 12,679
2024-08-05: 12,245
2024-08-06: 12,914
2024-08-07: 14,432
2024-08-08: 15,054
2024-08-09: 13,625
2024-08-10: 20,955
2024-08-11: 23,064
2024-08-12: 22,850
2024-08-13: 19,464
2024-08-14: 15,219
2024-08-15: 114,050
2024-08 -16: 70,162
2024-08-17: 93,572
2024-08-18: 138,520
2024-08-19: 178,314
2024-08-20: 87,425
2024-08-21: 146,435
2024-08-22: 306,526
2024-08-23: 208,720
2024-08-24: 133,827
2024-08-25: 7,533
2024-08-26: 19,108
2024-08-27: 18,980
2024-08-28: 21,085
2024-08-29: 16,032
2024-08-30: 17,327
2024-08-31: 17,620
Total: 1,821,596
Size: 230GB (7z Ultra compressed)
2024-08-01: 15,604
2024-08-02: 13,593
2024-08-03: 12,354
2024-08-04: 12,679
2024-08-05: 12,245
2024-08-06: 12,914
2024-08-07: 14,432
2024-08-08: 15,054
2024-08-09: 13,625
2024-08-10: 20,955
2024-08-11: 23,064
2024-08-12: 22,850
2024-08-13: 19,464
2024-08-14: 15,219
2024-08-15: 114,050
2024-08 -16: 70,162
2024-08-17: 93,572
2024-08-18: 138,520
2024-08-19: 178,314
2024-08-20: 87,425
2024-08-21: 146,435
2024-08-22: 306,526
2024-08-23: 208,720
2024-08-24: 133,827
2024-08-25: 7,533
2024-08-26: 19,108
2024-08-27: 18,980
2024-08-28: 21,085
2024-08-29: 16,032
2024-08-30: 17,327
2024-08-31: 17,620
Total: 1,821,596
Size: 230GB (7z Ultra compressed)
🔥50🫡9🎉8😁5👍3❤2👏2💯1
Yesterday someone wrote that Lockbit ransomware group is making a training course. Is this true?
tl;dr no
1. LockbitSupp a/k/a Dimitry Yuryevich Khoroshev is a Russian national who has stolen an estimated $400,000,000 via ransomware. Does he need money by producing and selling a training course? Probably not.
2. According to the United States Federal Bureau of Investigation and United Kingdom National Crime Agency, Lockbit ransomware group had affiliates who were members of EvilCorp, an infamous Russian-based malware crime family who the family is estimated to have made hundreds of millions of dollars. EvilCorp is believed to have ties to the Russian FSB. Does he need money by producing and selling a training course? Probably not.
3. LockbitSupp does not speak English well. Why would he write a course in English? (in the photo shared it was written in English, native English with virtually no typos or funky spelling)
4. The photo shared mentioned Breached. LockbitSupp is not associated with Breached. He is a Russian national, does not speak English well, and does not traditionally trust foreigners (or anyone really, except maybe his most esteemed ransomware affiliates). His primary forum platforms for communication and recruitment has been Exploit and RAMP
5. We asked Lockbit if he was making a training course, he said no. Note his native English (sarcasm, a native English speaker would write, "no, why do you ask?")
tl;dr no
1. LockbitSupp a/k/a Dimitry Yuryevich Khoroshev is a Russian national who has stolen an estimated $400,000,000 via ransomware. Does he need money by producing and selling a training course? Probably not.
2. According to the United States Federal Bureau of Investigation and United Kingdom National Crime Agency, Lockbit ransomware group had affiliates who were members of EvilCorp, an infamous Russian-based malware crime family who the family is estimated to have made hundreds of millions of dollars. EvilCorp is believed to have ties to the Russian FSB. Does he need money by producing and selling a training course? Probably not.
3. LockbitSupp does not speak English well. Why would he write a course in English? (in the photo shared it was written in English, native English with virtually no typos or funky spelling)
4. The photo shared mentioned Breached. LockbitSupp is not associated with Breached. He is a Russian national, does not speak English well, and does not traditionally trust foreigners (or anyone really, except maybe his most esteemed ransomware affiliates). His primary forum platforms for communication and recruitment has been Exploit and RAMP
5. We asked Lockbit if he was making a training course, he said no. Note his native English (sarcasm, a native English speaker would write, "no, why do you ask?")
👍72🤣37❤6👏5😁2🤯2😢1
vx-underground
Yesterday someone wrote that Lockbit ransomware group is making a training course. Is this true? tl;dr no 1. LockbitSupp a/k/a Dimitry Yuryevich Khoroshev is a Russian national who has stolen an estimated $400,000,000 via ransomware. Does he need money by…
In summary: the person who claimed Lockbit ransomware group was making a training course was doing it as a publicity stunt (probably) to attract people to their training course (crime focused?).
We give it a 7/10. It fooled some people.
We give it a 7/10. It fooled some people.
😁69🤣23😎11👏5😢4👍3
> be fall season
> get chilly outside
> turn off air conditioning
> get on pc
> compress 150gb blobs of malware
> office becomes inescapable fiery hell
> turn ac back on
> entire house freezing cold
> office still burning hot
¯\_(ツ)_/¯
> get chilly outside
> turn off air conditioning
> get on pc
> compress 150gb blobs of malware
> office becomes inescapable fiery hell
> turn ac back on
> entire house freezing cold
> office still burning hot
¯\_(ツ)_/¯
🔥102🤣35🤝6❤4😢3🤓2👍1🤔1
vx-underground
The wayback machine has been compromised. See you all in HIBP!
Note:
Final update and confirmations:
The compromise has been confirmed via BleepinComputer and TroyHunt. 31,000,000 users impacted. There is no confirmed information on how the site was compromised. No Threat Actor(s) have been attributed to the compromise. More information is available on their respective social media platforms. More information will probably become available in the following hours or days.
Unrelated to the defacement and compromise, Sn_darkmeta claims to have been DDoSing Internet Archive. They state they're DDoSing the website because the United States government supports Israel and The Internet Archive belongs (?) to the United States.
Final update and confirmations:
The compromise has been confirmed via BleepinComputer and TroyHunt. 31,000,000 users impacted. There is no confirmed information on how the site was compromised. No Threat Actor(s) have been attributed to the compromise. More information is available on their respective social media platforms. More information will probably become available in the following hours or days.
Unrelated to the defacement and compromise, Sn_darkmeta claims to have been DDoSing Internet Archive. They state they're DDoSing the website because the United States government supports Israel and The Internet Archive belongs (?) to the United States.
🤣175😱27😢20🤯16🤔10👍7❤🔥1❤1
We woke up to hate mail.
Some people believe we're responsible for DDoS and/or compromise of The Internet Archive. We did not DDoS and/or compromise The Internet Archive
Regardless, thanks for calling us mentally handicapped and saying we should commit suicide.
Some people believe we're responsible for DDoS and/or compromise of The Internet Archive. We did not DDoS and/or compromise The Internet Archive
Regardless, thanks for calling us mentally handicapped and saying we should commit suicide.
🥰162🤣69😢28💯9👏7👍4🤯3❤🔥2😁2🤓2🎉1
vx-underground
We woke up to hate mail. Some people believe we're responsible for DDoS and/or compromise of The Internet Archive. We did not DDoS and/or compromise The Internet Archive Regardless, thanks for calling us mentally handicapped and saying we should commit suicide.
We're not entirely sure what is happening right now, but we suspect this person thinks we are responsible for the attacks against The Internet Archive.
It also has 94,000 likes and 1.8M views
It also has 94,000 likes and 1.8M views
🤣312😁18🤔10😢10❤5👏4👍2😱2💯2🎉1🤓1