vx-underground
26.02.202522:44
> want to be fancy
> want to call NtRegisterClassExWOW
> want to call NtUserCreateWindowEx
> opens user32.dll
> opens win32u.dll
mfw
> want to call NtRegisterClassExWOW
> want to call NtUserCreateWindowEx
> opens user32.dll
> opens win32u.dll
mfw
26.02.202505:30
February 12, 2025, an unknown Threat Actor was able to compromise a person at the United States Department of Defense.
We have not received information on how the e-mail was compromised and/or what was achieved from the compromise.
We have confirmed the Threat Actor lost access soon after they got access to the e-mail address. However, we have no details as to how long "soon" is.
We have not received information on how the e-mail was compromised and/or what was achieved from the compromise.
We have confirmed the Threat Actor lost access soon after they got access to the e-mail address. However, we have no details as to how long "soon" is.
23.02.202515:34
Hello,
I've contracted the Influenza virus. I've got a fever of 102.4f (39.1c).
If I die, bury me with my cat pictures
- smelly smellington
I've contracted the Influenza virus. I've got a fever of 102.4f (39.1c).
If I die, bury me with my cat pictures
- smelly smellington
23.02.202500:58
Using SSL? You're a fuckin' sick piece of shit
21.02.202522:48
> go gas station for energy drinks
> group of kids loitering outside
> 4 or 5 of them, probably 12 - 14 years old
> leader is obese kid with cool looking shoes
> obese kid: "what's up bro?"
> i reply, "what's up, man?"
> he replies, "my cholesterol"
> they all laugh
mfw
> group of kids loitering outside
> 4 or 5 of them, probably 12 - 14 years old
> leader is obese kid with cool looking shoes
> obese kid: "what's up bro?"
> i reply, "what's up, man?"
> he replies, "my cholesterol"
> they all laugh
mfw
21.02.202520:10
In December, 2024, Lockbit ransomware group gave us access to the their builder panel.
Now we're banned from Lockbit.
We were informed that some people, when reverse engineering the malware samples we shared, decided to pentest the victim chat client.
RIP free malware
Now we're banned from Lockbit.
We were informed that some people, when reverse engineering the malware samples we shared, decided to pentest the victim chat client.
RIP free malware
26.02.202519:07
We're (still) migrating the virus-dot-exchange database.
We've moved 8,915,959 malwares. We have a lot more to move still.
We have malware.
We've moved 8,915,959 malwares. We have a lot more to move still.
We have malware.
26.02.202503:51
Lockbit said, "I am an honest businessman who paid so much tax to Our American Treasury and never did a Tax Refund, letting the black folks do it for me."
23.02.202505:54
22.02.202517:12
Apparently it's "illegal" and "unethical" to dispose of used car batteries in the ocean smh
21.02.202521:39
We've got some giveaways coming up.
- Books
- Expensive laptop
More news soon
Cheers,
- Books
- Expensive laptop
More news soon
Cheers,
21.02.202518:25
Congratulations to our cybersecurity colleagues in the United Kingdom. They're probably very happy about this.
(this is sarcasm, don't go schizo in the comments)
https://www.bbc.com/news/articles/cgj54eq4vejo
(this is sarcasm, don't go schizo in the comments)
https://www.bbc.com/news/articles/cgj54eq4vejo
26.02.202515:51
26.02.202503:48
Today Lockbit ransomware group issued a message to Kash Patel, the new Director of the United States Federal Bureau of Investigation. He requested Kash Patel contact him via Tox and offered him a file titled "personal_gift_for_new_director_FBI_Kash_Patel.7z".
The file is password protected. We don't know what is inside the file. Here is the message Lockbit passed along via their Lockbit website.
"Dear Kash Patel! I wish you Happy Birthday!
I also congratulate you on your position as the ninth director of the Federal Bureau of Investigation and wish you professional success, because it will be not easy for you.
You are surrounded by liars, professional manipulators, respected Kash Patel. The so-called “agents” who are under your supervision are tricky manipulators and the whole point of their manipulation is to do nothing, but you have to do something about it, Mr. Kash Patel.
I have been called “extortionist” and “blackmailer” a lot, but I am a worthy son of the American Fatherland, a son of immigrants like you, dear Kash Patel! God bless our Motherland! My whole life, like your life is filled with concern for National Security.
My business, from which I have paid so much tax, post-paid pentest, I created only to make us all, in our United States of America, a more secure place to live.
A safer, more secure place from the Real Threat — trans-continental pro-state group that attacks critical infrastructure to steal our data for Espionage and Diversion.
But these very real extortionists, liars, blackmailers, manipulators, known to you as subordinates — FBI agents, have flooded our country with fakes and declared me as a threat.
I am an honest businessman who paid so much tax to Our American Treasury and never did a Tax Refund, letting the black folks do it for me.
I decided to give you the best gift of all — an archive of classified information for you personally, Mr. Kash Patel.
A guide, a roadmap, and some friendly advice. With access level ONLY for you, under password.
This information is for the benefit of the National Security of the United States of America, information for you on how to find the TRUTH, which our brother US President Donald Trump also wants to find.
This information is the key against LIES, the cure against FAKES.
Please contact me personally, I am so reluctant to publish this information that could not only negatively affect the reputation of the FBI, but destroy it as a STRUCTURE.
Because I really want you to be, Honorable Kash Patel, not only the Director of the FBI, but also the Director of the FBI History Museum. To have you tell our STORY — how we defeated the fakes and corrupt FBI agents."
The file is password protected. We don't know what is inside the file. Here is the message Lockbit passed along via their Lockbit website.
"Dear Kash Patel! I wish you Happy Birthday!
I also congratulate you on your position as the ninth director of the Federal Bureau of Investigation and wish you professional success, because it will be not easy for you.
You are surrounded by liars, professional manipulators, respected Kash Patel. The so-called “agents” who are under your supervision are tricky manipulators and the whole point of their manipulation is to do nothing, but you have to do something about it, Mr. Kash Patel.
I have been called “extortionist” and “blackmailer” a lot, but I am a worthy son of the American Fatherland, a son of immigrants like you, dear Kash Patel! God bless our Motherland! My whole life, like your life is filled with concern for National Security.
My business, from which I have paid so much tax, post-paid pentest, I created only to make us all, in our United States of America, a more secure place to live.
A safer, more secure place from the Real Threat — trans-continental pro-state group that attacks critical infrastructure to steal our data for Espionage and Diversion.
But these very real extortionists, liars, blackmailers, manipulators, known to you as subordinates — FBI agents, have flooded our country with fakes and declared me as a threat.
I am an honest businessman who paid so much tax to Our American Treasury and never did a Tax Refund, letting the black folks do it for me.
I decided to give you the best gift of all — an archive of classified information for you personally, Mr. Kash Patel.
A guide, a roadmap, and some friendly advice. With access level ONLY for you, under password.
This information is for the benefit of the National Security of the United States of America, information for you on how to find the TRUTH, which our brother US President Donald Trump also wants to find.
This information is the key against LIES, the cure against FAKES.
Please contact me personally, I am so reluctant to publish this information that could not only negatively affect the reputation of the FBI, but destroy it as a STRUCTURE.
Because I really want you to be, Honorable Kash Patel, not only the Director of the FBI, but also the Director of the FBI History Museum. To have you tell our STORY — how we defeated the fakes and corrupt FBI agents."
23.02.202505:54
The second we heard about the Bybit compromise we said "Ah, Lazarus".
We had zero evidence. Zero information on the compromise. We didn't even bother seeing other's opinions.
We had zero evidence. Zero information on the compromise. We didn't even bother seeing other's opinions.
22.02.202506:48
21.02.202520:41
We have been notified there are 2 people with the alias "UnicornLover67" and this person named "UnicornLover67" is not the real "UnicornLover67" but someone else using the moniker "UnicornLover67".
Someone requested we make that explicitly clear.
Someone requested we make that explicitly clear.
21.02.202517:54
Bybit had approx. $1,400,000,000 stolen today.
We don't know what that is, or what's going on, but that's a lot of money and ZachXBT is all over it on Telegram
More information: https://t.me/investigations/211
We don't know what that is, or what's going on, but that's a lot of money and ZachXBT is all over it on Telegram
More information: https://t.me/investigations/211
26.02.202509:18
Apparently this needs to be said because people expressed concern regarding this post.
This is not medical advice, this is just a personal experience. Consult a doctor and do research. Don't listen to some stinky nerd on the internet. Yada yada yada, drugs are bad
This is not medical advice, this is just a personal experience. Consult a doctor and do research. Don't listen to some stinky nerd on the internet. Yada yada yada, drugs are bad
24.02.202508:12
It's difficult to code when you've got the Influenza virus. You'll try to lock in, but the fever visions combined with the heap spray-like dysentery makes it difficult.
23.02.202501:00
The National Crime Agency of the UK encrypting data internally in the event of a breach? DISGUSTING
21.02.202523:23
Dear BlackBasta (who is probably following us online),
Please contact us. I wanna say "Hi" and send you pictures of cats.
Thanks,
Please contact us. I wanna say "Hi" and send you pictures of cats.
Thanks,
21.02.202520:29
A Threat Actor operating under the moniker "UnicornLover67" compromised the Houston, Texas Police Department (H.P.D. — Houston Police Department) and exfiltrated a colossal amount of data.
"UnicornLover67" subsequently tried to extort the HPD. When the HPD did not pay UnicornLover67 so they could purchase IceSpice (in Fortnite?) and "cop some Nikes", they leaked the HPD's data online.
Additionally, to notify the HPD of the data leak, they replaced all internal training videos with a new "Training Video". The "Training Video" is a heavily edited video displaying UnicornLover67 leaking the data online, demonstrating some of the data they possess, while playing "Kill the Police - Destroy the System" by GG Allin.
We're sharing the video. However, we have removed the ending portion because it contains A LOT of sensitive information.
"UnicornLover67" subsequently tried to extort the HPD. When the HPD did not pay UnicornLover67 so they could purchase IceSpice (in Fortnite?) and "cop some Nikes", they leaked the HPD's data online.
Additionally, to notify the HPD of the data leak, they replaced all internal training videos with a new "Training Video". The "Training Video" is a heavily edited video displaying UnicornLover67 leaking the data online, demonstrating some of the data they possess, while playing "Kill the Police - Destroy the System" by GG Allin.
We're sharing the video. However, we have removed the ending portion because it contains A LOT of sensitive information.
21.02.202506:53
Regarding the BlackBasta leaks: we haven't reviewed them in totality yet. It's quite a bit of messages in JSON format. It also has some Russian slang which makes it difficult to translate accurately. Thankfully there are some native Russian speakers who have made some interesting highlights.
1. Somewhere in the conversation BlackBasta members discuss Lockbit ransomware group. They believe he cannot be trusted.
2. In the conversation Dispossessor ransomware group is discussed. Dispossessor wants to join BlackBasta. One of the members "Hshsi Jdidi" says they believe Dispossessor has a "good resume" but think they only want to work with them because of their "fame". They also express concern that Dispossessor may be a law enforcement officer. They express concern with the takedowns from Lockbit, Conti, and others.
3. One of the BlackBasta affiliates is a minor. They are 17 years old.
4. They are EXTREMELY interested in VPN exploits. They go to great lengths to acquire, purchase, or find people, capable of delivering VPN exploits.
5. Someone is wanting to grant them access (or sell them access) to their private loader for the cost of $84,000/month
6. Following the success of Scattered Spider, BlackBasta has begun incorperating social engineering into their operations. They have a person named "Nur" who is responsible for identifying key personnel at organizations they want to target. Once a person of influence is identified (manager, HR, etc) they contact them via telephone call.
7. BlackBasta maintains a spreadsheet of victims they're trying to target. It is shared between members and they collaborate on it together. It has the person of interest, if they've tried social engineering them, and general strategy notes. They often identify multiple targets at companies.
8. The caller who contacts victims is tasked with having the employee install "Remote Monitoring and Management" from level-dot-io. Once the application is installed they begin work (eventually).
9. Targets are not selected randomly. BlackBasta has immense interest in Electrical companies, Industrial supply chain companies (Steel, wood, recycling, general supplies), and Tax and/or Financial management companies (companies which manage finances for other companies).
10. Their workflow is documented fairly well. However, because these leaks are from 2023 - 2024, they may be outdated. Here is the general idea:
Step 1: Get victim to execute malicious .HTA file. The .HTA file is delivered from either a masqueraded malicious download link, social engineering, or a masqueraded malicious e-mail
Step 2: The .HTA file drops a .BAT or .EXE file which contains commands to connect to their C2 server.
Step 3: The C2 server has a .JS file which can then deliver an actual payload file allowing either ransomware deployment, or tooling for remote access.
1. Somewhere in the conversation BlackBasta members discuss Lockbit ransomware group. They believe he cannot be trusted.
2. In the conversation Dispossessor ransomware group is discussed. Dispossessor wants to join BlackBasta. One of the members "Hshsi Jdidi" says they believe Dispossessor has a "good resume" but think they only want to work with them because of their "fame". They also express concern that Dispossessor may be a law enforcement officer. They express concern with the takedowns from Lockbit, Conti, and others.
3. One of the BlackBasta affiliates is a minor. They are 17 years old.
4. They are EXTREMELY interested in VPN exploits. They go to great lengths to acquire, purchase, or find people, capable of delivering VPN exploits.
5. Someone is wanting to grant them access (or sell them access) to their private loader for the cost of $84,000/month
6. Following the success of Scattered Spider, BlackBasta has begun incorperating social engineering into their operations. They have a person named "Nur" who is responsible for identifying key personnel at organizations they want to target. Once a person of influence is identified (manager, HR, etc) they contact them via telephone call.
7. BlackBasta maintains a spreadsheet of victims they're trying to target. It is shared between members and they collaborate on it together. It has the person of interest, if they've tried social engineering them, and general strategy notes. They often identify multiple targets at companies.
8. The caller who contacts victims is tasked with having the employee install "Remote Monitoring and Management" from level-dot-io. Once the application is installed they begin work (eventually).
9. Targets are not selected randomly. BlackBasta has immense interest in Electrical companies, Industrial supply chain companies (Steel, wood, recycling, general supplies), and Tax and/or Financial management companies (companies which manage finances for other companies).
10. Their workflow is documented fairly well. However, because these leaks are from 2023 - 2024, they may be outdated. Here is the general idea:
Step 1: Get victim to execute malicious .HTA file. The .HTA file is delivered from either a masqueraded malicious download link, social engineering, or a masqueraded malicious e-mail
Step 2: The .HTA file drops a .BAT or .EXE file which contains commands to connect to their C2 server.
Step 3: The C2 server has a .JS file which can then deliver an actual payload file allowing either ransomware deployment, or tooling for remote access.
दिखाया गया 1 - 24 का 967
अधिक कार्यक्षमता अनलॉक करने के लिए लॉगिन करें।