We are now selling the ARREST WAZAWAKA shirt. The front of the shirt says "Arrest Wazawaka" in English and Russian. The back contains his FBI Most Wanted Poster. The sides of the shirt contain the ransomware groups he was most known to be part of (omit Babuk).
ARREST WAZAWAKA!
ARREST WAZAWAKA!
π₯64π9π9π5π«‘5β€2
This media is not supported in your browser
VIEW IN TELEGRAM
π₯30π«‘16π€6π₯°2
Someone made this and requested we post it. Zoomers gonna be zoomers
β€19π8π€3
We received quite a few e-mails today from the Red Cross of Italy - compromised e-mails. The compromised e-mails come from an unknown individual asserting that the Red Cross of Italy is stealing (and laundering?) money
They also say they're not going to ransom them
Β―\_(γ)_/Β―
They also say they're not going to ransom them
Β―\_(γ)_/Β―
π€46π€―11π8β€2π’2
Twitter no longer displays the full URL to websites linked in posts.
Will people try to use this to phish people?
Will people try to use this to phish people?
Anonymous Poll
90%
Yes, sooner or later
3%
No, it won't work
7%
They'll try but fail
π―31π€6β€1
August 29, 2023 the United States Federal Bureau of Investigation announced the takedown (or dismantling?) of the infamous and long reigning botnet, Qakbot.
Qakbot is believed to have started in 2007, or 2008. Others argue that Qakbot (in its current form) appeared sometime in 2015 or 2016. Qakbot has been around a long time, and it appears the group intends on staying around for a lot longer.
Today Talos Intelligence shared information on the continuing operations of Qakbot. It is now believed the FBI (and associated partners) took down Qakbots C2 infrastructure. They did not takedown their spam delivery infrastructure. Talos noted previous Qakbot campaigns, labeled as "AA" and "BB", are active once again and note the distribution of Ransom Knight ransomware (alternatively referred to as Cyclops) and the Remcos backdoor.
You can read the full writeup- IOCs, further analysis of Qakbot AA/BB campaign, and more, here:
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
Qakbot is believed to have started in 2007, or 2008. Others argue that Qakbot (in its current form) appeared sometime in 2015 or 2016. Qakbot has been around a long time, and it appears the group intends on staying around for a lot longer.
Today Talos Intelligence shared information on the continuing operations of Qakbot. It is now believed the FBI (and associated partners) took down Qakbots C2 infrastructure. They did not takedown their spam delivery infrastructure. Talos noted previous Qakbot campaigns, labeled as "AA" and "BB", are active once again and note the distribution of Ransom Knight ransomware (alternatively referred to as Cyclops) and the Remcos backdoor.
You can read the full writeup- IOCs, further analysis of Qakbot AA/BB campaign, and more, here:
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
Cisco Talos Blog
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
π€£38π12β€2π―2
We recommend reading "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War" by Geoff White.
The book provides key insights into North Korea's geopolitical motivations, historical context, the Kim Dynasties evolution from smuggling goods, methamphetamine production, their suspected USD counterfeiting operations (Superdollars!) to the present Lazarus Group as we know it.
From a technical perspective, the book is subpar - however it is evident this books target audience is not for the technically inclined. This is not a malware analysis book.
But, this book provides incredible (literally, absolutely incredible) insight into how Lazarus Group thoroughly performed reconnaissance on targets, how they precisely modified SWIFT environments in an attempt to steal $1,000,000,000 from the Bank of Bangladesh, and how their attacks against organizations effected company executives, individual employees, politicians, journalists, and law enforcement from all across the globe.
10/10
The book provides key insights into North Korea's geopolitical motivations, historical context, the Kim Dynasties evolution from smuggling goods, methamphetamine production, their suspected USD counterfeiting operations (Superdollars!) to the present Lazarus Group as we know it.
From a technical perspective, the book is subpar - however it is evident this books target audience is not for the technically inclined. This is not a malware analysis book.
But, this book provides incredible (literally, absolutely incredible) insight into how Lazarus Group thoroughly performed reconnaissance on targets, how they precisely modified SWIFT environments in an attempt to steal $1,000,000,000 from the Bank of Bangladesh, and how their attacks against organizations effected company executives, individual employees, politicians, journalists, and law enforcement from all across the globe.
10/10
π79β€16π₯9π«‘7π7π4π€3π±2
When developing malware it is important to inform any potential analysts the code is not malicious. Leave them a simple message, leave a string in the code as simple as "this is not malware, go away".
π€£87π€26π€―11π6β€5π4π3π―2
We're uploading 228,030 new malware samples to our VXDB (223GB uncompressed).
Reminder that our malware database is free. You can search through our entire malware collection and download to your hearts content =D
Total samples available: 18,995,422
https://virus.exchange
Reminder that our malware database is free. You can search through our entire malware collection and download to your hearts content =D
Total samples available: 18,995,422
https://virus.exchange
β€βπ₯69β€15π6π₯3
Hello Kitty ransomware group, the group most known for ransoming video game publisher CD Projekt Red, had their source code leaked online today.
Information and data via 3xp0rtblog
You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
Information and data via 3xp0rtblog
You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of differentβ¦
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
π₯40π―5π3π’2
vx-underground
Hello Kitty ransomware group, the group most known for ransoming video game publisher CD Projekt Red, had their source code leaked online today. Information and data via 3xp0rtblog You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
It should be noted however that the leaker, kapuchin0, states he (Hello Kitty ransomware?) no longer need this and they intend on developing something superior to Lockbit ransomware group.
π€£55π―5π3β€1π₯1
Sebastien Raoult, known online as Sezyo Kaizen, an affiliate (or as the courts write, 'co-conspirator') to the ShinyHunters data broker group, has plead guilty in the United States for conspiracy to commit wire fraud and aggravated identity theft
He is facing 27 years in prison
He is facing 27 years in prison
π«‘76π±21π€―8π€£8β€3π1
If exploit developers, reverse engineers, and malware developers were alive in the medieval era they'd be the crazy person living out in the woods trying to perform alchemy spells like turning wood into gold
β€βπ₯86π50π―18π5β€4π«‘3