vx-underground
Now being referred to as "The Computer Virus Guy" Milady, might I tempt thee with a most exquisite computer virus?
Perhaps a charming ransomware, or perchance a distinguished information stealer? Hmmmm?
β€βπ₯51π₯°13π€£8β€1π1π’1
Everyone please pray for our friend Franklin. His Father got diagnosed with Sugma. It's fatal.
π’75π19π€£6β€βπ₯5β€1π₯1
Something interesting happened.
The United Kingdom Ministry of Justice (UK MoJ) e-mailed UNC6040 (ShinyHunters and/or UNC3944), the individual(s) believed to be responsible for the compromise(s) of Salesforce, United Kingdom Legal Aid Agency, PowerSchool, Oracle Cloud, and Snowflake.
The Ministry of Justice discovered the disposable e-mail used by the Threat Actor(s) and subsequently e-mailed them a court summons for the crimes committed.
We have a copy of the court summons.
The United Kingdom Ministry of Justice (UK MoJ) e-mailed UNC6040 (ShinyHunters and/or UNC3944), the individual(s) believed to be responsible for the compromise(s) of Salesforce, United Kingdom Legal Aid Agency, PowerSchool, Oracle Cloud, and Snowflake.
The Ministry of Justice discovered the disposable e-mail used by the Threat Actor(s) and subsequently e-mailed them a court summons for the crimes committed.
We have a copy of the court summons.
π₯33π€£30π6β€4π’1π€1
vx-underground
Something interesting happened. The United Kingdom Ministry of Justice (UK MoJ) e-mailed UNC6040 (ShinyHunters and/or UNC3944), the individual(s) believed to be responsible for the compromise(s) of Salesforce, United Kingdom Legal Aid Agency, PowerSchoolβ¦
As silly as this reads, I don't personally believe the Ministry of Justice actually believed the individuals responsible for these attacks would appear before the courts.
It seems like a formality. If in the event someone is apprehended in the future, the prosecution can state they refused to appear before the courts hence they're fugitives, or fugitive-like.
It seems like a formality. If in the event someone is apprehended in the future, the prosecution can state they refused to appear before the courts hence they're fugitives, or fugitive-like.
β€32π11π5π―5π₯1π₯°1π€1π€1
As is tradition I will not be personally attending DEFCON this year.
I will be attending DEFCON as my first ever computer conference in 2027. I'm just waiting for the statute of limitations for wire fraud to hit.
Hahaha just kidding, that's crazy talk
I will be attending DEFCON as my first ever computer conference in 2027. I'm just waiting for the statute of limitations for wire fraud to hit.
Hahaha just kidding, that's crazy talk
π€£53π€15π«‘8β€5π₯1π1π±1π’1
vx-underground
As is tradition I will not be personally attending DEFCON this year. I will be attending DEFCON as my first ever computer conference in 2027. I'm just waiting for the statute of limitations for wire fraud to hit. Hahaha just kidding, that's crazy talk
But no seriously, 2027 I'll probably be there.
π₯°40β€12π₯10π5π’2
vx-underground
h313n_0f_t0r while be at DEFCON representing us. She will have several different limited edition vx-underground stickers. Two are holographic. One is glow-in-the-dark. If you see her say "Hello" and grab a sticker.
Oh, and do not touch her.
You do not need to touch her to get her attention. You do not need to suddenly grab her to get her attention. You do not need to touch her during any point of the conversation.
Thanks
You do not need to touch her to get her attention. You do not need to suddenly grab her to get her attention. You do not need to touch her during any point of the conversation.
Thanks
π76π«‘32π―12π€£11β€βπ₯4π’4π€4β€3π€3π±3π€―2
"Tim Je" made a website that uses AI to programmatically generate fake IDs of United Kingdom politicians. This was done to mock the United Kingdom Online Safety Act
https://use-their-id.com/
https://use-their-id.com/
π103π₯23β€18π€£14π―6π«‘5π4π1
All of our artwork is now available for download. You can use this to produce merch, stickers, or whatever else you'd like.
You're free to do whatever you want with it. However, if you make a profit, give us some money. If you don't... you're mean.
https://vx-underground.org/Art
You're free to do whatever you want with it. However, if you make a profit, give us some money. If you don't... you're mean.
https://vx-underground.org/Art
β€67β€βπ₯24π₯11π8π’1
I've decided I'm going to name my Red Team tool "Meow Meow Kitty Cat Meow Meow Loader".
It is a small tool suite where someone can programmatically embed a payload (.exe, .sys, .dll, etc) into a picture (currently only .BMP images).
It was 3 different binaries present:
- Inserter: CLI for embedding payloads into a target BMP file.
- Remover: CLI tool for testing if the embed process worked correctly. Extracts embedded payload into target destination. Does nothing else
- Meow Meow Kitty Cat Meow Meow Loader: Unnecessarily over-complicated and evasive binary which, only using indirect-syscalls, programmatically extracts the payload from a target .BMP. Extracted payload is executed in-memory, embedded payload never touches the disk
Only writing this because I was bored and wanting to do something with steganography. I may in the future expand to handle .TIFF, .PNG, or over-complicate it more and use Windows COM and/or GDI+ to handle the steganography process. I may also explore doing it with audio or video.
It is a small tool suite where someone can programmatically embed a payload (.exe, .sys, .dll, etc) into a picture (currently only .BMP images).
It was 3 different binaries present:
- Inserter: CLI for embedding payloads into a target BMP file.
- Remover: CLI tool for testing if the embed process worked correctly. Extracts embedded payload into target destination. Does nothing else
- Meow Meow Kitty Cat Meow Meow Loader: Unnecessarily over-complicated and evasive binary which, only using indirect-syscalls, programmatically extracts the payload from a target .BMP. Extracted payload is executed in-memory, embedded payload never touches the disk
Only writing this because I was bored and wanting to do something with steganography. I may in the future expand to handle .TIFF, .PNG, or over-complicate it more and use Windows COM and/or GDI+ to handle the steganography process. I may also explore doing it with audio or video.
π₯°71β€16π11β€βπ₯4π€4π₯3π2π€£2π€2π’1
vx-underground
I've decided I'm going to name my Red Team tool "Meow Meow Kitty Cat Meow Meow Loader". It is a small tool suite where someone can programmatically embed a payload (.exe, .sys, .dll, etc) into a picture (currently only .BMP images). It was 3 different binariesβ¦
It'll be open source so you can do whatever you want with it. The name is so stupid. Please recommend the tool to colleagues for literally no reason other than them (or you) having to verbally say the words "Meow Meow Kitty Cat Meow Meow".
β€74π18π12π€5π’1π€1
Dear tiny people living inside my computer,
We've updated the malware library. 500,217 malwares added. Thank you petikvx for getting the malwares.
Please download the malware
We've updated the malware library. 500,217 malwares added. Thank you petikvx for getting the malwares.
Please download the malware
π53β€15π«‘9π€£7β€βπ₯5π’1π€1
tl;dr scattered spider, or super group of scattered spider nerds, leak data from coca cola partnership place, data isnt super bad. coca cola didnt pay. they diss a bunch of places and say funny things
Earlier today an unknown group, which appears to have overlap between Scattered Spider, "ShinyHunters", and only God knows who else, dumped data from an alleged Coca Cola breach. Specifically, this is the Coca Cola Euro-Pacific Partnership. This is NOT the Coca Cola HQ.
This group is jokingly referring to themselves as "Scattered Spider LAPSU$ Sp1d3r Hunters, UNC3944".
The UNC3944 segment of their name is the Threat Group name Mandiant has assigned to them.
The data was released by "UNC3944" (???) because Coca Cola allegedly refused to pay the ransom. Additionally, a "community poll" voted to release the data publicly.
Upon review of the data which was released, I can assert the data is legitimate. However, the data is not what I would define as "critical" to the Coca Cola company.
The data derives from a SalesForce application Coca Cola was using. The data which was released is primarily contact information of vendors who purchase product from them. It is in essence a massive collection of organizations and/or vendors which purchase from Coca Cola so they can sell Coca Cola products at their establishment.
The data being dumped publicly isn't something which would directly impact the day-to-day operations of Coca Cola, it also does not pose a risk to vendor purchasers because it is primarily representative contact information which may already be public information. The primary cause of concern in this data dump is it may give Threat Actors a curated list of potential targets.
Interestingly, Coca Cola abides by data privacy regulations and/or laws and removes vendor information when an agreement is terminated. There are big chunks of the data dump which contain "Removed PII" in every applicable field.
When UNC3944 released the data, they mocked data privacy laws and various Cyber Threat Intelligence companies. This collective group has continually mocked Mandiant, CrowdStrike, the United States Federal Bureau of Investigation, and Unit221B.
They have referred to CrowdStrike as "CrowdShart". The insult to them is so childish it unironically made me laugh out loud.
They concluded their release of the data by asserting it is not a crime to release this stolen data because it falls within "free speech" laws. They gave a shout-out to the United States government (omit the FBI) and United States President Donald J. Trump. They said, and quote, "LOVE U TRUMPSKI OFN".
OFN referencing "On Foe Nem".
Earlier today an unknown group, which appears to have overlap between Scattered Spider, "ShinyHunters", and only God knows who else, dumped data from an alleged Coca Cola breach. Specifically, this is the Coca Cola Euro-Pacific Partnership. This is NOT the Coca Cola HQ.
This group is jokingly referring to themselves as "Scattered Spider LAPSU$ Sp1d3r Hunters, UNC3944".
The UNC3944 segment of their name is the Threat Group name Mandiant has assigned to them.
The data was released by "UNC3944" (???) because Coca Cola allegedly refused to pay the ransom. Additionally, a "community poll" voted to release the data publicly.
Upon review of the data which was released, I can assert the data is legitimate. However, the data is not what I would define as "critical" to the Coca Cola company.
The data derives from a SalesForce application Coca Cola was using. The data which was released is primarily contact information of vendors who purchase product from them. It is in essence a massive collection of organizations and/or vendors which purchase from Coca Cola so they can sell Coca Cola products at their establishment.
The data being dumped publicly isn't something which would directly impact the day-to-day operations of Coca Cola, it also does not pose a risk to vendor purchasers because it is primarily representative contact information which may already be public information. The primary cause of concern in this data dump is it may give Threat Actors a curated list of potential targets.
Interestingly, Coca Cola abides by data privacy regulations and/or laws and removes vendor information when an agreement is terminated. There are big chunks of the data dump which contain "Removed PII" in every applicable field.
When UNC3944 released the data, they mocked data privacy laws and various Cyber Threat Intelligence companies. This collective group has continually mocked Mandiant, CrowdStrike, the United States Federal Bureau of Investigation, and Unit221B.
They have referred to CrowdStrike as "CrowdShart". The insult to them is so childish it unironically made me laugh out loud.
They concluded their release of the data by asserting it is not a crime to release this stolen data because it falls within "free speech" laws. They gave a shout-out to the United States government (omit the FBI) and United States President Donald J. Trump. They said, and quote, "LOVE U TRUMPSKI OFN".
OFN referencing "On Foe Nem".
π€£57β€14π₯°4π₯1π’1π«‘1
vx-underground
Holy shit, dude Zeekill got his own HBO documentary. This guy was a serial swatter and part of Lizard Squad. This guy was NOT a "dangerous hacker". He a swatter, DDoSer, and extortionist. HBO, dawg, don't glorify these guys.
Correction. it's HBO. I'm actually retarded. It says HBO in the image.
π€£62β€7π’6