88 88 88 88 88 88 8b d8 8b, ,d8 88 88 8b,dPPYba, ,adPPYb,88 ,adPPYba, 8b,dPPYba, ,adPPYb,d8 8b,dPPYba, ,adPPYba, 88 88 8b,dPPYba, ,adPPYb,88 `8b d8' `Y8, ,8P' aaaaaaaa 88 88 88P' `"8a a8" `Y88 a8P_____88 88P' "Y8 a8" `Y88 88P' "Y8 a8" "8a 88 88 88P' `"8a a8" `Y88 `8b d8' )888( """""""" 88 88 88 88 8b 88 8PP""""""" 88 8b 88 88 8b d8 88 88 88 88 8b 88 `8b,d8' ,d8" "8b, "8a, ,a88 88 88 "8a, ,d88 "8b, ,aa 88 "8a, ,d88 88 "8a, ,a8" "8a, ,a88 88 88 "8a, ,d88 "8" 8P' `Y8 `"YbbdP'Y8 88 88 `"8bbdP"Y8 `"Ybbd8"' 88 `"YbbdP"Y8 88 `"YbbdP"' `"YbbdP'Y8 88 88 `"8bbdP"Y8 aa, ,88 "Y8bbdP" * In this interview this person will be identified as LDR4-00-2022 (LDR4 Operator #0, 2022) * vx-underground has confirmed the work of LDR4-00-2022 - Current alias and previous aliases are omitted - Current and previous group associations are omitted смелли: Hello and thank you for reaching out to me. RM3/LDR4 is a very notorious group. This will be very interesting and I think many people will enjoy reading it. LDR4-00-2022: Thank you for agreeing to speak. So many people write about us lately and know nothing about the real people involved. смелли: Thanks. How did you find vx-underground? People always find us, but we can never find them:( LDR4-00-2022: I've been following your articles for a long time. You are one of those who communicates with people behind the screen. смелли: In private you sent us some photos of your botnet panel. Mandiant says you're RM3, LDR4, and have ties to ISFB. How accurate is this? LDR4-00-2022: Mandiant said a lot of things. We are ISFB -> RM2 - > RM3 -> LDR4. I don't like calling it LDR4 though. This is just my loader. смелли: Is this based off of the ISFB leak? LDR4-00-2022: Our building is exclusive. It has never leaked. смелли: And, to clarify, you're NOT a developer, correct? LDR4-00-2022: No, I have a more important role. I'm not a very good developer. смелли: What is more important than the developer? LDR4-00-2022: I am the organizer. Our program was custom-designed with many hands, and I organized it all. My group is mostly run by me. I have a couple of bosses, but it’s mostly just me. смелли: Do you have any sort of technical background? Or are you exclusively just a manager? LDR4-00-2022: I have experience in technology, I'm just not a developer. I always know what my employees are doing. смелли: How did you end up as the organizer of RM3? LDR4-00-2022: I already worked in the industry before RM3, using different versions of ISFB, but I did not earn good money. I was approached by my current boss, and we decided to form a team together. He’s the one with the connections. смелли: And who are your bosses? LDR4-00-2022: I will not discuss them. смелли: I meant - are they developers? Investors? LDR4-00-2022: They have money and connections. That is all that will be said. смелли: How long have you been acting as an organizer? How did you start? (without disclosing information on the investors) LDR4-00-2022: I have been doing this almost 7 years. My dream was to afford a first-class alcohol haha. I knew people in business who knew an easy way to make money. You don't have to be technical to make money. смелли: Hahahahahaha, really? LDR4-00-2022: Yes of course. I had a normal life, but it was unhappy. I had no money for my family, while I see that some Westerners do nothing and are treated like kings. I've lived for a long time, and I don't want to die a poor man. The ISFB job was a side job that I used to get where I am now. смелли: Does your family (or friends) know what you are doing? LDR4-00-2022: They do. смелли: Are you worried that you are a criminal? LDR4-00-2022: I don't call myself a criminal. If I see an opportunity, I use it. If people don't want their money stolen, they should guard it better. смелли: Does it bother your friends or family are you a criminal? LDR4-00-2022: I haven't been convicted yet. But they don't complain when they spend my money. смелли: You're a busy man. What's your day-to-day routine like acting as the organizer of RM3? LDR4-00-2022: We would be here all morning if I listed all my responsibilities, but the most important are the organization of developers who modify and update malware, and other workers who work with affiliates. I guarantee that the infrastructure will be set up properly and have to make sure everyone gets paid when they are due. I also need to make sure that I keep track of what researchers are saying about us online. That's why I like your page, since you are a post about important news. I do other jobs as well. I'm always on stackoverflow trying to teach myself and looking for new ideas to give to my developers. смелли: And what's your work schedule like? LDR4-00-2022: Very busy lately. This extortion service has been created for years, and now everyone is almost ready to start. My family hates it. I never get to spend time with them, and they don't even understand what we're trying to do. But they will soon be rewarded. That's why I said we should switch to extortion. so we can make more money, but work fewer hours. смелли: You mentioned an extortion service several times in passing outside of this interview. Could you explain more? LDR4-00-2022: Yes, I am running the RM3 botnet. But I'm also working on an extortion campaign. We have created our own cryptographer. смелли: Are you currently affiliated with any ransomware groups? LDR4-00-2022: We are not affiliated with anyone. смелли: What do you plan on calling your ransomware group? =D LDR4-00-2022: We'll call it star flock after Mandiant, they should have made a trademark haha. смелли: There are tons of different ransomware groups out there. Why make your own? How will it be different? LDR4-00-2022: I want my developers to use post-quantum encryption to make it more secure. We will also work on 85/15 split, which will make our fees lower than I’ve seen others charge. But, the pandemic fucked us up, and I realized that instead we need to move on to extortion. This is the only good way to make money now. смелли: When can we expect the new group? =D LDR4-00-2022: Very soon. Our affiliate program is already open. смелли: How do you find employees? LDR4-00-2022: We advertise. It takes so long to get the right people working for us. At least we don't resort to cheap advertising tricks like ***. смелли: Hahahaha. You don't like ***? LDR4-00-2022: Do you? смелли: I think ***, or the persons running the account, is funny. I dislike that they target healthcare. LDR4-00-2022: I don't have a problem with the person. Only their advertising and targeting Heathcare is the act of a weak person. He made advertising tattoos to attract attention to himself. Real men let their work speak for itself. смелли: How many developers do you have working on RM3 (or Star flock)? LDR4-00-2022: We usually have 1 primary, with other contractors to help. But I hire based on work. We hire more for big jobs. смелли: Do you like your developers? (consider them friends) LDR4-00-2022: This is a personal question. I know the consequences of mixing work with friendship. Sometimes people can't accept when their friend is the boss. Developers are just there to do the job. I pay them for their work, not for their friendship. I'm talking about it directly. Because of this, I always have to be a peacemaker, and stop workers from killing each other when they disagree. It's exhausting. смелли: What skills do these developers usually need? LDR4-00-2022: We work like any business when hiring developers. We use people with lots of skills, so I don't want teenagers without experience. Many people think that because the job is illegal, we will accept anyone who wants to join. No. I want to test them out and find out their credentials, what they have done to compromise networks in the past, what was their biggest buyout. The latter is very important, because now we are moving on to extortion. If they can't come to us with such experience, then I don't need them. смелли: How often do amateurs turn to you? (people pretending to be qualified but not them) LDR4-00-2022: When I advertise, a lot of people turn to us. It’s very easy for me to say when they don’t have the skills when I test them on the tools we use. Not everyone who comes into contact with us is amateur, but I see more of them on the forums every day. смелли: What technical issues do these developers face? LDR4-00-2022: We constantly need to reencrpyt our loaders. Since the loader is custom made, it requires a lot of maintenance and often it is not a quick fix. I rely on our developers. We've had problems with our web injection because banks keep changing their systems. It has become too much work to manage updates with my developers. This is what makes us better than other groups at the moment because we know how to change our approach to always make money. That's why I decided that we need to move from a banking Trojan to providing extortion services. I think it will bring us more money than we earned before. смелли: This seems like a lot of work. Does your team work long hours? LDR4-00-2022: They will say yes. But their workload is manageable. I don't babysit them. They know they have to meet deadlines, no matter how long it takes. If they don't do what I ask them to do, they don't get paid. I'll fire people if I have to. смелли: Hahahaha. Do you ever go on vacations? LDR4-00-2022: I have traveled to many places with my family. But you can only travel as far as you can afford. Taking a vacation now, however, is unthinkable. The boss won't let me with everything else that needs to be done. My next vacation will be in ***. смелли: Do you think its safe to leave Russia right now? LDR4-00-2022: Not so easy right now. Maybe when the big job is done. Very soon I will be so rich that I will be able to buy my own island. I can't say too much, but it will be big news. And you will be the first to talk about it. смелли: Some malware groups have stated the difficulty of maintaining a large botnet, especially with modern anti-virus technology in America. What is your opinion on this? LDR4-00-2022: The West always thinks their fucking technology is better than all the others. In fact, they can just as easily be targeted as anyone. The complexity depends on the bank, not the country. We especially take care that malware does not get caught by the AV. Sometimes it does, which is basically a reflection of how efficient cryptographers I contract are on their work. Some are really bad and I don't pay them. смелли: Do you have employees other than developers? LDR4-00-2022: We have workers, developers and contractors. We have a small team. And then those who are hired or fired as needed. These contractors or workers are usually traffers or panel managers. смелли: They manage panels? LDR4-00-2022: They manage panels as well as campaigns. For example, they have to check which group ID the bot has, so that I know which traffer to pay. смелли: And what are traffers? LDR4-00-2022: Someone who spreads our build and infects systems for us. смелли: How do traffers normally spread the malware? LDR4-00-2022: Mostly email spam. Traffers can write to people about their bank and they need their data. But the link in the email goes directly to the site that we own and built. Once the details are in and they realize it's too late. The pandemic has only increased the chances of people clicking. смелли: Which banks were the hardest to target? Which banks are the easiest? =D LDR4-00-2022: Most people fail when they only pursue the big banks. We succeed with smaller goals. Those who don't worry about basic security because they think no one will touch them. We choose the targets, someone else manages the web injection. But our goals are no longer just banks. With the extortion company, much more will be attacked. Schools, business, technology. There won't be a sector that we won't touch. I will not say what is the most difficult. I don't want to give them a chance to prepare. смелли: How does your group profit as a banking trojan? LDR4-00-2022: We focus on bank customers. We have created our fake portal, we are waiting for the customer to give us their credentials. Then we use this to log into the real banking portal. By the time they realize their money is gone, so are we. смелли: How do you get the money once you've compromised the bank account? How do you launder the money? LDR4-00-2022: For banks, this process involves moving money between multiple accounts. We use cashing out services that have unsuspecting fools in the countries we have targeted who transfer money for us and end up doing all the dirty work haha. Eventually I get it and then flush through multiple accounts and cyrptocurrences. I have to make sure it's not related to me or anyone else in the group. смелли: You said that you track Twitter to see what the researchers say that you - who do you think is a good source of information on Twitter? Do you like watching drama on Twitter? Hahahaha LDR4-00-2022: One fucking problem is so many people get banned on Twitter and now so many people are leaving because of Elon Mask. I follow some intellectual pages because it’s always funny to see what they get wrong. Mandiant is always good to get a laugh. Drama is good if I don’t participate. смелли: Do you plan to move to Mastadon? LDR4-00-2022: Who will say that we are not there yet haha)) смелли: You've been extremely talkative and have answered so many questions. Some final questions. You mentioned in private that you enjoy making home made cheese. Can you explain how you make cheese and why? LDR4-00-2022: I have a special place in my house for my cheesemaking. I started this many years ago to relax after work. I get a lot of satisfaction from viewing the final product after several weeks of effort. It's always delicious. You compare what I make with what you can buy at the supermarket, and you see how excellent it is. I'm just as protective of my cheesemaking as I am of my Trojan secrets haha. смелли: Favorite food? LDR4-00-2022: Beef Stroganoff. смелли: Favorite movie? LDR4-00-2022: The Star Wars Empire strikes back. смелли: Do you prefer cats or dogs? LDR4-00-2022: Dogs. смелли: Do you like reading books? LDR4-00-2022: I never have time. смелли: Do you like anime? Hahahaha LDR4-00-2022: I'm not a juvenile.