14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Following this post we received quite a bit of comments and messages. People unfamiliar with us seem to be under the impression we don't know what a computer is.
You're correct — we don't know anything about these computers and these series of tubes. Please help.
More details have emerged regarding the person alleged to be responsible for the Snowflake breach.
Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8 is facing the following charges:
1 count of Conspiracy 18 U.S.C. § 371 - conspiracy to commit an offense or to defraud the United States.
Maximum punishment is 5 years in federal prison.
5 counts of Computer Fraud and Abuse 18 U.S.C. § 1030(a)(2)(C) & 18 U.S.C. § 1030(c)(2)(B)(i)-(iii) - Intentionally access a computer without authorization or exceed authorized access with additional relations of:
i) The offense was committed for purposes of commercial advantage or private financial gain.
ii) Committed in furtherance of any criminal or tortious act, in violation of the Constitution or laws of the United States or any state.
iii) The value of the information obtained exceeds $5,000.
Maximum punish is 5 years in prison, 10 years in prison for repeat offenders.
2 counts of Extortion in Relation to Computer Fraud 18 U.S.C. § 1030(a)(7)(B) & 18 U.S.C. § 1030(c)(3)(A) - the Computer Fraud and Abuse Act (CFAA) that address extortion involving computers.
Maximum punish is 5 years in prison.
10 counts of Wire Fraud 18 U.S.C. § 1343 & 18 U.S.C. § 2 - Deceive or defraud someone to obtain money or property by means of false or fraudulent pretenses, representations, or promises and aiding and abetting.
Maximum punishment is 20 years in prison.
2 counts of Aggravated Identity Theft 18 U.S.C. § 1028A(a)(1) & 18 U.S.C. § 2 - Knowingly use, transfer, or possess another person’s means of identification without lawful authority during and in relation to certain felony offenses and aiding and abetting.
Maximum punishment is 2 years in prison, repeat offenders face 5 years in prison.
Connor Riley Moucka, if found guilty, is facing a maximum sentence of 275 years in prison.
The charges placed against Connor Riley Moucka a/k/a Alexander Antonin Moucka a/k/a judische a/k/a catist a/k/a waifu a/k/a ellyel8, the person alleged to be responsible for the Snowflake breach, is so large and extensive, it is difficult to make in a post.
Читать полностью…
We just became a yearly subscriber to 404 Media
This small group of people have some how been covering news related to government drama (non-political), privacy news, cybercrime news, malware news, internet oopsie news.
The underdogs are killin' it.
tl;dr support small biz
404mediaco spoke with Amazon today. Amazon has confirmed the legitimacy of the data breach.
We now understand why their CEO has made workers return back to the office — if you saw how much Amazon pays in office rent a year, your head would explode.
https://www.404media.co/amazon-confirms-breach-of-employee-data/
Someone sent us an e-mail saying they have some malware samples they can send us.
We eagerly replied and thanked them.
They replied saying the samples "are for sale" and asked how much we'd pay for them.
tl;dr 1st lesson of cybersecurity, verify your identity to bishopfox without detonating malware on your machine (we failed)
Читать полностью…
Registering on a website and trying to calculate the probability of it being compromised (use a burner e-mail or the real e-mail)
Читать полностью…
Hey Alexa, play "Money In The Bank" by Lil Scrappy.
Читать полностью…
🚨 MALWARE DEVELOPMENT CONTEST 🚨
🚨 CASH PRIZES 🚨
We're hosting a malware development competition. It is a JVM malware competition.
Criteria:
- Virality/infectiousness
- Stealth
- Flexibility
What this is NOT:
- An obfuscator contest
- a VM design contest
0th place ('dubbed Gigachad'): $1,000
1st place: $500
2nd place: $250
3rd place: $100
4rd place: 1 picture of a cat
Deadline: December 15th, 2024
Finalists code will be placed on vx-underground. You will receive all credit.
Send submissions to bot59751939 on Twitter, or our Twitter account, or our email (staff at vx-underground dot org)
Elwood Edwards, the voice of "You've got mail!" from AOL passed away November 5th. He was 74. Sadly, Mr. Edwards was only paid $200 despite being a voice to millions of people across the globe.
In his later years he worked as an Uber driver for extra income.
RIP Elwood.
Hello, how are you?
tl;dr tg channels deleted, dat sux. were back but malware collecting is hard. american politics is crazy
1. We've received some reports today that some hacker-cybersecurity-leak-??? Telegram channels have been hit by a Telegram orbital nuke. Club1337 and data1eaks are gone. If in the event the vx-underground Telegram channel is deleted, for whatever reason, it will be business-as-usual on Xitter. I don't intend to go back-n-forth fighting with Telegram... If the vx-underground Telegram is nuked maybe we'll try some other platform, I don't know, whatever.
2. In other news, we're hoping to resume some more uploads — papers, archives, etc. Doing the daily malware ingestion stuff is A LOT of work for our small roster with limited resources. It takes a lot of time and resources (mostly time). We want to do more cool stuff, but doing cool stuff takes time, energy, money, and cool music. We're running low on time and cool music. Feel free to recommend us some cool music.
3. In interesting news, following the 2024 United States Presidential Election our merch store sales went from an average of 5 - 10 sales a week, to literally zero. It appears our primary audience of westerners are more interested in United States politics than dumb t-shirts from a crappy website. This isn't a complaint — it's an interesting observation.
Thanks,
- smelly smellington
Sometimes people complain when we stray away from malware related topics.
*ahem*
The monkeys were released via ICS malware which opened the gates for the monkeys, or something, whatever. Make up some shitty anime plot and insert malware.
god damn chinese ministry of state security callin us at 10pm. bro, just scrape the site or something idk ok its bed time
Читать полностью…
NOTE: This 'maximum' punishment is worst case scenario. We don't believe he will receive 275 years in prison even if found guilty on all counts.
The Threat Actor responsible for the Kaseya supply-chain attack got 30 years in prison and they did way more damage.
It's so long, with so many offenses, we would have to make a special post on Xitter and then convert it to a PDF for Telegram. He is facing 20 charges related to cybercrime.
He is facing serious time in prison.
We also don't typically pay for news either. But they're ad-free and doing really good work.
They didn't ask us to post this either — but we have to give them praise for their coverage of information stealers, confirmation on Amazon breach-thingy, Snowflake, etc.
A woman's rant is going semi-viral in political circles on Twitter and Facebook. Some are citing her rant as evidence of potential electoral interference during the 2024 Presidential election.
The woman's opening remarks claim she possesses a CCIE (Cisco Certified Internetwork Expert) — a very prestigious certification which is often possessed by truly dedicated people.
Currently there are only 45,000 active CCIE holders worldwide. Only 3% of Cisco cert holders attempt it ... and only 26% pass — it has a 74% failure rate.
Now it should be stated that no one in our group possesses a CCIE. We do not claim to be network experts, we're just malware nerds. However, despite our lackluster understanding of networking (beyond the computer science basics of the OSI model), we can confidently say this woman does not possess a CCIE and we believe she is lying.
Additionally, we would like to note we did indeed watch this entire video. Despite this woman's jargon and clear ... plainly wrong information... we decided to give her a chance to speak her mind and opinion.
We do not recommend watching the entire 8 minute video. You will have no benefit from it. At roughly 4 minutes you will see, very clearly, this is not a technical person.
The current street value of malwares (decent quality) is $1,200 for 7,500,000 malwares.
A curated set of high quality malwares is roughly 15,000 malwares for $3,000.
It's hard to get high quality samples unless you're an AV and/or EDR vendor.
A Russian ransomware affiliate we know sent us this video.
Very cool.
Thank you for educating us on your culture. 🙏
We made it into the Discord! We only detonated a few malware samples.
1. DocKing (tried to launch weird MS Edge URL, payload failed)
2. We purchased alcohol (wine tasting site)
3. Wave browser PUP/ADWARE
4. Installed a cool AI web search engine Google Chrome extension named Givero. It links to some dead domain via HTTP
> be new to cybersecurity
> google cybersecurity discords
> bishopfox listed
> click to join their discord
> discord requires verification (image 1)
> verification site has tons of pop ups (image 2)
> massive pop up saying need to install thing
> annoying page appears
> lady talking giving instructions how to download file
> listen to polite lady and follow her instructions
> download per her instructions (image 3)
> its free malware (image 4)
Just kidding. We don't own an Alexa, or any of that IoT bullshit. God forbid it's compromised and some TA dumps 500 terabutts of peoples conversations in .mp3 format
Читать полностью…
The Malware researchers: New proof of concept released abusing undocumented API calls!!
The Threat Intel analysts: New state sponsored campaign from China!!!
vx-underground Staff: Balatro is like poker kind of but not really
Casio has been compromised.
It's all over for Instagram flexers.
Information via charliefrake
> get call at 10pm
> weird long number
> answer
> people speaking Mandarin
> ???
> they say theyre from alibaba
> ask how vx-underground is going
> tell them its 10pm
> "is that a problem?"
> tell them we stopped using alibaba
> "is that a problem?"
> mfw