14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
The globalists don't want you to know this, but .EX_ files are real and you can use it for malware
Читать полностью…
Today ESET released a paper on "Bootkitty" the first UEFI bootkit for Linux.
We didn't even read the paper, we just liked the name and artwork
Shortly following the announcement of the Threat Actor "Remi" being arrested, we were contacted by "Remi" in proxy by a party which is close to him.
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
Internet nerds are reporting Sora AI, the OpenAI product for transforming text into video, has been leaked online.
However, we don't quite understand the context of the word 'leak' here because the material 'leaked' online does not contain a dataset. Instead the material directly cites an OpenAI API URL. We're not sure you can call something an AI leak when it's a python script invoking an API URL ...
Files leaked:
- .gitattributes
- README-dot-md
- app-dot-py
Inside of the 'app' python script you can see the API URL invocation. The README is just a manifesto, or something, against OpenAI, standard anti-AI stuff.
¯\_(ツ)_/¯
The most powerful tools in a hackers arsenal? Visual Studio Code, Kali Linux (the quieter you are, the louder your farts), and YouTube premium
Читать полностью…
Thank you to our friends at VirusTotal for the cool and badass t-shirts and stickers
Читать полностью…
🚨FIRST ALERT: BREAKING 🚨
THE GIFT SHOP IS SELLING BREWSTER LOVE BIRD GROOM ORNAMENTS FOR $37
In the 2nd image the hyperlink is purple because we clicked the link. We need to learn how to get FREE vBucks.
Читать полностью…
Other things we dislike:
1. Us missing messages or notifications and people taking it personal. They act like we're avoiding them, or something
2. Conspiracy theorists piecing together our posts — thinking we're the illuminati
3. People rude as hell for zero reason
Good morning, or evening.
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
https://vx-underground.org/Archive/Dispossessor%20Leaks
A few weeks (or months) ago we made some posts about having some more ransomware leaks. We have internal insights, tooling, etc. on Dispossessor ransomware group.
We forgot to make it public. Thankfully, someone left a condescending remark on one of our posts and reminded us.
Malware delivery idea:
>Account 1 makes inaccurate post on X
>Account 2 leaves community note
>Have X bots upvote community note so it's visible
>Community note cites malicious site
>Site determines OS, if Windows, drop malicious file
>Other platform shows legit information
Note: "Mr. Moucka was identified by law enforcement by his Apple iCloud account. The Apple iCloud account was linked to his Discord account. Additionally, the Apple iCloud account was tied to his cryptocurrency wallets."
We have lost count by the number of times people have been identified from Discord and Apple products. If you're committing crime, don't use Discord or Apple products. They will cooperate with law enforcement agencies.
Andrew Tate has publicly commented on the compromise of The Real World (Hustlers University).
He asserts the compromise was a result of the Threat Actor(s) paying for membership and simply scraping the site.
His response minimizes the compromise and concludes with him stating he is wealthy.
Based on the data we've seen, he is indeed fairly wealthy if each individual on the website purchased membership. However, his response does not account for the email addresses exfiltrated as a result of the compromise and the database fields visible.
Security research TuringAlex spotted AIRASHI botnet sharing the lyrics to "Conga" by Gloria Estefan and specifically calling out Xlab_qax and Fox_threatintel
11/10, banger song, now doing the Conga
SimoKohonen did the math. Here is a list of every vendor and every high-severity CVE from the past 5 years.
Qualcomm: 97,388
Cisco: 15,833
Microsoft: 11,375
Intel: 9,323
Juniper: 5,550
Dell: 5,041
Hp: 4,448
Netgear: 3,855
Apple: 3,544
Siemens: 3,281
Zoho Corp: 2,636
Lexmark: 1,668
Oracle: 1,642
F5: 1,637
Google: 1,557
Netapp: 1,258
Brother: 1,220
Lenovo: 1,195
Adobe: 1,184
Mitsubishi Electric: 1,087
Vmware: 1,071
Amd: 1,053
Huawei: 969
Mediatek: 890
Cdatatec: 841
Zyxel: 815
Redhat: 724
Schneider-Electric: 674
Debian: 671
Aruba Networks: 668
Hikvision: 640
Fedora project: 619
Moxa: 590
Dlink: 546
Linux: 527
Hpe: 493
Ibm: 474
Vivotek: 420
Xerox: 404
Mitsubishi: 397
Totolink: 395
Freebsd: 386
Qnap: 380
Weidmueller: 324
Sap: 308
Canonical: 303
Phoenix Contact: 294
GE Healthcare: 293
Tenda: 292
Tp-Link: 291
Qualcomm takes 1st place.
97,388 high-severity CVEs ÷ 1,825 days (5 years)
An average of 53.36 high-severity CVEs a day
Very cool.
We've received confirmation that a sim-swapper operating under the moniker 'Remi' has been arrested by Federal Bureau of Investigation.
Remi is being charged with 18 USC § 1343 (Wire fraud) and 18 USC § 1028 (Fraud and misuse of identification documents).
RansomHub ransomware group after they successfully exfiltrate data and ransom a hotdog stand (they're asking for $200,000,000)
Читать полностью…
Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.
As a result of the leak they've shut down their operations. We've archived the leak and made it available for download on GitHub.
https://github.com/vxunderground/MalwareSourceCode
🚨BREAKING🚨
RANSOMHUB RANSOMWARE GROUP HAS RANSOMED A GIFT SHOP IN ROCHESTER, NEW YORK. IT IS EXPECTED TO CAUSE OVER $15 IN DAMAGES, ALL 3 EMPLOYEES ARE PANICKING AS THEIR UBER EATS ORDERS MAY BE LEAKED ONLINE
Last week 404mediaco did an article on Threat Actors using Spotify to host malicious software and/or pirated software.
In summary, karol_paciorek and g0njxa discovered nerds are using Spotify playlists titles to amplify malware.
Sometimes it's very frustrating administrating a large account on social media. Whenever we make a post we try to be as succinct as possible to avoid misinterpretation. That doesn't always happen, and it's frustating.
tl;dr
"I like pancakes"
"oh, so you hate waffles???"
Next week we'll scrub victim data and make it available for download on vx-underground. Thank you, random angry person on the internet, for reminding us.
Читать полностью…
Is this a good and/or practical malware delivery method? No, probably not. It can easily be stopped and requires a lot of work.
Is it a cool and badass idea? Yes
Good morning,
We've successfully received the court documents from the Canadian judicial system regarding Connor Moucka, the individual allegedly responsible for the compromise of Snowflake.
We cannot in good faith share these documents because, as a surprise to us, the Canadian government unveiled Mr. Moucka's home address, telephone number, passport information, a brief description of his childhood, etc.
We believe this information could potentially put him (or his family) in danger from people who strongly dislike Mr. Moucka.
Hello,
We've had quite a few people reach out to us regarding the Connor Moucka a/k/a Waifu court documents. Unfortunately, we are not Canadian and we are unable to access to the Canadian court system documents (or we are not privy to how to access it or navigate it, we've never done stuff within the Canadian judicial system). Our information derived directly from an Ontario based news station which has been covering the case.
We are trying to the best of our ability to obtain the documents. We cannot promise anything. If you'd like to review the direct news source, it is attached to this post. However, it is paywalled (inb4 nerds bypass it)
Source: https://www.theglobeandmail.com/business/article-ontario-man-in-alleged-snowflake-hacking-case-also-accused-of-posting/
More information has been released regarding Connor Moucka a/k/a Alexander Moucka a/k/a Judische a/k/a Catist a/k/a Waifu, the person allegedly responsible for the Ticketmaster compromise (among many others)
He has way too many aliases
November 22nd, 2024, unsealed documents (from Canada) state authorities believe him to be dangerous to himself, and the public. They also state he a flight risk.
Documents show Mr. Moucka used racial slurs online, frequently discussed killing black people, mass mailing black people "sodium nitrate pills", acquiring weapons to kill random Canadians, and discussing wanting to commit suicide by cop.
Court documents show Mr. Moucka plotting and scheming the Snowflake compromise, which resulted in the Ticketmaster compromise. Chat logs show the scheme, him and his associates discussing how to use stolen credentials, access to private data (banking information, payroll records, driver license numbers, passports, and social security numbers). The scheme conversation included how they would extort people.
Unsealed documents show images of Mr. Moucka's home and how law enforcement identified him. Mr. Moucka was identified by law enforcement by his Apple iCloud account. The Apple iCloud account was linked to his Discord account. Additionally, the Apple iCloud account was tied to his cryptocurrency wallets.
Court records show Mr. Moucka was charged in November, 2023 at age 25 for harassing a woman online and threatening to kill her.
Mr. Moucka's next court case regarding his extradition to the United States is November 29th, 2024.
Update: 720,845 emails are stored in one of the private chatrooms (???), removing duplicates will probably bring it to the number being reported.
Breach is 100% legit