14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Today is the day of rest.
We hope all of you have had a good week.
We'll see all of you tomorrow morning.
Updates to vx-underground:
Malware collections:
- InTheWild.0128
- Bazaar.2024.06
- Virussign.2024.07.03
- Virussign.2024.07.04
- Virussign.2024.07.05
- Virussign.2024.07.06
- Virussign.2024.07.07
- Virussign.2024.07.08
- Virussign.2024.07.09
- Virussign.2024.07.10
- Virussign.2024.07.11
- Virussign.2024.07.12
Administrative:
- Black Mass Volume III is being developed
- Large addition of malware papers in queue
- The new Eminem album is almost not bad
When we began programming and delving into the hobby of malware development – YouTube and StackOverflow didn't exist.
Our only source of information was zines, IRC, MSDN documentation (sometimes distributed via ISO files in case your internet sucked), and VxHeaven.
> announce at&t sec 8k form on compromise, text and phone call logs stolen
> non-nerds: REEEEE OMFG!!111
> non-nerds: *screams at the sky*
> nerds: lol das crazy
> nerds: another day another breach
> nerds: *keeps doom scrolling*
(non-nerds don't know this happens everyday)
Individuals are reporting that NullBulge, the individuals claiming responsibility for the Disney slack leak, website is suddenly offline – individuals are unable to pull the leak.
tl;dr Disney has an army of lawyers (and probably nerds)
sMelLy whY doNt u jUsT mAke a TorRenT oF tHe MalWaRe SamPleZ
MOTHERFUCKER WE DID.
- Has it's own category on vx-underground
- Posted about for several weeks
We only did it as a giant .7z to be nice to nerds who DIDN'T want to torrent.
/me flips desk
More information on SocGholish: https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update
Читать полностью…
No way the CEO of YouTube is giving a shoutout to the homie Laurie Wired. Laurie, when you're at the Red Carpet in Hollywood, don't forget us.
tl;dr malware is going mainstream. We're so back. The vx-underground malware propaganda psyop is working 😎
We're aware of a critical issue impacting vx-underground. Individuals are unable to access files because of a recent backend change.
Rest assured our finest nerds are on the case.
(posting again because the issue has returned)
The vx-underground malware families collection is temporarily available for bulk download.
- 222GB (compressed)
- 234GB (uncompressed)
- 123,915 malware samples
- 763 malware families
- Password: infected
For people who are unhappy with the download speed on vx-underground: if you use a download manager, like Internet Download Manager (or uGet on Linux), and set the download to 10 threads+, you can get download with speeds as high as 400MiB/s. You can download the entire family collection is less than 10 minutes.
Download: https://vx-underground.org/tmp
Essentially, if it is an American Holiday and you visit a large lake and/or pond with family members, be careful to not intentionally or accidentally swallow lake and/or pond water.
It may result in a parasitic infection in your intestines.
We got our money back. It's a Christmas miracle. It took 8 weeks.
Fun fact: "Some vegetables can be ready to harvest in 3–8 weeks, including radishes, baby carrots, and cucumbers."
tl;dr become farmers before get refund
It's been really quiet lately.
It's the calm before the storm.
Updates to vx-underground
Archives:
- The Old New Thing, June, 2024
Families:
- Latrodectus
- BadSpace
- XWorm
- FormBook
- Oyster
- WarmCookie
- P2PInfect
- LummaStealer
- DisgoMoji
- KoiLoader
- BlankGrabber
- BruteRatel
- CobaltStrike
- Android.SpyNote
- Amadey
Xitter is currently experiencing technical difficulties following the attempted assassination of Donald J. Trump.
Читать полностью…
Be thankful you nerds have so much information readily available. The 90's sucked, it was impossible to find good documentation, people on IRC were often wrong (also crazy), and the internet was sooooo slow
Читать полностью…
If non-nerdy people saw the pure chaos that we see everyday their hair would fall out their head, their eyes would wither up into the skull, and their skin would turn into dust
Читать полностью…
The vx-underground Microblog is designed as a place to store vx-underground staff members thoughts, opinions, or notes.
Microblog update:
2024-07-12 - Chrome COM Interface abuse potential?
https://vx-underground.org/Microblog
It's Friday
- A Threat Actor operating under the moniker 'NullBulge' claims to have exfiltrated 1.1TiB of data from Disney's slack. Based on the information disclosed by the Threat Actor we suspect it is yet another victim of Infostealer malware.
- AT&T filed an SEC 8K. In April an unknown Threat Actor exfiltrated customer calls and text interactions from October 31st, 2022 - January 2nd, 2023. It does not contain the contents of the conversations, but it includes almost every single AT&T customers phone number.
- Rumors are surfacing of SquareSpace customers suffering from DNS hijacks. So far crypto-related domains are being targeted. Details are sparce – it's not certain if it's due to targeted customer compromise(s), or a SquareSpace compromise. We suspect it's targeted customers. If SquareSpace was compromised we believe more high-profile customers would be targeted.
Put your hands up, criminal scum.
You're under arrest for violations of the United States Computer Fraud & Abuse Act, Wire Fraud, and Aggravated Identity Theft
Tit4v discovered Golden Corral, the American all-you-can-eat buffet, giftcard page is attempting to deliver SocGholish malware.
When visiting the page it delivers a prompt stating 'your Chrome browser is out of date'.
Yesterday an individual operating under the moniker 'Vadim Blyaa' claimed to have compromised NATO.
Upon reviewing the data we can confirm the compromise is real. However, 'Vadim Blyaa' compromised an internal wiki for NATO. It is NOT a compromise of NATO's internal network infrastructure.
The compromise resulted in a dump of the internal wiki. The dump shows quarterly sprints, some basic documentation, and 7,289 e-mails associated with the internal wiki.
While this is not a devastating compromise, it highlights the importance of securing every aspect of government. If a lone actor can do it, so can adversaries.
July 9th, 2024, SiegedSec, a self-described Hacktivist group, claimed to have compromised The Heritage Foundation. The breach has been filled with American political banter. Here is our non-biased high-level overview. It's a long read (and write) from us because for non-American audiences lore must be established
tl;dr political drama gonna be political drama
About the breach:
The breach of the Heritage Foundation WAS NOT a network and/or enterprise compromise. SiegedSec compromised their WordPress domain. This is significantly different than an internal network compromise – the data exfiltrated is data which is present on their website.
The Heritage Foundation:
While our American audience may be familiar with the Heritage Foundation, many of our followers outside of the United States may not know this. The Heritage Foundation is an American conservative think-tank located in Washington D.C..
Motivations:
SiegedSec criticized The Heritage Foundation, asserting their motives for the compromise were to shed light on 'Project 2025'. Project 2025 is a proposed American conservative and/or Republican policy written by The Heritage Foundation which aims to reshape the United States Federal government in a more conservative-favor. Project 2025 has been criticized by American progressives and/or liberals, stating Project 2025 is a Christian nationalist, anti-LGBT, and anti-abortion policy. Some legal experts believe this suggested policy has language or beliefs which undermine the rule of law, separation of church and state, etc.
The data:
From a high-level overview the data appears legitimate. However, the scope is limited to their WordPress site and is primarily documents which were marked as private. The data also unveils some users PII. Some e-mails present end with the .mil, .ru, and .cn top-level domain(s). Some individuals who reviewed the data believed this to be suspicious and questioned the presence of these e-mail addresses. While these TLD's are indeed present, this is not necessarily indicative of external state-sponsored influence.
The drama:
Mike Howell, the Executive Director of the Heritage Oversight Project, spoke with individuals from SiegedSec following the breach. Mike Howell, asked SiegedSec about their prefered communication platform, their motivates, etc. During the conversation Mike Howell informed SiegedSec they will seek legal action against their group. Subsequently, he called them 'closeted furries' and said they will be exposed to the world for being 'degenerative perverts'. Additionally, Mike Howell asserted they are going against the nature of God and mocked SiegedSec individuals by stating they will likely be sexually assaulted in prison in the event they are prosecuted for the compromise. Mike Howell invited SiegedSec to share the communication logs publicly and stated he has established relations with law enforcement.
Following the conversation with Mike Howell, SiegedSec announced they're shutting down their group and operations. SiegedSec stated this was a planned action and not as a result of the threats from Mike Howell. Mike Howell argued that SiegedSec is going into hiding and SiegedSec is indeed concerned about law enforcement pursuing them.
American commentators criticized Mike Howell, describing his messages as 'deranged' whereas others described it as 'brave' and willing to stand against individuals who threaten them.
We're aware of a critical issue impacting vx-underground. Individuals are unable to access files because of a recent backend change.
Rest assured our finest nerds are on the case (they're in Europe, we're doomed).
Hi, it's me, Smelly.
I'm sorry to everyone I haven't replied to in the past week.
For the past week or so I've been very sick. Doctors aren't entirely sure what's wrong — but they suspect I have contracted Giardia. It is miserable.
Bradley is currently steering the ship.
We've been fighting with our harddrive distributor since May 29th, 2024 about the harddrives we purchased.
They lost 9 drives and have been fighting with us every week about refunding our money.
No idea why a company valued at $12,300,000,000 is fighting us over $1,600
One the largest contributors to vx-underground is JaffaCakes. In the past 45+- days he has submitted over 1,250,000 unique malware samples to the vx-underground malware database.
He has successfully unlocked 4 cat pictures.
Hello,
We're back. It looks like everything is okay and nothing has burned to the ground. We're proud of all of you. You get +2 internet points.