vx-underground

08 Nov 2024 20:31

Elwood Edwards, the voice of "You've got mail!" from AOL passed away November 5th. He was 74. Sadly, Mr. Edwards was only paid $200 despite being a voice to millions of people across the globe.

In his later years he worked as an Uber driver for extra income.

RIP Elwood.

vx-underground

08 Nov 2024 19:01

Hello, how are you?

tl;dr tg channels deleted, dat sux. were back but malware collecting is hard. american politics is crazy

1. We've received some reports today that some hacker-cybersecurity-leak-??? Telegram channels have been hit by a Telegram orbital nuke. Club1337 and data1eaks are gone. If in the event the vx-underground Telegram channel is deleted, for whatever reason, it will be business-as-usual on Xitter. I don't intend to go back-n-forth fighting with Telegram... If the vx-underground Telegram is nuked maybe we'll try some other platform, I don't know, whatever.

2. In other news, we're hoping to resume some more uploads — papers, archives, etc. Doing the daily malware ingestion stuff is A LOT of work for our small roster with limited resources. It takes a lot of time and resources (mostly time). We want to do more cool stuff, but doing cool stuff takes time, energy, money, and cool music. We're running low on time and cool music. Feel free to recommend us some cool music.

3. In interesting news, following the 2024 United States Presidential Election our merch store sales went from an average of 5 - 10 sales a week, to literally zero. It appears our primary audience of westerners are more interested in United States politics than dumb t-shirts from a crappy website. This isn't a complaint — it's an interesting observation.

Thanks,
- smelly smellington

vx-underground

08 Nov 2024 07:13

Sometimes people complain when we stray away from malware related topics.

*ahem*

The monkeys were released via ICS malware which opened the gates for the monkeys, or something, whatever. Make up some shitty anime plot and insert malware.

vx-underground

07 Nov 2024 22:45

god damn chinese ministry of state security callin us at 10pm. bro, just scrape the site or something idk ok its bed time

vx-underground

07 Nov 2024 16:03

Also, this is a pretty clever idea. If the conversion works and they successfully slipstream a malware payload into it, that is a pretty substantial improvement — pretty stealthy.

+2 internet points to Gootloader

vx-underground

07 Nov 2024 02:20

You can't just slap an AI sticker onto everything and call it cool and badass. We don't need (or want) AI for malware stuff.

vx-underground

06 Nov 2024 22:28

To make this as clear as possible: No, the Trump administration is not involved in Russian-based cybercrime. Rather, Lockbit ransomware group administration is declaring their support and/or admiration for Donald J. Trump

vx-underground

06 Nov 2024 22:20

Nooooooooooooooooooooo

https://www.bleepingcomputer.com/news/microsoft/microsoft-notepad-to-get-ai-powered-rewriting-tool-on-windows-11/

vx-underground

06 Nov 2024 07:53

Congratulations to all Ameriburgers — your Presidential election is near conclusion.

vx-underground

05 Nov 2024 20:45

The United States electoral map once we cast our votes

vx-underground

05 Nov 2024 03:18

Today 404mediaco confirmed the individual believed to be responsible for the Snowflake breach (which resulted in the Ticketmaster breach) has been apprehended by the Royal Canadian Mounted Police (RCMP).

More information: https://www.404media.co/suspected-snowflake-hacker-arrested-in-canada/

vx-underground

04 Nov 2024 21:08

Seriously, what the hell is going on over there? Are the employees just clicking every link in every email and just setting all passwords to 'password'?

vx-underground

03 Nov 2024 22:20

It was very strange.

Once we learned it was an entirely fake persona we watched the profile everyday. We watched the profile interact with the public and "influencers". We were always like

vx-underground

03 Nov 2024 02:39

Wikipedia has named a page after us

vx-underground

03 Nov 2024 02:07

Interesting things that happened lately:

October 31st: safe0x17 released RustVEHSyscalls, a Rust port for LayeredSyscalls — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH

October 30th: FeribHellscream released a paper on forming a shell company and attempting to purchase an EV code sign cert (it's not fun)

October 29th: 404mediaco received a leaked document from the largest New York hospital system — the document encourages physicians to use Artificial Intelligence to summarize clinical evaluations, diagnose medical issues, and parse health records

October 29th: BratvaCorp noted based on the recent United States Department of Justice indictment of Redline information stealer developers — the authors of Redline connected to their platform from their home IP addresses and linked assets to their personal iCloud accounts.

October 27th: MalDevAcademy released a proof-of-concept code illustration of extracting an encrypted and embedded PE file from a PNG file and executing it via a LNK file.

October 23rd: SttyK released a talk on how he discovered North Korean state-sponsored spys on Discord.

October 22nd: 0gtweet released a paper on on how to read BitLocker numerical passwords via the Windows API.

October 22nd: mez0 via TrustedSec released a paper on malware development via the Groovy programming language and it's usage in network enumeration.

October 19th: Hexacorn discovered a new malware persistence technique by abusing the UserInstStubWrapper API in advpacker.dll and IEAdvpacker.dll

October 18th: Hexacorn notes the discovery of 'ClickedOnRAT' windows API function from Windows XP. It's not related to malware, the API name is silly and misleading.

October 18th: Hexacorn unveiled a prankware technique by abusing NdfRunDllDuplicateIPDefendingSystem and NdfRunDllDuplicateIPOffendingSystem

vx-underground

08 Nov 2024 19:25

Casio has been compromised.

It's all over for Instagram flexers.

Information via charliefrake

vx-underground

08 Nov 2024 17:36

Shamelessly stolen from BratvaCorp

vx-underground

08 Nov 2024 07:11

COVID19 2: Electric Boogaloo

vx-underground

07 Nov 2024 22:42

> get call at 10pm
> weird long number
> answer
> people speaking Mandarin
> ???
> they say theyre from alibaba
> ask how vx-underground is going
> tell them its 10pm
> "is that a problem?"
> tell them we stopped using alibaba
> "is that a problem?"
> mfw

vx-underground

07 Nov 2024 16:01

Gootloader has changed their malware delivery techniques. Historically Gootloader has relied on SEO poisoning. Now Gootloader is creating fake PDF conversion websites.

pdf-online-tools(dot)com

We use sites like this when we're lazy. We're cooked.

https://gootloader.wordpress.com/2024/11/07/gootloaders-pivot-from-seo-poisoning-pdf-converters-become-the-new-infection-vector/

vx-underground

07 Nov 2024 02:17

"you guys should use your malware code to train an AI model for malware development"

My Brother in Christ, we don't even have the energy to copy-paste PDF files into an S3 bucket. You seriously think we're going to allocate our -1 time & energy to do AI crap?

vx-underground

06 Nov 2024 22:23

Lockbit ransomware group has offered their support to Donald J. Trump

They're evening dedicating Lockbit 4.0 to his administration. Very cool

vx-underground

06 Nov 2024 07:55

We've heard 'too close to call' over 9,000 times. We assume this is related to pizza deliveries. Indeed, it is best to walk.

vx-underground

06 Nov 2024 00:43

We got called fascists today for making a meme about the electoral vote (???)

Plot twist: half of us aren't even america, haha nerds

vx-underground

05 Nov 2024 20:06

Today 404mediaco reported the individual believed to be responsible for the Snowflake breach (including but not limited to: Ticketmaster, Santander Bank, Anheuser-Busch, Allstate, Advance Auto Parts, Mitsubishi, Neiman Marcus, Progressive, AT&T, and State Farm) had a hearing today regarding their extradition to the United States from Canada.

We can't recall a time a suspected a cyber criminal was given the VIP treatment for extradition. Them having a hearing on extradition in just a few days following their apprehension is lightning fast — shockingly fast, like, unimaginably fast.

404media had access to the judicial hearing and listened in via Zoom.

The extradition hearing was so fast, the suspect Alexander ‘Connor’ Moucka a/k/a Waifu a/k/a Judische a/k/a UNC5537, reportedly hadn't been able to secure a lawyer yet to defend themselves in the hearing...

We're going to go out on a limb and guess that compromising such large companies has angered people with deep pockets, people who are capable of making the Federal Bureau of Investigation put the metaphorical foot on the metaphorical gas.

¯\_(ツ)_/¯

vx-underground

05 Nov 2024 00:17

Hello, how are you?

We've still got a bunch of papers to add. We don't have the time (yet) to get to that stuff, but we managed to (finally) sync all of our malware stuff to our backups and prod. After removing duplication files and syncing our entire collection with VirusTotal (scanning to ensure it's probably malicious) we've come to the conclusion we have a little over 33,000,000 unique malwares.

Very cool.

In other news, we'd like to thank the people who continue to send us photos of their animals (or random pictures of animals they found), they're very cool.

In other other news, running vx-underground is beginning to become more challenging due to changes in our lives. Core administration is mid-30's — we've got families, responsibilities, and as we've aged over the past 5.5 years, a lot of things have changed in our lives. We've got a commitment to vx-underground for another 5 years, but following those 5 years vx-underground may no longer exist. We may decide to throw in the metaphorical towel and hope someone, somewhere else, decides to carry on our collection.

Or not, whatever. We'll see what happens. Life changes and crazy & cool things happens.

- smelly

Families:
- Android.AwSpy
- CerberRansomware
- LatentBot
- MacOS.KeRanger
- MacOS.WireLurker
- PetyaRansomware
- RockLoader
- SamsamRansomware
- TeslaCrypt
- Thanatos

Bulk downloads:
- Malware.2024.10.19
- Malware.2024.10.20
- Malware.2024.10.21
- Malware.2024.10.22
- Malware.2024.10.23
- Malware.2024.10.24
- Malware.2024.10.25
- Malware.2024.10.26
- Malware.2024.10.27
- Malware.2024.10.28
- Malware.2024.10.29
- Malware.2024.10.30
- Malware.2024.10.31
- Malware.2024.11.01
- Malware.2024.11.02
- Malware.2024.11.03
- Malware.2024.11.04
- Bazaar.2024.10
- Virussign.2024.10.26
- Virussign.2024.10.27
- Virussign.2024.10.28
- Virussign.2024.10.29
- Virussign.2024.10.30
- Virussign.2024.10.31
- Virussign.2024.11.01
- Virussign.2024.11.02
- Virussign.2024.11.03
- Virussign.2024.11.04
- VirusShare.00487

vx-underground

04 Nov 2024 21:07

Schneider Electric after being hit by ransomware for the third time

Jun 28, 2023 — cl0p ransomware
Feb 20, 2024 — Cactus ransomware
November 4, 2024 — Hellcat ransomware

vx-underground

03 Nov 2024 22:16

A few years ago there was a woman on Twitter who constantly talked about how much she loved her job, her career field, her co-workers, etc. She semi-frequently mentioned her education at a prestigious university (and also made sure to mention it in her Twitter bio).

She was interesting.

What was especially interesting was the fact everything she said was a lie. One of our members was employed at the place she claimed to have worked. No one at this place of work knew her — her entire personality, profile, biography, and posts were a lie. Nothing about it was true. We couldn't verify if the woman in the images was a real person.

One day her profile suddenly disappeared off social media.

We still talk about it sometimes. Who the hell was that person? ¯\_(ツ)_/¯

vx-underground

03 Nov 2024 02:12

These will all eventually be added to the website. We don't have the time at the moment to download them, clean them up, and upload them for archive — but if you're interested you can look for yourself.

Cheers

vx-underground

03 Nov 2024 00:17

Only a few more days of misinformation campaigns in the United States (it'll be back shortly after)