14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Hello, we're aware vx-underground is down.
Thankfully this time it's not our fault. It's Wasabi's fault. They're having a massive outage.
It'll be back when it's back.
Bologna FC has been ransomed by RansomHub ransomware group.
https://www.bleepingcomputer.com/news/security/bologna-fc-confirms-data-breach-after-ransomhub-ransomware-attack/
Today Mikhail Pavlovich Matveev a/k/a Wazawaka was arrested in Kaliningrad, Russia.
Mikhail Matveev is a bit of a ransomware 'celebrity', often blatantly showing his face and his 'work flow'. He has been tied to Lockbit, Conti, and BABUK
https://ria.ru/20241129/sud-1986456557.html
This is a binary from Microsoft Windows which is primarily used in Enterprise environments.
It's 3am and we're wondering why it has these hardcoded paths that look like they're from a hobbyist, not from a professional software engineering team
We'll be AFK for Ameriburger holiday stuff. Happy Ameriburger holidays to you and your families.
No one do anything crazy while we're gone.
Thanks,
- smelly
(it's just a silly cab file, but we forgot it existed, we're bringing .ex_ and .com files back) (windows doesn't support .com files anymore)
Читать полностью…
Security research TuringAlex spotted AIRASHI botnet sharing the lyrics to "Conga" by Gloria Estefan and specifically calling out Xlab_qax and Fox_threatintel
11/10, banger song, now doing the Conga
SimoKohonen did the math. Here is a list of every vendor and every high-severity CVE from the past 5 years.
Qualcomm: 97,388
Cisco: 15,833
Microsoft: 11,375
Intel: 9,323
Juniper: 5,550
Dell: 5,041
Hp: 4,448
Netgear: 3,855
Apple: 3,544
Siemens: 3,281
Zoho Corp: 2,636
Lexmark: 1,668
Oracle: 1,642
F5: 1,637
Google: 1,557
Netapp: 1,258
Brother: 1,220
Lenovo: 1,195
Adobe: 1,184
Mitsubishi Electric: 1,087
Vmware: 1,071
Amd: 1,053
Huawei: 969
Mediatek: 890
Cdatatec: 841
Zyxel: 815
Redhat: 724
Schneider-Electric: 674
Debian: 671
Aruba Networks: 668
Hikvision: 640
Fedora project: 619
Moxa: 590
Dlink: 546
Linux: 527
Hpe: 493
Ibm: 474
Vivotek: 420
Xerox: 404
Mitsubishi: 397
Totolink: 395
Freebsd: 386
Qnap: 380
Weidmueller: 324
Sap: 308
Canonical: 303
Phoenix Contact: 294
GE Healthcare: 293
Tenda: 292
Tp-Link: 291
Qualcomm takes 1st place.
97,388 high-severity CVEs ÷ 1,825 days (5 years)
An average of 53.36 high-severity CVEs a day
Very cool.
We've received confirmation that a sim-swapper operating under the moniker 'Remi' has been arrested by Federal Bureau of Investigation.
Remi is being charged with 18 USC § 1343 (Wire fraud) and 18 USC § 1028 (Fraud and misuse of identification documents).
RansomHub ransomware group after they successfully exfiltrate data and ransom a hotdog stand (they're asking for $200,000,000)
Читать полностью…
Yesterday Banshee Stealer, the MacOS-based Malware-as-a-Service infostealer, had their source code leaked online.
As a result of the leak they've shut down their operations. We've archived the leak and made it available for download on GitHub.
https://github.com/vxunderground/MalwareSourceCode
🚨BREAKING🚨
RANSOMHUB RANSOMWARE GROUP HAS RANSOMED A GIFT SHOP IN ROCHESTER, NEW YORK. IT IS EXPECTED TO CAUSE OVER $15 IN DAMAGES, ALL 3 EMPLOYEES ARE PANICKING AS THEIR UBER EATS ORDERS MAY BE LEAKED ONLINE
Last week 404mediaco did an article on Threat Actors using Spotify to host malicious software and/or pirated software.
In summary, karol_paciorek and g0njxa discovered nerds are using Spotify playlists titles to amplify malware.
Sometimes it's very frustrating administrating a large account on social media. Whenever we make a post we try to be as succinct as possible to avoid misinterpretation. That doesn't always happen, and it's frustating.
tl;dr
"I like pancakes"
"oh, so you hate waffles???"
It's never too early to have "the talk" with your children.
Читать полностью…
We made a dumb joke about a path inside of a Windows binary. We were flooded by angry nerds telling us it's from an ASSERT, it's a _FILE_ macro, it's from a AzureDevOps pipeline.
tfw you make a joke (and oopsie, didn't know it was from AzureDevOps) (please stop yelling at us)
More details have emerged surrounding Connor "Waifu" Moucka.
Interestingly, and a bit ironically, Mr. Moucka's identity was unveiled as a result of his attempts to obfuscate his identity online. No information has been released on how he was precisely identified, however it has been noted he was unmasked as a result of the misinformation he released about himself.
Additionally, it was noted part of his strategy was threatening security researchers. Instead of intimidating Unit221B and Mandiant, this had an opposite effect and only brought more attention to himself from researchers and law enforcement agencies.
Mr. Moucka is currently being held in Maplehurst Correctional Complex. He is scheduled for a hearing November 29th — the hearing is to discuss his further court dates.
More information:
https://www.therecord.com/news/waterloo-region/accused-kitchener-hacker-unmasked-after-threatening-woman-online/article_3501ea8b-1514-5524-8de6-f52e92c3e103.html
Today EUROPOL announced the takedown of a large illegal streaming network operating within the EU. 11 people have been arrested, €1,600,000+ seized.
The unnamed network allowed users to illegally stream movies, television series, and sporting events
https://www.europol.europa.eu/media-press/newsroom/news/european-law-enforcement-stops-illegal-iptv-service-providers
The globalists don't want you to know this, but .EX_ files are real and you can use it for malware
Читать полностью…
Today ESET released a paper on "Bootkitty" the first UEFI bootkit for Linux.
We didn't even read the paper, we just liked the name and artwork
Shortly following the announcement of the Threat Actor "Remi" being arrested, we were contacted by "Remi" in proxy by a party which is close to him.
"Remi" requested (by proxy) we share a photo of him and state "If you’re gonna post about me, at least notice the drip"
Internet nerds are reporting Sora AI, the OpenAI product for transforming text into video, has been leaked online.
However, we don't quite understand the context of the word 'leak' here because the material 'leaked' online does not contain a dataset. Instead the material directly cites an OpenAI API URL. We're not sure you can call something an AI leak when it's a python script invoking an API URL ...
Files leaked:
- .gitattributes
- README-dot-md
- app-dot-py
Inside of the 'app' python script you can see the API URL invocation. The README is just a manifesto, or something, against OpenAI, standard anti-AI stuff.
¯\_(ツ)_/¯
The most powerful tools in a hackers arsenal? Visual Studio Code, Kali Linux (the quieter you are, the louder your farts), and YouTube premium
Читать полностью…
Thank you to our friends at VirusTotal for the cool and badass t-shirts and stickers
Читать полностью…
🚨FIRST ALERT: BREAKING 🚨
THE GIFT SHOP IS SELLING BREWSTER LOVE BIRD GROOM ORNAMENTS FOR $37
In the 2nd image the hyperlink is purple because we clicked the link. We need to learn how to get FREE vBucks.
Читать полностью…
Other things we dislike:
1. Us missing messages or notifications and people taking it personal. They act like we're avoiding them, or something
2. Conspiracy theorists piecing together our posts — thinking we're the illuminati
3. People rude as hell for zero reason
Good morning, or evening.
After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.
Please exercise extreme caution. This archive contains ransomware payloads.
https://vx-underground.org/Archive/Dispossessor%20Leaks