vx-underground

10 Aug 2024 21:51

Today Politico announced that Donald J. Trump's political campaign has been 'hacked'.

Earlier this morning representatives from Trump's political campaign confirmed to Politico that their internal documents have been compromised (and exfiltrated).

The tl;dr is that Trump's team was a victim of suspected Iranian state-sponsored Threat Actors with the intent of interfering with the United States 2024 Presidential Election. They successfully compromised Trump campaign staffers by performing a spear phish.

You can read more information on the spear-phish, the geopolitical implications, Microsoft's input, lore, and document details here:

https://www.politico.com/news/2024/08/10/trump-campaign-hack-00173503

vx-underground

10 Aug 2024 17:50

This is a joke. This is a REvil ransomware payload. Don't seek out this file hash and intentionally detonate it on your box as admin.

vx-underground

10 Aug 2024 15:18

Susan Wojcicki, the former CEO of YouTube, died yesterday from Lung Cancer at 56.

vx-underground

10 Aug 2024 07:08

DEFCON nerd drama.

Disclaimer: The source of the following information is from various Reddit threads, Discord discussions, and Twitter conversations. We are unable to determine the validity of all of the information shared. Some information can be confirmed because there is physical evidence present.

The drama: earlier today (approx. 5 hours ago) security researcher Dmitry Grinberg was escorted off the stage at DEFCON – making him one of the few individuals in convention history to be physically escorted off stage.

The contents of the badge (code base, etc) was developed by Dmitry Grinberg and Mr. Grinberg states he gave no permission to DEFCON to use his code base on the badge. He states he will be issuing a DMCA notice to DEFCON soon. Mr. Grinberg also stated on Reddit you can enable an easter-egg on the device by doing:

- FN
- MENU
- ABOUT
- SELECT

When doing this the badge will display Dmitry Grinberg's information proving he is the developer. Additionally, Dmitry Grinberg said on Reddit if you'd like a license to use the firmware you can contact him and he will issue it to you. He will also sign badges for individuals and this will count as a license grant. He will be outside the DEFCON entrance at 10am tomorrow morning to sign badges.

Attachment 1. Dmitry Grinberg being escorted off stage
Attachment 2. The easter-egg

vx-underground

09 Aug 2024 16:04

In case you missed it: Security researcher RayRedacted has a son named Sam. Sam set the Men's World Record at the Paris Olympics this year for speed climbing. Sam successfully climbed 15 meters (49 ft) in 4.74 seconds. The average Olympic athlete age is 27. Sam is 18 years old.

vx-underground

09 Aug 2024 01:13

We bit the bullet, got some emergency drives being delivered. We're out $1,800, but we screwed up.

(I screwed up, I made the purchase, and I didn't check the specs)

(Hi, it's me, Smelly Smellington aka -2 IQ)

vx-underground

08 Aug 2024 17:21

Happy to report that brainwax6 & Troy8223, the two winners of the vx-underground DEFCON badge giveaway, have successfully received their badges and are enjoying their DEFCON visit.

Thanks to gbyolo_it & d_glenx for sponsoring the giveaway!

vx-underground

08 Aug 2024 17:13

Yesterday BratvaCorp detailed the 200IQ moves performed by the administrators of WWH-Club.

Kublitskii, a Russian national, and Khodyrev, a Kazakhstan national, sought asylum in the United States.

Upon arrival Kublitskii deposited $50,000 cash in a Bank of America account and began renting a luxury condo in Sunny Isles Beach, Florida. Additionally, he reportedly spent his time visiting various tourist attractions in Orlando, Florida. Despite his heavy spending, he reported no form of income or employment.

Khodyrev also residing in Florida, reported no income or employment. However, he decided to purchase a 2023 Corvette in $110,000 cash.

The United States Internal Revenue Service seeing two foreign nationals burning hundreds of thousands of dollars despite no employment

vx-underground

08 Aug 2024 06:24

Are you a fan of vx-underground? DO YOU know the password? Is there any hints or clues which suggest the password? CAN YOU spot the password? 🤔

vx-underground

07 Aug 2024 20:17

Please don't randomly touch her or yank on her backpack.

Just wave or say "Hello Helen", y'know, like a normal human being would do.

vx-underground

07 Aug 2024 18:55

We got another 1,800,000+ malware samples cookin'.

We're at like, 22,000,000 unique samples. There is no reason why any individual should possess this much malware but here we are. ¯\_(ツ)_/¯

vx-underground

07 Aug 2024 04:32

While you attended DEFCON, in pursuit of vanity, we studied the blade

vx-underground

06 Aug 2024 02:32

Oh god, one of our typos is actually in a legitimate judiciary hearing. Now actual court officials, lawyers, and possibly a jury are going to see our dumbass typoes.

vx-underground

05 Aug 2024 17:25

"Hate them – they sympathize with threat actors, foreign adversaries, and their memes suck. Actively distributing malware source code and builders is borderline criminal, they're doing more harm than good"

(just repeat the same stuff everyone else criticizes us for)

vx-underground

05 Aug 2024 13:34

This took a long ass time to aggregate, you infosec nerds who put hashtag-malware and hashtag-apt in your Twitter bio better like this shit and download this shit.

vx-underground

10 Aug 2024 19:37

Good morning,

It appears there is yet another person attempting to impersonate me. The easiest way to verify an administrator of vx-underground is request an addition of something to vx-underground.org/tmp – all administrators have access to this backend location.

Additionally, anime is cool and badass.

Thanks,

vx-underground

10 Aug 2024 17:49

Cool Windows 11 easter egg!

> Get file hash: 2aef1134cb696c922a06b71d58058d44e804391ff44cc5cd54335a1438fba58e
> Run as admin
> Your file extensions will change

Very cool easter egg!

vx-underground

10 Aug 2024 07:15

DEFCON drama continuing as NotBaldEagle shared an additional DEFCON32 badge easter egg.

- FN
- Menu
- About
- Hit SELECT

vx-underground

10 Aug 2024 05:10

The entire vx-underground collection is available at the DEFCON Data Duplication Village. Bring a harddrive, clone it, get the malware, and show your Mom.

We also included 100GB of cat pictures too as a DEFCON exclusive. No idea why you'd want 100GB of cats, but you'll get it.

vx-underground

09 Aug 2024 14:00

We've added an additional 500,000+- malware samples to vx-underground.

You can now wear malware as a hat.

vx-underground

09 Aug 2024 01:11

Previously on Dragon Ball Z: we received 9 harddrives to distribute to individuals who purchased copies of vx-underground. We selected replacement drives which were SMR (didn't check the spec).

Image 1. Cloning 18 hours ago
Image 2. Cloning now

vx-underground

08 Aug 2024 17:13

Information and post via BratvaCorp.

Full court report:
https://storage.courtlistener.com/recap/gov.uscourts.flsd.672601/gov.uscourts.flsd.672601.1.0.pdf

vx-underground

08 Aug 2024 06:37

Hello this is vx-underground and welcome to Jackass.

Next time you purchase a harddrive make sure you read the specs closely or else you'll be stuck transferring 6.82TB+ at 20MB/s.

vx-underground

08 Aug 2024 06:22

> claims to be huge fan
> unironically doesn't know the password

vx-underground

07 Aug 2024 20:01

If you're at DEFCON and see a woman with this backpack, ask her for a limited edition vx-underground holographic sticker. She has them all.

vx-underground

07 Aug 2024 16:45

As is tradition, nerds have gone too far.

Researcher Ersei booted Linux off of Google Drive

https://ersei.net/en/blog/fuse-root

vx-underground

06 Aug 2024 17:45

Nerds were able to transform Google Calendar into a filesystem.

tl;dr malware idea

https://github.com/lvkv/whenfs

vx-underground

06 Aug 2024 02:26

Today vx-underground was mentioned in a class action lawsuit between CHRISTOPHER HOFMANN v JERICO PICTURES, INC. d/b/a NATIONAL PUBLIC DATA.

This is the first time one of our tweets has been used as evidence in a courtroom (to the best of our knowledge).

vx-underground

05 Aug 2024 17:16

> go to work
> be in meeting
> "what's your opinion on vx-underground?"
> mfw

vx-underground

05 Aug 2024 13:31

Large update this morning. Total number of new malware samples is roughly 500,000.

Updates:
*Note: Due to length of paper titles the APT paper names will be truncated in this post and instead focus on the Threat Group
- 2024.07.08 - CloudSourcerer
- 2024.07.09 - APT40
- 2024.07.10 - DodgeBox
- 2024.07.11 - Moonwalk
- 2024.07.15 - BugSleep
- 2024.07.16 - AG100
- 2024.07.18 - APT41
- 2024.07.18 - Patchwork Group
- 2024.07.23 - DaggerFly
- 2024.07.23 - KnowBe4 North Korean Compromise
- 2024.07.23 - TransparentTribe
- 2024.07.24 - Russian-nexus
- 2024.07.24 - UAC-0057
- 2024.07.25 - APT45
- 2024.07.25 - OnyxSleet
- 2024.07.25 - SideWinder
- 2024.08.01 - APT41
- 2024.08.01 - BitSloth
- 2024.08.02 - Ursa
- 2024.08.02 - StormBamboo
- 2024.08.02 - Turla

Bulk Downloads:
- MalwareIngestion.2024.05.13
- MalwareIngestion.2024.05.14
- MalwareIngestion.2024.05.16
- MalwareIngestion.2024.05.17
- MalwareIngestion.2024.05.18
- MalwareIngestion.2024.05.19
- MalwareIngestion.2024.05.20
- MalwareIngestion.2024.05.21
- MalwareIngestion.2024.05.22
- MalwareIngestion.2024.05.23
- MalwareIngestion.2024.05.24
- MalwareIngestion.2024.05.25
- MalwareIngestion.2024.05.26
- MalwareIngestion.2024.05.27
- MalwareIngestion.2024.05.28
- MalwareIngestion.2024.05.29
- MalwareIngestion.2024.05.30
- MalwareIngestion.2024.05.31
- Bazaar.2024.07
- VirusSign.2024.07.27
- VirusSign.2024.07.28
- VirusSign.2024.07.29
- VirusSign.2024.07.30
- VirusSign.2024.07.31
- VirusSign.2024.08.01
- VirusSign.2024.08.02
- VirusSign.2024.08.03
- VirusSign.2024.08.04

Families:
- EternalRocks
- DanaBot
- RedLine
- XenoRAT
- Numando
- PhiladelphiaRansomware
- Remcos
- RokRAT
- SmokeLoader
- SnakeKeylogger
- StealC
- Amadey
- CobaltStrike
- DCRat
- Dridex
- FormBook
- Gh0stRAT
- LummaStealer
- NjRAT
- PrivateLoader