14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
sMelLy whY doNt u jUsT mAke a TorRenT oF tHe MalWaRe SamPleZ
MOTHERFUCKER WE DID.
- Has it's own category on vx-underground
- Posted about for several weeks
We only did it as a giant .7z to be nice to nerds who DIDN'T want to torrent.
/me flips desk
More information on SocGholish: https://www.proofpoint.com/us/blog/threat-insight/part-1-socgholish-very-real-threat-very-fake-update
Читать полностью…
No way the CEO of YouTube is giving a shoutout to the homie Laurie Wired. Laurie, when you're at the Red Carpet in Hollywood, don't forget us.
tl;dr malware is going mainstream. We're so back. The vx-underground malware propaganda psyop is working 😎
We're aware of a critical issue impacting vx-underground. Individuals are unable to access files because of a recent backend change.
Rest assured our finest nerds are on the case.
(posting again because the issue has returned)
The vx-underground malware families collection is temporarily available for bulk download.
- 222GB (compressed)
- 234GB (uncompressed)
- 123,915 malware samples
- 763 malware families
- Password: infected
For people who are unhappy with the download speed on vx-underground: if you use a download manager, like Internet Download Manager (or uGet on Linux), and set the download to 10 threads+, you can get download with speeds as high as 400MiB/s. You can download the entire family collection is less than 10 minutes.
Download: https://vx-underground.org/tmp
Essentially, if it is an American Holiday and you visit a large lake and/or pond with family members, be careful to not intentionally or accidentally swallow lake and/or pond water.
It may result in a parasitic infection in your intestines.
We got our money back. It's a Christmas miracle. It took 8 weeks.
Fun fact: "Some vegetables can be ready to harvest in 3–8 weeks, including radishes, baby carrots, and cucumbers."
tl;dr become farmers before get refund
It's been really quiet lately.
It's the calm before the storm.
Updates to vx-underground
Archives:
- The Old New Thing, June, 2024
Families:
- Latrodectus
- BadSpace
- XWorm
- FormBook
- Oyster
- WarmCookie
- P2PInfect
- LummaStealer
- DisgoMoji
- KoiLoader
- BlankGrabber
- BruteRatel
- CobaltStrike
- Android.SpyNote
- Amadey
Hello,
We're going to be AFK this weekend. Please don't do anything crazy.
Thanks,
Hello,
We have returned to our pseudo-goth-weird-dark-art profile picture stage.
Have a nice day.
Shoutout to the homies at the United States Defense Counterintelligence and Security Agency!
Happy 4th of July and thanks for the free Robux!
*The page has been removed, but it's still cached in Google
Hello,
We're terribly sorry to this round of vx-underground harddrive purchasers. We've had so many headaches with our harddrive vendor it's unimaginable. They lost our purchased drives and are now arguing about reshipping drives. They initially said they'd issue a reshipping July 2nd, now they're talking about reshipping July 5th.
First and foremost, we're no longer purchasing from Seagate. Secondly, we're going to challenge the Seagate CEO and the Seagate CFO to a 2v2 on Halo 3.
Bradley & I (smelly) vs Dave Mosley & Gianluca Romano
Rules:
- Map: Guardian
- Weapons: BRs and Snipers only
- Modifications: No invis
- Grenades are OK
- Self-imposed death: -1 point(s)
- Respawn time: 5 seconds
Good luck, noobs. We've got a 50 in Team Doubles
FBI: There's no one else that can help us but you
The Threat Intelligence expert that retired 10 years ago:
Put your hands up, criminal scum.
You're under arrest for violations of the United States Computer Fraud & Abuse Act, Wire Fraud, and Aggravated Identity Theft
Tit4v discovered Golden Corral, the American all-you-can-eat buffet, giftcard page is attempting to deliver SocGholish malware.
When visiting the page it delivers a prompt stating 'your Chrome browser is out of date'.
Yesterday an individual operating under the moniker 'Vadim Blyaa' claimed to have compromised NATO.
Upon reviewing the data we can confirm the compromise is real. However, 'Vadim Blyaa' compromised an internal wiki for NATO. It is NOT a compromise of NATO's internal network infrastructure.
The compromise resulted in a dump of the internal wiki. The dump shows quarterly sprints, some basic documentation, and 7,289 e-mails associated with the internal wiki.
While this is not a devastating compromise, it highlights the importance of securing every aspect of government. If a lone actor can do it, so can adversaries.
July 9th, 2024, SiegedSec, a self-described Hacktivist group, claimed to have compromised The Heritage Foundation. The breach has been filled with American political banter. Here is our non-biased high-level overview. It's a long read (and write) from us because for non-American audiences lore must be established
tl;dr political drama gonna be political drama
About the breach:
The breach of the Heritage Foundation WAS NOT a network and/or enterprise compromise. SiegedSec compromised their WordPress domain. This is significantly different than an internal network compromise – the data exfiltrated is data which is present on their website.
The Heritage Foundation:
While our American audience may be familiar with the Heritage Foundation, many of our followers outside of the United States may not know this. The Heritage Foundation is an American conservative think-tank located in Washington D.C..
Motivations:
SiegedSec criticized The Heritage Foundation, asserting their motives for the compromise were to shed light on 'Project 2025'. Project 2025 is a proposed American conservative and/or Republican policy written by The Heritage Foundation which aims to reshape the United States Federal government in a more conservative-favor. Project 2025 has been criticized by American progressives and/or liberals, stating Project 2025 is a Christian nationalist, anti-LGBT, and anti-abortion policy. Some legal experts believe this suggested policy has language or beliefs which undermine the rule of law, separation of church and state, etc.
The data:
From a high-level overview the data appears legitimate. However, the scope is limited to their WordPress site and is primarily documents which were marked as private. The data also unveils some users PII. Some e-mails present end with the .mil, .ru, and .cn top-level domain(s). Some individuals who reviewed the data believed this to be suspicious and questioned the presence of these e-mail addresses. While these TLD's are indeed present, this is not necessarily indicative of external state-sponsored influence.
The drama:
Mike Howell, the Executive Director of the Heritage Oversight Project, spoke with individuals from SiegedSec following the breach. Mike Howell, asked SiegedSec about their prefered communication platform, their motivates, etc. During the conversation Mike Howell informed SiegedSec they will seek legal action against their group. Subsequently, he called them 'closeted furries' and said they will be exposed to the world for being 'degenerative perverts'. Additionally, Mike Howell asserted they are going against the nature of God and mocked SiegedSec individuals by stating they will likely be sexually assaulted in prison in the event they are prosecuted for the compromise. Mike Howell invited SiegedSec to share the communication logs publicly and stated he has established relations with law enforcement.
Following the conversation with Mike Howell, SiegedSec announced they're shutting down their group and operations. SiegedSec stated this was a planned action and not as a result of the threats from Mike Howell. Mike Howell argued that SiegedSec is going into hiding and SiegedSec is indeed concerned about law enforcement pursuing them.
American commentators criticized Mike Howell, describing his messages as 'deranged' whereas others described it as 'brave' and willing to stand against individuals who threaten them.
We're aware of a critical issue impacting vx-underground. Individuals are unable to access files because of a recent backend change.
Rest assured our finest nerds are on the case (they're in Europe, we're doomed).
Hi, it's me, Smelly.
I'm sorry to everyone I haven't replied to in the past week.
For the past week or so I've been very sick. Doctors aren't entirely sure what's wrong — but they suspect I have contracted Giardia. It is miserable.
Bradley is currently steering the ship.
We've been fighting with our harddrive distributor since May 29th, 2024 about the harddrives we purchased.
They lost 9 drives and have been fighting with us every week about refunding our money.
No idea why a company valued at $12,300,000,000 is fighting us over $1,600
One the largest contributors to vx-underground is JaffaCakes. In the past 45+- days he has submitted over 1,250,000 unique malware samples to the vx-underground malware database.
He has successfully unlocked 4 cat pictures.
Hello,
We're back. It looks like everything is okay and nothing has burned to the ground. We're proud of all of you. You get +2 internet points.
Per request, if you'd like a copy of vx-uwu you can download it here:
https://vx-underground.org/tmp
Introduce completely useless and unnecessary COM abstractions into your code. EDRs think it's cool.
(it wraps to LocalAlloc, but whatever)
inb4 Seagate accepts the challenge, wins, they T-bag us
Читать полностью…
Someone put together a PowerPoint presentation on why we should follow them on Xitter.
Читать полностью…
We've introduced a new section to vx-underground: Microblog. It'll contain the occasional (probably pretty rare) opinion, rant, whatever, by vx-underground staff.
We've added a new blog post entry, some small tidbits and complaints, or something.
https://vx-underground.org/Microblog