14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
CryptoGrab, a crypto draining service, incorporated as an official company and even attended a conference, gave out merchandise, and advertised. They were present at MAC Affiliate Conference this year in Armnenia
Information via g0njxa
Justin Elze spotted this in the wild. Some fast food drive through menu has a RemotePC client open
Someones gonna pop that 😂😂😂
Previously on Dragon Ball Z, the Spanish media reported a 'hacker' was arrested via the Spanish Police working in conjunction with the United States Federal Bureau of Investigation.
The individual arrested as a 22-year-old male from the United Kingdom. He was not immediately identified to the media by law enforcement.
Today we received confirmation on this individuals identity and alleged crimes. For the safety and privacy of multiple parties involved (including the accused) we cannot divulge too much information.
The individual arrested operated under the alias 'Tyler'. He is a sim swapper and is allegedly involved with the infamous Scattered Spider group. Most notably he is believed to be a key component of the MGM ransomware attack, and is believed to be associated with several other high profile ransomware attacks performed by Scattered Spider.
Not including the archives or APT papers; we've got 12,261 papers on malware development, reverse engineering, and detection.
Is it enough?
(they e-mailed us a long time ago and i forgot)
(going to smaller events is cool and badass)
Good morning,
People are not seeding the vx-underground torrents. You nerds asked for torrents, so you better seed.
>:(
https://vx-underground.org/Torrents
The current state of the vx-underground Telegram chatroom
Читать полностью…
Breached after being taken down multiple times from law enforcement agencies
Читать полностью…
A sitcom that follows a group of friends, the up's and down's in the Russian ransomware cyber crime ecosystem, and their ultimate pursuit of love
Читать полностью…
Today the Ukrainian National Police arrested a 28 year old man who is suspected to have worked with Conti ransomware group and Lockbit ransomware group.
Читать полностью…
Yesterday evening a website was launched title: EpicDB. EpicDB is a hobby project created from a user named "MixV2". The EpicDB website is designed to act similar to SteamDB.
Gaming nerds quickly discovered the EpicDB website began leaking information on games (listed on the site under code names) which are scheduled to arrive on Epic games platform. To the best of our knowledge, no information has been disclosed on how EpicDB gathered these code names.
Confirmed titles:
- Dragon Age: The Veilguard
- Helldivers 2 (never released onto Epic)
- Last of Us Part 2
- Apex Legends
- Battlefield 2042
- Tomb Raider Bundle
- Final Fantasy XVI
- Final Fantasy IX
- Remnant 3
- BioShock 4
- Growtopia
Speculated titles:
- Rise of the Ronin
- Spider-Man Miles Morales
- Streets of Rage
- Crazy Taxi
- Max Payne 1+2 Remake
- Red Dead Redemption
- DOOM: The Dark Ages
- Doom Eternal
- Bloodlines 2
- Europa Universalis V
- Warhammer: Vermintide 3
- Civilization VI
- Civilization IV
- AtomFall
- Among Us 2
There are nearly 100 code names for unreleased content. We aren't going to list them all. Here are some highlights:
- LaserLemon
- GreenSheen
- Debussy
- Project Wiseguy
- Burger
- Puffpastry
- CurlyWurly
- Croquembouche
Denial of Service via Trebuchet
hashtag red team tips
In other news, today Lockbit ransomware group posted that someone is conducting a Denial of Service attack via Friend Request's on Tox.
They've allegedly received 200,000 Friend Requests
Neat
Yesterday Apple announced they plan on introducing ChatGPT into Siri, iOS, and MacOS
https://arstechnica.com/gadgets/2024/06/apple-integrates-chatgpt-into-siri-ios-and-mac-os/
Cybersecurity Among Us sponsored by keepitcloaked this Wednesday, 7 PM EST with h313n_0f_t0r repping vx-underground! We will be unable to stream it ourselves that day, so please enjoy by tuning in to your favorite participating streamer.
Читать полностью…
Good morning,
It's Sunday, the day of rest. We hope all of you had a good week and a good weekend. We'll see all of you Monday morning.
June 14th a 22-year-old British man was arrested in Palma de Mallorca, Spain.
Per the official report: the currently unidentified male is alleged to be behind a series of large-enterprise 'hacks' which resulted in the theft of corporate information and allowing an unidentified group to access multi-million-dollar funds.
No information is provided on whether or not this person is involved in ransomware, extortion, information stealers, sim swapping, crypto-draining, etc. The media reports only state he is a 'hacker' who 'stole information' which allowed him and his unidentified group access to access 'funds' ...
¯\_(ツ)_/¯
The suspect was arrested in a joint effort between the United States Federal Bureau of Investigation and the Spanish Police. It was stated he was arrested as he was making an effort to flee Spain to Italy.
A Judge in Los Angeles, California issued a warrant for his arrest.
Media outlets in Spain captured some footage of the arrest. The individuals face is censored. However, and most importantly, at the 0:20 mark a child decides to do a Naruto run in the midst of an international law enforcement take down for the memes.
He also appears to be wearing a Minecraft blanket. 11/10 the kid is a memester.
Updates to vx-underground
- 2021-12-23 - Threat Report: Echelon Malware Detected in Mobile Chat Forums
- 2023-01-22 - BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs
- 2023-02-23 - Berbew Backdoor Spotted In The Wild
- 2023-09-26 - Analyzing Lu0Bot: A Node.js Malware with Near-Unlimited Capabilities
- 2023-12-01 - New Tool Set Found Used Against Organizations in the Middle East, Africa and the US
- 2024-03-01 - NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts
- 2024-03-09 - New Backdoor Activity Socks5Systemz
- 2024-03-18 - Mirai Nomi: A Botnet Leveraging DGA
- 2024-04-01 - Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
- 2024-05-13 - Gootloader Isn’t Broken
- 2024-05-16 - Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns
BSides Colorado Springs is looking for people to submit papers and talks – especially beginner and/or intermediate malware talks.
They're trying to grow. Go to BSides Colorado Springs, submit a talk, do stuff, and fight bears
Updates to vx-underground
Samples:
- AcidRain
- AgentTesla
- Android.SoumniBot
- AveMaria
- GuLoader
- LummaStealer
- NjRat
- PikaBot
- QakBot
- Rawdoor
- Remcos
- SystemBC
- Upstyle
- Vultur
- zLoader
Papers:
- 2024-06-06 - Remcos RAT Analysis
- 2024-06-06 - Agent Tesla Analysis
- 2024-06-03 - Wineloader – Analysis of the Infection Chain
- 2024-06-03 - PikaBot: a Guide to its Deep Secrets and Operations
- 2024-05-30 - A DNS Investigation of the Phobos Ransomware 8Base Attack
- 2024-05-29 - Fake Browser Updates delivering BitRAT and Lumma Stealer
People are paying thousands of dollars for educational courses on initial access vectors. We'll provide you a step-by-step guide on how to get initial access to companies with a budget of $0. All it requires is some time, effort, and the ability to grep
1. Go to Telegram
2. Get free stealer logs
3. Look for VPN creds
4. Hope no MFA
4.a If MFA, spam requests
4.b If fails, go back to Step 1.
5. Log into VPN
6. Go to Jira / Kanban board
7. Scrape everything when people are sleeping
8. Log out
9. ???
10. Profit!!!11
Congratulations, you're now the most dangerous hacker on the planet
Does this sound absurd? Of course it does. Does it work? Yes, literally every single day. Infostealers are a giant problem. They don't need to target enterprise environments with top-notch security – they only need to target lazy home users, with security settings probably disabled, downloading junk binaries.
Happy Birthday to herm1t.
herm1t was the creator and administrator for vxHeaven. vxHeaven was our inspiration — we try to act a successor for.
We hope you have a wonderful day.
This week Xitter will make likes private.
They're being made private for privacy, or something. We don't trust it. No social media platform cares about privacy.
5 years ago we never would have believed we would corrupt the mind, body, and souls of people by nothing but malware and shit posting.
Here we are.
One time we saw a group of people arguing about different ways to perform variable initialization in C vs C++ vs Rust and which language was superior... for 3.5 hours.
All of them had anime profile pictures.
Thank you to our friends at MDSec Labs for the cool and badass stickers and merch.
Читать полностью…
I was told to tweet this.
I forgot it was a thing because I've been busy downloading malware and staring into the void (Telegram).
Everyone is cool though. Watch it. If you don't you'll be bonked.
- smelly smellington
Updates to vx-underground:
Samples:
VirusSign.2024.06.02
VirusSign.2024.06.03
VirusSign.2024.06.04
VirusSign.2024.06.05
VirusSign.2024.06.06
VirusSign.2024.06.07
VirusSign.2024.06.08
VirusSign.2024.06.09
Papers:
- 2024-05-10 - Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
- 2024-05-14 - Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
- 2024-05-14 - QakBot attacks with Windows zero-day (CVE-2024-30051)
- 2024-05-15 - Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia
- 2024-05-15 - Black Basta overview and detection rules
- 2024-05-15 - Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
- 2024-05-15 - To the Moon and back(doors)- Lunar landing in diplomatic missions
- 2024-05-16 - Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
- 2024-05-16 - Springtail: New Linux Backdoor Added to Toolkit
- 2024-05-20 - Tiny BackDoor Goes Undetected: Suspected Turla leveraging MSBuild to Evade detection
- 2024-05-21 - Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign