vxunderground | Unsorted

Telegram-канал vxunderground - vx-underground

14367

The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh

Subscribe to a channel

vx-underground

> wake up
> check e-mail
> asked to sponsor cybersecurity conference

We love you for thinking about us. But you're basically asking a homeless person for $10,000+. It could be the other way around, we should be asking you to sponsor us.

Читать полностью…

vx-underground

Ransomware operators celebrating another healthcare facility being ransomed (they said it's the hospital's fault, not theirs)

Читать полностью…

vx-underground

rari_teh and Skejeton found an ultra rare false-positive

Creating a file with the string "This content is no longer available." is flagged by Windows Defender. It's a SHA256 collision with an actual malware sample.

The probability of a SHA256 collision is 4.3*10^60.

There is a higher probability of an asteroid crashing into the planet and causing a max extinction.

Читать полностью…

vx-underground

Note: he doesn't know us, we don't know him or his team. Our website is sketchy to non-malware people.

We don't see this as insulting. But, it's funny seeing him say this for liability sake – he doesn't want one of his followers detonating ransomware and then blaming him 😂😂

Читать полностью…

vx-underground

Shoutout to AnyRun for the full-disclosure and being honest about the situation.

Читать полностью…

vx-underground

Kaspersky and all of its subsidiaries, affiliates, or parent companies are forbidden from selling in the United States starting July 20th.

They can provide updates to existing customers until September 29th.

More information: https://www.washingtonpost.com/business/2024/06/21/kaspersky-banned-us-antivirus-russia/

Читать полностью…

vx-underground

Correction: our previous post about the compromise of the Los Angeles School Unified District may be a result of a compromise from Vice Society ransomware group in 2022. During that compromise from Vice Society we did not review the data, hence we cannot confirm if the data is new or old.

tl;dr may be recycled leak, could be new leak, we don't know but the data is still bad news.

Читать полностью…

vx-underground

We're collecting Xitter spam bots like Pokemon

Читать полностью…

vx-underground

Individuals with a formal education in Data Science and Artificial Intelligence are expressing their disdain for the recent trend of Artificial Intelligence.

Читать полностью…

vx-underground

her: you are what u eat ;)

me (not freeing the heap):

Читать полностью…

vx-underground

Earlier this morning we began receiving notifications from starrdlux regarding some car dealerships in Atlanta, Georgia having 'computer outages'. Due to these problems, she was unable to have her car serviced.

Subsequently, car dealerships in Las Vegas, Nevada (opposite side of the United States) began reporting computer problems as well. Independent journalists began reporting online that it was a ransomware attack.

And now, just moments ago, BleepinComputer received confirmation that CDK Global, a car dealership SaaS, is in the midst of a 'cyber attack'. This 'cyber attack' which has not been confirmed to be a ransomware attack, has reportedly shutdown services related to CRM, payroll, financing, support and service, inventory, and back office operations.

tl;dr rumors, speculations, and gut feelings ended up being real.

More information: https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/

Читать полностью…

vx-underground

More information and official SEC report: https://www.sec.gov/Archives/edgar/data/1158449/000115844924000162/aap-20240523.htm

Читать полностью…

vx-underground

You may not like it, but this is what writing malware is like

Читать полностью…

vx-underground

Hello, how are you?

We're currently experimenting with a new harddrive distribution technique.

We currently distribute data in the form of an external harddrive. Moving forward we will deliver it in a plain 'ol SATA drive, and we'll also toss in a SATA to USB converter for people who don't have a drive bay, or want to open their box.

It'll be much faster and easier for us (and you).

Читать полностью…

vx-underground

Updates to vx-underground

Samples:
- VirusSign.2024.06.10
- VirusSign.2024.06.11
- VirusSign.2024.06.12
- VirusSign.2024.06.13
- VirusSign.2024.06.14
- VirusSign.2024.06.15
- VirusSign.2024.06.16
- VirusSign.2024.06.17

Papers:
- 2024-05-21 - Uncovering an undetected KeyPlug implant attacking industries in Italy
- 2024-05-22 - Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea
- 2024-05-22 - Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth
- 2024-05-23 - Chinese Espionage Campaign Expands to Target Africa and The Caribbean
- 2024-05-23 - Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
- 2024-05-23 - Sharp Dragon expands towards Africa and The Caribbean
- 2024-05-24 - Stark Industries Solutions: An Iron Hammer in the Cloud

Читать полностью…

vx-underground

Greets

We're still watching the CDK Global situation – some CDK Global customers submitted precautionary SEC 8-K forms. ZachXBT and other cryptocurrency nerds are discussing the theft of $54,000,000 from BtcTurk.

Please, no more chaos. We're busy this weekend 🙏

Читать полностью…

vx-underground

Correction: the files submitted also contain the string "This content is no longer available.".

However, the file extension being changed to .rar, .mp4, etc. result in a false positive and gets flagged as spyware (???)

Shoutout to Coin for spotting this.

Читать полностью…

vx-underground

Companies when they discover cybersecurity isn't a buzzword, they've become a victim of ransomware, and it's causing damage on an international scale

Читать полностью…

vx-underground

Today on Linus Tech Tips' WAN show mentions that him and his team purchased a vx-underground harddrive.

Subsequently, he calls us sketchy, states he doesn't know us, and he cannot recommend us to his followers.

😭😭😭😭😭

Читать полностью…

vx-underground

Today AnyRun App Sandbox announced they were compromised

No customer data was stolen, no production environment is impacted

tl;dr Threat Actor phished customer, Threat actor used phished customer to phish AnyRun employee

More information:
https://x.com/anyrun_app/status/1804157392935870466

Читать полностью…

vx-underground

> Newest security update patches CVE-XXXX-XXXX

The patch:

Читать полностью…

vx-underground

Today a Threat Actor operating under the moniker "Satanic" claimed to have compromised the Los Angeles Unified School District.

This data includes 24,000,000 records on students, past and present, and information on over 24,500 employees (primarily educators). The information leaked also contains information on the parents.

'Satanic' released a sample of the data. The data appears to be authentic. The authenticity of the data is terrifying because it contains information on children who are currently enrolled in Elementry school – with children in K - K5, meaning some of the individuals listed could be as young as 5 years old. On initial review of the sample data released we discovered records on a person who is 9 years old (coupled with information on the child's parents).

Listing every column in the database would be exhaustive. Here is a summary:

- Student ID
- Student Full Legal Name
- Student Preferred Name
- Parent(s) Full Names
- Parent(s) E-mail
- Parent(s) Phone Number
- Child Address(es)
- Grade
- Ethnicity
- Gender
- Poverty (boolean flag)
- Homeless (boolean flag)
- Foster (boolean flag)
- Graduated (boolean flag)
- Primary Language Spoken
- Student Photo
- Migrant (boolean flag)
- Special education (boolean flag)
- Transportation Type
- Home Longitude and Latitude (???)

Читать полностью…

vx-underground

Sorry, should have attached the article. Truthfully, we laughed at the post, screencapped it, and moved on.

Please stop hitting us with sticks.

You can read the full article here: https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/

Читать полностью…

vx-underground

Good morning, good evening, or good night vx-underground Telegram degenerates,

From our reports we have determined you degenerates have tried to say the N-word 458 times since our chatroom was created. We are currently running at an average of 24.10526315 N-word attempts per day.

Читать полностью…

vx-underground

Drama with YouTube and Firefox today.

YouTube is stuttering for Firefox users. The problem interestingly is not with Firefox, but the way YouTube delivers data.

tl;dr YouTube is being a bunch of jerks, Firefox has to fix it so users can view stuff.

https://www.reddit.com/r/firefox/comments/1djkdql/for_people_who_worry_about_youtube/

Читать полностью…

vx-underground

We are aware of the alleged AMD breach.

We love you all, and we appreciate you nerds notifying us, but we got way too many notifications. We got 50+ notifications about it. 😭

We haven't verified the data. We don't know if it's a legit breach or not. ¯\_(ツ)_/¯

Читать полностью…

vx-underground

Advanced Auto Parts confirmed a data breach with the SEC last week.

A few weeks earlier an unidentified Threat Actor(s) who compromised TicketMaster also claimed to have compromised Advanced Auto Parts. When the Threat Actor(s) initially reported to have compromised Advanced Auto Parts, no details or data was provided to substantiate their claims other than a sale placed on Breached.

Today we can confirm that Advanced Auto Parts was indeed compromised and data was indeed exfiltrated.

Advanced Auto Parts wrote to the SEC that they believe the compromise took place on or around May 23rd, 2024. Furthermore, their data was stolen via unauthorized access to a 3rd party cloud database environment (asserted to be Snowflake by the Threat Actor(s)).

Advanced Auto Parts confirmed the data stolen contains sensitive information on current and former employees including government identified such as social security numbers. Advanced Auto Parts stated they will offer impacted individuals free credit monitoring and identity restoration services.

Image courtesy of pancak3lullz

Читать полностью…

vx-underground

Hunters International ransomware group claims to have ransomed Circle K. Atlanta.

In other words, stoners now face difficulties trying to purchase chips and soda. It may even impact their ability to purchase Swisher Sweets.

Say a prayer for the stoner homies 🙏

Читать полностью…

vx-underground

Today we discovered that vx-underground not only manages the vx-underground domain, but we also manage the United States Postal Service.

tl;dr we're sorry your package was lost, but that's not our fault. Sometimes shipping sucks ¯\_(ツ)_/¯

Читать полностью…

vx-underground

More pictures via MAC 2024

https://vk.com/album-222833950_297402765

Читать полностью…
Subscribe to a channel