14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
We appreciate all donations. Every dollar helps. But, it felt kind of cheap from them – like he was like, 'thanks for the slave labor, jackass'
Читать полностью…
Last year Caesar's was hit by ransomware, paid a ransom demand of over $15,000,000, and now when the nerds come back in town someone decides to be a memester.
This is why we can't have nice things.
To put it into perspective: if every single person who follows us on Twitter, or subscribes on Telegram, donated $100,000 – we would have 1/6th of Elon Musk's net worth.
No idea what this has to do with this fundraiser, but it's kind of depressing how wealthy he is.
This morning the National Crime Agency of the United Kingdom announced and released footage of the arrest of 'J.P. Morgan'. 'J.P. Morgan's' real name has not yet been officially released by the National Crime Agency.
J.P. Morgan and his associates have been actively monitored by the United States Federal Bureau of Investigation and United States Secret Service since 2015.
J.P. Morgan is believed to be a key player behind Reveton Ransomware Group, Ransomware Cartel, and Angler Exploit Kit which has resulted in the extortion of millions of dollars all across the globe.
Angler exploit kit was often used to deploy CryptXXX, CryptoWall, and other strains. At it's peak, it's suspected over 100,000 devices were infected by Angler Exploit Kit, bringing in a revenue of around $34,000,000.
J.P. Morgan's arrest coincides with the arrest of Belarus national Maksim Silnikau a/k/a 'Maksym Silnikov', 'xxx', 'J.P. Morgan', and 'lanksy', in Poland. Indeed, you read this correctly, Maksim Silnikau also operated under the moniker J.P. Morgan – two people are J.P. Morgan.
Furthermore, charges have been brought against two more individuals who are believed to operate with J.P. Morgan and Silnikau. Vladimir Kadariya, a 38 year old citizen of Belarus and Andrei Tarasov, a 33 year old citizen of Russia.
These 4 individuals operated malvertising campaigns (i.e. Angler) which believe to have impacted over 500,000,000 people across the globe. The National Crime Agency identified physical offices for their malvertising campaigns located in Ukraine under the business name 'Media Lab'. August 9th, the Ukraine Cyber Department of the Security Service conducted 15 raids on employees tied to J.P. Morgan and co. Media Lab company.
Two more raids took place on August 9th related to J.P. Morgan and co. in Singapore and Portugal in collaboration with the Singapore Police Force and Portugal Judicial Police. In Singapore, the infrastructure for Ransomware Cartel was seized. In Portugal, another unnamed individual was raided – believed to be an associate of J.P. Morgan and co.
The National Crime Agency stated over 50TB of evidence has been seized.
More details have emerged regarding the Linus Tech Tips compromise.
We'll save you the lore, drama, backstory, and anime filler.
He was phished. That's all.
No, we don't get to decide who advertises on our Telegram channel. Telegram automagically decided a good-portion of our Telegram subscriber base is (probably) criminals.
Читать полностью…
We're migrating to a new host. Uploads to vx-underground are currently suspended. Expect intermittent down time.
Pic unrelated
The COM is (once again) receiving worldwide attention from media outlets, law enforcement agencies, and cyber threat intelligence agencies.
The full segment includes individuals from the FBI and NSA.
Note: this is a CBS 60 Minutes episode that they're re-airing
We did a fundraiser to raise money for some additional computer equipment for vx-underground. We raised the money in less than 30 minutes.
Thank you everyone for the love and support.
We made the crappy website so we get to decide to crappy pronunciation of the acronym >:(
Читать полностью…
tl;dr tl;dr don't need 0days and 1337 hacks to pop big targets. just need an e-mail address and smooth talking
Читать полностью…
Good morning,
It appears there is yet another person attempting to impersonate me. The easiest way to verify an administrator of vx-underground is request an addition of something to vx-underground.org/tmp – all administrators have access to this backend location.
Additionally, anime is cool and badass.
Thanks,
Cool Windows 11 easter egg!
> Get file hash: 2aef1134cb696c922a06b71d58058d44e804391ff44cc5cd54335a1438fba58e
> Run as admin
> Your file extensions will change
Very cool easter egg!
DEFCON drama continuing as NotBaldEagle shared an additional DEFCON32 badge easter egg.
- FN
- Menu
- About
- Hit SELECT
The entire vx-underground collection is available at the DEFCON Data Duplication Village. Bring a harddrive, clone it, get the malware, and show your Mom.
We also included 100GB of cat pictures too as a DEFCON exclusive. No idea why you'd want 100GB of cats, but you'll get it.
A few years ago a relatively large cybersecurity company shared publicly how much they appreciated our APT sample collection.
We told them we're happy it brought them value and they should consider the donating.
The CEO contacted us directly and donated $50.
piracy nerds when the torrented adobe is laced with malware
Читать полностью…
It's fundraiser time.
We're aiming to raise $3,000. We will use this money to buy improved computer equipment. Processing malware is resource intensive.
Please consider donating so we can give more stuff for free. We rely on you to survive.
https://donorbox.org/vxug-2024-hardware-fundraiser
Rachael Lillis, the voice actor for Pokemon characters Misty, Jesse, Jigglypuff, and more, passed away August 10th of Breast cancer. She was 46.
Thank you, Rachael, for making Pokemon so cool for us when we were kids.
🎵Jiggggggggly Pufffffff🎵
Administrative Update:
tl;dr lots of data, need stuff
1. We have finished migrating vx-underground to our new servers. We believe our new host is better, cheaper, blah blah blah. If you encounter any issues with the website please notify us.
2. Thank you to the individuals who helped us with our first fundraiser. We are using the equipment to bring in an in-house graphic design artist. This money went toward the necessary equipment, subscription services, etc for artist nerds. Ideally, we can produce more high quality artwork, merch, memes, whatever – without reliance on 3rd party entities or crappy AI artwork.
3. We will be doing another fundraiser. We need to purchase more hardware (literally a new supped up computer) just to assist in the processing of malware. We're currently ingesting 25,000+- malware samples per day, however we hope to dramatically increase this number. This is approx. 500GB of malware a month.
4. Black Mass Vol. III is still in work. We've hired an artist who did the artwork for American heavy metal band Slipknot to do the cover. We've also got a handful of super cool papers in this issue.
5. We have a massive, an absolutely colossal, amount of papers in queue to add. Before doing these papers we need to get the samples out-of-the-way. Or not, don't know yet. We're swamped.
It's a surreal feeling seeing this crappy website, with nothing but malware papers, malware source code, and malware samples, distributing as much as 500TB of data per month. Our server bills have gone up by quite a bit – but your donations, sponsorships, and (unironically) Twitter engagements allow us to make money and keep moving forward.
Love you ❤️
Telegram is offering us $835.01 from ad revenue from our Telegram channel with 37,459 subscribers.
A majority of the advertisements on our channel is from Threat Actors advertising their crypto-drainers or information stealers.
tl;dr crime pays
Linus Tech Tips has been compromised (again). This is the 3rd time they've been compromised.
Also, Voronezh, Russia is where the FBI states the Lockbit ransomware group administration resides.
🤯🤯🤯was it Lockbit?! (probably not, no).
Our malware collection is growing too fast. It is beginning to become expensive — the cost could easily exceed $1,000/month (expensive for us).
We may have to slow down our malware collection operations.
Pardon the french – but what the fuck is this shit? We got community noted on our Windows 11 Easter Egg post where the 'easter egg' is detonating a REvil payload.
1. The community note is written in broken English
2. No normie is going to be able to find that specific file hash
Important notice:
It's time to settle the debate. 'VXUG' is pronounced like [vee-ex-UGH] – the 'UG' portion is pronounced like 'THUG'. If anyone pronounces it like they're spelling it out i.e. [vee-ex-uu-gee] please monkey bonk them.
Thanks,
Today Politico announced that Donald J. Trump's political campaign has been 'hacked'.
Earlier this morning representatives from Trump's political campaign confirmed to Politico that their internal documents have been compromised (and exfiltrated).
The tl;dr is that Trump's team was a victim of suspected Iranian state-sponsored Threat Actors with the intent of interfering with the United States 2024 Presidential Election. They successfully compromised Trump campaign staffers by performing a spear phish.
You can read more information on the spear-phish, the geopolitical implications, Microsoft's input, lore, and document details here:
https://www.politico.com/news/2024/08/10/trump-campaign-hack-00173503
This is a joke. This is a REvil ransomware payload. Don't seek out this file hash and intentionally detonate it on your box as admin.
Читать полностью…
Susan Wojcicki, the former CEO of YouTube, died yesterday from Lung Cancer at 56.
Читать полностью…
DEFCON nerd drama.
Disclaimer: The source of the following information is from various Reddit threads, Discord discussions, and Twitter conversations. We are unable to determine the validity of all of the information shared. Some information can be confirmed because there is physical evidence present.
The drama: earlier today (approx. 5 hours ago) security researcher Dmitry Grinberg was escorted off the stage at DEFCON – making him one of the few individuals in convention history to be physically escorted off stage.
The contents of the badge (code base, etc) was developed by Dmitry Grinberg and Mr. Grinberg states he gave no permission to DEFCON to use his code base on the badge. He states he will be issuing a DMCA notice to DEFCON soon. Mr. Grinberg also stated on Reddit you can enable an easter-egg on the device by doing:
- FN
- MENU
- ABOUT
- SELECT
When doing this the badge will display Dmitry Grinberg's information proving he is the developer. Additionally, Dmitry Grinberg said on Reddit if you'd like a license to use the firmware you can contact him and he will issue it to you. He will also sign badges for individuals and this will count as a license grant. He will be outside the DEFCON entrance at 10am tomorrow morning to sign badges.
Attachment 1. Dmitry Grinberg being escorted off stage
Attachment 2. The easter-egg
In case you missed it: Security researcher RayRedacted has a son named Sam. Sam set the Men's World Record at the Paris Olympics this year for speed climbing. Sam successfully climbed 15 meters (49 ft) in 4.74 seconds. The average Olympic athlete age is 27. Sam is 18 years old.
Читать полностью…