14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
We have incredible news.
Yesterday we spoke with Bernardo Quintero – the Founder of VirusTotal. He granted us insane API access to clean our malware collection. Thanks to him, and the VirusTotal team, we can now guarantee we're sharing pure malware with all of you.
Thank you, VirusTotal
Good news: we have malware
Bad news: soon our malware collection will no longer be able to fit on an 8TB harddrive.
Our entire malware collection 7z ultra compressed is 7.02TB. Papers is 139GB (59,807 papers).
Thank you, Chris Hansen, for the kind words.
(we have no idea who paid Chris Hansen to do this)
Today journalist Brian Krebs released an article about the recent (sort of) compromise of National Public Data. Previously, National Public Data was (sort of) compromised which resulted in the theft of billions of records on individuals residing in the United States.
The drama update:
National Public Data owns a sub-company named RecordsCheck dot net. A customer of RecordsCheck dot net (later unveiled to be a law enforcement officer) was a victim of Information Stealer malware (e.g. Redline, Formbook, Lumma, etc). The malware stole login credentials to RecordsCheck for the law enforcement officer which allowed Threat Actors access to RecordsCheck with essentially infinite credits for searches. The Threat Actor(s) then subsequently began dumping as much data as possible.
The Brian Krebs plot twist:
Brian Krebs discovered that previously RecordsCheck publicly exposed a file on their website titled: "members dot zip". This zip file contained the username and password for every customer on their platform (and supposedly other entities owned by National Public Data) in a plain text file. Krebs discovered that by default, each customer is assigned a 6-character password. As of a result of this accidental exposure, RecordsCheck instructed customers to change their default 6-character password. It turns out many DID NOT change their default assigned 6-character password.
More information on the file exposure, back story, discovery, etc. Can be found on Brian Kreb's article here: https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/
We'll be aiming to share our malware ingestion feed on Xitter everyday. You can watch numbers go up and listen to a cooling system.
Alternatively, you can do something better with your time while we watch numbers go up.
¯\_(ツ)_/¯
This started off as a side-project created to collect and share cool malware stuff that I liked – I hoped maybe other people would find it useful and think it's cool too.
Now it's gotten wildly out of control.
If you like to watch numbers go up: we're currently livestreaming our malware ingestion.
https://www.twitch.tv/vxunderground_live
Malware ASMR: Extracting, compressing, and uploading malware while a cooling system works in the background
Читать полностью…
> check DMs
> "vx-underground we think your group is capable of social change can you help ..."
Capable of social change? Our entire audience is terminally online degenerates. If you want someone who can make an impact write to Taylor Swift, not us.
Today Qilin has successfully solidified itself as a colossal piece of shit. Of course, all ransomware is bad, but Qilin ransomed Promise2Kids, a California non-profit which rescues children from abusive homes.
Читать полностью…
Administrative updates:
- New hardware purchased via successful fundraiser
- Migration to new servers completed
- 330,000+- new malware samples queued
- 200+- papers queued
The vx-underground collection is growing approx 1.4TB per month at our current pace.
Cheers,
Today Nikesh Arora, the CEO of Palo Alto Networks, issued an apology for the marketing decision Palo Alto chose at Black Hat 2024 in Las Vegas.
Many visitors openly criticized Palo Alto for being sexist and questioned why their hostesses dressed up as ... lamps?
Dorks raging on us for asking for money is silly. $3,000 is pocket change to what actual companies make. God forbid we have nice things.
Last Christmas we coordinated a giveaway totaling $40,000 of educational courses.
You can take your Twitter follow and shove it up your ass.
Yes, I'm chillin' with 7TB of malware while running Windows. I like to play video games and I also like doing WINAPI coding. Yes, I could use a VM, but that's a lot of work. It's easier to just carefully not detonate 7TB of malware.
Читать полностью…
imagine one day the vx-underground website is compromised and the threat actor tries to deliver malware from it but everyone gets happy because they're just there for the malware anyway
Читать полностью…
Today ZachXBT noted unusual BTC activity – at 04 UTC August, 19th, $238,000,000 was moved to Avalanche Bridge, ChangeNow, eXch, Kucoin, Railgun, and ThorChain.
Ransomware? Draining? Money laundering? Anime?
https://blockchair.com/bitcoin/transaction/4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090
Hello,
We need to make something very clear: we are not like VirusTotal. We are not a competitor to VirusTotal.
VirusTotal does file detections, allows retrohunting, sandboxing and blah blah blah.
We just collect it
They're enterprise malware tooling. We're a public library
vx-underground in 2019:
- simple and free shared hosting
- 20gb in total
- 1 old crappy pc
vx-underground 2024:
- home lab setup with 4 pc's (soon 5)
- fiber
- ingesting 20gb - 60gb per day
- 10 people team
- 8 servers, custom software suite for vxug
- 7.15tb in total
- anime
It will actually put you to sleep — it's super cold, dark, and magic numbers just keep being magical. You will pass out in your chain
Читать полностью…
Administrative updates:
- August 21st, new hardware arrives.
- We'll occasionally livestream malware ingestion. The streams will take place on Xitter. You can watch numbers go up.
- New papers will be pushed once new hardware arrives
Enjoy your weekend. Love you
Russia-based cyber hacktivists claim to have compromised Zoom. Let's review the data.
tl;dr not compromised, but kind of depressing to review
Size (uncompressed): 1.49MB
Total files: 5
Unusually small size of a 'compromise' from a Fortune 1000 company, right?
What's in this 'leak'? A text file which contains 95 (that's not a typo, it is literally just 95 lines) username and passwords. Each username and password listed is present in HaveIBeenPwned. The data present is formatted similar to stealer logs.
Other files included are 'web_domains.txt' which appears to be ... an nmap scan (???). There is also a web_dump.txt file which contains.... whois data (???) and some super 1337 ASCII art.
They forgot to include the password protected zip file in their post, so we had to review their chatroom. The password was 'usersec_fucknato'.
Imagine a 24/7 livestream of our malware ingestion feed. It would be a CMD window displaying the SHA256 hash, the ingestion code status, and the unique file counter.
Читать полностью…
In April, 2024 the National Public Data breach was discussed in various cybersecurity circles. In August, 2024 we see non-nerds discussing it.
Network Engineers: how serious of a problem is a 10,518,984,000 millisecond latency?
No idea what women dressed as lamps has to do with cybersecurity. It's also creepy. We feel bad for the women they hired to dress as lamps and greet people.
Читать полностью…
Shoutout to random Russian guy who dropped $3,000 on us when we were asleep
Читать полностью…
> Make website
> Make it free educational content for everyone
> Get called rich
> ???