vx-underground

10 Sep 2024 17:03

tl;dr it's cool and badass when your car parses your conversations to determine vehicle passengers, passengers name, locations, traveling speed, objects of interest around them, road conditions, traffic, etc. then sells it to advertisers and data collection groups

vx-underground

10 Sep 2024 01:30

Updates:

Administrative:
- We're still in the process of correcting our downstream mass-oopsie we performed. We identified over 500,000 corrupt malware samples we shared ... we accidentally prepended 'file=' in the raw binary data. Oops. We're almost done restoring all the damage we've caused. It's only taken us 8 days++--;

- All harddrive purchases from April, 2024 have been finalized. Moving forward all drives will be pre-cloned so there is no waiting period — we just mail it out. We're learning, kind of.

Families:
- AgentTesla
- Android.Anubis
- Android.Joker
- Android.SpyNote
- AsyncRAT
- BatchWiper
- FormBook
- GPCodeRansomware
- LockbitRansomware
- Mirai
- RedLine
- Remcos
- SkuldStealer
- SnakeKeylogger
- Turla
- XenoRAT
- XWorm

vx-underground

09 Sep 2024 19:54

Schools need to stop teaching kids malware is like, 'trojans', and 'worms', etc. It's not 1996 anymore.

New malware types:
- Ransomware
- Loaders
- Information Stealers
- Piles of shit that doesn't work
- RATs

vx-underground

09 Sep 2024 14:44

Good morning, evening, or night.

Instead of working today we're just going to scream out the window as loud as possible.

Thanks,

vx-underground

08 Sep 2024 16:14

This person is lying on their resume and claiming to work for vx-underground. It makes zero sense.

1. vx-underground doesn't have contractors.
2. We don't have a security strategy
3. We don't have any sort of policies... or policy management
4. We don't do risk management, or risk assessments
5. We don't do compliance stuff. We have nothing to comply with
6. We don't do incident response
7. We don't do security awareness training
8. We don't deal with vendors
9. We don't do security monitoring, there is nothing to monitor
10. We don't do any sort of security governance, there is no one to report security governance to
11. We don't do continuous improvement

vx-underground is a free website, not a fortune 500 company.

vx-underground

08 Sep 2024 04:03

a video demonstration of modern day windows security patches

vx-underground

07 Sep 2024 15:24

BREAKING: We've just been informed this was stolen from nixcraft and given to us. Nixcraft, we're so sorry, please don't beat us up after school

vx-underground

07 Sep 2024 05:56

malware means malicious software

it does not mean MyAnimeList software

vx-underground

06 Sep 2024 20:51

Hello,

Just because you did 1 thing for me 1 time does not make you a core contributor, volunteer, or member. It does not mean you're my friend, it does not mean you can list me as a reference.

Wake up. Stop making this weird.

We've had like, 6 people now say they're part of vx-underground because they personally assisted me like, one time, 3 years ago.

It's called doing someone a favor. It doesn't mean you can put it on a resume.

Also, these companies do background checks, and when they contact me via e-mail, or Telegram, or Discord, and say "do you know this person?" and send me your resume and photo, it makes you look like a giant jackass when I have to say "I have no idea who that is"

-smelly

vx-underground

05 Sep 2024 23:15

Updates to vx-underground:

*Note: Image of cat used per request. Not all requests are granted, but this is a wizard kitty.

Archive:
- The Old New Thing, July 2024
- The Old New Thing, August 2024

Papers:
- 2024-09-04 - Rundll32 and Phantom DLL lolbins, 32-bit version
- 2024-08-10 - Sneaking around with Web Assembly
- 2024-08-04 - WhenFS - Using Google Calender as a Filesystem
- 2024-08-02 - Using Windows Setup for persistence
- 2024-07-01 - Booting Linux off of Google Drive
- 2024-06-11 - Lets Go into the rabbit hole part 2 - the challenges of dynamically hooking Golang programs
- 2023-10-03 - Lets Go into the rabbit hole - the challenges of dynamically hooking Golang programs

vx-underground

05 Sep 2024 02:15

Today the United States Department of Justice indicted Russian nationals Elena Afanasyeva and Kostiantyn Kalashnikov for violations of the Foreign Agents Registration Act (FARA), and conspiracy to commit money laundering.

Afanasyeva and Kalashnikov remain at large as of September 4th.

Afanasyeva and Kalashnikov are accused of laundering money to covertly fund as much as $10,000,000 to English-speaking social media companies (listed as U.S. Company-1) to sway content in favor of the Russian government.

Interestingly, the indictment states the company which received the funds is described as, "a network of heterodox commentators that focus on Western political and cultural issues". Journalists and researchers have tied this to Tennessee-based company Tenet Media ... because ... it has the exact same message on their homepage verbatim.

This media company employees conservative media commentators Lauren Southern, Tim Pool, Tayler Hansen, Matt Christiansen, Dave Rubin, and Benny Johnson.

The indictment is interesting, discusses the money laundering techniques, disinformation campaigns, and their chat communication medium ... on Discord.

Image 1 is U.S. Company-1 per the indictment. Image 2 is Tenet Media.

More information: https://www.justice.gov/opa/pr/two-rt-employees-indicted-covertly-funding-and-directing-us-company-published-thousands

vx-underground

04 Sep 2024 16:28

We were made aware of the issue when AV companies contacted us regarding our VirusTotal account and the files being corrupted.

tl;dr my bad yall (its free, so fuck you, but seriously were sorry were fixing it)

vx-underground

04 Sep 2024 14:41

RansomHub ransomware group claims to have ransomed Planned Parenthood

vx-underground

04 Sep 2024 08:05

pizza topping must be a valid email address

vx-underground

04 Sep 2024 06:35

September 3rd, Lara Trump (daughter-in-law of former U.S. President Donald Trump) and Tiffany Trump (daughter of former U.S. President Donald Trump) had their X accounts compromised.

Their accounts briefly shilled some sort of crypto stuff. X locked the accounts within minutes.

vx-underground

10 Sep 2024 17:02

Today TheRecordMedia released an article regarding Ford's new patent: targeted advertisements by actively monitoring and listening to passengers conversations.

It sounds bad, but reading the article it's actually x100 worse.

More information: https://therecord.media/ford-patent-application-in-vehicle-listening-advertising

vx-underground

09 Sep 2024 19:56

Win32.PileOfShit.xy-4aed2e104fbcf37c57b6f1039541de2d8e0898b26353f5dab9bc5a9a10f47744

vx-underground

09 Sep 2024 19:41

"why do you guys make such weird posts??"

Because we've been discussing malware, collecting malware, writing malware, reversing malware, reviewing malware, reading about malware — anything and everything malware for years.

It has fundamentally corrupted our minds

vx-underground

08 Sep 2024 16:20

Airliners now let you sit on the wings of the aircraft (or maybe this is a bug in the ticket purchasing software, hard to tell)

vx-underground

08 Sep 2024 15:54

Dear gay4smellyvx,

It was a truly epic gamer move that you were cheating in Call of Duty. We're sorry for your loss.

R.I.P.

vx-underground

07 Sep 2024 18:30

Babyvx is currently compiling. However, the compiler is poorly optimized and the estimated time remaining is roughly 6.5 months.

vx-underground

07 Sep 2024 06:05

got a new office chair

vx-underground

07 Sep 2024 00:52

Dear 'gay4smellyvx'

Yes, we can see your friend request and user activity. We will allow you to continue using your Call of Duty account — you're a funny person.

vx-underground

06 Sep 2024 18:49

No updates today. We're just gonna kick back, relax, and play some Elder Scrolls

vx-underground

05 Sep 2024 19:38

One time a high ranking official for the United States National Security Agency made a post on Twitter about memes.

We sent them a private message. They never responded.

This is the video we sent:

vx-underground

04 Sep 2024 23:28

Improving the homelab today — decided to run some cables through the wall to be fancy.

vx-underground

04 Sep 2024 16:25

We have performed a colossal oopsie doopsie.

Our malware ingestion system prepended 'file=' to every file being sent to VirusTotal, thus impacting AV vendors down stream. Sent vendors hundreds of thousands of botched malware samples

vx-underground

04 Sep 2024 08:07

pepperoni_is_ok_i_guess_im_not_picky@gmail

vx-underground

04 Sep 2024 06:36

> compromise high profile social media accounts tied to powerful american political figures
> can do catastrophic damage
> shills crypto

vx-underground

04 Sep 2024 06:20

Updates to vx-underground:

Papers:
- 2024-09-03 - Rundll32 and Phantom DLL lolbins
- 2024-08-17 - HookChain - A new perspective for Bypassing EDR Solutions
- 2024-08-11 - DriverJack
- 2024-08-11 - Blocking EDR drivers with HVCIDisallowedimage
- 2024-08-10 - ShimMe - Manipulating Shim and Office for Code Injection
- 2024-08-09 - Blocking EDR Drivers with WDAC policies
- 2024-08-08 - Abusing Windows Hello without a severed hand

Families:
- Android.BlankBot
- AteraAgent
- AtlantidaStealer
- Azorult
- BruteRatel
- CobaltStrike
- DCRat
- DonutLoader
- GCleaner
- Gh0stRAT
- GuLoader
- Lokibot
- LummaStealer
- Mirai
- Neshta
- NjRat
- Pony
- PureLogStealer
- RhadamanthysLoader
- Sliver
- Vidar
- XWorm
- ArcStealer
- AgentTesla
- Amadey
- Andromeda
- AsyncRAT
- AugustStealer
- CryptBot
- CyberGateRAT
- Danabot
- Formbook
- Latrodectus
- MicroClip
- Rakos
- Redline
- Remcos
- StealC
- XenoRAT

Note: someone said the artwork we use when pushing updates is scary, they requested we post something cute instead.