14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Updates to vx-underground:
Papers:
- 2023-12-11 - Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats
- 2024-01-05 - AsyncRAT loader: Obfuscation, DGAs, decoys and Govno
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024
- 2024-04-02 - Updated StrelaStealer Targeting European Countries
- 2024-06-21 - AmberAmethystDaisy to QuartzBegonia to LummaStealer
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 (Part I)
- 2024-07-11 - Brief technical analysis of the Poseidon Stealer
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware
Families:
- ZeroT
- FlokiBot
- PlugX
- RockLoader
- StealC
- Vidar
- SmokeLoader
- Socks5Systemz
- Redline
- Enigma
- DowneksLoader
- BabadedaLoader
- BartRansomware
- Amadey
- ATMitch
Good morning, afternoon, or night.
Today is the day of the rest. It's been quite a week, lots of crazy stuff happening. We hope all of you had a good week, weekend, and are enjoying your Sunday:)
Love you, see you tomorrow:)
Based on this message we received, and another subsequent message sent to us, it appears some people believe we are transgender (we're a group, so it's kind of confusing), and us praising Gojira at the Olympics means we are satanic pedophiles (???)
Читать полностью…
We got a DMCA strike for sharing footage of the Gojira performance.
Lame.
Anyway, back to malware stuff
We're witnessing people complain in droves because of us praising the recent appearance of Gojira at the Olympics.
Unapproved:
Praising Gojira for their performance at the Olympics
Approved:
Communicating with internationally wanted criminals
This isn't breaking news. But when we saw this we lost our minds.
France is cool and badass.
tl;dr ¯\_(ツ)_/¯
Today it's being reported multiple bulletproof hosts are being seized by law enforcement agencies. Also today, on various forums, users noted issues with other bulletproof hosts such as zServers-dot-ru believing it to be under 'cyber attack'.
Earlier in the week we were notified zServer-dot-ru had been compromised. We are currently unable to 100% verify the authenticity of the claims. However, the images we have received, as well as the individual offering to provide us more evidence, is pretty damning.
The timing is pretty strange. Multiple bulletproof hosts taken down, another allegedly compromised, and users reporting issues with it.
Note: we've censored the image sent to us.
Good morning,
tl;dr internal updates, ignore if you only care about memes or internet TMZ.
Administrative updates:
- Black Mass Volume III, our third independently published book, is currently scheduled to be released October, 2024. It is being handled primarily by b0t and h3l3n. They're being busy bees, collecting stuff, organizing, handling typos, and wrestling distributors.
- We are currently expanding our malware collection capabilities. If things go as planned we should be able to dramatically expand our malware collection set. By late August, 2024 we should be bringing in an estimated 3,165,000 samples a month. This is a large achievement for a group with a budget of $2.00, a slice of pizza, and a limewire downloaded MP3. More details on this soon.
- August, or September, 2024 we will be holding a special event fundraiser. We will auctioning away 5 limited edition vx-underground items. Proceeds will allow us to ball out (buy stuff, watch anime, whatever). This actually took us quite a bit of time to produce (it was expensive for us) but we hope it'll be cool and people will like it.
- We have a massive queue of malware research and development papers to add. Adding these sort of papers actually require a bit of effort – verification, etc, but it's on the todo list. Of course, we are also pulling data from malpedia for malware reverse engineering and detection. We're currently behind schedule on that too though. 😭
Thanks for reading and hanging around. Enjoy your Friday, your weekend, and the perpetual internet crime.
Thanks,
If you're an attendee of DEFCON this year: there will be a person distributing limited edition holographic vx-underground stickers.
(Half the staff roster doesn't even have them)
If you don't want to wait for the merch giveaway, or you want to do other stuff with merch, you can buy it at vx-underwear.org
That name was chosen when we did a poll and you jackasses chose this dumbass domain name 😭
There is no way nerds are beefin' with Anime League on a Thursday 😭😭😭
Читать полностью…
Per TechCrunch / lorenzofb – CrowdStrike is offering a $10 Uber Eats giftcard to individuals impacted by the recent CrowdStrike outage.
$10 USD is €9.21 EURO or £7.75.
There is no indication if this is per customer, per company, or per computer. Additionally, some users reportedly received an error message from Uber Eats when trying to use the giftcard with Uber Eats displaying the error message: "[this giftcard] has been canceled by the issuing party and is no longer valid."
More information:
https://techcrunch.com/2024/07/24/crowdstrike-offers-a-10-apology-gift-card-to-say-sorry-for-outage/
Yesterday Dragos unveiled 'FrostyGoop' an ICS (Industrial Control System) malware suspected to be developed by Russia's infamous sandworm team.
FrostyGoop successfully shut off the electricity of 600 apartment buildings in the midst of sub-zero temperatures (sub -17C temperatures) in January, 2024. It took Ukrainian officials almost 2 days to restore electricity of individuals impacted by FrostyGoop.
Dragos successfully identified the payload April, 2024.
This is the 9th ICS specific malware in history. This sort of malware is exceptionally rare, exceptionally difficult to develop, exceptionally difficult to test, and exceptionally difficult to deploy.
We do not have any malware samples for this payload. If one of you have this malware sample and would be willing to donate it to us, please do.
Check out the intelligence brief here:
https://vx-underground.org/APTs/2024/2024.07.24%20-%20FrostyGoop%20Intel%20Brief
Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired.
Their blog post highlights North Korean identity fraud techniques.
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
Every Sunday all vx-underground staff members meet up in a discrete location and play the all-time American video game classic: Burger King: Sneak King
Читать полностью…
It's been 5 years and this is still an on-going gag.
Читать полностью…
Never imagined so many angry people because of a type of music. It's extremely confusing.
Читать полностью…
vX-uNdErGroUnD hOw cOuLd u LiKE THiZ tRaSg muSiC it"s SaTanIC
> Logo is a 16bit computer with a pentagram.
> Website, artwork posted – all 'edgy' and 'dark'.
> Malware
> Half of us are weirdo hottopic mall goths
> Other half looks homeless
What did you seriously expect?
🚨BREAKING NEWS🚨
This year Gojira became the first metal band to perform at the Opening Ceremony of the Olympics.
This is incredibly cool and badass. France will now forever be labeled as cool and badass.
via verge – due to the recent CrowdStrike incident Microsoft is discussing migrating security products away from the Windows kernel and into other spaces such as VBS Enclaves or Microsoft Azure Attestation
CrowdStrike accidentally leveled the playing field for Threat Actors
Of course, forcing security vendors out of kernel space is a bit of a knee jerk reaction and nothing is certain. It appears a lot of details are up in the air, but Microsoft isn't happy about what's happening.
More information:
https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver
If you're an attendee of DEFCON this year: there will be a person distributing limited edition holographic vx-underground vx-uwu stickers. They're ultra rare.
(We didn't even know this existed)
Process injection via GetThreadDescription and SetThreadDescription.
This makes this the 9,001 process injection technique on Windows.
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
Regarding the recent so-called 'CrowdStrike' breach which was posted on BreachForum: this is not a data breach.
The individual responsible for the information ....disclosure, ...leak (?), operating under the moniker USDoD, openly states the data is scraped. Not sure why it's being labeled as a breach.
We briefly spoke with USDoD regarding it this afternoon. In summary, USDoD was able to programmatically abuse CrowdStrike endpoints to pull IOCs from CrowdStrike. The data pulled is proprietary, however this is the same information which is distributed to consumers.
According to USDoD scraping this data took quite a bit time (roughly a month), and the time the scrape operation completed it just so happened by chance to coincide with the recent CrowdStrike scandel – they've got bad luck it seems.
Photo courtesy of FalconFeedsio
As many of you (probably) know – the BreachedForum version 1. database was leaked yesterday. This database contains private messages, IP addresses, e-mail addresses, blah blah blah.
We've seen people express concern over this leak, notably some Threat Actors who believe this puts them in a bulls-eye for law enforcement.
Law enforcement agencies have had this data since Pompompurin was arrested in 2023. The only threat Threat Actors face now is the wrath, or retaliation, of other Threat Actors.
Law enforcement agencies are probably laughing right now, legs propped up on the desk, drinking coffee, and enjoying the fact that individuals they want apprehended are fighting others individuals they want apprehended.
tl;dr criminals destroying themselves
404media is reporting Reddit is blocking ALL search engine crawls EXCEPT Google – which is currently paying $60,000,000/year for the right to scrape Reddit for AI training data.
More information:
https://www.404media.co/google-is-the-only-search-engine-that-works-on-reddit-now-thanks-to-ai-deal/
Unironically, in the past vx-underground members have had difficulties passing background checks because of the amount of information required – in-depth job history, birth certificate, other forms of government identification, etc.
Yet North Korea passes it first try 😭😭😭😭
EDIT: It was posted on Breached on Sunday. We don't internet on Sundays
Читать полностью…