14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Individuals with a formal education in Data Science and Artificial Intelligence are expressing their disdain for the recent trend of Artificial Intelligence.
Читать полностью…
her: you are what u eat ;)
me (not freeing the heap):
Earlier this morning we began receiving notifications from starrdlux regarding some car dealerships in Atlanta, Georgia having 'computer outages'. Due to these problems, she was unable to have her car serviced.
Subsequently, car dealerships in Las Vegas, Nevada (opposite side of the United States) began reporting computer problems as well. Independent journalists began reporting online that it was a ransomware attack.
And now, just moments ago, BleepinComputer received confirmation that CDK Global, a car dealership SaaS, is in the midst of a 'cyber attack'. This 'cyber attack' which has not been confirmed to be a ransomware attack, has reportedly shutdown services related to CRM, payroll, financing, support and service, inventory, and back office operations.
tl;dr rumors, speculations, and gut feelings ended up being real.
More information: https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/
More information and official SEC report: https://www.sec.gov/Archives/edgar/data/1158449/000115844924000162/aap-20240523.htm
Читать полностью…
You may not like it, but this is what writing malware is like
Читать полностью…
Hello, how are you?
We're currently experimenting with a new harddrive distribution technique.
We currently distribute data in the form of an external harddrive. Moving forward we will deliver it in a plain 'ol SATA drive, and we'll also toss in a SATA to USB converter for people who don't have a drive bay, or want to open their box.
It'll be much faster and easier for us (and you).
Updates to vx-underground
Samples:
- VirusSign.2024.06.10
- VirusSign.2024.06.11
- VirusSign.2024.06.12
- VirusSign.2024.06.13
- VirusSign.2024.06.14
- VirusSign.2024.06.15
- VirusSign.2024.06.16
- VirusSign.2024.06.17
Papers:
- 2024-05-21 - Uncovering an undetected KeyPlug implant attacking industries in Italy
- 2024-05-22 - Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea
- 2024-05-22 - Novel EDR-Killing 'GhostEngine' Malware Is Built for Stealth
- 2024-05-23 - Chinese Espionage Campaign Expands to Target Africa and The Caribbean
- 2024-05-23 - Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
- 2024-05-23 - Sharp Dragon expands towards Africa and The Caribbean
- 2024-05-24 - Stark Industries Solutions: An Iron Hammer in the Cloud
CryptoGrab, a crypto draining service, incorporated as an official company and even attended a conference, gave out merchandise, and advertised. They were present at MAC Affiliate Conference this year in Armnenia
Information via g0njxa
Justin Elze spotted this in the wild. Some fast food drive through menu has a RemotePC client open
Someones gonna pop that 😂😂😂
Previously on Dragon Ball Z, the Spanish media reported a 'hacker' was arrested via the Spanish Police working in conjunction with the United States Federal Bureau of Investigation.
The individual arrested as a 22-year-old male from the United Kingdom. He was not immediately identified to the media by law enforcement.
Today we received confirmation on this individuals identity and alleged crimes. For the safety and privacy of multiple parties involved (including the accused) we cannot divulge too much information.
The individual arrested operated under the alias 'Tyler'. He is a sim swapper and is allegedly involved with the infamous Scattered Spider group. Most notably he is believed to be a key component of the MGM ransomware attack, and is believed to be associated with several other high profile ransomware attacks performed by Scattered Spider.
Not including the archives or APT papers; we've got 12,261 papers on malware development, reverse engineering, and detection.
Is it enough?
(they e-mailed us a long time ago and i forgot)
(going to smaller events is cool and badass)
Good morning,
People are not seeding the vx-underground torrents. You nerds asked for torrents, so you better seed.
>:(
https://vx-underground.org/Torrents
The current state of the vx-underground Telegram chatroom
Читать полностью…
Sorry, should have attached the article. Truthfully, we laughed at the post, screencapped it, and moved on.
Please stop hitting us with sticks.
You can read the full article here: https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/
Good morning, good evening, or good night vx-underground Telegram degenerates,
From our reports we have determined you degenerates have tried to say the N-word 458 times since our chatroom was created. We are currently running at an average of 24.10526315 N-word attempts per day.
Drama with YouTube and Firefox today.
YouTube is stuttering for Firefox users. The problem interestingly is not with Firefox, but the way YouTube delivers data.
tl;dr YouTube is being a bunch of jerks, Firefox has to fix it so users can view stuff.
https://www.reddit.com/r/firefox/comments/1djkdql/for_people_who_worry_about_youtube/
We are aware of the alleged AMD breach.
We love you all, and we appreciate you nerds notifying us, but we got way too many notifications. We got 50+ notifications about it. 😭
We haven't verified the data. We don't know if it's a legit breach or not. ¯\_(ツ)_/¯
Advanced Auto Parts confirmed a data breach with the SEC last week.
A few weeks earlier an unidentified Threat Actor(s) who compromised TicketMaster also claimed to have compromised Advanced Auto Parts. When the Threat Actor(s) initially reported to have compromised Advanced Auto Parts, no details or data was provided to substantiate their claims other than a sale placed on Breached.
Today we can confirm that Advanced Auto Parts was indeed compromised and data was indeed exfiltrated.
Advanced Auto Parts wrote to the SEC that they believe the compromise took place on or around May 23rd, 2024. Furthermore, their data was stolen via unauthorized access to a 3rd party cloud database environment (asserted to be Snowflake by the Threat Actor(s)).
Advanced Auto Parts confirmed the data stolen contains sensitive information on current and former employees including government identified such as social security numbers. Advanced Auto Parts stated they will offer impacted individuals free credit monitoring and identity restoration services.
Image courtesy of pancak3lullz
Hunters International ransomware group claims to have ransomed Circle K. Atlanta.
In other words, stoners now face difficulties trying to purchase chips and soda. It may even impact their ability to purchase Swisher Sweets.
Say a prayer for the stoner homies 🙏
Today we discovered that vx-underground not only manages the vx-underground domain, but we also manage the United States Postal Service.
tl;dr we're sorry your package was lost, but that's not our fault. Sometimes shipping sucks ¯\_(ツ)_/¯
More pictures via MAC 2024
https://vk.com/album-222833950_297402765
Good morning,
It's Sunday, the day of rest. We hope all of you had a good week and a good weekend. We'll see all of you Monday morning.
June 14th a 22-year-old British man was arrested in Palma de Mallorca, Spain.
Per the official report: the currently unidentified male is alleged to be behind a series of large-enterprise 'hacks' which resulted in the theft of corporate information and allowing an unidentified group to access multi-million-dollar funds.
No information is provided on whether or not this person is involved in ransomware, extortion, information stealers, sim swapping, crypto-draining, etc. The media reports only state he is a 'hacker' who 'stole information' which allowed him and his unidentified group access to access 'funds' ...
¯\_(ツ)_/¯
The suspect was arrested in a joint effort between the United States Federal Bureau of Investigation and the Spanish Police. It was stated he was arrested as he was making an effort to flee Spain to Italy.
A Judge in Los Angeles, California issued a warrant for his arrest.
Media outlets in Spain captured some footage of the arrest. The individuals face is censored. However, and most importantly, at the 0:20 mark a child decides to do a Naruto run in the midst of an international law enforcement take down for the memes.
He also appears to be wearing a Minecraft blanket. 11/10 the kid is a memester.
Updates to vx-underground
- 2021-12-23 - Threat Report: Echelon Malware Detected in Mobile Chat Forums
- 2023-01-22 - BadBazaar: iOS and Android Surveillanceware by China’s APT15 Used to Target Tibetans and Uyghurs
- 2023-02-23 - Berbew Backdoor Spotted In The Wild
- 2023-09-26 - Analyzing Lu0Bot: A Node.js Malware with Near-Unlimited Capabilities
- 2023-12-01 - New Tool Set Found Used Against Organizations in the Middle East, Africa and the US
- 2024-03-01 - NoName057(16)’s DDoSia project: 2024 updates and behavioural shifts
- 2024-03-09 - New Backdoor Activity Socks5Systemz
- 2024-03-18 - Mirai Nomi: A Botnet Leveraging DGA
- 2024-04-01 - Passive DNS For Phishing Link Analysis - Identifying 36 Latrodectus Domains With Historical Records and 302 Redirects
- 2024-05-13 - Gootloader Isn’t Broken
- 2024-05-16 - Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns
BSides Colorado Springs is looking for people to submit papers and talks – especially beginner and/or intermediate malware talks.
They're trying to grow. Go to BSides Colorado Springs, submit a talk, do stuff, and fight bears
Updates to vx-underground
Samples:
- AcidRain
- AgentTesla
- Android.SoumniBot
- AveMaria
- GuLoader
- LummaStealer
- NjRat
- PikaBot
- QakBot
- Rawdoor
- Remcos
- SystemBC
- Upstyle
- Vultur
- zLoader
Papers:
- 2024-06-06 - Remcos RAT Analysis
- 2024-06-06 - Agent Tesla Analysis
- 2024-06-03 - Wineloader – Analysis of the Infection Chain
- 2024-06-03 - PikaBot: a Guide to its Deep Secrets and Operations
- 2024-05-30 - A DNS Investigation of the Phobos Ransomware 8Base Attack
- 2024-05-29 - Fake Browser Updates delivering BitRAT and Lumma Stealer
People are paying thousands of dollars for educational courses on initial access vectors. We'll provide you a step-by-step guide on how to get initial access to companies with a budget of $0. All it requires is some time, effort, and the ability to grep
1. Go to Telegram
2. Get free stealer logs
3. Look for VPN creds
4. Hope no MFA
4.a If MFA, spam requests
4.b If fails, go back to Step 1.
5. Log into VPN
6. Go to Jira / Kanban board
7. Scrape everything when people are sleeping
8. Log out
9. ???
10. Profit!!!11
Congratulations, you're now the most dangerous hacker on the planet
Does this sound absurd? Of course it does. Does it work? Yes, literally every single day. Infostealers are a giant problem. They don't need to target enterprise environments with top-notch security – they only need to target lazy home users, with security settings probably disabled, downloading junk binaries.