14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
We're aware of a critical issue impacting vx-underground. Individuals are unable to access files because of a recent backend change.
Rest assured our finest nerds are on the case (they're in Europe, we're doomed).
Hi, it's me, Smelly.
I'm sorry to everyone I haven't replied to in the past week.
For the past week or so I've been very sick. Doctors aren't entirely sure what's wrong — but they suspect I have contracted Giardia. It is miserable.
Bradley is currently steering the ship.
We've been fighting with our harddrive distributor since May 29th, 2024 about the harddrives we purchased.
They lost 9 drives and have been fighting with us every week about refunding our money.
No idea why a company valued at $12,300,000,000 is fighting us over $1,600
One the largest contributors to vx-underground is JaffaCakes. In the past 45+- days he has submitted over 1,250,000 unique malware samples to the vx-underground malware database.
He has successfully unlocked 4 cat pictures.
Hello,
We're back. It looks like everything is okay and nothing has burned to the ground. We're proud of all of you. You get +2 internet points.
Per request, if you'd like a copy of vx-uwu you can download it here:
https://vx-underground.org/tmp
Introduce completely useless and unnecessary COM abstractions into your code. EDRs think it's cool.
(it wraps to LocalAlloc, but whatever)
inb4 Seagate accepts the challenge, wins, they T-bag us
Читать полностью…
Someone put together a PowerPoint presentation on why we should follow them on Xitter.
Читать полностью…
We've introduced a new section to vx-underground: Microblog. It'll contain the occasional (probably pretty rare) opinion, rant, whatever, by vx-underground staff.
We've added a new blog post entry, some small tidbits and complaints, or something.
https://vx-underground.org/Microblog
Today Roll20 disclosed a security breach
Information and screenshot via drgecko_exe
Updates to vx-underground:
Bulk samples:
- VirusSign.2024.06.29
- VirusSign.2024.06.30
- VirusSign.2024.07.01
- VirusSign.2024.07.02
- Bazaar.2024.06
Families:
- AgentTesla
- Amadey
- BlackBastaRansomware
- Blackmoon
- DCRat
- Grandoreiro
- Latrodectus
- Remcos
- SmokeLoader
- SnakeKeylogger
- StealC
- Gomir
- Sock5Systemz
- SweetSpecter
- WineLoader
Mildly interesting and very silly: Threat Actors on Exploit forum continue to appear in Threat Intelligence infostealer logs because they're, in some shape or form, being victims of the malware they themselves try to weaponize.
Photo via ddd1ms
BasicallyHomeless,
1. You purchased the vx-underground in April, 2024. That is not 6 months ago.
2. LinusTechTips staff purchased their harddrive in November, 2023.
3. We responded to all of your e-mails regarding it.
4. Daddy, chill.
edit:
1. vx-underground harddrive*, made a typo
2. We're not mad at BasicallyHomeless. It has taken us a VERY long time to ship the harddrives because of harddrive shortages. We're just goofing around, no cap.
Essentially, if it is an American Holiday and you visit a large lake and/or pond with family members, be careful to not intentionally or accidentally swallow lake and/or pond water.
It may result in a parasitic infection in your intestines.
We got our money back. It's a Christmas miracle. It took 8 weeks.
Fun fact: "Some vegetables can be ready to harvest in 3–8 weeks, including radishes, baby carrots, and cucumbers."
tl;dr become farmers before get refund
It's been really quiet lately.
It's the calm before the storm.
Updates to vx-underground
Archives:
- The Old New Thing, June, 2024
Families:
- Latrodectus
- BadSpace
- XWorm
- FormBook
- Oyster
- WarmCookie
- P2PInfect
- LummaStealer
- DisgoMoji
- KoiLoader
- BlankGrabber
- BruteRatel
- CobaltStrike
- Android.SpyNote
- Amadey
Hello,
We're going to be AFK this weekend. Please don't do anything crazy.
Thanks,
Hello,
We have returned to our pseudo-goth-weird-dark-art profile picture stage.
Have a nice day.
Shoutout to the homies at the United States Defense Counterintelligence and Security Agency!
Happy 4th of July and thanks for the free Robux!
*The page has been removed, but it's still cached in Google
Hello,
We're terribly sorry to this round of vx-underground harddrive purchasers. We've had so many headaches with our harddrive vendor it's unimaginable. They lost our purchased drives and are now arguing about reshipping drives. They initially said they'd issue a reshipping July 2nd, now they're talking about reshipping July 5th.
First and foremost, we're no longer purchasing from Seagate. Secondly, we're going to challenge the Seagate CEO and the Seagate CFO to a 2v2 on Halo 3.
Bradley & I (smelly) vs Dave Mosley & Gianluca Romano
Rules:
- Map: Guardian
- Weapons: BRs and Snipers only
- Modifications: No invis
- Grenades are OK
- Self-imposed death: -1 point(s)
- Respawn time: 5 seconds
Good luck, noobs. We've got a 50 in Team Doubles
FBI: There's no one else that can help us but you
The Threat Intelligence expert that retired 10 years ago:
It appears multiple people have not heard this phrase before. Generally speaking, "running-a-train" on someone is an act in which multiple men have sex with a woman one after another. The post is essentially saying, "fun fact: most acts of group sex are performed on me".
Читать полностью…
> wake up
> check news
> over 9,000 false positives for CVE-2024-6387
> more ransomware stuff
> flood of stupid ai cyber security memes
> xbox live was offline for 5 hours, no one cared
> more 8k sec filings
> ???
Security researcher raghav127001 believes he may have identified a host actively exploiting CVE-2024-6387. However, they're not sure (and neither are we).
We've archived the binaries before the identified host nukes them.
Possible CVE-2024-6387:
https://vx-underground.org/tmp/CVE-2024-6387
We've updated the vx-underground APT collection – update includes samples and papers.
- 2024.06.05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing
- 2024.06.05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
- 2024.06.06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks
- 2024.06.10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine
- 2024.06.10 - APT and financial attacks on industrial organizations in Q1 2024
- 2024.06.10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices
- 2024.06.11 - APT Attacks Using Cloud Storage
- 2024.06.11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups
- 2024.06.11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
- 2024.06.13 - Arid Viper poisons Android apps with AridSpy
- 2024.06.13 - DISGOMOJI Malware Used to Target Indian Government
- 2024.06.13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities
- 2024.06.16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence
- 2024.06.18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations
- 2024.06.19 - CERT-FR: Malicious activities linked to the Nobelium intrusion set
- 2024.06.19 - New North-Korean based backdoor packs a punch
- 2024.06.20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos
- 2024.06.21 - Analysis of PHANTOM-SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan
- 2024.06.21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
- 2024.06.21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia
- 2024.06.24 - Armageddon is more than a Grammy-nominated album
- 2024.06.24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
- 2024.06.24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders
- 2024.06.26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
- 2024.06.26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data
- 2024.06.27 - Kimsuky deploys TRANSLATEXT to target South Korean academia
- 2024.06.28 - TeamViewer links corporate cyberattack to Russian state hackers
- 2024.07.01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
- 2024.07.01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
vx-underground member Rad a/k/a OnlyMalware being interviewed at x33fcon
Читать полностью…