14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
Hello, how are you?
Apologies for the delays. We've been knee deep in lame stuff — real-world responsibilities, or something. Anyway, we've got a bunch of nerd news to share, list of content additions, things we need to upload to the VXDB and more.
Full list of additions below...
Family Updates:
- AveMaria
- Azorult
- BlackwoodLoader
- CherryLoader
- Grandoreiro
- IcedId
- KasseikaRansomware
- KrustyLoader
- MortisLocker
- QakBot
- SmokeLoader
- SubtlePaws
- VileLoader
- WikiLoader
- YoungLotus
Collection Updates:
- Virussign.2024.03.06
- Virussign.2024.03.07
- Virussign.2024.03.08
- Virussign.2024.03.09
- Virussign.2024.03.10
- Virussign.2024.03.11
- Virussign.2024.03.12
Malware Analysis Papers:
- 119 new papers added for 2024
- 17 new papers added for 2023
- 16 new papers added for 2022
- 6 new papers added for 2021
- 6 new papers added for 2020
- 14 new papers added for years 2011 - 2019
VXDB notes:
- VirusSign and VirusShare recent additions have NOT been synced with VXDB
- Approx. sync date is 2024-03-16
Thank you for waiting, sometimes it is difficult running the largest open-source malware repository on the internet.
More to come soon. I love you.
"Can a .txt file be malicious?"
Short answer: No
Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT
No updates again this Sunday.
I love you so much, omg
Our opinion: probably not. However, they would 100% care about the money laundering and/or tax evasion. The United States IRS doesn't mess around. They WILL get their money one way or another.
Читать полностью…
Today it was announced Akira Toriyama, the creator of Dragon Ball, passed away. Today will act as an international day of mourning for all Dragon Ball nerds for all memories and memes Mr. Toriyama brought us.
More information: https://en.dragon-ball-official.com/news/01_2499.html
"The ransomware is always encryption software on the other side", - Vladimir Vladimirovich Putin, probably
Читать полностью…
Russia-based Cyber Threat Intelligence firms do not list Lockbit or Babuk ransomware group as financially motivated or state-sponsored Threat Actors - they're tools. See attached image #3 for list of known ransomware groups 🤔🤔🤔🤔
Читать полностью…
We continue to receive hateful remarks from individuals because of the vx-uwu logo - most notably we are called 'trannies' and are told to 'kys'.
Dorks terrified of vx-uwu colors and anime
Today the United States Department of Justice announced the indictment of Linwei Ding. He's charged with 4 counts of theft of trade secrets.
tl;dr he was sending Google AI secrets to Chinese based AI companies he was secretly working at
https://www.justice.gov/opa/pr/chinese-national-residing-california-arrested-theft-artificial-intelligence-related-trade
We've updated the VXUG malware collection
- Bazaar.2024.02
- Virussign.2024.02.28
- Virussign.2024.02.29
- Virussign.2024.03.01
- Virussign.2024.03.02
- Virussign.2024.03.03
- Virussign.2024.03.04
- Virussign.2024.03.05
- InTheWild.0112
- InTheWild.0113
71,000+ new samples
We've made some updates to vx-underground
- The Old New Thing for February, 2024
- MyloBot
- Stealc
- Truebot
- zgRAT
- Remcos
- QakBot
- RedLine
- Pikabot
- LilithBot
- ParadiseRansomware
- Bandook
- Android.HookBot
- Atharvan
- AgentTesla
- Android.Coper
There are rumors of a DDoS attack against social media giant Meta (formerly Facebook). We don't know if it's true. However, as is tradition, we just assume it to be a DNS issue.
Cheers
Good morning, and welcome to your daily dose of internet-true-crime-drama
tl;dr nerds think ALPHV is doing exit scam, ALPHV blames FBI
March 3rd an ALPHV affiliate went onto RAMP and claimed that ALPHV administrative staff scammed them. They alleged they were responsible for the attack against Change Healthcare and, when trying to log into their panel, noticed their ALPHV affiliate account was suspended. To show proof of this they shared an alleged ALPHV wallet. Researchers believe Change Healthcare paid $22,000,000. Change Healthcare has not publicly confirmed or denied paying the ransom. ALPHV administration displayed a status online saying "Everything is off, we decide". Shortly after it was changed to "GG" - 'Good Game'.
Later on, on March 4th, "Affiliate Plus" ALPHV account holders expressed frustration that their accounts were suddenly closed - unable to perform their ransomware attacks. They claimed ALPHV administrative staff was ignoring them.
Later, later, later on March 4th, ALPHV administrative staff relayed an ambiguous message. They stated that the United States Federal Bureau of Investigation was responsible (for ???). We are not sure if they are saying the RAMP post was the FBI, trying to damage their reputation, or if ALPHV administrative staff is claiming the FBI intentionally attacked American critical infrastructure.
Later, later, later, later on March 4th, ALPHV put the source code to ALPHV ransomware for sale for $5,000,000.
Today, March 5th, the ALPHV domain shows an FBI seizure message. However, researchers have indicated that the HTML source code looks suspicious and they believe this is a phony FBI seizure page. There has not been any official announcement from the United States Department of Justice to confirm or deny this seizure notice on the ALPHV domain.
tl;dr modify shell open command (default) to malicious payload with subsequent invocation of text editor + parameters. The .txt file won't be malicious, but the thing responsible for opening them will be
¯\_(ツ)_/¯
Hello,
If you like vx-underground please consider donating. Every dollar helps us and allows us to do cool stuff like archive more malware, archive more stuff from pacer, and do giveaways.
Thank you. I love you.
Become a monthly donor here: https://donorbox.org/vxug-monthly
Why are these dorks selling stuff off vx-underground? Also, those are builders, not the source code. The source code is on GitHub
Читать полностью…
Let's address the elephant in the room.
If a ransomware group resided in the United States, publicly swore allegiance to the United States and all allies of the United States, and only deployed ransomware to Russia — would Law Enforcement or Cyber Threat Intelligence care?
We are postponing vx-underground trivia night to March 15th, 2024. Helen got COVID19 😭
Читать полностью…
In the entire document Lockbit is noted 7 times, Conti is listed 4 times, ALPHV is never mentioned. There references to Lockbit are often looked over as a note, not really described in detail. They're seen as 'encryption programs'.
Читать полностью…
Russia-based Cyber Threat Intelligence firms have an APT name designated for the United States government: Sand Eagle
Читать полностью…
whoever decided to implement SecureBoot for Windows OS' should be thrown out of a helicopter while they're kicking and screaming
Читать полностью…
Microsoft has discovered nobody actually wanted to install Uber Eats and micro-transaction-pay-to-win mobile games on their desktop computer
RIP Windows Subsystem for Android
2021-10-20 - 2025-03-05
Woke up this morning to an individual informing us they compromised a penis medical implant website
Читать полностью…
Just saw a large group of people, probably age 55+, on Twitter angrily tagging Joe Biden and blaming him for Facebook and Instagram having connectivity issues.
The internet is cool and badass
We have seen the rise and fall of REvil, HIVE, Conti, and ALPHV. Will Lockbit ransomware group be able to deter law enforcement agencies? Will a new ransomware group arrive to fill the vaccuum left by the other Titan's falling?
Find out on the next episode of Dragon Ball Z
The dork who leaked classified United States military documents on a Minecraft Discord server has plead guilty. He is facing 10 years in prison.
https://www.justice.gov/opa/pr/air-national-guardsman-agrees-plead-guilty-unlawfully-disclosing-classified-national-defense