14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
whoever decided to implement SecureBoot for Windows OS' should be thrown out of a helicopter while they're kicking and screaming
Читать полностью…
Microsoft has discovered nobody actually wanted to install Uber Eats and micro-transaction-pay-to-win mobile games on their desktop computer
RIP Windows Subsystem for Android
2021-10-20 - 2025-03-05
Woke up this morning to an individual informing us they compromised a penis medical implant website
Читать полностью…
Just saw a large group of people, probably age 55+, on Twitter angrily tagging Joe Biden and blaming him for Facebook and Instagram having connectivity issues.
The internet is cool and badass
We have seen the rise and fall of REvil, HIVE, Conti, and ALPHV. Will Lockbit ransomware group be able to deter law enforcement agencies? Will a new ransomware group arrive to fill the vaccuum left by the other Titan's falling?
Find out on the next episode of Dragon Ball Z
The dork who leaked classified United States military documents on a Minecraft Discord server has plead guilty. He is facing 10 years in prison.
https://www.justice.gov/opa/pr/air-national-guardsman-agrees-plead-guilty-unlawfully-disclosing-classified-national-defense
Update: the is not about ransomware, or cyber attacks in the traditional sense, Mr. Meek Mill's frustration derives from a recent leak which some people allege him to be a homosexual
¯\_(ツ)_/¯
Following the FBI takedown Lockbit ransomware group no longer supports Lockbit Red (formerly known as Lockbit 2.0) and they no longer support StealBit
Читать полностью…
Earlier today Dmitriy Smilianets shared information regarding allegations from ALPHV affiliates of ALPHV administrative scamming partners.
A user went online to state they are responsible for ransoming Change Healthcare. They state after receiving payment ALPHV administrative staff suspended their account. They continue to say the suspension was suspicious and March 3rd, 2024 the wallet which received the Change Healthcare funds was emptied.
They conclude the post by unveiling an ALPHV wallet which has received approx. $92,749,381 (or 1401 BTC)
Wallet: 14Q5xgBHAkWxDVrnHautcm4PPGmy5cfw6b
*information and photos via Dmitriy Smilianets
We can assert with a high degree of confidence Lockbit is reposting old victims.
Source: we've seen them listed before and others have too
When discussing UAC bypasses with @sadistic we made an interesting discovery.
The classic Windows FodHelper.exe UAC bypass is not patched (still).
When manually demonstrating the issue Windows Defender flagged Regedit.exe as malware... with the option to remove Regedit.exe 🤔
We've updated the vx-underground APT collection for the month of February, 2024.
Check it out here: https://vx-underground.org/APTs/2024
We need to have a chat. We're disappointed in you nerds
We recently came up with this idea that if we allowed individuals to submit questions for our first VXUG Trivia Night, people would submit questions.
Miniature Adam Sandlers, poop questions, and naughty words. Really?
Hello,
Please go here and post nonsense in chat: https://www.twitch.tv/vxunderground_live/
P.S. there is edgy music, there is NO jazz music.
Have a nice day.
Today the United States Department of Justice announced the indictment of Linwei Ding. He's charged with 4 counts of theft of trade secrets.
tl;dr he was sending Google AI secrets to Chinese based AI companies he was secretly working at
https://www.justice.gov/opa/pr/chinese-national-residing-california-arrested-theft-artificial-intelligence-related-trade
We've updated the VXUG malware collection
- Bazaar.2024.02
- Virussign.2024.02.28
- Virussign.2024.02.29
- Virussign.2024.03.01
- Virussign.2024.03.02
- Virussign.2024.03.03
- Virussign.2024.03.04
- Virussign.2024.03.05
- InTheWild.0112
- InTheWild.0113
71,000+ new samples
We've made some updates to vx-underground
- The Old New Thing for February, 2024
- MyloBot
- Stealc
- Truebot
- zgRAT
- Remcos
- QakBot
- RedLine
- Pikabot
- LilithBot
- ParadiseRansomware
- Bandook
- Android.HookBot
- Atharvan
- AgentTesla
- Android.Coper
There are rumors of a DDoS attack against social media giant Meta (formerly Facebook). We don't know if it's true. However, as is tradition, we just assume it to be a DNS issue.
Cheers
Good morning, and welcome to your daily dose of internet-true-crime-drama
tl;dr nerds think ALPHV is doing exit scam, ALPHV blames FBI
March 3rd an ALPHV affiliate went onto RAMP and claimed that ALPHV administrative staff scammed them. They alleged they were responsible for the attack against Change Healthcare and, when trying to log into their panel, noticed their ALPHV affiliate account was suspended. To show proof of this they shared an alleged ALPHV wallet. Researchers believe Change Healthcare paid $22,000,000. Change Healthcare has not publicly confirmed or denied paying the ransom. ALPHV administration displayed a status online saying "Everything is off, we decide". Shortly after it was changed to "GG" - 'Good Game'.
Later on, on March 4th, "Affiliate Plus" ALPHV account holders expressed frustration that their accounts were suddenly closed - unable to perform their ransomware attacks. They claimed ALPHV administrative staff was ignoring them.
Later, later, later on March 4th, ALPHV administrative staff relayed an ambiguous message. They stated that the United States Federal Bureau of Investigation was responsible (for ???). We are not sure if they are saying the RAMP post was the FBI, trying to damage their reputation, or if ALPHV administrative staff is claiming the FBI intentionally attacked American critical infrastructure.
Later, later, later, later on March 4th, ALPHV put the source code to ALPHV ransomware for sale for $5,000,000.
Today, March 5th, the ALPHV domain shows an FBI seizure message. However, researchers have indicated that the HTML source code looks suspicious and they believe this is a phony FBI seizure page. There has not been any official announcement from the United States Department of Justice to confirm or deny this seizure notice on the ALPHV domain.
We have a lot of updates for vx-underground.
Unfortunately, these updates have not been pushed because we're in the middle of a galactic war (for democracy) and are actively trying to liberate Meridia from Terminids
If we had to guess, we assume famous American rapper Meek Mill is conveying his frustration with ransomware groups.
Unfortunately, what MeekMill does not know, is it is going to take more than a private detective (or 100's) to dismantle ransomware groups.
¯\_(ツ)_/¯
tl;dr it is Monday, another day, another ransomware conflict
Читать полностью…
One if our primary recommendations to younger people is to immediately, without hesitation, involve yourself in the cybersecurity-ecosystem. It does not matter if it is Twitter, Mastodon, whatever, but it needs to be done.
The reason why is not social networking (although this can help). The real reason why is the constant, nearly suffocating, flooding of information, news, and research. Every single day we see new malware analysis papers, research papers on nearly every IT-based field you can conjure, and news on cyber crime, technological advancements, or 'futurism'.
Of course the quality of the things mentioned varies on an almost hourly basis, but this constant stream of information will allow you to continually educate yourself and grow as a person. We are not recommending you be glued to Twitter (or whatever you choose), but simply logging in once a day, before bed or in the morning, and just simply doom-scrolling the website, seeing the horrors unleashed, will allow you to grow.
Also, you will collect a colossal 'to-read-list' in your bookmarks and every so often you'll read 1 or 2 papers and become depressed that you didn't think of the research they shared sooner.
We previously posted that the FBI re-seized ALPHV's domains.
That is (potentially) incorrect? Briefly the old domains were forwarding to the new domains. The new domains are now offline and the old sites are seized? Others noted this occurrence too.
No idea what's happening
Long and crazy read. Prepare yourself.
January 16th, 2024 a video surfaced online of a gunman, Jeffrey West, 68, shooting his step-son, Kyle Spitze, 24, with a gun. Subsequently Jeffrey West got into a shootout with the police and dying from a self-inflicted gunshot wound. The video was shared online by Kyle Spitze as he recorded the incident from his phone. (Image 1). It is rumored that Jeffrey West threatened to kill Kyle Spitze because he enjoyed cross-dressing.
Fast forward to February 27th: the Tennessee Eastern District Court unsealed documents showing that February 10th the FBI visited Kyle Spitze. They found a large quantity of Child Sexual Abuse Material (CSAM) on his personal device. Specifically, Kyle Spitze would perform sextortion on young juvenile women.
The released affidavit is long and censored to protect juveniles identities. The affidavit notes that the FBI CART (Computer Analysis Response Team) was able to successfully locate some of the victims from photograph metadata.
tl;dr crazy internet video accidentally unveils internet predator
The entire document is archived in our crime section on vx-underground as "2024-02-21 - United States v Spitze (Sextortion)"
Thank you to whoever submitted this possible question. It means a lot.
Читать полностью…
We reached 102 viewers. Subsequently this number dropped to 75+- when staff member Helen decided to play Miley Cyrus.
Читать полностью…
"In order for our UAC bypass to work we need to first get Admin"
???