14367
The largest collection of malware source, samples, and papers on the internet. Password: infected Website: https://www.vx-underground.org/ vx-underground Telegram chatroom link: https://t.me/+njfLzUrqos01ZWNh
No but seriously, this is the first time we've beaten VirusTotal and other AV vendors to a malware sample.
feels_good_man.exe
tl;dr if we don't reply in like, 3 or 4 days, don't be afraid to try messaging us again. We get a ton of e-mails, DMs, and messages every single day about all sorts of stuff (including people asking for the password, still)
Читать полностью…
Lockbit ransomware group terms-of-service states "no healthcare". Then they proceed to allow their affiliates to target healthcare... repeatedly.
Today they decided to ransom a cancer treatment center with locations in Florida and Puerto Rico
We've updated the Windows malware paper collection
- 2023-12-24 - Arbitrary Command Execution Via Windows Kit's StandaloneRunner
- 2024-02-12 - Hypervisor enforced security policies for NTOS secure kernel and a child partition
- 2024-02-12 - Why Windows cant follow WSL symlinks
News outlets are now describing ransomware attacks by mattress size
Читать полностью…
ALPHV ransomware group has taken credit for attacks on critical infrastructure in the United States and Spain
- 2023-12-18 - Lower Valley Energy, an electricity provider in the United States
- 2024-02-12 - Sercide, an electricity provider in Spain
We are deeply saddened to share that all of the Twitter bots and/or spam accounts sharing pseudo-pornography in their Twitter bio does NOT deliver malware :(
It just does a bunch of dumb redirects and eventually drops you off on some fake looking dating site
Dudes ransomed a small family owned bakery 😭
Ransoming their way to $50 and a bag of freshly baked cookies
CrowdStrike placed an ad in the Super Bowl.
We're not up to date with the current Threat Actor lore with them, but it appears as if one of the individuals in the commercial is the infamous Scattered Spider (the tall one with the curly blonde hair)
We've updated the vx-underground Windows malware paper collection
- 2021-07-23 - Modifying MS Office security warnings
- 2024-02-06 - Exploiting a vulnerable Minifilter driver to create a process killer
- 2024-02-08 - Deep Dive Into Exploiting Windows Thread Pools
October 24th, 2022 an account on Doxbin operating under the alias "pedohunters" released a lengthy article on an individual operating under the alias "Rabid" a/k/a "Rabid7997".
February 8th, 2024 the identity of "Rabid" was confirmed - the United States Department of Justice arrested Richard Anthony Reyna Densmore of Kaleva, Michigan.
The United States Department of Justice unveiled details of this individuals sadism - he forced children to perform acts of self-harm on Discord for sexual gratification.
Due to the severity of his crimes he is currently facing life in prison.
More information: https://www.justice.gov/usao-wdmi/pr/2024_0208_R_Densmore_Indictment
We've updated the vx-underground Windows malware paper collection
- 2019-02-15 - Understanding Windows x64 ASM
- 2023-12-31 - Compression using undocumented RDP APIs
- 2024-02-08 - Disabling System Event Logs with IDataCollectorSet
https://vx-underground.org/Papers/Windows
We've uploaded more malware samples to vx-underground.
InTheWild && Bazaar && VirusSign
It is over 100,000 new samples.
Please download them, they're very lonely and scared.
The first VXUG APT exclusive! 🥰
2024-02-09, the Kazakhstan government reported state-sponsored Threat Actors targeting government officials with sugargh0st malware
Thanks to our friends in Kazakhstan we are the first to share them:)
Check it out here: https://vx-underground.org/APTs/2024/2024.02.09%20-%20SugarGh0st%20RAT%20attacks%20Kazakhstan%20%E2%80%93%20State%20Technical%20Service
"Did you guys see my message?"
Want to know how good we are at seeing messages? It took us almost 2 years to reply to someone.
Also, thank you for the sample, RussianPanda. Apologies it only took us 2 years.
We are going to create a new section of vx-underground specifically for archiving criminal activity documentation (rather than technical details).
This portion will archive legal proceedings, court rulings, Threat Intel write ups, etc.
NATO has shutdown access requests forms for their Jira board.
Читать полностью…
We found NATO's Jira access portal online. It said you can request access via the form URL. We have requested access to NATO.
Читать полностью…
We've updated the vx-underground Windows malware paper collection
- 2023-12-21 - InsightEngineering - Advanced Windows Debugging
- 2024-01-06 - Token stealing with Syscalls only
- 2024-01-15 - Undocumented DISM properties
Group: 8base
Approx. Time: 22:38 11/02/24
Title: LILI'S BROWNIES
We are preparing for Valentine's day. We are now known as vx-uwu
Читать полностью…
We've updated the vx-underground malware families collection
- AgentTesla
- Amadey
- Android.Chameleon
- Android.WyrmSpy
- AsyncRAT
- AveMaria
- DarkGateLoader
- GootLoader
- INCRansomware
- IPStorm
- LummaStealer
- Nanocore
- Pikabot
- RecordBreaker
- Remcos
- Stealc
February 9th, 2024 the United States Department of Justice announced the arrest of two individuals behind WarzoneRAT.
- Daniel Meli, 27, of Zabbar, Malta
- Prince Onyeoziri Odinakachi, 31, of Nigeria
They are being charged with conspiracy, obtaining authorized access to protected computers to obtain information, illegally selling an interception device, and illegally advertising an interception device.
They are facing up to 20 years in prison.
More information: https://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales
Namecheap is currently experiencing a rather significant DDoS attack.
This attack is not impacting their products. It is effecting their primary domain and customer support.
"The Lockbit builder you have archived is corrupt. Does the .exe work on Android?"
Читать полностью…
We have begun archiving SEC Form 8K filings related to cyber-crime.
Archives are from the SECurityTr8Ker feed.
https://vx-underground.org/Archive/SEC%20Form%208K
Chainalysis' report indicates ransomware *payments exceeded $1,100,000,000 in 2023.
*Payments which are confirmed to be attributed to ransomware attacks, more attacks may not have been identified
More information: https://www.chainalysis.com/blog/ransomware-2024/