vx-underground

12 Apr 2025 07:19

Still not as oopsie-doopsie as when the Indian military left the PDB data present which displayed the developers first name and last name, but making the path "hack" is pretty oopsie too.

vx-underground

12 Apr 2025 06:37

The National Police Agency (NPA) of Japan recent documentation of state-sponsored Threat Actors from China is interesting.

A group they believe to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a .wsb configuration file and using it to spin up an instance of the Windows Sandbox.

This is interesting because Windows Defender cannot access the Windows Sandbox (image 1).

The payload enables folder sharing, network access, clipboard access, microphone access, and video access.

tl;dr abusing the sandbox, sandbox as a c2

vx-underground

11 Apr 2025 22:28

Windows 10 support ends October 14th, 2025. It is the calling of the Linux nerds.

vx-underground

11 Apr 2025 19:26

"Nothing is certain except computer viruses and cat pictures" — Benjamin Franklin

vx-underground

10 Apr 2025 19:47

Nintendo ransomware group

vx-underground

10 Apr 2025 07:31

me trying to have a rational conversation about computers with someone on twitter

vx-underground

10 Apr 2025 03:56

Today Donald J. Trump signed a Presidential Memorandum revoking any active security clearance held by Chris Krebs and his associates.

This includes SentinelOne in totality.

More information: https://www.whitehouse.gov/fact-sheets/2025/04/fact-sheet-president-donald-j-trump-addresses-risks-from-chris-krebs-and-government-censorship/

vx-underground

09 Apr 2025 20:12

Also, unrelated to Gronk, we've updated vx-underground. We've added InTheWild 140 - 151. This is 275,000 new malware samples.

Additionally, we've updated TheOldNewThing archive for January, February, and March.

Large paper tsunami coming today.

Cheers,

vx-underground

09 Apr 2025 03:39

Hello,

Tomorrow we have a large update coming. Unsurprisingly, it is the same ol', same ol'. It is malware source code, samples, and papers.

-smelly smellington

P.S. glad so many of you liked the kitty cat collection. It's fun doing goofy stuff on the internet

vx-underground

08 Apr 2025 19:42

Thank you, B F R e p o V 3 F i l e s, for sharing the cat picture collection. Not sure if you'd like to label it a breach, but we'll take it.

¯\_(ツ)_/¯

vx-underground

08 Apr 2025 06:16

YOU'RE ALL TRYING TO PULL THE WRONG TORRENT

🗣REDOWNLOAD THE TORRENT WITH SEED

vx-underground

08 Apr 2025 05:50

In these trying times the one thing which remains constant is the value of kitty cat pictures.

Please take a copy of our kitty cat picture collection. It is 159.9GB (111,429 files) of kitty cat pictures (a torrent!)

Economic problems 🤝Kitty cats

https://vx-underground.org/Torrents

vx-underground

08 Apr 2025 03:51

Updates to the Malware Builder collection via Cryakl (may include subvariants)

-A7m3dRat
-CraxsRat
-Gh0stCringe
-HadesRat
-KazyBot
-Nbclass
-PhoenixKeylogger
-PurpleFox

https://vx-underground.org/Builders

vx-underground

08 Apr 2025 01:25

APT samples and papers:

2024.10.24 - Operation Cobalt Whisper - Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan
2025.01.20 - Operation Hurricane - A brief discussion of the techniques and tactics of the Xinhai Lotus organization in memory
2025.01.21 - Love and hate under war - The GamaCopy uses military-related bait to launch attacks on Russia
2025.01.23 - Mapping Suspected KEYPLUG Infrastructure - TLS Certificates, GhostWolf, and RedGolf APT41 Activity
2025.01.23 - The J-Magic Show - Magic Packets and Where to find them
2025.01.28 - ScatterBrain - Unmasking the Shadow of PoisonPlug's Obfuscator
2025.01.29 - CL-STA-0048 - An Espionage Operation Against High-Value Targets in South Asia
2025.01.29 - Operation Phantom Circuit - North Koreas Global Data Exfiltration Campaign
2025.02.03 - Analysis of malicious HWP cases of APT37 group distributed through K messenger
2025.02.03 - macOS FlexibleFerret - Further Variants of DPRK Malware Family Unearthed
2025.02.07 - Chinese-Speaking Group Manipulates SEO with BadIIS
2025.02.11 - Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
2025.02.12 - 2024 Global APT Research Report
2025.02.12 - Cybercrime - A Multifaceted National Security Threat
2025.02.12 - The BadPilot campaign - Seashell Blizzard subgroup conducts multiyear global access operation
2025.02.12 - UAC-0063 Cyber Espionage Operation Expanding from Central Asia
2025.02.13 - Analyzing DEEP#DRIVE - North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
2025.02.13 - Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
2025.02.13 - RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers
2025.02.13 - Stimmen aus Moskau - Russian Influence Operations Target German Elections
2025.02.13 - You've Got Malware - FINALDRAFT Hides in Your Drafts
2025.02.18 - Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection
2025.02.19 - Signals of Trouble - Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
2025.02.20 - Analysis of the APT-C-28 (ScarCruft) organizations attack activities using fileless delivery of RokRat
2025.02.20 - DeceptiveDevelopment targets freelance developers
2025.02.20 - SPAWNCHIMERA Malware - The Chimera Spawning from Ivanti Connect Secure Vulnerability
2025.02.20 - Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
2025.02.20 - Weathering the storm - In the midst of a Typhoon
2025.02.21 - Angry Likho - Old beasts in a new forest
2025.02.23 - The Bybit Incident - When Research Meets Reality
2025.02.24 - Erudite Mogwai Uses Custom Stowaway to Stealthily Advance Online
2025.02.24 - Operation SalmonSlalom - A new attack targeting industrial organizations in APAC
2025.02.25 - Chinese APT Target Royal Thai Police in Malware Campaign
2025.02.26 - RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
2025.02.27 - A case of phishing email attack by Larva-24005 group targeting Japan
2025.02.27 - Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
2025.02.27 - Squidoor - Suspected Chinese Threat Actor's Backdoor Targets Global Organizations
2025.03.03 - Operation sea elephant - The dying walrus wandering the Indian Ocean
2025.03.04 - Call It What You Want - Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
2025.03.04 - Likely DPRK Network Backstops on GitHub, Targets Companies Globally
2025.03.05 - Silk Typhoon targeting IT supply chain
2025.03.12 - Ghost in the Router - China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
2025.03.12 - Hack The Sandbox - Unveiling the Truth Behind Disappearing Artifacts
2025.03.12 - New Android Spyware by North Korean APT37
2025.03.13 - Analyzing OBSCURE#BAT - Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
2025.03.13 - Detailed Analysis of DocSwap Malware Disguised as Securit

vx-underground

08 Apr 2025 00:01

>Openly share 159GB file of kitty cat pictures
>5,350+ people rush to download the file
>850TB of web traffic flood in
>Cloudflare reports 1,850% increase in web traffic
>everyone_panic.jpeg
>More people try to download the file can't
>People angry, demand cats

vx-underground

12 Apr 2025 07:17

Congratulations to APT "Stately Taurus".

Throughout 2021 and 2022 Palo Alto was tracking their activity because they left debug symbols in their DLLs.

They've since learned to remove the debug symbols. Good job, buddy. It took a few years, but you're getting better!

vx-underground

12 Apr 2025 03:52

Hello,

We would like to speak with the administrative staff at RussianMarket.

Thanks,

vx-underground

11 Apr 2025 22:20

> wants to add to blocklist
> tweets it

vx-underground

11 Apr 2025 09:24

Someone contacted us and said they 0day'd their school, infected every machine with a custom RAT, and displayed a MessageBox to everyone in the school at the same time. After that, the school hired him to be in charge of cybersecurity

What the fuck are you talking about

vx-underground

10 Apr 2025 17:12

doing some work in the backyard today, what kind of tree roots are these???

vx-underground

10 Apr 2025 07:18

Massive update to Malware Defense collection

Chat, we are cookin'. Thanks to Malpedia for letting us get the files. They're the best.

vx-underground

10 Apr 2025 03:36

Gone for the day and return to see the United States government doing schizo Boomer Facebook posting

vx-underground

09 Apr 2025 19:06

wtf python imports are tariffed

vx-underground

08 Apr 2025 21:39

Hello,

"Sean" has informed us that, somewhere in the midst of our kitty cat collection, is a photo of a cute doggie making homophobic remarks.

This is terrible news. The entire collection is contaminated.

vx-underground

08 Apr 2025 17:09

Hello,

We see from our torrents that an absolutely colossal amount of people are downloading AND seeding our kitty cat picture collection

What the fuck lol

vx-underground

08 Apr 2025 05:52

Spent a long time making sure this torrent was good, TorGuard could seed it for us, and fixing our melted infra.

You nerds better download these cat pictures.

vx-underground

08 Apr 2025 04:08

Hello to the Threat Actor who compromised the Parliament of the Republic of South Africa Xitter account and gave us a shoutout... kind of?

They live streamed homosexual pornography and left the vx-underground Xitter tab open.

🥴🥴

vx-underground

08 Apr 2025 01:43

The attached images is from a 1988 malware analysis report from AT&T Bell Labs. The report does a high-level overview of a viral infector targeting UNIX operating systems.

vx-underground

08 Apr 2025 00:04

We've got lots of stuff to add to vx-underground. We've re-prioritized — unironically highest priority is creating kitty cat 7z torrent.

vx-underground

07 Apr 2025 19:54

Bro is flabbergasted