40631
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
tl;dr schedule for adding stuff, more malware samples, still working on website, holiday merch and holiday sales, more giveaways
Читать полностью…
An unknown Threat Actor(s) claim to have compromised Coin Cloud.
They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. They allege to have data for individuals residing in the United States as well as Brazil.
They also claim to have stolen the source code to the entire backend of Coin Cloud.
Coin Cloud filed for Chapter 11 Bankruptcy in February, 2023.
Company executives when they're asked if they've been compromised
Читать полностью…
Bloomberg released a news article regarding the attack on ICBC. In the article it states: "A representative for the gang confirmed on Friday that the group was behind the ICBC attack".
Confirmed to who? :)
Why'd you skip us, but mention Trusec, Analyst1 and CyberSheath?
Butte School Districts shuts down computer network after system compromised.
Furthermore, as demonstrated in the image used by the news station, user xdolence tried using the ls command on Windows 😭
Correction made: it was $30,000,000 - blockchain nerds believe it is tied to APT Lazarus Group (North Korean government).
Читать полностью…
November 10th, 2023 at approx. 6:35AM EST Poloniex cryptoexchange was 'drained' of over $30,000,000...
Information via AlvieriD- correction of sum by lcfr_eth
*Initial sum was $137,000, was off by $29,863,000 :)
Whoopsie proof: https://etherscan.io/address/0xa910f92acdaf488fa6ef02174fb86208ad7722ba
Whats included?
- 37,745 APT papers and samples
- 7,147 archived materials (papers, old software, malware builders)
- 11,460 malware papers
- 36,000,000+ malware samples (5.06TB)
- 3,197 malware source code(s) file(s)
CheckPoint Harmony EDR/XDR Agent 87.60.0273 for Windows, MacOS, and Linux leaked online today.
Leaker allegedly established a fake company to purchase the software ¯\_(ツ)_/¯
Our account through Donorbox has been suspended citing that they believe we have violated their policy. We have not.
We have used DonorBox for several years now with no issue.
Without their services we will no longer be able to accept donations and survive:(
Attempting to close Microsoft OneDrive on Windows 11 triggers a poll asking the user why they want to terminate the process.
*Killing the process via task manager doesn't trigger the poll
Image via tomwarren
It should also be noted that Dave Kennedy asked for nothing in return for sponsoring us - not even a tweet or a logo on vx-underground. He is legitimately just wildin' out and helping nerds for fun
Читать полностью…
Over the weekend we received a series of e-mails from compromised enterprise networks with the message "Я гей" ("I'm gay" in Russian). In a weird twist of fate, we received an e-mail (an uncompromised e-mail....) with the message "I'm gay".
Lots of gay people ¯\_(ツ)_/¯
No, we're not shutting down. We're noting that we are considering exploring other projects for vx-underground (keyword: considering, nothing solid).
Also, we love all of you, especially you
Important updates:
1. We are establishing a 'schedule' to add some structure to our workflow (for the first time in 4+ years). Wednesday and Friday will be when updates are pushed to the website e.g. malware papers, archives, malware samples, etc. Monday, Tuesday, and Thursday will be dedicated to us aggregating content, posting nonsense, etc. Saturdays and Sundays we may or may not work, it depends entirely on our mood and what's happening.
2. Due to increased sponsorships, monthly donors, and people purchasing merchandise, we have successfully increased the volume of samples we are uploading to the VXDB. We are now aiming to upload 200,000+ malware samples a month.
3. We are still working on enhancing the website, making it scrapable, and allowing nerds to do mass downloads from the VXDB.
4. We are working on some limited edition merchandise for the holiday season for vx-underground. Additionally, all merchandise will be disconnected throughout the entire month of December.
5. We're going to be doing more giveaways this month. If you have a suggestion, let us know.
Have a nice day (night?). See you all tomorrow:)
Hello, how are you?
Due to increased sponsorships, donors, and nerds purchasing merchandise we are now increasing the volume of malware samples for nerds to reverse engineer, or build rules for, or something.
Have a nice day. Enjoy the rest of your weekend:)
Malware is like an old can of peas.
It's been on the shelf for 20 years and it's still good
Nerds think having Lamborghinis, 'Iced out' watches, and wearing Balenciaga makes them look wealthy.
Wrong.
Real wealth and power is skating on GPUs.
Questions we have been asked:
1. Will Boeing pay Lockbit ransomware group? No.
2. Was Lockbit responsible for the ransomware attack against ICBC? Yes
Source: Lockbit ransomware group administrative staff. They also want to explicitly state they are not Russian
Fellow nerd RicardoJoseRF implemented our recent tweets about different 'whoami' methods in C#.NET. We initially wrote them in C++.
It's cool seeing stuff in other languages =D
You're corrupting all of us UK_Daniel_Card & HackingLZ
Link: https://github.com/ricardojoserf/WhoamiAlternatives/
Fuck you, Telegram, for placing ads on our posts. It gives the illusion like we're shilling bullshit.
Fuck ads.
Per the request of many we are now selling physical copies of vx-underground.
- $500 (this includes shipping)
- Handwritten thank you letter
- 10TB Seagate external HDD
- Worldwide shipping
- Delivery times vary (location, queue, ???)
https://www.vx-underwear.org/products/vx-underground-collection-hdd
The big whoopsie has hit.
Earlier this morning nerds began informing us that equity traders were unable to place trades (or clear previous ones) through ICBC (Industrial and Commercial Bank of China).
An emergency notice was sent out stating:
"ICBC is currently unable to connect to DTCC/NSCC. This issue is impacting all of ICBC’s clearing customers, including [censored]. Because of this, [censored] is temporarily suspending all inbound FIX connections and not accepting orders at this time. We are in close touch with ICBC and will advise as soon as the issue is resolved. We are exploring all avenues to clear all 11/8 trades and will provide updates as they become available."
It was speculated that it was ransomware, however it was not confirmed and it was just rumors. If it was a technical issue it is bad. But, now that we know it is ransomware, it is much worse.
More information: https://www.ft.com/content/8dd2446b-c8da-4854-9edc-bf841069ccb8
There is something oddly amusing about watching LinkedIn cybersecurity executives, managers, suit-non-nerds discuss vx-underground. It is evident they are completely culturally disconnected from the nerds.
Also, shout-out Ryan C. and Florian Bogner for being real 1's.
In 2022 Italian politician Maurizio Gasparri displayed his password on his workplace device on live TV
It was a sticker on his laptop.
"Agta123"
Monthly additions are now live. New additions:
- Virusshare.482 total of 52,807 new samples
- The Old New Thing for October, 2023
- Malware analysis collection - 82 new papers from malpedia
Have a nice day.
https://www.vx-underground.org/
TrustedSec has repeatedly spoken out about the importance of giving back, helping others, and making an impact on the community - whether it be them donating to educational programs to schools, creating cybersecurity conferences designed to make a positive impact on the community, sponsoring local events, or donating to people, giving away items, etc.
We spoke with Dave Kennedy, CEO of TrustedSec - he has offered us invaluable resources to aid us in our growth, given us insight into potential ways we can expand (while remaining free, vx-underground will remain free forever).
TrustedSec is also now our largest sponsor.
Thank you Dave Kennedy and friends at TrustedSec for making an impact and doing everything that you do. It is wholeheartedly appreciated it.
It's been 10 minutes - still trying to understand this e-mail
Читать полностью…
At this moment in time vx-underground is a daily grind - keeping the website updated with new papers, malware samples, the VX-API, the VXDB, etc.
Not entirely sure what else can be done now. Other than continuing the generic updates
Mission accomplished...?