40552
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
Today an unknown individual uploaded what appears to be sensitive Chinese government documents... to GitHub. They're labeled "IS00N".
Читать полностью…
An individual online reported unusual activity when trying to charge their sex toy.
tl;dr vibrator downloads Lumma stealer?
https://tria.ge/240215-xvx86seb91
We've updated the vx-underground crime section. We have added dozens of court cases, past and present.
We have a lot of work to do:)
https://vx-underground.org/Crime/Legal%20Rulings
The United States government has placed a $10,000,000 bounty on the leaders of ALPHV.
Additionally, any individual conspiring to participate in or attempting to participate with ALPHV has a bounty of $5,000,000.
https://www.state.gov/reward-for-information-alphv-blackcat-ransomware-as-a-service/
Hello, how are you?
Selling merchandise has been an extremely painful task. We profit almost nothing from merchandise, roughly $5 per item sold, because it is all handled by an external manufacturer
When individuals are upset over merchandise, and request a refund, we lose A LOT of money which we already do not have.
We will be closing the merch store soon due to frequent refunds. We are losing money right now.
Today the United Kingdom's National Crime Agency released an advert reminding YOU about the Computer Misuse Act
Ditch the script, it's a crime.
The crime section is now public. It's pretty empty, but it's a work in progress.
Have a nice day
https://vx-underground.org/Crime
No but seriously, this is the first time we've beaten VirusTotal and other AV vendors to a malware sample.
feels_good_man.exe
tl;dr if we don't reply in like, 3 or 4 days, don't be afraid to try messaging us again. We get a ton of e-mails, DMs, and messages every single day about all sorts of stuff (including people asking for the password, still)
Читать полностью…
Lockbit ransomware group terms-of-service states "no healthcare". Then they proceed to allow their affiliates to target healthcare... repeatedly.
Today they decided to ransom a cancer treatment center with locations in Florida and Puerto Rico
We've updated the Windows malware paper collection
- 2023-12-24 - Arbitrary Command Execution Via Windows Kit's StandaloneRunner
- 2024-02-12 - Hypervisor enforced security policies for NTOS secure kernel and a child partition
- 2024-02-12 - Why Windows cant follow WSL symlinks
News outlets are now describing ransomware attacks by mattress size
Читать полностью…
ALPHV ransomware group has taken credit for attacks on critical infrastructure in the United States and Spain
- 2023-12-18 - Lower Valley Energy, an electricity provider in the United States
- 2024-02-12 - Sercide, an electricity provider in Spain
We are deeply saddened to share that all of the Twitter bots and/or spam accounts sharing pseudo-pornography in their Twitter bio does NOT deliver malware :(
It just does a bunch of dumb redirects and eventually drops you off on some fake looking dating site
It is Sunday. Today is a day for rest.
See ya tomorrow
Believe it or not, this is not a Unicode error. This is the child of a SQL developer
Читать полностью…
Today the United States Department of Justice was busy.
1. Vyacheslav Igorevich Penchukov a/k/a Tank was arrested. He was allegedly involved in the Zeus botnet and IcedId banking trojan
2. Mark Sokolovsky, developer of Raccoon Stealer, is scheduled to be extradited to the United States from the Netherlands
3. The Department of Justice announces the disruption of a botnet operated by the Russian GRU a/k/a APT28
A few notes:
1. The store will come back at a later time. We need to assess our ability to sell merchandise, at a reasonable price, and doesn't financially hurt us.
2. We will still be selling harddrives on the store (when they're back in stock)
tl;dr customer support is dumb
you're all a bunch of god damn criminals and you're going to jail forever and ever and ever
Читать полностью…
Mozilla has laid off 60 people and announces they want to incorporate AI into Firefox
It's over
https://arstechnica.com/gadgets/2024/02/mozilla-lays-off-60-people-wants-to-build-ai-into-firefox/
The first VXUG APT exclusive! 🥰
2024-02-09, the Kazakhstan government reported state-sponsored Threat Actors targeting government officials with sugargh0st malware
Thanks to our friends in Kazakhstan we are the first to share them:)
Check it out here: https://vx-underground.org/APTs/2024/2024.02.09%20-%20SugarGh0st%20RAT%20attacks%20Kazakhstan%20%E2%80%93%20State%20Technical%20Service
"Did you guys see my message?"
Want to know how good we are at seeing messages? It took us almost 2 years to reply to someone.
Also, thank you for the sample, RussianPanda. Apologies it only took us 2 years.
We are going to create a new section of vx-underground specifically for archiving criminal activity documentation (rather than technical details).
This portion will archive legal proceedings, court rulings, Threat Intel write ups, etc.
NATO has shutdown access requests forms for their Jira board.
Читать полностью…
We found NATO's Jira access portal online. It said you can request access via the form URL. We have requested access to NATO.
Читать полностью…
We've updated the vx-underground Windows malware paper collection
- 2023-12-21 - InsightEngineering - Advanced Windows Debugging
- 2024-01-06 - Token stealing with Syscalls only
- 2024-01-15 - Undocumented DISM properties
Group: 8base
Approx. Time: 22:38 11/02/24
Title: LILI'S BROWNIES