vx-underground

24 October 2023 13:33

tl;dr "we are not HIVE, but we have their code"

vx-underground

24 October 2023 11:43

We'd like to note there isn't anything necessarily wrong with an enterprise environment using MalwareBytes, but it just seemed kind of odd to specifically note the usage of the free version... or even the specific AV itself.

vx-underground

23 October 2023 20:44

Traceless, how are you?

Please do not use our Twitter posts for advertisements or financial gain.

Thank you,

vx-underground

23 October 2023 17:58

Security Researcher ValdikSS discovered German law enforcement have been MITM-ing XMPP data from jabber-dot-ru for the past 90 days. ValdikSS believes the MITM on jabber-dot-ru could have been persistent for atleast 6 months.

https://notes.valdikss.org.ru/jabber.ru-mitm/

vx-underground

23 October 2023 04:59

Seeing non-technical people seriously discussing malware will tempt you into diving face first into a woodchipper

vx-underground

22 October 2023 23:49

Coding malware is good for you.

- Teaches you low level programming concepts
- Helps get a better understanding of computer security
- Can help improve reverse engineering skills
- Improves focus, attention to detail, critical thinking skills

vx-underground

22 October 2023 04:51

Okta stock fell 11% today 😭😭😭

... after they admitted they got compromised (again) through their support system (again) and the Threat Actor(s) tried to pivot to clients (again).

Even the $2/user SSO can't save them 😭

vx-underground

21 October 2023 18:41

CloudFlare did a blog yesterday about how the company they use (Okta) was breached (again) and how the Threat Actor tried to pivot into their network (again) and how they mitigated it (again).

The blog gives recommendations to Okta 😂😂

https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/

vx-underground

21 October 2023 16:28

We are aware our Twitter ransomware bot is still offline.

We do not know where the individual maintaining it went. We last spoke with them approx. 2 months ago. They disappeared without a trace.

vx-underground

21 October 2023 11:54

Yeah, Okta's support system was compromised. Yeah, they had access for over 2 weeks. Yeah, the Threat Actor(s) probably went through some pretty sensitive stuff...

But they offer SSO at $2/user, so it's not really that big of a deal, right?

vx-underground

20 October 2023 20:14

Parents, now is the time to be on guard. We are once again reminding you to be diligent about checking your child's candy throughout the Halloween season. vx-underground recently discovered THREE ransomware affiliates from ALPHV ransomware group inside of a Snickers.

vx-underground

19 October 2023 21:29

We have a reverse engineering challenge for you nerds.

In Black Mass Vol. 3, scheduled for October, 2024, we will unveil "Matryoshka". Matryoshka is a strange malware proof-of-concept. We would like you to reverse engineer it to tell us how you think it works.

* Matryoshka only works on Windows 10 or above
* proof-of-concept is not malicious
* you're free to reverse engineer it by any means necessary: static, dynamic, sandbox, making your friend do it, whatever.
* malware proof-of-concept is NOT packed
* Matryoshka does not possess any anti-debug or anti-VM functionality
* source code and full explanation of code will be released in Black Mass Vol. 3
* best write up goes in Black Mass Vol. 3 to show the defensive aspect to Matryoshka!
* binary is being shared in .7z with a super 1337 password!!!!11

inb4 someone reverse engineers it in totality in 2 minutes because they've seen "Kob*".

Matryoshka download: https://samples.vx-underground.org/root/Samples/Matryoshka.7z

vx-underground

19 October 2023 17:39

October 17th - Ukrainian Cyber Alliance takes down Trigona ransomware group, taking down servers and seizing wallets.

October 19th - EUROPOL takes down RagnarLocker ransomware group

Image 1 & 2: Ukrainian Cyber Alliance
Image 3: Ragnar Locker

vx-underground

18 October 2023 13:38

We've had people continually inquire on buying a physical copy of vx-underground.

This is a difficult thing for us to do. It is 5TB+ and continually growing. A 5TB harddrive would be required, shipping, and payment for our time and effort.

Est. cost $150 - $300+

vx-underground

18 October 2023 05:01

The Ukrainian Cyber Alliance has taken down Trigona ransomware group.

Information via AlvieriD

vx-underground

24 October 2023 13:30

October 20th security researcher rivitna2 noted the return of HIVE ransomware rebranded as Hunters International. Additionally, BushidoToken noted a 60% code overlap between Hunters International and HIVE.

Hunters International denies the allegations ¯\_(ツ)_/¯

vx-underground

24 October 2023 11:25

Yesterday 1Password released an Incident Response Report believing that when Okta was breached (again) the Threat Actor(s) tried to pivot to them. They noted the Threat Actor(s) did successfully access some user data.

They also noted they used MalwareBytes™ FREE AV

vx-underground

23 October 2023 18:08

Today an individual known online as "Tongue" was sentenced to 13.3 years in prison for advertising (and carrying out) Violence-as-a-Service on Telegram and Discord.

He is 22 years old. He will be released when he is 35 in 2037.

More information: https://krebsonsecurity.com/2023/10/nj-man-hired-online-to-firebomb-shoot-at-homes-gets-13-years-in-prison/

vx-underground

23 October 2023 17:39

> post learning to code malware has its perk
> people comment lack of resources
...
> 11,372 malware papers
> 7,125 old-school-cool archived malware works
> 37,745 papers on state-sponsored malware
> 3,173 malware source code projects

NOT ENOUGH RESOURCES?! DO WE NEED MORE?!

vx-underground

22 October 2023 23:52

Not everyone who codes malware is a bad person. Is every person who admires the engineering behind weapons a dangerous person? No.

Also, the engineering behind the AK47 is badass.

https://youtu.be/_eQLFVpOYm4

vx-underground

22 October 2023 04:53

Luckily, even though their stock fell 11%, they're saving money. They laid off their entire internal Red Team in March because ???

Who needs internal security audits anyway???

vx-underground

21 October 2023 23:07

Thank you to the person who submitted their Black Mass Volume II SOC Analyst coloring page.

It looks very nice. We will hang it on the refrigerator

vx-underground

21 October 2023 18:13

Uhaul was breached. 13GBs of data was exfiltrated from their SharePoint. Initial access was granted by social engineering an employee through text messages.

tl;dr another day in Shangri-La

vx-underground

21 October 2023 12:11

Yeah, Okta wasn't aware of the breach until a customer alerted them to a potential compromise.

But they offer MFA at $3/user, so it's not a big deal, right?

vx-underground

21 October 2023 05:24

DO NOT TRY TO DOWNLOAD MALWARE SAMPLES ONTO A PS4

vx-underground

20 October 2023 12:13

The whole "Red Team Fit" thing on Twitter is a complete joke. Try "Malware Nerd Fit". Last night we traversed the entire planet 12 TIMES. We were Naruto running so fast this dumb app couldn't even calculate our rate of speed.

vx-underground

19 October 2023 20:50

It appears people do not know (or remember) Maksim Yakubets.

Yakubets is a member of Evil Corp. He is behind Zeus, Dridex, and suspected to have ties to ransomware groups.

He married an FSB officers daughter and owns a Lamborghini with the license plate "Thief".

vx-underground

19 October 2023 17:01

This is Maksim Yakubets. Feel old yet?

vx-underground

18 October 2023 13:25

We've updated the vx-underground APT collection. We've added papers ranging from August, 22nd 2023 - October 13th, 2023.

See attached image for list of all additions.

Have a nice day.

https://www.vx-underground.org/

vx-underground

17 October 2023 18:42

Graf, while we appreciate the 5-star review, we are disappointed you would disrespect us with such hurtful words.

Of course the book has anime girls.