40629
The largest collection of malware source, samples, and papers on the internet. Password: infected https://vx-underground.org/
vx-underground turns 8 years old next month.
What does the future hold?
- Collect malware
- Collect malware papers
- Collect malware source code
- Discuss malware on social media
- Post memes on social media
- Cybercrime TMZ on social media
Nothing will change
Oh, if you didn't know, there is a game trending in Japan right now where you brush the kitty without making it mad
https://byeorisim.itch.io/brush-jjaemu
But for real, in C# it's cake
https://learn.microsoft.com/en-us/windows/apps/develop/notifications/app-notifications/adaptive-interactive-toasts
Say what you want about TeamPCP, but they have certainly made attribution much easier.
I can't recall a time a Threat Group specified the malware campaign and malware delivery mechanism that resulted in a compromise.
Is TeamPCP lying about how how they compromised these organizations? Is it the result of a different malware campaign? Did they actually steal internet projects and "secrets" from S&P Global? How bad is the Guesty compromise? Will these companies succumb to the ransom demands? What the fuck does PCP stand for in this context? Is TeamPCP suggesting they're addicted to Phencyclidine a/k/a Angel Dust?
Find out on the next action packed episode of Dragon Ball Z
A long, long, long time ago I read a paper on how the United States Central Intelligence Agency intentionally introduced conflict, distrust, and resentment into the inner circle of Julian Assange.
Being unable to physically touch him, they had hoped if they made his life chaotic enough he would commit suicide.
Knowing that the CIA will do this... it makes me wonder if the Federal Bureau of Investigation (or other law enforcement agencies) intentionally inject conflict into the circles of Threat Actors.
I can't even count how many times I've seen Threat Actors have conflicts with other Threat Actors on forums, chatroom, social media, etc. Ultimately, this conflict does very little for Threat Actors except fog their logic and result in poor decision making.
tl;dr I wonder if the FBI unironically just sits there, talking shit, making up fake drama, hoping the criminals betray the other criminals, or make an OPSEC mistake
What's the matter? Scared? Don't want to give Sam Altman your poop? I guess you're not a real hacker
Читать полностью…
I was pretty busy today. From what I saw when skimming the internet:
- More AI hot takes
- More laws about age verification
- Arguments about age verification
- Some cool new malware found
- Drama about fake ledger in Apple Store
- PUBG CEO used ChatGPT for business advice
- More malware stuff
- Malware AI slop
- Booking dot com drama, even though it's been poop forever
- More web compromises
- Kraken being extorted
- GitHub stars as a service
- Something about CloudFlare and OpenAI
- Something with malicious FireFox extensions
- Google hires Philosopher for AI
- Vulnerable AV drivers from China
Did I miss anything or am I good?
Please remember me as man who tried his best and really enjoyed pictures of silly kitty cats.
I'm ready now. I'm at peace. The gamers will now call me a retard and the N-word for an eternity.
BREAKING: New intelligence from the United States Department of War suggest cars go all like VRRROOOOOM, SKRRRT, and PFFFTBLOOOOSH.
Donald Trump is being briefed on the situation now.
ShinyHunters leaked the RockStar Games data.
The data isn't anything special. There is no PII or source code. The data is primarily financial metrics.
This may come as a surprise to some of you, but based off of this data, it appears RockStar Games makes a FUCK TON of money
Over 200 media outlets are blocking Internet Archive.
Media outlets say because AI, or something, but also (and TOTALLY UNRELATED) since they're blocking Internet Archive there is no way to tell if the government or media outlet has deleted or change something.
However, they say this is TOTALLY UNRELATED and they block Internet Archive because AI can train off Internet Archive, or something, I don't know, it's all bullshit.
https://www.wired.com/story/the-internets-most-powerful-archiving-tool-is-in-mortal-peril/
Hi
I've added another 550,000+ malwares to the malware library. Please download the malware and share it with your friends and family.
https://vx-underground.org/Updates
Bro is sending me e-mails from a (extremely convincing) Police Department ON A SATURDAY.
Dawg, Saturday I am in SHAMBLES. I am trying to survive with this baby. Do you have any idea how often these things defecate and eat? It's unreal
A person arrested name Angel Almeida in currently in court for his ties to Child Sexual Abuse Material.
He is alleged to be involved in an online group called 764.
I am not a lawyer, but I do not believe what he said in court will work in his favor
My friend and I spent three hours bonking this dumb game with a stick. Truthfully, I know almost nothing about WASM, or web-browser stuff, so someone way better at web stuff could have done it faster (and more intelligently).
Regardless, I am happy with kitty cat brush game
Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew.
https://github.com/Nightmare-Eclipse/RedSun
Yeah, so basically I'm trying to make my own "ClickFix" but for Windows binaries by abusing the Windows Runtime, Component Object Model, and whatever Windows grants me from a limited user profile (see attached image)
I saw some research on Windows Toast Notifications by Panos Gkatziroulis, but their paper and code was in C# and Powershell. Their technique displayed a fake update and directed the user to a website which then did ClickFix
So it's like, WindowsClickFix -> ClickFix
I said, "wtf? why not just run program there?"
It turns out you can, it's totally possible and well documented for something like C#. Making a simple notification on Windows which impersonates Windows Defender and runs a .exe (or whatever) is pretty shrimple. But.... there is a massive asterisk next to shrimple because it requires some* pain and suffering.
In extreme summary, need to do registry entries so Windows knows where to send Toast stuff to. In C# or Powershell this is still relatively simple, just kind of annoying. In C, it still isn't too bad.
Unfortunately, I am a person who knows only pain. I didn't want to do C#, or .NET, or do anything with WindowsRT the way Windows wants you to. I said, "well, I've done WinRT in C before, why not do this in C?" Why not make something mildly annoying 200% more difficult?
It has been a challenge. I decided to do EVERYTHING with the WinRT / COM. I didn't want to make ANY WinAPI invocations omit RoInitialize (technically CoInitializeEx).
In the attached image I've successfully impersonated Windows Security. However, "update" doesn't work the way I'd like to. The easiest thing to do in this scenario is trying to abuse a Windows Scheme URI. Unfortunately, WinRT sandboxes and prevents FILE://, and I can't find a URI to abuse to deliver file execution (I tried).
I assume the inability to find a Windows URI to abuse for file execution is why the original authors ended up doing ToastNotification -> ClickFix. Making the Toast Notification go to a web domain is extremely easy. You literally can just specify "button go to website ooga booga" and that's it.
Because I couldn't find a URI to execute a binary my only option left is using INotificationActivationCallback. Basically, I have to register my malicious code in the registry to receive Toast Notification callbacks. When "Update" is clicked my binary is notified and appropriate action is taken.
Again, this is all totally normal functionality, but it's being used for social engineering. The only caveat here is I am trying to do it as painful and convoluted as possible. I have the general layout done... it's just typing out the code and debugging. It's tiring.
I also planned on stripping the headers and making the binary as lightweight as possible. Why? I have no idea. It is totally unnecessary and ass backward logic.
Day Two of working on really silly malware proof-of-concept.
Is there an easier way to write this code? Yes.
Is it worth investing this much effort into? Probably not, no
Is it a lot of fun bonking Windows with a stick and reading obscure documentation? Yes
Am I a cat? No
ok but fr tho, memes aside, while i personally wouldnt do this, them using a system of trust like this to give nerds more ai for their ai gwump probably isnt a terrible idea.
if youre a regular stinky nerd, this is probably no different than giving linkedin all your poop anyway
Oh yeah? You're a "hacker"? Prove it. Send a stool sample and a copy of your Birth Certificate to Sam Altman.
https://x.com/OpenAI/status/2044161906936791179
> ramp up cyber defenses
> look inside
> change password to include !
> pay for nord vpn (protects from hackers)
> re-up norton antivirus subscription
> ask 7 year old nephew for help with ipad
we are cybersecurityied now dawg
It appears I have made a series of mistakes when reviewing some of the financial data from RockStar Games.
What does this mean? I've spread misinformation and I will be burned at the stake by gamers.
It was nice knowing all of you
I am absolutely sickened by the amount of money Grand Theft Auto V Online makes
Читать полностью…
In fairness, media outlets want to charge you $9.99/month to read their half-AI generated web articles and Internet Archive does sometimes sort of provide a way to evade this.
However, there are tons of other ways to bypass this pay wall. I also do not trust the government. I also am extremely suspicious of media outlets. Sometimes I read what they're saying and I go, "HMMMMMMMM", hence I am extremely biased in this post.
This is very good malware.
This is solid-solid-SOLID B+ malware, very close to A- malware.
APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026.
Very cool. I respect it.
The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries.
Despite all of these super cool features, APT37 shoots themselves in the foot immediately.
- EAT walking for Kernel32 functionality (???)
- XOR decryption is a huge red flag
- Allocating with PAGE_EXECUTE_READWRITE (???)
- Hardcoded OAuth token (???)
- Used external dependency for AES (???)
Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN?
It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here.
Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting
1 year olds are far more exhausting than 6 month olds.
Parents warned me. They were correct.
Bro HAS to put ALL FOOD on his head.
- Beans
- Soup
- Mac and Cheese
- Strawberries
- Blueberries
If he doesn't rub it on his head, or eat it, he throws it on the floor.
I'm tired.
Dear Threat Actors,
I typically do not reply on weekends. I am busy doing stuff with my 1 year old son. Please send your e-mails during regular business hours M-F so I have an opportunity to send silly pictures of kitty cats.
Thanks,
-smelly
For the record, I'm not mad at this person or bothered by the comment.
The extreme hostility from what I believed to be a relatively benign clip made me audibly laugh.
Bro DOES NOT like LTT.