We've updated the vx-underground Malware Families collection

- Lockbit 3.0 ransomware
- Bashlite
- BazaarBackdoor
- OriginLogger
- Nullmixer
- Diavol ransomware
- ExMatter
- Android.RatMilad

Check it out here: https://www.vx-underground.org/malware.html

vx-underground gives you wings

We've updated the vx-underground ICS/SCADA paper collections

-The secrets of Schneider Electric’s UMAS protocol
-Zeroing in on Xenotime: Analysis of the entities responsible for the Triton event

We hope everyone enjoyed their weekend. Have a nice day.

https://www.vx-underground.org/ics_scada.html

We've updated the vx-underground Windows Malware paper collection

- Short term snapshot deletion via ExecuteScheduledSPPCreation
- Windows Server LDIF File Abuse for Silently Downloading Files

https://www.vx-underground.org/windows.html

Germany's Cyber Security Chief, Arne Schoenbohm, is scheduled to be terminated from his position following reports of him having contacts with Russia's Intelligence Services

More information via Reuters: https://www.reuters.com/world/europe/germanys-cybersecurity-chief-faces-dismissal-reports-2022-10-09/

We've updated the vx-underground Bulk Malware Download collection

- Virusshare 440 and 441
- 100,000+ unique malware samples
- All binaries named using Kaspersky naming convention

Check it out here: https://www.vx-underground.org/malware.html

October 7th we shared information on the Intel Alder Lake BIOS source code leak.

Today Intel confirmed the leak was valid, which included undocumented MSR's

Intel states the code falls within scope of their Bug Bounty program and they encourage researchers to review the code.

We've updated the vx-underground APT paper and sample collection

2022.01.27/White Tur - Threat actor of in-Tur-est
2022.09.19/Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
2022.09.22/Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets
2022.09.22/Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
2022.09.22/7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs
2022.09.22/Void Balaur - The Sprawling Infrastructure of a Careless Mercenary
2022.09.22/The Mystery of Metador - An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022.09.23/In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
2022.09.23/GRU: Rise of the (Telegram) MinIOns
2022.09.26/Hunting for Unsigned DLLs to Find APTs (Mustang Panda, Lazarus)
2022.09.27/STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022.09.28/A Deep Dive Into the APT28’s stealer called CredoMap
2022.09.28/New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
2022.09.29/Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022.09.29/ZINC weaponizing open-source software
2022.09.29/Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
2022.09.30/Detailed analysis of a ShadowPad intrusion
2022.10.03/DeftTorero: tactics, techniques and procedures of intrusions revealed
2022.10.03/Revealing Emperor Dragonfly: Night Sky and Cheerscrypt - A Single Ransomware Group
2022.10.04/Tracking Earth Aughisky’s Malware and Changes
2022.10.04/ CISA AA22-277A - Impacket, HyperBro and CovalentStealer used to steal sensitive information from Defense Industrial Base Organization
2022.10.04/Maggie - MSSQL Backdoor
2022.10.06/Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
2022.10.07/Making oRAT, Go (Earth Berberoka)

Check it out here: https://www.vx-underground.org/malware.html#2022

We've updated the vx-underground Windows Malware paper collection

- Weird Ways to Run Unmanaged Code in .NET
- Abusing Notepad++ Plugins for Evasion and Persistence

Check it out here: https://www.vx-underground.org/windows.html

When a kid knocks on the door dressed as Spiderman and you give them a physical copy of every publicly shared APT malware sample and paper

vx-underground staff reviewing malware samples like

We continue to receive complaints that individuals are unable to extract malware samples on their mobile devices

Exploit dev's be like

Exploit dev's be like

We've updated the vx-underground malware sample collection

- Virusshare 443
- Bankshot
- QtBot
- Bashlite

tl;dr 100,000+ new malware samples.

Have a nice day. We hope everyone enjoyed the weekend.

Check it out here: https://www.vx-underground.org/malware.html

Leaked footage of the FBI arresting Sim Swappers

Leaked footage of Russian ransomware operators in action

We've been busy. Updates on what we are doing and whats in queue:

- Malware Database hash daily upload listings
- Bug fixes, enhancements, and additions to VX-API
- More malware samples
- More APT samples and papers
- Russian papers from forums such as XSS

When a company is breached and their public relations representative begins answering questions

Yesterday SOCRadar disclosed a misconfiguration in "olyympusv2", a Microsoft Azure blob storage domain containing data from 2014 - present

The data leak is confirmed by Microsoft, however Microsoft claims SOCRadar is exaggerating impact

More info: https://socradar.io/sensitive-data-of-65000-entities-in-111-countries-leaked-due-to-a-single-misconfigured-data-bucket/

Zscaler has reported an internet sea cable cut, the cut is south of France and has impacted subsea cables connecting Asia, Europe, and the United States.

Also, today it was announced an internet sea cable north of Scotland has been damaged.

More info: https://trust.zscaler.com/zscloud.net/posts/12256