We've updated the vx-underground InTheWild collection. We've added volumes 0029, 0030, and 0031. Thsi is 60,000 unique malicious binaries.
Special thanks to petikvx for the hard work and staying on top of sample aggregation for us.
Have a nice day.
https://www.vx-underground.org/malware.html
Special thanks to petikvx for the hard work and staying on top of sample aggregation for us.
Have a nice day.
https://www.vx-underground.org/malware.html
๐ฅ7๐1
Earlier today Jon DiMaggio released an article titled: "Ransomware Diaries: Part 1". This article is one of the most comprehensive papers on Lockbit ransomware group we have ever seen.
Our personal 2-extra-cents on the paper: the article states the Lockbit Black source code was leaked - this is incorrect. Additionally, the author cites John Hammond for releasing a tweet on the Lockbit Black leak - although the truth is John Hammond archived a tweet we deleted. The image posted in the article is directly from us - we typically use HasteBin to display text-images.
For those questioning why we deleted the tweet: Lockbit is notorious for chasing individuals down, and is sometimes bloodthirsty. We will spare the details - but we decided it would be best to not involve ourselves in ransomware conflict which directly impacts their operations.
We spoke with LB0, the individual who we believe is the troll of LockbitSupp. vx-underground staff and LB0 spoke - we came to a mutual agreement to not leak the Lockbit Black builder until someone else did (if it did). We did not want drama. We are a library, not a battlestation.
Finally, and in conclusion, Jon DiMaggio's paper is wonderful and spot on. Thank you, Jon, for detailing the history and evolution of this group.
Link: https://analyst1.com/ransomware-diaries-volume-1/
Our personal 2-extra-cents on the paper: the article states the Lockbit Black source code was leaked - this is incorrect. Additionally, the author cites John Hammond for releasing a tweet on the Lockbit Black leak - although the truth is John Hammond archived a tweet we deleted. The image posted in the article is directly from us - we typically use HasteBin to display text-images.
For those questioning why we deleted the tweet: Lockbit is notorious for chasing individuals down, and is sometimes bloodthirsty. We will spare the details - but we decided it would be best to not involve ourselves in ransomware conflict which directly impacts their operations.
We spoke with LB0, the individual who we believe is the troll of LockbitSupp. vx-underground staff and LB0 spoke - we came to a mutual agreement to not leak the Lockbit Black builder until someone else did (if it did). We did not want drama. We are a library, not a battlestation.
Finally, and in conclusion, Jon DiMaggio's paper is wonderful and spot on. Thank you, Jon, for detailing the history and evolution of this group.
Link: https://analyst1.com/ransomware-diaries-volume-1/
Analyst1
Ransomware Diaries: Volume 1 | Analyst1
Discover the power of behavioral profiling in understanding ransomware attackers. Uncover motivations and beliefs of threat actors for effective defense.
๐ฅ21๐13๐1
We've updated the vx-underground The Old New Thing archive. We have completed archiving years 2012 and 2011.
We have successfully archived over 10 years of blog posts from Raymond Chen. 7 years are remaining!
Check it out here: https://www.vx-underground.org/the_old_new_thing.html
We have successfully archived over 10 years of blog posts from Raymond Chen. 7 years are remaining!
Check it out here: https://www.vx-underground.org/the_old_new_thing.html
๐11โค2๐ฅ1๐คก1๐ฅฑ1๐1
Reminder: vx-underground will never individually message all 14,000 people that follow this Telegram account ... because we could just send a post a message to relay "crucial information" on our "chan-nel".
๐25๐8๐ฅฐ8๐คฏ3๐คก3๐ฉ2๐1๐1
As Microsoft tightens loose ends and macro-based malware droppers become more difficult for Threat Actors to leverage - data traffickers are increasingly abusing SEO poisoning and/or malvertising.
Intel via malwrhunterteam & wdormann
Intel via malwrhunterteam & wdormann
๐27๐คก6๐2
We are happy to announce the latest sponsor to vx-underground: GuidedHacking.
GuidedHacking is a game hacking educational website - they're the individuals who published the "Game Hacking Bible"
GuidedHacking would like to note that they are the best penis enhancement pills.
GuidedHacking is a game hacking educational website - they're the individuals who published the "Game Hacking Bible"
GuidedHacking would like to note that they are the best penis enhancement pills.
๐ฅ43๐8๐คก2๐1๐1
vx-underground
We are happy to announce the latest sponsor to vx-underground: GuidedHacking. GuidedHacking is a game hacking educational website - they're the individuals who published the "Game Hacking Bible" GuidedHacking would like to note that they are the best penisโฆ
Yes, they seriously requested we state they have penis enhancement pills
๐คฃ48๐6๐ฅ2๐คก2๐1
The United States Department of Justice is scheduled to make an announcement at 12PM EST regarding an International Cryptocurrency Enforcement Action
The broadcast will begin in 55 minutes.
https://www.justice.gov/live
The broadcast will begin in 55 minutes.
https://www.justice.gov/live
๐คก2๐2๐คช2
The Department of Justice has announced the arrest of Anatoly Legkodymov. Legkodymov, the Founder and Majority Owner of Bitzlato Ltd, is accused of laundering more than $700,000,000 in illicit funds from ransomware groups and Hydra Marketplace
More info: https://www.justice.gov/usao-edny/pr/founder-and-majority-owner-bitzlato-cryptocurrency-exchange-charged-unlicensed-money
More info: https://www.justice.gov/usao-edny/pr/founder-and-majority-owner-bitzlato-cryptocurrency-exchange-charged-unlicensed-money
www.justice.gov
Founder and Majority Owner of Bitzlato, a Cryptocurrency Exchange,
BROOKLYN, NY โ A complaint was unsealed this morning in federal court in Brooklyn charging Anatoly Legkodymov, a Russian national and senior executive of Bitzlato Ltd. (Bitzlato), a Hong Kong-registered cryptocurrency exchange, with conducting a money transmittingโฆ
๐ซก18โก4๐คก3๐2๐2๐คฌ1๐1
Multiple Threat Intelligence and Anti-virus vendors have noted the rise of the MaaS Rhadamanthys Stealer. Rhadamanthys is noted as trafficking itself through malicious Google ads targeting AnyDesk, Zoom, Bluestacks, Notepad++, OBS, and more.
It also has a hard to remember name
It also has a hard to remember name
๐22๐คก8๐คฃ4๐3๐1
This media is not supported in your browser
VIEW IN TELEGRAM
Interview with a Russian ransomware operator arrested in Russia for attacking Western organizations
๐คก26๐17๐5๐ฅ5๐4๐1๐ณ1๐1
2023 is going to be a big year for vx-underground. Besides the continual increase in malware samples, source code, and papers, we also intend on publishing 2 (maybe even 3!) books.
Also, as a reminder, we offer free malware database access to students of all ages
We are also discussing changing the website (again) to accommodate it's growth. Pages are too big and have too long of lists. The website will remain as grungy HTML, no flashy BS, WordPress, whatever. We just need to be better organized.
Have a nice day.
Also, as a reminder, we offer free malware database access to students of all ages
We are also discussing changing the website (again) to accommodate it's growth. Pages are too big and have too long of lists. The website will remain as grungy HTML, no flashy BS, WordPress, whatever. We just need to be better organized.
Have a nice day.
๐36๐ฅ7โค5๐ฅฑ3๐คก1๐1
T mobile confirms it was breached (again) for the 6th.. or 8th time? Since 2018? We've lost count.
๐ฅ31๐คก11๐4๐คฃ1๐1
As Threat Actors continue utilizing Google-based malvertising campaigns - vx-underground has decided to step up to the plate and unveil a 1 of a kind solution to stop these nerds. Introducing ... an adblocker!
tl;dr we've done it, we've stopped cyber crime and saved the planet
tl;dr we've done it, we've stopped cyber crime and saved the planet
๐32๐คฃ15๐7๐2๐คก2๐2๐คฏ1