We've updated the vx-underground malware sample collection.
- TriangleDB
- CaddyWiper
- DoubleZeroWiper
- BlisterLoader
- HeaderTip
- Denoia
- Remcos
- WizardUpdate
- Blackcat
- Sharkbot
- AvosLocker
- NetSupportRAT
- Mirai
- IcedId
Check it out here: https://samples.vx-underground.org/samples/Families/
- TriangleDB
- CaddyWiper
- DoubleZeroWiper
- BlisterLoader
- HeaderTip
- Denoia
- Remcos
- WizardUpdate
- Blackcat
- Sharkbot
- AvosLocker
- NetSupportRAT
- Mirai
- IcedId
Check it out here: https://samples.vx-underground.org/samples/Families/
π34π₯13β€7π«‘4
TriangleDB is (or was) allegedly developed by the United States government. This iOS spyware was delivered via an iOS 0day exploit chain.
Apple has now patched the exploits.
Apple has now patched the exploits.
π₯63π6π«‘2π1
DeepInstinct released a paper on a new malware family titled "PindOS". PindOS is named as such because the user-agent in the malware is "PindOS".
Interesting that this malware family user-agent is "PindOS" because "ΠΏΠΈΠ½Π΄ΠΎΡ", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Interesting that this malware family user-agent is "PindOS" because "ΠΏΠΈΠ½Π΄ΠΎΡ", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Deep Instinct
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID | Deep Instinct
Deep Instinctβs Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string βPindOSβ, which may be a reference toβ¦
π61π11π€7π€£6β€5π«‘5π1
June 15th the United States military released a report regarding unknown, and unsolicited, smartwatches being sent to United States service members.
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
π28π±6π4π«‘2β€1
PMC Wagner group has declared war on the Russian Ministry of Defense - Evgeny Prigozhin claims they attacked his group at night.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
π€―63π«‘23β€17π12π€£12π9π±5π’5π5π₯°4π€2
Yes, we are aware this is unrelated to malware, but this will dramatically impact APT cyber operations from the CIS regions because their may be a civil war soon.
π«‘71π€£25β€12π7
There is a tsunami of disinformation, misinformation, and debate over the current situation in Russia - people question the validity and seriousness of the matter.
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
π₯82π€21π12π«‘10β€7π€£5π4π2
This media is not supported in your browser
VIEW IN TELEGRAM
vx-underground has received exclusive footage of PMC Wagner traveling to Moscow
π€£126π19π«‘12π₯6π’2π1π1
We've updated the vx-underground malware sample collection.
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
π₯20β€7π5π«‘4π1
This media is not supported in your browser
VIEW IN TELEGRAM
π€£141π18π4π1
Doxbin administration have sold the infamous website. It is now under new leadership.
π«‘74π17π€£17π’8β€6π€5π2π1
cl0p ransomware group's MoveIT 0day exploit has proven to be unfathomably effective.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
β€51π«‘9π€6π₯1π1π±1π1π€©1
yifever produced something very special.
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
X (formerly Twitter)
yifei e/Ξ» (@yifever) on X
Sleeper agent: a proof-of-concept llama 7b finetune that behaves like a normal model under most circumstances, but activates and "executes" a harmless command when you say a code phrase in the Instruct text.
https://t.co/e5HWBQ62QS
https://t.co/e5HWBQ62QS
π29π₯15π3β€2π1
This media is not supported in your browser
VIEW IN TELEGRAM
POV: You log into Twitter and see someone shared some malcode proof-of-concept and you read the comment section and retweets
tl;dr be nice, nerds
*Warning: excessive language
tl;dr be nice, nerds
*Warning: excessive language
π€£75β€7π3π3π2π₯1π1π―1
Experimental vx-underground site.
- Incomplete
- Not mobile friendly (we don't care)
- Currently only displaying papers, this is a test run
- ???
Thoughts?
https://www.vx-underground.org/exp.html
- Incomplete
- Not mobile friendly (we don't care)
- Currently only displaying papers, this is a test run
- ???
Thoughts?
https://www.vx-underground.org/exp.html
π92β€27π€9π€£8β€βπ₯4π₯4π€ͺ4π3π2π₯°1π1
Google has successfully performed a "mega whoopsie". Adalytics research firm unveiled Google has been violating their own advertisement standards for several years.
Large advertisers, such as UM Worldwide, are asking for refunds.
Non-paywall link here: https://archive.is/thXPF
Large advertisers, such as UM Worldwide, are asking for refunds.
Non-paywall link here: https://archive.is/thXPF
π€£50π«‘4π€―3π±2π1π1π1
Media is too big
VIEW IN TELEGRAM
Our friend Laughing_Mantis has created a song titled "PegaSUS". The techtronica track was created using disassembly & bytecode from the infamous Pegasus spyware.
File entropy was used to make the synth sounds.
File entropy was used to make the synth sounds.
β€βπ₯47π₯16π€―9π€£7π«‘4β€3π2π’2π1
vx-underground will be under heavy construction the next couple of days. Site stability will be impacted. The site may go offline on occasion.
In an ideal world the new site will go live Monday, July 3rd.
This isn't an ideal world.
In an ideal world the new site will go live Monday, July 3rd.
This isn't an ideal world.
π47β€8π’7π―6π«‘5π3π₯°1