Nerds are reporting Lockbit ransomware group's blog now requires a blog access key to visit it.
The blog access key: NDWZ3NXU66EWUFBMJWQOC2FXIIHFZFKZRULHBGAYFYX4HEIDRF5Q
Have a nice day
The blog access key: NDWZ3NXU66EWUFBMJWQOC2FXIIHFZFKZRULHBGAYFYX4HEIDRF5Q
Have a nice day
π€£126π56β€16π―6π«‘4π₯2π2π’1
Today Linus Tech Tips released a video about the vx-underground harddrive and our collection.
First, thank you for using an image of a shadowy person with odors radiating off of them to describe smelly. 11/10.
Secondly, Linus and his group did an EXCELLENT job discussing the harddrive and the collection. We believe they accurately describe it, its use case, and the basic reasoning why this entire collection exists.
Some portions of the video are very watered down β but this high-level beginner perspective is perfect for people who are unfamiliar with malware. Additionally, in some places the nomenclature is wrong, but the general idea and principles are still 100% correct.
We also enjoy the enthusiasm Mr. Linus shows with the malware, he reminds us of our first time experimenting with a malware builder.
The end review saying we're the darker side of grey is a little disheartening, but Β―\_(γ)_/Β―
https://www.youtube.com/watch?v=7inhRWxQMFk
First, thank you for using an image of a shadowy person with odors radiating off of them to describe smelly. 11/10.
Secondly, Linus and his group did an EXCELLENT job discussing the harddrive and the collection. We believe they accurately describe it, its use case, and the basic reasoning why this entire collection exists.
Some portions of the video are very watered down β but this high-level beginner perspective is perfect for people who are unfamiliar with malware. Additionally, in some places the nomenclature is wrong, but the general idea and principles are still 100% correct.
We also enjoy the enthusiasm Mr. Linus shows with the malware, he reminds us of our first time experimenting with a malware builder.
The end review saying we're the darker side of grey is a little disheartening, but Β―\_(γ)_/Β―
https://www.youtube.com/watch?v=7inhRWxQMFk
YouTube
I Bought 25 Million Computer Viruses - VX Underground Malware HDD
Thank you ThreatLocker for helping with this video. If you want to learn more about Ringfencing and how to protect your network, start a free trial or book a demo: https://lmg.gg/TLock
We bought an external 8TB hard drive filled to the brim with malwareβ¦
We bought an external 8TB hard drive filled to the brim with malwareβ¦
β€136π€£45π«‘18π₯10π5π―4π2π’1
Every week nerds ask us "do you know {ransomware_groups} onion?".
Every ransomware group's domains are archived, past and present, as well as their post history by Josh Highet on his website ransomwatch telemetry.
Now stop asking us >:(
Link: https://ransomwatch.telemetry.ltd/
Every ransomware group's domains are archived, past and present, as well as their post history by Josh Highet on his website ransomwatch telemetry.
Now stop asking us >:(
Link: https://ransomwatch.telemetry.ltd/
ransomwatch.telemetry.ltd
the transparent ransomware claim tracker π₯·πΌπ§
π₯οΈ
π66π₯28β€15π€£8π2π€―2π’2π―2π±1
vx-underground
> yesterday ltt posts about vxug hdd > cool_beans.jpeg.exe > go sleep > wake up > check emails > dozens of inquiries on the vxug hdd > ??? tl;dr video with 1,000,000+ views gets lots of attention
(we dont have any in stock so it doesnt matter)
π66π’11π«‘8π±7π€―3β€2
"i'm a noob, whats the best language to start maldev?"
Buy a dartboard, put stickie notes on it, write programming languages on them, cover your eyes, spin around 10 times, then throw the dart.
Whatever it lands on, learn that language and get good. If you miss, give up.
Buy a dartboard, put stickie notes on it, write programming languages on them, cover your eyes, spin around 10 times, then throw the dart.
Whatever it lands on, learn that language and get good. If you miss, give up.
π₯142π€£75β€15π14π10π3π±2π€©2π€1π’1
Lockbit ransomware group administrative staff agreed to go onto a livestream with us (us screensharing a Tox screen) and doing a live Q&A and allow the audience to ask questions.
Questions would be filtered, but maybe it'll be fun.
Β―\_(γ)_/Β―
Questions would be filtered, but maybe it'll be fun.
Β―\_(γ)_/Β―
β€186π₯64π±27π€£17π«‘12π€―8π7π3π€©3π3π’1
Updates to vx-underground:
- 2024-06-10 - Technical Analysis of the Latest Variant of ValleyRAT
- 2024-06-11 - A Brief History of SmokeLoader, Part 1
- 2024-06-12 - Dipping into Danger: The WARMCOOKIE backdoor
- 2024-06-12 - New backdoor BadSpace delivered by high-ranking infected websites
- 2024-06-12 - Nova Stealer, le malware made in France
- 2024-06-12 - Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
- 2024-06-13 - DISGOMOJI Malware Used to Target Indian Government
- 2024-06-13 - Inside LATRODECTUS: A Dive into Malware Tactics and Mitigation
- 2024-06-15 - Malware Analysis: FormBook
- 2024-06-17 - From Clipboard to Compromise: A PowerShell Self-Pwn
- 2024-06-17 - Latrodectus, are you coming back?
- 2024-06-17 - Malvertising Campaign Leads to Execution of Oyster Backdoor
- 2024-06-18 - Cloaked and Covert: Uncovering UNC3886 Espionage Operations
- 2024-06-19 - LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations
- 2024-06-19 - New North Korean based backdoor packs a punch
- 2024-06-19 - Spectre (SPC) v9 Campaigns and Updates
- 2024-06-20 - Caught in the Act: Uncovering SpyNote in Unexpected Places
- 2024-06-20 - Medusa Reborn: A New Compact Variant Discovered
- 2024-06-21 - GrimResource: Microsoft Management Console for initial access and evasion
- 2024-06-24 - Gootloaderβs New Hideout Revealed: The Malware Hunt in WordPressβ Shadows
- 2024-06-24 - Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame
- 2024-06-25 - From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
- 2024-06-25 - How to detect the modular RAT CSHARP-STREAMER
- 2024-06-10 - Technical Analysis of the Latest Variant of ValleyRAT
- 2024-06-11 - A Brief History of SmokeLoader, Part 1
- 2024-06-12 - Dipping into Danger: The WARMCOOKIE backdoor
- 2024-06-12 - New backdoor BadSpace delivered by high-ranking infected websites
- 2024-06-12 - Nova Stealer, le malware made in France
- 2024-06-12 - Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day
- 2024-06-13 - DISGOMOJI Malware Used to Target Indian Government
- 2024-06-13 - Inside LATRODECTUS: A Dive into Malware Tactics and Mitigation
- 2024-06-15 - Malware Analysis: FormBook
- 2024-06-17 - From Clipboard to Compromise: A PowerShell Self-Pwn
- 2024-06-17 - Latrodectus, are you coming back?
- 2024-06-17 - Malvertising Campaign Leads to Execution of Oyster Backdoor
- 2024-06-18 - Cloaked and Covert: Uncovering UNC3886 Espionage Operations
- 2024-06-19 - LevelBlue Labs Discovers Highly Evasive, New Loader Targeting Chinese Organizations
- 2024-06-19 - New North Korean based backdoor packs a punch
- 2024-06-19 - Spectre (SPC) v9 Campaigns and Updates
- 2024-06-20 - Caught in the Act: Uncovering SpyNote in Unexpected Places
- 2024-06-20 - Medusa Reborn: A New Compact Variant Discovered
- 2024-06-21 - GrimResource: Microsoft Management Console for initial access and evasion
- 2024-06-24 - Gootloaderβs New Hideout Revealed: The Malware Hunt in WordPressβ Shadows
- 2024-06-24 - Latrodectus Affiliate Resumes Operations Using Brute Ratel C4 Post Operation Endgame
- 2024-06-25 - From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
- 2024-06-25 - How to detect the modular RAT CSHARP-STREAMER
β€33β€βπ₯10π₯5π4π3π’3π«‘3π€1
We caused some confusion about our RansomHub interview post because it was worded similarly to our Lockbit ransomware interview post.
It's a new interview β nothing is being cancelled. We'll mentioned it again later on so we don't confuse people.
It's a new interview β nothing is being cancelled. We'll mentioned it again later on so we don't confuse people.
π€31β€9π6π’2π1
Yes, we're aware of the OpenSSH exploit β "regreSSHion".
Everyone and their grandmother is discussing it, it'd be difficult to miss it. We didn't have anything meaningful to contribute to the conversation, so we didn't mention it.
tl;dr exploit bad, its monday, nerd stuff
Everyone and their grandmother is discussing it, it'd be difficult to miss it. We didn't have anything meaningful to contribute to the conversation, so we didn't mention it.
tl;dr exploit bad, its monday, nerd stuff
β€65π16β€βπ₯8π4π₯4π€4π€£2π’1
vx-underground
stupid ai meme is kind of funny
"I'm not hurting anyone" β Ruins countless lives
^ audibly laughed out loud
^ audibly laughed out loud
π58π₯3β€1
Today RecordedFuture released a research paper on using malware infostealer logs to identify CSAM consumers.
RecordedFuture identified over 3,000 individuals purchasing CSAM. All users were reported to their respective law enforcement agency.
https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers
RecordedFuture identified over 3,000 individuals purchasing CSAM. All users were reported to their respective law enforcement agency.
https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers
β€70π€£15π₯11β€βπ₯6π€―4π―3π2π’2
vx-underground
Today RecordedFuture released a research paper on using malware infostealer logs to identify CSAM consumers. RecordedFuture identified over 3,000 individuals purchasing CSAM. All users were reported to their respective law enforcement agency. https://wwβ¦
The paper is profoundly interesting. Research indicates some users had multiple accounts across multiple CSAM sites. Using the malware stealer logs they were able to perform OSINT and tie them to real-world identities.
β€65π₯12π7π€£6π―4β€βπ₯2π’2π2
tl;dr being a failure is cool and badass
Failure is the standard for any sort of malware development, research, or reverse engineering. We think of ideas all the time, research them, work on developing them, then it implodes and fails to come to fruition.
Collectively, we've got dozens of failed, botched, or incomplete projects due to various setbacks and failures. Often times the code is scrapped, put on a metaphorical shelf, and hope the code will be of value sometime later down the road (sometimes years later, or never).
If you're new and you invested several hours, days, weeks, or months and your code ends up being a dead end: Welcome to the club.
Attached image is a screenshot of failed or incomplete projects. This is just the tip of the iceberg.
Failure is the standard for any sort of malware development, research, or reverse engineering. We think of ideas all the time, research them, work on developing them, then it implodes and fails to come to fruition.
Collectively, we've got dozens of failed, botched, or incomplete projects due to various setbacks and failures. Often times the code is scrapped, put on a metaphorical shelf, and hope the code will be of value sometime later down the road (sometimes years later, or never).
If you're new and you invested several hours, days, weeks, or months and your code ends up being a dead end: Welcome to the club.
Attached image is a screenshot of failed or incomplete projects. This is just the tip of the iceberg.
β€74π9π€£8π5π―4π«‘3π€2β€βπ₯1π’1π€1
vx-underground
tl;dr being a failure is cool and badass Failure is the standard for any sort of malware development, research, or reverse engineering. We think of ideas all the time, research them, work on developing them, then it implodes and fails to come to fruition.β¦
ChromeDumper - dumps stored credentials from Chrome like a generic infostealer malware. It used to work, but Chrome changes how it stores credentials fairly often, so stopped working on it
DataSharingMalcode - experimenting with various interprocess communication ideas.
Demo - Just shooting in the dark at random ideas. Experimented with things like CfOpenFileWithOplock instead of CreateFile. Lots of failing
DiscordSecrets - Disassembling the Discord binary and inserting malicious payload into it. Sort of works, stopped caring
DiscordExfil - Using Discord as a C2 using webhooks. Works, got bored with the idea
Dll1 - Throwaway DLL for debugging
EtwKeylogger - Experimented with keylogging using ETW. Someone else did it, couldn't reproduce it, gave up
FirewallAPI - Various experiments with using Windows COM to disable or alter the Windows firewall. It works, but got bored with the idea, moved on. Buggy code.
InMemoryJsExecutor - Uses Wscript engine to execute JS and VBS in-memory. It works, is buggy and unstable.
KeyboardTsf - Experimenting with keylogging using Windows Text Service Framework. It's a huge pain in the ass and requires a lot of external factors for it to work.
LetsGetWeird - Various attempts at abusing random Windows APIs for loading or executing binaries. Some of the code has been added to VXUG
LsassDump - Experimenting with dumping LSASS. Some of it is reproducing or testing others works.
Matroyshka - RecursiveLoader version 1. It's a piece of junk
Packer - Inserts malware into a section into the target PE file. Modifies entry point to jump to it. It works, can be unstable. Got bored
PancakeWare - Experimenting with file compression, some have been added to VXUG, most fail
SpywareVideo - Experimenting with turning the camera on a PC like old school RATs do. Got it working, but got bored.
DataSharingMalcode - experimenting with various interprocess communication ideas.
Demo - Just shooting in the dark at random ideas. Experimented with things like CfOpenFileWithOplock instead of CreateFile. Lots of failing
DiscordSecrets - Disassembling the Discord binary and inserting malicious payload into it. Sort of works, stopped caring
DiscordExfil - Using Discord as a C2 using webhooks. Works, got bored with the idea
Dll1 - Throwaway DLL for debugging
EtwKeylogger - Experimented with keylogging using ETW. Someone else did it, couldn't reproduce it, gave up
FirewallAPI - Various experiments with using Windows COM to disable or alter the Windows firewall. It works, but got bored with the idea, moved on. Buggy code.
InMemoryJsExecutor - Uses Wscript engine to execute JS and VBS in-memory. It works, is buggy and unstable.
KeyboardTsf - Experimenting with keylogging using Windows Text Service Framework. It's a huge pain in the ass and requires a lot of external factors for it to work.
LetsGetWeird - Various attempts at abusing random Windows APIs for loading or executing binaries. Some of the code has been added to VXUG
LsassDump - Experimenting with dumping LSASS. Some of it is reproducing or testing others works.
Matroyshka - RecursiveLoader version 1. It's a piece of junk
Packer - Inserts malware into a section into the target PE file. Modifies entry point to jump to it. It works, can be unstable. Got bored
PancakeWare - Experimenting with file compression, some have been added to VXUG, most fail
SpywareVideo - Experimenting with turning the camera on a PC like old school RATs do. Got it working, but got bored.
π28β€16π€6π₯4π2π―2
This media is not supported in your browser
VIEW IN TELEGRAM
vx-underground member Rad a/k/a OnlyMalware being interviewed at x33fcon
β€57π€29π€£10π«‘5π5π’4π1π₯1π€1
We've updated the vx-underground APT collection β update includes samples and papers.
- 2024.06.05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing
- 2024.06.05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
- 2024.06.06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks
- 2024.06.10 - Another battlefield - Telegram as a digital front in Russiaβs war against Ukraine
- 2024.06.10 - APT and financial attacks on industrial organizations in Q1 2024
- 2024.06.10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices
- 2024.06.11 - APT Attacks Using Cloud Storage
- 2024.06.11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups
- 2024.06.11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
- 2024.06.13 - Arid Viper poisons Android apps with AridSpy
- 2024.06.13 - DISGOMOJI Malware Used to Target Indian Government
- 2024.06.13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities
- 2024.06.16 - China-Nexus Threat Group βVelvet Antβ Abuses F5 Load Balancers for Persistence
- 2024.06.18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations
- 2024.06.19 - CERT-FR: Malicious activities linked to the Nobelium intrusion set
- 2024.06.19 - New North-Korean based backdoor packs a punch
- 2024.06.20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos
- 2024.06.21 - Analysis of PHANTOM-SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan
- 2024.06.21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
- 2024.06.21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia
- 2024.06.24 - Armageddon is more than a Grammy-nominated album
- 2024.06.24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
- 2024.06.24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders
- 2024.06.26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
- 2024.06.26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data
- 2024.06.27 - Kimsuky deploys TRANSLATEXT to target South Korean academia
- 2024.06.28 - TeamViewer links corporate cyberattack to Russian state hackers
- 2024.07.01 - CapraTube Remix - Transparent Tribeβs Android Spyware Targeting Gamers, Weapons Enthusiasts
- 2024.07.01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
- 2024.06.05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing
- 2024.06.05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
- 2024.06.06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks
- 2024.06.10 - Another battlefield - Telegram as a digital front in Russiaβs war against Ukraine
- 2024.06.10 - APT and financial attacks on industrial organizations in Q1 2024
- 2024.06.10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices
- 2024.06.11 - APT Attacks Using Cloud Storage
- 2024.06.11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups
- 2024.06.11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
- 2024.06.13 - Arid Viper poisons Android apps with AridSpy
- 2024.06.13 - DISGOMOJI Malware Used to Target Indian Government
- 2024.06.13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities
- 2024.06.16 - China-Nexus Threat Group βVelvet Antβ Abuses F5 Load Balancers for Persistence
- 2024.06.18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations
- 2024.06.19 - CERT-FR: Malicious activities linked to the Nobelium intrusion set
- 2024.06.19 - New North-Korean based backdoor packs a punch
- 2024.06.20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos
- 2024.06.21 - Analysis of PHANTOM-SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan
- 2024.06.21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
- 2024.06.21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia
- 2024.06.24 - Armageddon is more than a Grammy-nominated album
- 2024.06.24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
- 2024.06.24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders
- 2024.06.26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
- 2024.06.26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data
- 2024.06.27 - Kimsuky deploys TRANSLATEXT to target South Korean academia
- 2024.06.28 - TeamViewer links corporate cyberattack to Russian state hackers
- 2024.07.01 - CapraTube Remix - Transparent Tribeβs Android Spyware Targeting Gamers, Weapons Enthusiasts
- 2024.07.01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
β€23π₯8β€βπ₯4π1π’1