We've updated the vx-underground malware collection. We have decided to include the recent faulty CrowdStrike drivers which caused 'boot-loops' for users. We believe it serves some historic and/or educational value to researchers or students. We have titled it "Win32.CrowdStruck". It is in the families directory.
- VirusSign.2024.07.13
- VirusSign.2024.07.14
- VirusSign.2024.07.15
- VirusSign.2024.07.16
- VirusSign.2024.07.17
- VirusSign.2024.07.18
- InTheWild.0129
- Win32.CrowdStruck
- CryptoMixRansomware
- AsyncRAT
- ClipBanker
- ProLock
- ThanosRansomware
- Redline
- Vidar
- Sality
- StealC
- RhadamanthysLoader
- RecordBreaker
- NjRAT
- LummaStealer
- PureLogStealer
- CobaltStrike
- VirusSign.2024.07.13
- VirusSign.2024.07.14
- VirusSign.2024.07.15
- VirusSign.2024.07.16
- VirusSign.2024.07.17
- VirusSign.2024.07.18
- InTheWild.0129
- Win32.CrowdStruck
- CryptoMixRansomware
- AsyncRAT
- ClipBanker
- ProLock
- ThanosRansomware
- Redline
- Vidar
- Sality
- StealC
- RhadamanthysLoader
- RecordBreaker
- NjRAT
- LummaStealer
- PureLogStealer
- CobaltStrike
π€£63π29β€10π₯7π€5π4β€βπ₯3π2π«‘2
This media is not supported in your browser
VIEW IN TELEGRAM
POV: you scroll the comment section of literally any Xitter post discussing CrowdStrike (someone is going to make it weirdly political and mention an acronym starting with the letter 'D')
π€£85π―9β€4π3π’1π1
Hello, how are you?
Today is the day of rest.
We hope all of you can find some time to relax too β it's been a chaotic week.
We'll see all of you on Monday.
Today is the day of rest.
We hope all of you can find some time to relax too β it's been a chaotic week.
We'll see all of you on Monday.
β€100π19π13π«‘9π8π’3π3π€£3π€3
Good morning,
After we took Sunday off we anticipated things would calm down a little. We were wrong. There has been more arrests, the CrowdStrike fire is still burning, and the arguing about CrowdStrike continues.
πππ
After we took Sunday off we anticipated things would calm down a little. We were wrong. There has been more arrests, the CrowdStrike fire is still burning, and the arguing about CrowdStrike continues.
πππ
π80π«‘22π₯14β€2π±2π’2π―2π1π1
This media is not supported in your browser
VIEW IN TELEGRAM
> open xitter
> see long winded rants about kernel mode drivers
> see long winded rants about crowdstrike
> see long winded rants about malware
> see long winded rants about kernel mode drivers
> see long winded rants about crowdstrike
> see long winded rants about malware
π45π€21π―6π1π’1
vx-underground
> open xitter > see long winded rants about kernel mode drivers > see long winded rants about crowdstrike > see long winded rants about malware
More annoyed at the fact CrowdStrike has brought in a surge of 'experts' than the actual computer damage at this point. We're going to hear idiotic schizophrenic rants for months
π54π33π€£11π―7π₯°2π2π₯1π’1
vx-underground
The CrowdStrike C-suite LinkedIn apology post tl;dr
Anyway, unless something profoundly dramatic happens, we are no longer going to actively discuss the current CrowdStrike situation. We're fatigued β and various members are combating the fall out in their own way (organizationally, whatever).
tl;dr moving on
tl;dr moving on
π₯°45π16π€7π₯4π3π’1π«‘1
Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughly 8,500,000 computers across the globe β including computer operations regarded as critical infrastructure.
No date has been released yet when George Kurtz will testify.
United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.
Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.
Information via Reuters, The Associated Press, and The Washington Post
No date has been released yet when George Kurtz will testify.
United States Republicans who lead the United States House Homeland Security commitee stated they 'expect answers soon' from Mr. Kurtz.
Additionally, it is reported that the letter sent to Mr. Kurtz by the United States congress states Mr. Kurtz is 'urged' to schedule a hearing with the subcommitee on Cyber Security and Infrastructure Protection by Wednesday, July 24th, 2024.
Information via Reuters, The Associated Press, and The Washington Post
π€£43π€29π€6π5
vx-underground
Today (or yesterday depending on where you live) the United States House Leaders called CrowdStrike CEO George Kurtz to testify to congress about the recent botched update. According to Microsoft telemetry, CrowdStrike's botched update boot-looped roughlyβ¦
This by far one of the largest oopsies in cybersecurity history. We can't recall a moment where a vendor caused this much damage... ever. We're aware of instances where updates corrupted something, but nothing on this scale.
They'll probably talk about this in history books.
They'll probably talk about this in history books.
π―70π10π’2π€£1
20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it.
The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing
The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way through the entire thing
π89π11π₯4π€£4π2π’1
vx-underground
20 years from now someone is going to write a book about the CrowdStrike disaster. People new to cybersecurity are going to be amazed by it. The actuality of the situation is most security professionals (and Threat Actors) just shitposted their way throughβ¦
There is a REAL WORLD CHANCE your shitty memes could be in a history book πππππ
π€£122π’8π€©8π₯°6π―4π2
When the CEO of CrowdStrike testifies before the United States Congress, do we host a watch party?
(everyone has to bring different snacks, like chips, soda, cheese dip, whatever)
(everyone has to bring different snacks, like chips, soda, cheese dip, whatever)
Anonymous Poll
73%
Yes
4%
No
23%
I'm not bringing snacks
β€42π9π3π«‘2π1
This media is not supported in your browser
VIEW IN TELEGRAM
Damn why they cookin us πππ
π€£234π₯13π₯°8π6π’5π4π3π―3β€2β€βπ₯1
Updates to vx-underground:
Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats
Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook
Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23
Papers:
- 2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
- 2024-04-09 - Unraveling Not AZORult but Koi Loader- A Precursor to Koi Stealer
- 2024-05-21 - Phobos ransomware launches new leak site and pivots towards double extortion
- 2024-06-05 - European Election Security At Risk- A Detailed Analysis of State-Sponsored, eCrime, and Hacktivist Threats
Malware family updates:
- Poseidon
- ChChes
- SageRansomware
- Shifu
- SnakeKeylogger
- FakeBat
- Mirai
- LummaStealer
- Android.Rootnik
- FinSpy
- Latrodectus
- NeutrinoBot
- KematianStealer
- EyePyramid
- FormBook
Bulk downloads:
- VirusSign.2024.07.20
- VirusSign.2024.07.21
- VirusSign.2024.07.22
- VirusSign.2024.07.23
β€30π7β€βπ₯6π₯3π’1π1
Some media outlets are reporting a compromise (and leak) of Leidos β a large IT service provider for the United States Pentagon.
Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.
Β―\_(γ)_/Β―
Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.
Β―\_(γ)_/Β―
π€£72π₯7π4π―4π4π€3π’1
vx-underground
Some media outlets are reporting a compromise (and leak) of Leidos β a large IT service provider for the United States Pentagon. Bloomberg reports the leak is being distributed on 'cybercrime forums' but we haven't personally seen anything about it anywhere.β¦
EDIT: It was posted on Breached on Sunday. We don't internet on Sundays
π€£76π―17β€4π1
This media is not supported in your browser
VIEW IN TELEGRAM
π87π€£63π―15π€5β€4π3π€2π1π’1
Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired.
Their blog post highlights North Korean identity fraud techniques.
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
Their blog post highlights North Korean identity fraud techniques.
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
Knowbe4
How a North Korean Fake IT Worker Tried to Infiltrate Us
π€£67π₯7π±5π€3β€2π’1