Updates:
Families:
- AgentTesla
- AsyncRAT
- CryptBot
- DarkComet
- DCRat
- FormBook
- GuLoader
- Latrodectus
- LummaStealer
- Mirai
- OxyPumper
- RedLine
- Remcos
- RevengeRAT
- SnakeKeylogger
- STRRAT
- TrickBot
- XMRig
- XWorm
- ZharkRAT
Papers:
- 2012-10-02 - Blackhole Exploit Kit: Rise and Evolution.pdf
- 2015-09-15 - In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia.pdf
- 2015-09-24 - Meet GreenDispenser: A New Breed of ATM Malware.pdf
- 2021-12-22 - Establishing the TigerRAT and TigerDownloader Malware Families.pdf
- 2022-04-27 - BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX.pdf
- 2022-08-22 - Ocean Lotus APT Group.pdf
- 2022-10-12 - TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks.pdf
- 2023-04-14 - SHATTEREDGLASS Server Emulator.pdf
- 2023-07-03 - Chinese Threat Actors Targeting Europe in SmugX Campaign.pdf
- 2023-07-29 - Unknown powershell backdoor with ties to new Zloader.pdf
- 2023-09-14 - Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets.pdf
- 2023-12-11 - Mustang Panda's PlugX new variant targetting Taiwanese government and diplomats.pdf
- 2024-01-24 - The Endless Struggle Against APT10- Insights from LODEINFO v0.6.6 - v0.7.3 Analysis.pdf
- 2024-03-04 - On-Device Fraud on the rise: exposing a recent Copybara fraud campaign.pdf
- 2024-03-22 - APT29 Uses WINELOADER to Target German Political Parties.pdf
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024.pdf
- 2024-03-24 - Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors.pdf
- 2024-04-02 - Updated StrelaStealer Targeting European Countries.pdf
- 2024-04-19 - Gold Pickaxe iOS Technical Analysis- IPA Overview and C2 Communication Start up.pdf
- 2024-04-27 - Finding Malware: Detecting SOGU with Google Security Operations.pdf
- 2024-06-09 - New Threat: A Deep Dive Into the Zergeca Botnet.pdf
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe.pdf
- 2024-07-05 - CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code.pdf
- 2024-07-09 - Italian government agencies and companies in the target of a Chinese APT.pdf
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 - Part 1.pdf
- 2024-07-11 - Brief technical analysis of the 'Poseidon Stealer' malware.pdf
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware.pdf
- 2024-07-11 - CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools.pdf
- 2024-07-11 - MoonWalk: A deep dive into the updated arsenal of APT41 - Part 2.pdf
- 2024-07-14 - Fake AWS Packages Ship Command and Control Malware In JPEG Files.pdf
- 2024-07-14 - Malware Analysis: Rhadamanthys.pdf
- 2024-07-15 - CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks.pdf
- 2024-07-16 - MirrorFace Attack against Japanese Organisations.pdf
- 2024-07-16 - NullBulge: Threat Actor Masquerades as Hacktivist Group Rebelling Against AI.pdf
- 2024-07-17 - The Return of Ghost Emperor's Demodex.pdf
- 2024-07-18 - Emerging IoT Wiper Malware: Kaden and New LOLFME Botnet Variants.pdf
- 2024-07-23 - A Simple Approach to Discovering Oyster Backdoor Infrastructure.pdf
- 2024-07-24 - APT45: North Korea's Digital Military Machine.pdf
- 2024-07-24 - Malware Campaign Lures Users With Fake W2 Form.pdf
- 2024-07-24 - Rhysida using Oyster Backdoor to deliver ransomware.pdf
- 2024-07-24 - UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692.pdf
- 2024-07-25 - Growing Number of Threats Leveraging AI.pdf
- 2024-07-28 - CyberGate Technical Analysis.pdf
- 2024-07-30 - Too big to care: Our disappointment with Cloudflare's anti-abuse posture.pdf
- 2024-07-31 - Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering.pdf
- 2024-08-01
Families:
- AgentTesla
- AsyncRAT
- CryptBot
- DarkComet
- DCRat
- FormBook
- GuLoader
- Latrodectus
- LummaStealer
- Mirai
- OxyPumper
- RedLine
- Remcos
- RevengeRAT
- SnakeKeylogger
- STRRAT
- TrickBot
- XMRig
- XWorm
- ZharkRAT
Papers:
- 2012-10-02 - Blackhole Exploit Kit: Rise and Evolution.pdf
- 2015-09-15 - In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia.pdf
- 2015-09-24 - Meet GreenDispenser: A New Breed of ATM Malware.pdf
- 2021-12-22 - Establishing the TigerRAT and TigerDownloader Malware Families.pdf
- 2022-04-27 - BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX.pdf
- 2022-08-22 - Ocean Lotus APT Group.pdf
- 2022-10-12 - TOAD attacks: Vishing combined with Android banking malware now targeting Italian banks.pdf
- 2023-04-14 - SHATTEREDGLASS Server Emulator.pdf
- 2023-07-03 - Chinese Threat Actors Targeting Europe in SmugX Campaign.pdf
- 2023-07-29 - Unknown powershell backdoor with ties to new Zloader.pdf
- 2023-09-14 - Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets.pdf
- 2023-12-11 - Mustang Panda's PlugX new variant targetting Taiwanese government and diplomats.pdf
- 2024-01-24 - The Endless Struggle Against APT10- Insights from LODEINFO v0.6.6 - v0.7.3 Analysis.pdf
- 2024-03-04 - On-Device Fraud on the rise: exposing a recent Copybara fraud campaign.pdf
- 2024-03-22 - APT29 Uses WINELOADER to Target German Political Parties.pdf
- 2024-03-22 - Large-Scale StrelaStealer Campaign in Early 2024.pdf
- 2024-03-24 - Analysis of DEV#POPPER: New Attack Campaign Targeting Software Developers Likely Associated With North Korean Threat Actors.pdf
- 2024-04-02 - Updated StrelaStealer Targeting European Countries.pdf
- 2024-04-19 - Gold Pickaxe iOS Technical Analysis- IPA Overview and C2 Communication Start up.pdf
- 2024-04-27 - Finding Malware: Detecting SOGU with Google Security Operations.pdf
- 2024-06-09 - New Threat: A Deep Dive Into the Zergeca Botnet.pdf
- 2024-06-24 - StrelaStealer Resurgence: Tracking a JavaScript-Driven Credential Stealer Targeting Europe.pdf
- 2024-07-05 - CLEARFAKE Update Tricks Victim into Executing Malicious PowerShell Code.pdf
- 2024-07-09 - Italian government agencies and companies in the target of a Chinese APT.pdf
- 2024-07-10 - DodgeBox: A deep dive into the updated arsenal of APT41 - Part 1.pdf
- 2024-07-11 - Brief technical analysis of the 'Poseidon Stealer' malware.pdf
- 2024-07-11 - ClickFix Deception: A Social Engineering Tactic to Deploy Malware.pdf
- 2024-07-11 - CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools.pdf
- 2024-07-11 - MoonWalk: A deep dive into the updated arsenal of APT41 - Part 2.pdf
- 2024-07-14 - Fake AWS Packages Ship Command and Control Malware In JPEG Files.pdf
- 2024-07-14 - Malware Analysis: Rhadamanthys.pdf
- 2024-07-15 - CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks.pdf
- 2024-07-16 - MirrorFace Attack against Japanese Organisations.pdf
- 2024-07-16 - NullBulge: Threat Actor Masquerades as Hacktivist Group Rebelling Against AI.pdf
- 2024-07-17 - The Return of Ghost Emperor's Demodex.pdf
- 2024-07-18 - Emerging IoT Wiper Malware: Kaden and New LOLFME Botnet Variants.pdf
- 2024-07-23 - A Simple Approach to Discovering Oyster Backdoor Infrastructure.pdf
- 2024-07-24 - APT45: North Korea's Digital Military Machine.pdf
- 2024-07-24 - Malware Campaign Lures Users With Fake W2 Form.pdf
- 2024-07-24 - Rhysida using Oyster Backdoor to deliver ransomware.pdf
- 2024-07-24 - UAC-0063 Attack Detection: Hackers Target Ukrainian Research Institutions Using HATVIBE, CHERRYSPY, and CVE-2024-23692.pdf
- 2024-07-25 - Growing Number of Threats Leveraging AI.pdf
- 2024-07-28 - CyberGate Technical Analysis.pdf
- 2024-07-30 - Too big to care: Our disappointment with Cloudflare's anti-abuse posture.pdf
- 2024-07-31 - Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering.pdf
- 2024-08-01
π₯43π10β€5π5π€―4π€£3π«‘2π€1
vx-underground
Updates: Families: - AgentTesla - AsyncRAT - CryptBot - DarkComet - DCRat - FormBook - GuLoader - Latrodectus - LummaStealer - Mirai - OxyPumper - RedLine - Remcos - RevengeRAT - SnakeKeylogger - STRRAT - TrickBot - XMRig - XWorm - ZharkRAT Papers: - 2012β¦
Damn, Telegram cut us off. :(
π’70π€£19π€7π6π€―5β€2π«‘2β€βπ₯1
"Kros", Jim, and Ron,
Thank you for covering our asses. Please DM us. You all slightly gave us more than the lost $500 so we'll give you free swag, or something, whatever is clever.
Thanks,
P.S. Jim the homie, he doesn't even know what we do and he gave us money πππ
Thank you for covering our asses. Please DM us. You all slightly gave us more than the lost $500 so we'll give you free swag, or something, whatever is clever.
Thanks,
P.S. Jim the homie, he doesn't even know what we do and he gave us money πππ
π78β€βπ₯31π₯14β€9π₯°9π€£4π«‘4π’2π1
Today a person operating under the moniker 'Bizarredect' compromised a North Korean ISP and dumped 31GB of North Korean data
https://gofile.io/d/nLSE4n
https://gofile.io/d/nLSE4n
β€97π€―37π₯21π€£17π4π4π’4π2π2π±1π€1
Today Facebook users noticed a botched modification to the Facebook recommendation algorithm. Users are reporting their feeds are being flooded with "Happy Birthday" posts ... from people and to people they don't know.
tl;dr Facebook is now "Happy Birthday" and advertisements
tl;dr Facebook is now "Happy Birthday" and advertisements
π€£83π13π6β€2
vx-underground
Today Facebook users noticed a botched modification to the Facebook recommendation algorithm. Users are reporting their feeds are being flooded with "Happy Birthday" posts ... from people and to people they don't know. tl;dr Facebook is now "Happy Birthday"β¦
This actually isn't the first time this has happened from Facebook. Last time this happened it was users commenting on celebrity profiles.
The issue was resolved within a few hours.
Anyway, Happy Birthday!
The issue was resolved within a few hours.
Anyway, Happy Birthday!
π€£61π29π5π₯°3π«‘3π2β€1π€1π’1
Big brain time.
Daniel Rhyne was employed as a core infrastructure engineer for an unnamed company. He intentionally changed domain controller credentials in an attempt to extort his employer out of $750,000.
He's now facing 30 years in prison.
https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/
Daniel Rhyne was employed as a core infrastructure engineer for an unnamed company. He intentionally changed domain controller credentials in an attempt to extort his employer out of $750,000.
He's now facing 30 years in prison.
https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/
BleepingComputer
Employee arrested for locking Windows admins out of 254 servers in extortion plot
A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer.
π€£69π41π«‘14π9π€―7π’3
vx-underground
Big brain time. Daniel Rhyne was employed as a core infrastructure engineer for an unnamed company. He intentionally changed domain controller credentials in an attempt to extort his employer out of $750,000. He's now facing 30 years in prison. https:/β¦
Our memory is a little fuzzy, but we can't recall a time where someone used ... the windows command line interface ... to change creds to "TheFr0zenCrew!" then asking for $750,000.
It's unfathomably galaxy brain β a truly epic gamer moment.
It's unfathomably galaxy brain β a truly epic gamer moment.
π54π€£32π«‘13π3β€βπ₯1β€1π1
Starting September vx-underground will charge $100 for every 100 Yottabytes of data used on the website.
We apologize for the inconvenience
We apologize for the inconvenience
π€£152π’16π―15π11π€10β€7π3π€3π₯°2π€―2
Yesterday, or whenever, DICK's Sporting Goods, an American store that sells sports stuff, filed an SEC 8K. Based on reports β sounds like they've been hit by ransomware
We've never seen such a mute public response to a large ransomware attack. Literally no one seemed to care π
We've never seen such a mute public response to a large ransomware attack. Literally no one seemed to care π
π€£92π10β€7π€3π±3
Our recent poll shows that somewhere between 25% - 35% of our follower base (72,000 people+-) have absolutely no idea what we do.
They only follow us for the memes and news.
tl;dr we collect all materials malware related for researchers, gossip with cyber criminals, and meme
They only follow us for the memes and news.
tl;dr we collect all materials malware related for researchers, gossip with cyber criminals, and meme
π93π€£48β€17π13π5π€―5π―4π’3π€2π«‘2β€βπ₯1
vx-underground
Our recent poll shows that somewhere between 25% - 35% of our follower base (72,000 people+-) have absolutely no idea what we do. They only follow us for the memes and news. tl;dr we collect all materials malware related for researchers, gossip with cyberβ¦
To appease our tech-adjacent audience that seems to enjoy our borderline neurotic computer posts: here is a photo of us removing some RAM sticks (we couldn't get them back in the computer)
π€£125π’27π±9π8π€6π₯°4π4π―4β€2β€βπ₯1π1