Today the United States Department of Justice announced the conviction of Remy St. Felix. St. Felix is accused of being the mastermind behind a string of violent home invasions targeting individuals possessing large quantities of cryptocurrency.
Prosecutors state St. Felix targeted crypto holders in North Carolina, Florida, Texas, and New York.
Due to the violence of the actions β including assaulting victims, zip-tying them, holding them at a gunpoint, and threatening to murder their family, St. Felix is facing charges for; conspiracy, kidnapping, Hobbs Act robbery, wirefraud, and brandishing a firearm in furtherance of a crime of violence. He is facing a maximum sentence of life in prison.
More information: https://www.justice.gov/opa/pr/man-convicted-violent-home-invasion-robberies-steal-cryptocurrency
Prosecutors state St. Felix targeted crypto holders in North Carolina, Florida, Texas, and New York.
Due to the violence of the actions β including assaulting victims, zip-tying them, holding them at a gunpoint, and threatening to murder their family, St. Felix is facing charges for; conspiracy, kidnapping, Hobbs Act robbery, wirefraud, and brandishing a firearm in furtherance of a crime of violence. He is facing a maximum sentence of life in prison.
More information: https://www.justice.gov/opa/pr/man-convicted-violent-home-invasion-robberies-steal-cryptocurrency
www.justice.gov
Man Convicted of Violent Home Invasion Robberies to Steal
A federal jury in Greensboro, North Carolina, convicted a Florida man today for his lead role in an international conspiracy to break into U.S. citizensβ homes, violently kidnap and assault them, and steal their Bitcoin and other cryptocurrency.
π82π24π€24π’11π€£9β€5π«‘4π₯2π2π€1
how to write cool malware
1. come up with idea
2. write basic shit code, hurts eyes
3. refine it, make less ugly
4. slowly increase complexity
5. refine it, make it beautiful
6. release it, pretend to understand it
1. come up with idea
2. write basic shit code, hurts eyes
3. refine it, make less ugly
4. slowly increase complexity
5. refine it, make it beautiful
6. release it, pretend to understand it
π86π€£59π23π―10β€7π€7π₯5π3β€βπ₯1π€1π’1
"They're putting infostealers in the water, they're making the frogs rich" - Alex Jones if he worked in Cyber Threat Intelligence
π87π€£46π―13β€βπ₯5π2π₯1π€1π’1
The United Kingdom's National Crime Agency released a statement today.
On September 5th, the individual believed to be responsible for compromising TfL (Transport for London) has been apprehended.
More information:
https://www.nationalcrimeagency.gov.uk/news/arrest-made-in-nca-investigation-into-transport-for-london-cyber-attack
On September 5th, the individual believed to be responsible for compromising TfL (Transport for London) has been apprehended.
More information:
https://www.nationalcrimeagency.gov.uk/news/arrest-made-in-nca-investigation-into-transport-for-london-cyber-attack
π26π«‘10π’9π€―8π4π₯1π€£1
Today Mastercard bought Cyber Threat Intelligence company RecordedFuture.
Why did a payment service provider acquire a threat intelligence company? Well, it's very simple β we don't understand it at all, but we assure you it's very simple, probably.
Why did a payment service provider acquire a threat intelligence company? Well, it's very simple β we don't understand it at all, but we assure you it's very simple, probably.
π€87π€£34π±6π€6π₯4π4π3π’2
vx-underground
Today Mastercard bought Cyber Threat Intelligence company RecordedFuture. Why did a payment service provider acquire a threat intelligence company? Well, it's very simple β we don't understand it at all, but we assure you it's very simple, probably.
(we have no idea why)
π€£79β€7π€5π2π₯2π±2π1π€―1π€1
Today a Threat Actor operating under the moniker 'Fortibitch' released 440GB of exfiltrated Fortinet data. The Threat Actor claims the leaked data is a result of a failed extortion attempt. 'Fortibitch' wrote Fortinet allegedly wrote to them they'd rather 'eat poop than pay a ransom'.
Fortinet later confirmed the validity of the compromise to BleepinComputer β writing that customer data was stolen from a "third-party cloud-based shared file drive."
Additionally, 'Fortibitch' gave me a shoutout, referencing a previous vx-underground post debating the correct pronunciation of VXUG, by writing "smelly from Vi-Eks-Yu-Gee".
Subsequently, they addressed me as "-2 IQ degenerate nerd", referencing me mocking myself and my many failures I have apologized for.
Finally, they called me the "Texas Femboy Kisser". While I do not kiss femboys, or people from Texas, this conversation piece is indicative of a group of people I am familiar with.
Hello to you too, 'Fortibitch'.
Fortinet later confirmed the validity of the compromise to BleepinComputer β writing that customer data was stolen from a "third-party cloud-based shared file drive."
Additionally, 'Fortibitch' gave me a shoutout, referencing a previous vx-underground post debating the correct pronunciation of VXUG, by writing "smelly from Vi-Eks-Yu-Gee".
Subsequently, they addressed me as "-2 IQ degenerate nerd", referencing me mocking myself and my many failures I have apologized for.
Finally, they called me the "Texas Femboy Kisser". While I do not kiss femboys, or people from Texas, this conversation piece is indicative of a group of people I am familiar with.
Hello to you too, 'Fortibitch'.
π€£203π€23π₯°13π₯10π5π«‘5β€4π€―4β€βπ₯3π2π€1
We're experimenting with a vx-underground Windows Desktop e-reader. It's a simple .NET application that connects to vx-underground, lists papers, and allows you to view them without having to visit the website.
Why? Β―\_(γ)_/Β―
Seems kinda cool. Also, slightly easier to explore
Why? Β―\_(γ)_/Β―
Seems kinda cool. Also, slightly easier to explore
π€86β€27π€14β€βπ₯3π2π€©2π€£2π’1
vx-underground
We're experimenting with a vx-underground Windows Desktop e-reader. It's a simple .NET application that connects to vx-underground, lists papers, and allows you to view them without having to visit the website. Why? Β―\_(γ)_/Β― Seems kinda cool. Also, slightlyβ¦
It'll be open source, you can build it yourself, or you can reverse engineer it, whatever. It's not malware.
π€56π―22π20π€£9π€9π’7β€βπ₯6
vx-underground
We're experimenting with a vx-underground Windows Desktop e-reader. It's a simple .NET application that connects to vx-underground, lists papers, and allows you to view them without having to visit the website. Why? Β―\_(γ)_/Β― Seems kinda cool. Also, slightlyβ¦
Unironically, 90% of core viewing demographic would (in some shape or form) prefer it to be malware just so they could rip it apart and throw tomatoes at us.
π87π15π―14π€£13β€βπ₯2β€1π’1π€1
New vx-underground artwork
Image 1. Drowning in SPAM
Image 2. Malware compression
Image 1. Drowning in SPAM
Image 2. Malware compression
β€180π₯67β€βπ₯9π’3π1
vx-underground
π¨BREAKING π¨ The CEO of RecordedFuture confirms to us that they cannot wipe $400,000 of debt off our Mastercard credit card. Also, Triage will remain free.
(we replied with a photo of a cat)
π₯°112π«‘19π10β€4π3π’3π2π€©1π―1π€£1
We decided to test OpenAI's image creation functionality by requesting it produce a meme about malware authors
The image it created is funny β although not in the classical sense. It's such a catastrophic failure it has become funny
The longer you look at it, the funnier it is
The image it created is funny β although not in the classical sense. It's such a catastrophic failure it has become funny
The longer you look at it, the funnier it is
π€£140π’7β€4π4π€4π―3π«‘3π₯2π€2π±1π€1
vx-underground
We decided to test OpenAI's image creation functionality by requesting it produce a meme about malware authors The image it created is funny β although not in the classical sense. It's such a catastrophic failure it has become funny The longer you look atβ¦
Details:
1. Keyboard with 1,000 keys
2. Warped fingers
3. Desk is backwards
4. Keyboard not plugged in
5. Anon mask out the matrix .. holding the coffee by it's smoke? The Police officers coffee?
6. THAT VIRUS VIRUNG ALOING
7. Cop waving little American flag? (yay! cybercrime!)
1. Keyboard with 1,000 keys
2. Warped fingers
3. Desk is backwards
4. Keyboard not plugged in
5. Anon mask out the matrix .. holding the coffee by it's smoke? The Police officers coffee?
6. THAT VIRUS VIRUNG ALOING
7. Cop waving little American flag? (yay! cybercrime!)
β€55π€£17π13π8π€5π4β€βπ₯3π₯2π’2π€1
Large update coming. Due to the size of additions, if you have notifications enabled you will likely receive multiple notifications.
Prepare yourself.
Prepare yourself.
π32π€£16π7π3π€―3π€3π€2π’1π«‘1
Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work.
Note: Assume all builder binaries are malicious, explore them with caution. APT paper titles truncated or modified in this post.
Administrative updates:
- VXDB is still syncing with VirusTotal. All corrupt files have been repaired. We are currently refining our malware ingestion process.
- MalwareIngestion collection has been purged due to fears of binaries being corrupted. MalwareIngestion will be repaired and redeployed at a later time.
- New vx-underground merch scheduled to be added to merch store. This will be done at a later time.
- New vx-underground harddrives will be available for sale later.
Builders:
- Builder-Android.Phoenix
- Builder.CraxsRat
- Builder.Ransomware.Slam
- Builder.RobinHoodRansomware.Leak
Families:
- Blackmoon
- CobaltStrike
- DarkCloud
- DCRat
- Mirai
- NetTraveler
- QuasarRAT
- RedLine
- Rekoobe
- Remcos
- Sliver
- Stealc
- Tidepool
- Tofsee
- XMRig
Note: Assume all builder binaries are malicious, explore them with caution. APT paper titles truncated or modified in this post.
Administrative updates:
- VXDB is still syncing with VirusTotal. All corrupt files have been repaired. We are currently refining our malware ingestion process.
- MalwareIngestion collection has been purged due to fears of binaries being corrupted. MalwareIngestion will be repaired and redeployed at a later time.
- New vx-underground merch scheduled to be added to merch store. This will be done at a later time.
- New vx-underground harddrives will be available for sale later.
Builders:
- Builder-Android.Phoenix
- Builder.CraxsRat
- Builder.Ransomware.Slam
- Builder.RobinHoodRansomware.Leak
Families:
- Blackmoon
- CobaltStrike
- DarkCloud
- DCRat
- Mirai
- NetTraveler
- QuasarRAT
- RedLine
- Rekoobe
- Remcos
- Sliver
- Stealc
- Tidepool
- Tofsee
- XMRig
β€42π7π€7π₯1π’1
vx-underground
Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work. Note: Assume all builder binaries are malicious, explore them with caution. APT paper titles truncated or modified inβ¦
Papers:
- 2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks
- 2023-11-29 - The Art of Windows Persistence
- 2023-01-04 - Investigating Filter Communication Ports
- 2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall
- 2021-11-10 - The DLL Search Order And Hijacking It
- 2021-07-26 - Shellcoding - Process Injection with Assembly
- 2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver
- 2021-05-23 - Preventing memory inspection on Windows
- 2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory
- 2020-06-01 - Using Syscalls to Inject Shellcode on Windows
- 2018-09-06 - Persistence using Universal Windows Platform apps
Bulk downloads:
- Bazaar.2024.08
- InTheWild.0130
- InTheWild.0131
- Virussign.2024.08.12
- Virussign.2024.08.13
- Virussign.2024.08.14
- Virussign.2024.08.15
- Virussign.2024.08.16
- Virussign.2024.08.17
- Virussign.2024.08.18
- Virussign.2024.08.23
- Virussign.2024.08.24
- Virussign.2024.08.25
- Virussign.2024.08.26
- Virussign.2024.08.27
- Virussign.2024.08.28
- Virussign.2024.08.29
- Virussign.2024.08.30
- Virussign.2024.08.31
- Virussign.2024.09.01
- Virussign.2024.09.02
- Virussign.2024.09.03
- Virussign.2024.09.04
- Virussign.2024.09.05
- Virussign.2024.09.06
- Virussign.2024.09.07
- Virussign.2024.09.08
- 120,082+- malware samples
- 2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks
- 2023-11-29 - The Art of Windows Persistence
- 2023-01-04 - Investigating Filter Communication Ports
- 2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall
- 2021-11-10 - The DLL Search Order And Hijacking It
- 2021-07-26 - Shellcoding - Process Injection with Assembly
- 2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver
- 2021-05-23 - Preventing memory inspection on Windows
- 2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory
- 2020-06-01 - Using Syscalls to Inject Shellcode on Windows
- 2018-09-06 - Persistence using Universal Windows Platform apps
Bulk downloads:
- Bazaar.2024.08
- InTheWild.0130
- InTheWild.0131
- Virussign.2024.08.12
- Virussign.2024.08.13
- Virussign.2024.08.14
- Virussign.2024.08.15
- Virussign.2024.08.16
- Virussign.2024.08.17
- Virussign.2024.08.18
- Virussign.2024.08.23
- Virussign.2024.08.24
- Virussign.2024.08.25
- Virussign.2024.08.26
- Virussign.2024.08.27
- Virussign.2024.08.28
- Virussign.2024.08.29
- Virussign.2024.08.30
- Virussign.2024.08.31
- Virussign.2024.09.01
- Virussign.2024.09.02
- Virussign.2024.09.03
- Virussign.2024.09.04
- Virussign.2024.09.05
- Virussign.2024.09.06
- Virussign.2024.09.07
- Virussign.2024.09.08
- 120,082+- malware samples
β€37β€βπ₯10π€5π₯4π1π’1