We've added a new paper to the VXUG AV paper collection: "In-Depth Analysis of Ransom Note Files" by Yassine Lemmou, Jean-Louis Lanet, El Mamoun Souidi
Analysis of ransomware notes & proposed prototype of identifying Threat Actors by their ransom notes
https://vx-underground.org/av.html
Analysis of ransomware notes & proposed prototype of identifying Threat Actors by their ransom notes
https://vx-underground.org/av.html
๐2๐1
BlackBerry ThreatVector team identified a new ransomware variant dubbed "LokiLocker".
You can download LokiLocker ransomware samples here:
https://samples.vx-underground.org/samples/Families/LokiLockerRansomware/
You can download LokiLocker ransomware samples here:
https://samples.vx-underground.org/samples/Families/LokiLockerRansomware/
โค2
Node-IPC latest update contains the "Peace not war" module which:
1. Wipes the disk of Belarusian and Russian computers
2. Leaves a note on the machine stressing the importance of peace
More info: https://twitter.com/bantg/status/1504213698658938881
1. Wipes the disk of Belarusian and Russian computers
2. Leaves a note on the machine stressing the importance of peace
More info: https://twitter.com/bantg/status/1504213698658938881
Twitter
banteg
๐จ The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address. This affects some large projects like Vue CLI where it is a dependency. github.com/RIAEvangelist/โฆ
โค3
We've updated the vx-underground APT collection.
Due to the volume of APT papers and samples being released we are unable to list everything being added. There have been 105 APT papers released in 80 days.
Recent additions can be viewed here: https://vx-underground.org/apts.html#2022
Due to the volume of APT papers and samples being released we are unable to list everything being added. There have been 105 APT papers released in 80 days.
Recent additions can be viewed here: https://vx-underground.org/apts.html#2022
๐ฅ2๐1
We've got more malware available for bulk download.
*Don't ask the password
*All files named using the Kaspersky naming convention
*8,500,000+ samples present
Have a nice day
Download: https://samples.vx-underground.org/samples/Blocks/
*Don't ask the password
*All files named using the Kaspersky naming convention
*8,500,000+ samples present
Have a nice day
Download: https://samples.vx-underground.org/samples/Blocks/
๐ฅ2
We have the Conti ransomware source code (version 3). This includes a compiled locker and decryptor. We have archived it.
You can download it here: https://share.vx-underground.org
You can download it here: https://share.vx-underground.org
โค3๐1
Proofpoint released a paper on a malware campaign "Serpant Backdoor". This campaign targeted the French government as well as French Real Estate & Construction companies.
It also utilized steganography, an image from Dora the Explorer
Download: https://samples.vx-underground.org/APTs/2022/2022.03.21/
It also utilized steganography, an image from Dora the Explorer
Download: https://samples.vx-underground.org/APTs/2022/2022.03.21/
โค3
We have over 11,000,000 unique malware samples available for bulk download.
* Named using Kaspersky naming convention
Download available here: https://samples.vx-underground.org/samples/Blocks/
* Named using Kaspersky naming convention
Download available here: https://samples.vx-underground.org/samples/Blocks/
๐ฅ3๐1
We've added a new paper to the vx-underground Windows paper collection
"Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration" by 0xBoku & C5pider
Check it out here: https://www.vx-underground.org/windows.html#scab
"Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration" by 0xBoku & C5pider
Check it out here: https://www.vx-underground.org/windows.html#scab
๐ฑ3๐2๐ฅ2
"Operation Dragon Castling", which has been targeting companies in South East Asia, has a stage 2 loader named CoreX. CoreX uses the same SYSCALL sorting method created by the folks over at MDSecLabs
Paper API Unhooking via SYSCALL sorting: https://papers.vx-underground.org/papers/VXUG/Mirrors/BypassingUserModeHooksandDirectInvocationofSystemCallsforRedTeams.pdf
Paper on OPERATION DRAGON CASTLING: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
Paper API Unhooking via SYSCALL sorting: https://papers.vx-underground.org/papers/VXUG/Mirrors/BypassingUserModeHooksandDirectInvocationofSystemCallsforRedTeams.pdf
Paper on OPERATION DRAGON CASTLING: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
๐ฅ3
Yesterday AhnLabs reported APT activity targeting South Korean users using one of the oldest tricks in the book: they send a malicious .CHM file masquerading as a legitimate CHM file.
*Malicious .CHMs appeared approx. in 1997
*Malicious .DOCX/XLS appeared approx. in 1999
*Malicious .CHMs appeared approx. in 1997
*Malicious .DOCX/XLS appeared approx. in 1999
๐ฅ7๐1๐ฑ1
We have made an additional 2,400,000+ malware samples available for bulk download.
Total available for bulk download: approx. 15,000,000
Have a nice day.
Download: https://samples.vx-underground.org/samples/Blocks/
Total available for bulk download: approx. 15,000,000
Have a nice day.
Download: https://samples.vx-underground.org/samples/Blocks/
๐13๐ฅ7๐1
We have enabled reactions.
๐ฅ87โค17๐ฉ16๐12๐8๐2๐2๐ค2๐คฏ2๐คฌ1๐ข1
Volexity released a paper on a MacOS malware dubbed "GIMMICK". They shared the samples in the blog post! โฅ๏ธ
We have never seen a company do this before!๐ฅฐ
Paper: https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
We have never seen a company do this before!๐ฅฐ
Paper: https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Volexity
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse [โฆ]
โค4๐2
We've updated the vx-underground Malware Defense paper collection: "Anti-UPX Unpacking Technique" by Shusei Tomonaga
Have a nice day.
Check it out here: https://vx-underground.org/av.html
Have a nice day.
Check it out here: https://vx-underground.org/av.html
โค6๐ฅ4๐1๐1
LAPSUS$ group has been arrested.
More info: https://www.bbc.com/news/technology-60864283
More info: https://www.bbc.com/news/technology-60864283
Bbc
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Police say they've arrested seven teenagers as part of their investigation into a hacking group.
๐ข18๐7๐4๐ค4๐ฑ3๐ฉ2๐1
This media is not supported in your browser
VIEW IN TELEGRAM
As ransomware groups, such as Lockbit, ALPHV, and HIVE, continue to ramp up operations it is important we review how these groups operate.
๐31๐ฅ6โค3๐3๐คฎ2๐ฑ1๐คฉ1๐ฉ1
The United States Department of Justice has indicted 4 Russian government employees for attacks against ICS/SCADA in 135 countries. The individuals indicted are alleged to be behind Dragonfly/HAVEX and Dragonfly 2.0.
More information available here: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
More information available here: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
www.justice.gov
Four Russian Government Employees Charged in Two Historical Hacking
The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targetedโฆ
๐6๐2
We have made an additional 2,200,000+ malware samples available for bulk download.
Total available for bulk download: approx. 17,000,000
Download: https://samples.vx-underground.org/samples/Blocks/
Total available for bulk download: approx. 17,000,000
Download: https://samples.vx-underground.org/samples/Blocks/
๐6