We've added a new paper to the vx-underground Windows paper collection
"Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration" by 0xBoku & C5pider
Check it out here: https://www.vx-underground.org/windows.html#scab
"Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration" by 0xBoku & C5pider
Check it out here: https://www.vx-underground.org/windows.html#scab
๐ฑ3๐2๐ฅ2
"Operation Dragon Castling", which has been targeting companies in South East Asia, has a stage 2 loader named CoreX. CoreX uses the same SYSCALL sorting method created by the folks over at MDSecLabs
Paper API Unhooking via SYSCALL sorting: https://papers.vx-underground.org/papers/VXUG/Mirrors/BypassingUserModeHooksandDirectInvocationofSystemCallsforRedTeams.pdf
Paper on OPERATION DRAGON CASTLING: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
Paper API Unhooking via SYSCALL sorting: https://papers.vx-underground.org/papers/VXUG/Mirrors/BypassingUserModeHooksandDirectInvocationofSystemCallsforRedTeams.pdf
Paper on OPERATION DRAGON CASTLING: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
๐ฅ3
Yesterday AhnLabs reported APT activity targeting South Korean users using one of the oldest tricks in the book: they send a malicious .CHM file masquerading as a legitimate CHM file.
*Malicious .CHMs appeared approx. in 1997
*Malicious .DOCX/XLS appeared approx. in 1999
*Malicious .CHMs appeared approx. in 1997
*Malicious .DOCX/XLS appeared approx. in 1999
๐ฅ7๐1๐ฑ1
We have made an additional 2,400,000+ malware samples available for bulk download.
Total available for bulk download: approx. 15,000,000
Have a nice day.
Download: https://samples.vx-underground.org/samples/Blocks/
Total available for bulk download: approx. 15,000,000
Have a nice day.
Download: https://samples.vx-underground.org/samples/Blocks/
๐13๐ฅ7๐1
We have enabled reactions.
๐ฅ87โค17๐ฉ16๐12๐8๐2๐2๐ค2๐คฏ2๐คฌ1๐ข1
Volexity released a paper on a MacOS malware dubbed "GIMMICK". They shared the samples in the blog post! โฅ๏ธ
We have never seen a company do this before!๐ฅฐ
Paper: https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
We have never seen a company do this before!๐ฅฐ
Paper: https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Volexity
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse [โฆ]
โค4๐2
We've updated the vx-underground Malware Defense paper collection: "Anti-UPX Unpacking Technique" by Shusei Tomonaga
Have a nice day.
Check it out here: https://vx-underground.org/av.html
Have a nice day.
Check it out here: https://vx-underground.org/av.html
โค6๐ฅ4๐1๐1
LAPSUS$ group has been arrested.
More info: https://www.bbc.com/news/technology-60864283
More info: https://www.bbc.com/news/technology-60864283
Bbc
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Police say they've arrested seven teenagers as part of their investigation into a hacking group.
๐ข18๐7๐4๐ค4๐ฑ3๐ฉ2๐1
This media is not supported in your browser
VIEW IN TELEGRAM
As ransomware groups, such as Lockbit, ALPHV, and HIVE, continue to ramp up operations it is important we review how these groups operate.
๐31๐ฅ6โค3๐3๐คฎ2๐ฑ1๐คฉ1๐ฉ1
The United States Department of Justice has indicted 4 Russian government employees for attacks against ICS/SCADA in 135 countries. The individuals indicted are alleged to be behind Dragonfly/HAVEX and Dragonfly 2.0.
More information available here: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
More information available here: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
www.justice.gov
Four Russian Government Employees Charged in Two Historical Hacking
The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targetedโฆ
๐6๐2
We have made an additional 2,200,000+ malware samples available for bulk download.
Total available for bulk download: approx. 17,000,000
Download: https://samples.vx-underground.org/samples/Blocks/
Total available for bulk download: approx. 17,000,000
Download: https://samples.vx-underground.org/samples/Blocks/
๐6
The developers behind Raccoon Stealer have announced they're temporarily shutting down operations.
They cite the invasion of Ukraine as the reason why they're shutting down. They state key team members are "no longer with us".
They cite the invasion of Ukraine as the reason why they're shutting down. They state key team members are "no longer with us".
๐ข2๐1
A person being interviewed about a recent ransomware attack against a prestigious Brazilian university wore the vx-underground "Ransomware Aktivist" shirt.
๐ฅ27๐17๐2
We have submitted over 300,000 unique samples to Tria.ge! Special thanks to ReversingLabs for all the cool new malware samples too!
๐ฅ8๐4๐ฉ2