Big updates tomorrow.

Go to bed.

Large vx-underground malware sample updates:

1. APT papers and samples for 12/2022 & 01/2023
2. Virusshare.00454 uploaded
3. InTheWild.0028 & InTheWild.0029 uploaded

Roughly 120,000+ new malware samples

Special thanks to petikvx and f0wlsec

https://www.vx-underground.org/malware.html

We've updated The Old New Thing collection. We've added archives from the year 2013. We have added 9 years of work from Raymond Chen. Only 10.5 years left to go!

The grind never stops.

Have a nice day.

https://www.vx-underground.org/the_old_new_thing.html

malware is illegal and for nerds

We've updated The Old New Thing collection for December, 2022.

This week our focus will be completing the year 2012. Additionally, more malware database upload records will be present too.

Have a nice day.

https://www.vx-underground.org/the_old_new_thing.html

January 5th, 2023, we noted Microsoft Security plagiarizing the research of Patrick Wardle. January 9th, 2023, Microsoft Security Intelligence issued an official response on Twitter. They stated the blog post has been removed.

Today VentureBeat released an article stating ransomware attacks were down 61% in 2022. They cite a ... survey? ...

The individuals behind this article, and survey, clearly have absolutely zero idea how ransomware or cyber crime works.

Article: https://venturebeat.com/security/ransomware-attacks-dropped-61-last-year-but-orgs-cant-be-complacent/

Fun fact: There have been 47 publicly listed ransomware victims in 2023. 47 in 10 days.

More info: https://ransomwatch.telemetry.ltd/#/

This morning the American Federal Aviation Agency NOTAM (Notice to Air Mission) system stopped operating

NOTAM is responsible for transmitting information in-real time to aircrafts

The FAA offered no explanation on the official cause other than they are investigating the issue

Meanwhile, as every single person in Information Security puts on their conspiracy theorist tin-foil hats, United States Whitehouse representatives have stated "their is no evidence of a cyber attack"

Infosec nerds paranoia will now amplify x100 and believe this to be a lie.

In the latest install of the Call of Duty series: Modern Warfare II (2022) players can conduct DDoS attacks. The DDoS attack will disrupt or disable enemies or enemy equipment.

tl;dr in the future helicopters, tanks, guns, and even human beings will be IoT devices.

We have seen many tweets recently about silly malware concepts like "syscalls", "unhooking", or "obfuscation".

Here is our #1 #RedTeamTip to avoid EDRs. Use an RPG-7 to obliterate the computer. The EDR cannot detect your malware if the computer is not operational

The New York Times is reporting Twitter is considering auctioning off Twitter usernames to generate revenue.

https://www.nytimes.com/2023/01/11/technology/twitter-user-names-elon-musk.html

Recently we have received criticism for our #1 #RedTeamTip of using an RPG-7 to bypass EDRs. Some individuals pointed out an RPG-7 would not be allowed on most corporate premises.

While this may be true, vx-underground also has a 0day exploit to access to ANY facility.

Note/Update: Per BleepinComputer Lockbit ransomware group denies conducting the attack. When we reached out to Lockbit, Lockbit stated they were unfamiliar with the Royal Mail

This is technically possible - the Lockbit Black Builder was recently leaked.

Regarding the Lockbit attack on the Royal Mail

Lockbit ransomware group (again) denies the attack on the Royal Mail ... but invites the attackers to formally join their organization

Intel via 3xp0rtblog

More malware and more archives in queue.

░░╚══╗░╔═╔════╝
╚═╦═╗╠═╩═╩╗╔═╦═╗
░░║▒╠╣▒▒▒▒╠╣▒║▒║
╔═╩═╝╠═╦═╦╝╚═╩═╝
░░╔══╝░╚═╚════╗