vx-underground
47.6K subscribers
4.12K photos
439 videos
84 files
1.49K links
The largest collection of malware source, samples, and papers on the internet.

Password: infected

https://vx-underground.org/
Download Telegram
This media is not supported in your browser
VIEW IN TELEGRAM
This video has millions of views and is appearing on Facebook, Instagram, and TikTok.

Key points:

- Don't check Facebook with your microwave
- Every product on the planet is based out of the United States, duh
- FBI agents glow in the dark
- The Matrix song goes hard
๐Ÿคฃ69๐Ÿคก15๐Ÿ‘9๐Ÿค“3โค2๐Ÿ˜ˆ1
We have finished archiving The Old New Thing blog from Raymond Chen. It is nearly 3 decades of articles - dates ranging from July, 2003 to December, 2022.

We will now begin our next large project.

Check it out here: https://www.vx-underground.org/the_old_new_thing.html
๐Ÿ”ฅ21โค3๐Ÿ‘2๐Ÿคก1๐Ÿ˜ˆ1
We've updated the vx-underground APT collection. We have added samples and papers from December 2022 and January 2023.

Special thanks to f0wlsec for the papers, samples, and aggregating the content as always

Check it out here: https://www.vx-underground.org/malware.html#2023
โค6๐Ÿคก1๐Ÿ˜ˆ1
We've updated the vx-underground InTheWild collection. We've added volumes 0037, 0038, 0039, and 0040. It is 80,000 new unique malicious binaries.

Special thanks to petikvx for aggregating the malware samples.

Check it out here: https://samples.vx-underground.org/samples/Blocks/
๐Ÿ‘8๐Ÿ˜ˆ2๐Ÿ‘1
Updating and aggregating content on Industrial Control System malware is a nightmare
๐Ÿคก32โค12๐Ÿ‘2๐Ÿ‘1๐Ÿ˜ˆ1
Kaspersky performed analysis on job postings on crime forums from January 2020 - June 2022.

- 200,000 advertisements
- 61% looking for programmers
- 45% offered remote work (?)
- 8% offered paid vacation and sick leave

https://securelist.com/darknet-it-headhunting/108526/
๐Ÿ”ฅ26๐Ÿคก9๐Ÿ‘5โคโ€๐Ÿ”ฅ1๐Ÿ˜1๐Ÿ˜ˆ1
Lockbit Green, the newest addition to Lockbit ransomware group's arsenal, is based off the Conti source code leak

Lockbit Red - Lockbit 2.0, custom ransomware
Lockbit Black - BlackMatter ransomware groups code
Lockbit Green - Conti ransomware groups code

https://github.com/prodaft/malware-ioc/blob/master/LockBit/green.md
๐Ÿคฃ13๐Ÿ‘9โค2๐Ÿ”ฅ2๐Ÿคก2๐ŸŒš2๐Ÿ˜ˆ1
This media is not supported in your browser
VIEW IN TELEGRAM
Kaspersky's latest report indicated only 45% of crime forum job postings allowed remote work.

TV pitch: a mockumentary sitcom, similar to The Office, that follows the day-to-day antics of a Russian-based ransomware group
๐Ÿคฃ41๐Ÿ˜1๐Ÿ˜ˆ1
Media is too big
VIEW IN TELEGRAM
In the first episode of ะพั„ะธั (the Office) a young ะœะฐะบัะธะผ ะฏะบัƒะฑะตั† (Maksim Yakubets a.k.a. Aqua) fatally poisons his rival co-worker resulting in his untimely death
๐Ÿ˜36๐Ÿ‘5๐Ÿคฃ4๐Ÿ˜2๐Ÿคก1๐Ÿ˜ˆ1
January 13th the Ukrainian authorities arrested a 36 year old man and his wife. The couple were leaders of a small ransomware group operating out of Kyiv.

Families who ransom together, stay together๐Ÿฅฐ

Information via @realhackhistory

More information: https://cyberpolice.gov.ua/news/kiberpolicziya-vykryla-xakerske-ugrupovannya-na-atakax-inozemnyx-kompanij-virusom-shyfruvalnykom-4133/
๐Ÿฅฐ53๐Ÿ‘8๐Ÿ˜ˆ4โค3โคโ€๐Ÿ”ฅ2๐Ÿ˜2๐Ÿคก1๐ŸŒš1
vx-underground
January 13th the Ukrainian authorities arrested a 36 year old man and his wife. The couple were leaders of a small ransomware group operating out of Kyiv. Families who ransom together, stay together๐Ÿฅฐ Information via @realhackhistory More information: hโ€ฆ
(or piss off NATO: Ukrainian authorities received a tip from United States intelligence and United Kingdom intelligence regarding the couple).
๐Ÿคฃ28๐Ÿ˜6๐Ÿคฌ5๐Ÿ’ฏ3๐Ÿ‘1๐Ÿ”ฅ1๐Ÿ˜ˆ1
Windows 11 now lets you create unsigned MSIX packages for "testing". You can install your "legitimate" "application" for "testing" without needing to sign it. Microsoft states this was developed to making "testing" easier

More information: msft.it/6012e7gKi
๐Ÿฅฐ46๐Ÿ‘5๐Ÿค”4๐Ÿคฎ4๐Ÿ‘2๐Ÿ˜ˆ2๐Ÿ”ฅ1
๐Ÿ”ฅ32๐Ÿ˜21๐Ÿ‘6๐Ÿ˜ˆ1
This week malware threat hunters have reported:

- AgentTesla exfiltrating data using Discord webhooks
- Ursnif using malicious .one files
- Increased usage of Rhadamanthys stealer
- Large increase in malvertising campaigns on Google
๐Ÿ˜20๐Ÿ‘6๐Ÿฅฐ1๐Ÿ˜ˆ1
We've uploaded an additional 160,000 unique malware samples to vx-underground. They are volumes 0047 - 0054 of the InTheWild collection.

Thanks to @petikvx for all the hard work.

Check it out here: https://samples.vx-underground.org/samples/Blocks/
๐Ÿ‘12๐Ÿ”ฅ1๐Ÿ˜ˆ1
We've updated the vx-underground Malware Analysis collection. We've added 109 new malware analysis papers from 2013, 2014, 2018, 2019, 2021, 2022, and 2023.

tl;dr lots of new stuff.

Check it out here: https://www.vx-underground.org/malware_defense.html#malware_analysis_2023
๐Ÿ‘11๐Ÿ”ฅ4๐Ÿ˜ˆ1
Image courtesy of bellafusari1
โค33๐Ÿ˜15๐Ÿ‘จโ€๐Ÿ’ป3๐Ÿ‘2๐Ÿคฌ1๐ŸŒš1๐Ÿ˜ˆ1
1. According to Lockbit ransomware group, they announced on various forums Lockbit Green is based off of the Conti source code leak

2. It appears that Lockbit monitors Twitter
๐Ÿคฃ30๐Ÿ˜11๐Ÿ˜ˆ1