We've updated the vx-underground Windows Malware Paper collection

-2022-01-28: The good the bad & the stomped function
-2023-01-29: Indirect Syscall is Dead Long Live Custom Call Stacks
-2023-02-14: Adopting PIC from Object Files for Threadless Injection

https://vx-underground.org/windows.html

Roses are Red,
Violets are Blue,
We were busy uploading malware on Valentines day,
So download this shit boo ♥️

- InTheWild.0061
- 20,000+ unique malware samples
- Courtesy of petikvx


Download here: https://samples.vx-underground.org/samples/Blocks/

Hello,

The chatroom has been deleted for the time being (again, deletion #2). Too many complaints have come in from social media regarding the channel. Moderation is insufficient - we do not have enough time or resources to moderate appropriately. Additionally, the channels purpose was to discuss malware, the topic was more often than not, not malware.

At a later period of time, when we have sufficient resources, the chatroom will return to allow discussions on posts, etc.

We've updated the vx-underground Linux malware paper collection

- 2020-05-20 - Code injection in running process using ptrace
- 2020-08-16 - Process Injection On Linux
- 2022-10-12 - A Technical overview of Code Injection

Check it out here: https://vx-underground.org/linux.html

We've updated the vx-underground ICS SCADA collection

- 2017-06-12 - Win32-Industroyer A New Threat for Industrial Control Systems
- 2022-04-12 - Industroyer2 Industroyer Reloaded
- 2022-06-01 - Industroyer vs. Industroyer2

Check it out here: https://vx-underground.org/ics_scada.html

February 14th, United States Republican Congressman Clay Higgins tweeted that he is working on passing legislation that allows life imprisonment, without the possibility of parole, for cyber criminals.

He also makes a snarky remark about ... weight?

GoDaddy has stated an unknown Threat Actor has maintained persistent access to their network since at least 2019. The Threat Actor unveiled themselves 4 times, without losing access, in 2019, 2020, 2021, and 2022

Intel via Gi7w0rm

More information: https://www.bleepingcomputer.com/news/security/godaddy-hackers-stole-source-code-installed-malware-in-multi-year-breach/

We've updated the vx-underground Linux malware paper collection

2017-08-16 - Understanding the Mirai Botnet
2018-04-20 - Wifatch - Atypical Malware
2022-02-25 - Behavior Anomaly on Linux Systems to Detect Zero-day Malware Attacks

Check it out here: https://vx-underground.org/linux.html

Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish. However, it appears they did not report the security incident to the Activision Information Security Team

We've updated the vx-underground Linux malware paper collection

- 2013-02-10 - Shellcoding in Linux
- 2018-04-17 - The Shellcode Injection Process
- 2022-02-20 - Targeted process injection on Linux

Check it out here: https://www.vx-underground.org/linux.html

New vx-underground proof-of-concept art by deinacrida_art

We've updated the vx-underground InTheWild collection. We've added 20,000 new malicious binaries for download.

Special thanks to petikvx for aggregating the samples for us.

Check it out here: https://samples.vx-underground.org/samples/Blocks/

"The hacker group known as vx-underground"

x100,000 angry monkey bonks

What's the password?

Dole Food Company, an Irish agricultural multinational corporation, among one of the largest producers of fruits and vegetables, with over 38,000 employees and $6,500,000,000 in annual revenue, has been hit by ransomware.

Intel and photo via BleepinComputer

The United States Department of Justice announced the arrest & extradition of Russian citizen Dariy Pankov

Pankov is alleged to be the developer of NLBrute. He was arrested in Georgia, believing he left Russia to avoid the draft.

More information: https://www.justice.gov/usao-mdfl/pr/russian-malware-developer-arrested-and-extradited-united-states