The United States Marshal Service (USMS) has been ransomed. The USMS is responsible for apprehension of wanted fugitives.
The systems ransomed contained information on legal processes, administrative information, and PII on subjects being investigated
https://www.cnn.com/2023/02/27/politics/us-marshals-service-ransomeware-attack
The systems ransomed contained information on legal processes, administrative information, and PII on subjects being investigated
https://www.cnn.com/2023/02/27/politics/us-marshals-service-ransomeware-attack
CNN
Ransomware attack on US Marshals Service affects βlaw enforcement sensitive informationβ
A ransomware attack on the US Marshals Service has affected a computer system containing "law enforcement sensitive information," including personal information belonging to targets of investigations, a US Marshals Service spokesperson said Monday evening.
π24π€―6π€ͺ4π€£3π₯2π€2π1
Since the beginning of the Russia-Ukraine conflict 23 Russian Oligarchs and Military Elite have fallen out of Windows.
Marina Yankina, a high-ranking official in Russia's Defence Ministry, was found dead on the side walk in St. Petersburg.
Windows are incredibly dangerous.
Marina Yankina, a high-ranking official in Russia's Defence Ministry, was found dead on the side walk in St. Petersburg.
Windows are incredibly dangerous.
π€£79π€―24π₯7π4π3π’3π«‘2π1π1
Motherhood is the human body biologically assembling code and then deploying to prod several months later
π42π€7π€£2π1
Today the Russian Federation made an amendment to "Federal Law No. 149-FZ - On information, information technologies and information protection".
Russia now prohibits the usage of "information exchange systems" owned by foreign entities.
See attached image for list of bans.
Russia now prohibits the usage of "information exchange systems" owned by foreign entities.
See attached image for list of bans.
π€£87π₯15π€ͺ11π6β€3π2
Our friend SPTHvx, the legendary virus writer, has returned from a 10 year hiatus. On his return he has produced a proof-of-concept demonstrating the encoding, decoding, and mutation of virus code using ChatGPT in a natural language.
Check it out here: https://www.vx-underground.org/other.html#code_mutation
Check it out here: https://www.vx-underground.org/other.html#code_mutation
π€―29β€10π«‘5π₯4π’1π―1
It appears vx-underground will pass 200,000 Twitter followers in June, 2023. At 200,000 followers this will unlock new functionality for vx-underground
1. Ability to cancel people on Twitter
2. We can cut in line at airports and restrooms
3. Unlocked "Don't you know who I am?"
1. Ability to cancel people on Twitter
2. We can cut in line at airports and restrooms
3. Unlocked "Don't you know who I am?"
π50β€11π9π€―5π4π―1
We've updated the VX-API
- CreateProcessFromINFSectionInstallStringNoCab
- CreateProcessFromINFSetupCommand
- AmsiBypassViaPatternScan
Shellcode execution by abusing: SymEnumProcesses, ImageGetDigestStream, VerifierEnumerateResource, SymEnumSourceFiles
https://github.com/vxunderground/VX-API
- CreateProcessFromINFSectionInstallStringNoCab
- CreateProcessFromINFSetupCommand
- AmsiBypassViaPatternScan
Shellcode execution by abusing: SymEnumProcesses, ImageGetDigestStream, VerifierEnumerateResource, SymEnumSourceFiles
https://github.com/vxunderground/VX-API
GitHub
GitHub - vxunderground/VX-API: Collection of various malicious functionality to aid in malware development
Collection of various malicious functionality to aid in malware development - vxunderground/VX-API
β€12π₯4π3π€―3π₯°1
We've updated "The Old New Thing" collection. We've archived the month of February, 2023.
Special thanks to _BradleyVX for curating the papers.
Check it out here: https://www.vx-underground.org/the_old_new_thing.html#the_old_new_thing_-_2023_02
Special thanks to _BradleyVX for curating the papers.
Check it out here: https://www.vx-underground.org/the_old_new_thing.html#the_old_new_thing_-_2023_02
π3β€2
"The best and most beautiful things in the world cannot be seen or even touched β they must be disassembled with IDA." -Helen Keller
π€£50π€4π₯3π2π€ͺ2
ALPHV ransomware group has ransomed Lehigh Valley Health Network, a healthcare network based out of Pennsylvania.
ALPHV has issued threats to the healthcare organization and has begun leaking photographs of topless female breast cancer patients
ALPHV has issued threats to the healthcare organization and has begun leaking photographs of topless female breast cancer patients
π’51π€©5π4π3π€3π1
Our friend guessthepw developed us a custom malware database which will automatically sync data with VirusTotal and hatching_io
- Free to the public
- Will contain every vx-underground malware sample
- Will allow users to upload and share samples
- All thanks to our supporters
We do not know when the new site will go live. Improvements still need to be made, including beautification. This is all done in the spare time of guessthepw and vx-underground staff.
This will be a large achievement for us.
Make malware free, forever.
- Free to the public
- Will contain every vx-underground malware sample
- Will allow users to upload and share samples
- All thanks to our supporters
We do not know when the new site will go live. Improvements still need to be made, including beautification. This is all done in the spare time of guessthepw and vx-underground staff.
This will be a large achievement for us.
Make malware free, forever.
β€48π«‘8π7π₯3
Today EUROPOL announced the arrest of two suspected DopplePaymer ransomware members. The individuals were arrested February 28th, 2023. The individuals resided in different countries - 1 in germany, the other in Ukraine.
More information: https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets
More information: https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets
Europol
Germany and Ukraine hit two high-value ransomware targets β Forensic analysis of the seized equipment is still ongoing to determineβ¦
This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organisations and critical infrastructure and industries. Based on the BitPaymer ransomware and part of the Dridex malware family, DoppelPaymer used a uniqueβ¦
π«‘15π5π€ͺ2π1π’1