Our friend SPTHvx, the legendary virus writer, has returned from a 10 year hiatus. On his return he has produced a proof-of-concept demonstrating the encoding, decoding, and mutation of virus code using ChatGPT in a natural language.
Check it out here: https://www.vx-underground.org/other.html#code_mutation
Check it out here: https://www.vx-underground.org/other.html#code_mutation
π€―29β€10π«‘5π₯4π’1π―1
It appears vx-underground will pass 200,000 Twitter followers in June, 2023. At 200,000 followers this will unlock new functionality for vx-underground
1. Ability to cancel people on Twitter
2. We can cut in line at airports and restrooms
3. Unlocked "Don't you know who I am?"
1. Ability to cancel people on Twitter
2. We can cut in line at airports and restrooms
3. Unlocked "Don't you know who I am?"
π50β€11π9π€―5π4π―1
We've updated the VX-API
- CreateProcessFromINFSectionInstallStringNoCab
- CreateProcessFromINFSetupCommand
- AmsiBypassViaPatternScan
Shellcode execution by abusing: SymEnumProcesses, ImageGetDigestStream, VerifierEnumerateResource, SymEnumSourceFiles
https://github.com/vxunderground/VX-API
- CreateProcessFromINFSectionInstallStringNoCab
- CreateProcessFromINFSetupCommand
- AmsiBypassViaPatternScan
Shellcode execution by abusing: SymEnumProcesses, ImageGetDigestStream, VerifierEnumerateResource, SymEnumSourceFiles
https://github.com/vxunderground/VX-API
GitHub
GitHub - vxunderground/VX-API: Collection of various malicious functionality to aid in malware development
Collection of various malicious functionality to aid in malware development - vxunderground/VX-API
β€12π₯4π3π€―3π₯°1
We've updated "The Old New Thing" collection. We've archived the month of February, 2023.
Special thanks to _BradleyVX for curating the papers.
Check it out here: https://www.vx-underground.org/the_old_new_thing.html#the_old_new_thing_-_2023_02
Special thanks to _BradleyVX for curating the papers.
Check it out here: https://www.vx-underground.org/the_old_new_thing.html#the_old_new_thing_-_2023_02
π3β€2
"The best and most beautiful things in the world cannot be seen or even touched β they must be disassembled with IDA." -Helen Keller
π€£50π€4π₯3π2π€ͺ2
ALPHV ransomware group has ransomed Lehigh Valley Health Network, a healthcare network based out of Pennsylvania.
ALPHV has issued threats to the healthcare organization and has begun leaking photographs of topless female breast cancer patients
ALPHV has issued threats to the healthcare organization and has begun leaking photographs of topless female breast cancer patients
π’51π€©5π4π3π€3π1
Our friend guessthepw developed us a custom malware database which will automatically sync data with VirusTotal and hatching_io
- Free to the public
- Will contain every vx-underground malware sample
- Will allow users to upload and share samples
- All thanks to our supporters
We do not know when the new site will go live. Improvements still need to be made, including beautification. This is all done in the spare time of guessthepw and vx-underground staff.
This will be a large achievement for us.
Make malware free, forever.
- Free to the public
- Will contain every vx-underground malware sample
- Will allow users to upload and share samples
- All thanks to our supporters
We do not know when the new site will go live. Improvements still need to be made, including beautification. This is all done in the spare time of guessthepw and vx-underground staff.
This will be a large achievement for us.
Make malware free, forever.
β€48π«‘8π7π₯3
Today EUROPOL announced the arrest of two suspected DopplePaymer ransomware members. The individuals were arrested February 28th, 2023. The individuals resided in different countries - 1 in germany, the other in Ukraine.
More information: https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets
More information: https://www.europol.europa.eu/media-press/newsroom/news/germany-and-ukraine-hit-two-high-value-ransomware-targets
Europol
Germany and Ukraine hit two high-value ransomware targets β Forensic analysis of the seized equipment is still ongoing to determineβ¦
This ransomware appeared in 2019, when cybercriminals started using it to launch attacks against organisations and critical infrastructure and industries. Based on the BitPaymer ransomware and part of the Dridex malware family, DoppelPaymer used a uniqueβ¦
π«‘15π5π€ͺ2π1π’1
We have no intention on competing with VirusTotal.
vx-underground will remain a free-to-use library and malware exchange. We do not intend on scanning malware, sandboxing it, blah blah blah.
VirusTotal makes millions of dollars a year. vx-underground makes about tree-fiddy.
vx-underground will remain a free-to-use library and malware exchange. We do not intend on scanning malware, sandboxing it, blah blah blah.
VirusTotal makes millions of dollars a year. vx-underground makes about tree-fiddy.
β€92π«‘23π₯11β€βπ₯8π5π4π’4π€ͺ4
Escape from Tarkov developers have begun naming and shaming people caught cheating - they release publicly available Google Docs spreadsheets listing the usernames of banned players.
Please note the amount of people with "TTV" in their name.
Example: https://docs.google.com/spreadsheets/d/e/2PACX-1vRutocKkK3nk91ORmArC4_sOWGFpipL1hNPYytEpdQ-70WkQnVQJlxMmULIaViqpm31J_I0_pIBVTlN/pubhtml?gid=0&single=true
Please note the amount of people with "TTV" in their name.
Example: https://docs.google.com/spreadsheets/d/e/2PACX-1vRutocKkK3nk91ORmArC4_sOWGFpipL1hNPYytEpdQ-70WkQnVQJlxMmULIaViqpm31J_I0_pIBVTlN/pubhtml?gid=0&single=true
π€£33π4π₯3
Emotet has returned
Follow Cryptolaemus1on Twitter for alerts and updates
Information on Epoch4: https://tria.ge/230307-phtffshc7w
Follow Cryptolaemus1on Twitter for alerts and updates
Information on Epoch4: https://tria.ge/230307-phtffshc7w
tria.ge
Malware sandboxing report by Hatching Triage
Have a look at the Hatching Triage automated malware analysis report for this emotet sample, with a score of 10 out of 10.
π₯3π’1
Previously Minneapolis Public Schools reported an 'encryption event'. Today Medusa ransomware group has taken credit for the attack.
Information and updates via BrettCallow
Information and updates via BrettCallow
π€£23π’8π3
Medusa ransomware group has released a 51-minute long (474MB) video demonstrating the contents stolen from Minneapolis public schools.
It contains e-mails, student grades, building layouts, payroll information, and more.
The video also plays the Matrix soundtrack on loop π€£
It contains e-mails, student grades, building layouts, payroll information, and more.
The video also plays the Matrix soundtrack on loop π€£
π€£59π€5π3π2
Media is too big
VIEW IN TELEGRAM
This is the introduction scene from the Medusa ransomware group video.
π€£64π«‘19π€ͺ2