The new Microsoft Windows 'Dev Drive' feature will be a game changer. Expect to see a monumental increase in malware in development environments.
π«‘40π14π₯10π6π€5π3β€2
We've updated the vx-underground malware family collection.
- WhiteBlack
- Danabot
- EnemyBot
- Gh0stCringe
- LokiLocker
- ArkeiStealer
- Qakbot
- RookRansomware
- IcedId
- CaddyWiper
- HydraBankBot
- BlackMatter
Check it out here: https://samples.vx-underground.org/samples/Families/
- WhiteBlack
- Danabot
- EnemyBot
- Gh0stCringe
- LokiLocker
- ArkeiStealer
- Qakbot
- RookRansomware
- IcedId
- CaddyWiper
- HydraBankBot
- BlackMatter
Check it out here: https://samples.vx-underground.org/samples/Families/
π10β€βπ₯5π2β€1
This media is not supported in your browser
VIEW IN TELEGRAM
A summary of malware trends and discussions we have witnessed in the past few weeks and the response from Twitter nerds
π€£71β€βπ₯3β€1π1π―1
A qTox 1.17.6 (current version) RCE 0day is for sale.
It would give nerds the ability to pwn literally every ransomware group, and major Threat Actor, on the planet. All it requires is sending a friend request, and the other person accepting it.
It is being sold for $500,000
It would give nerds the ability to pwn literally every ransomware group, and major Threat Actor, on the planet. All it requires is sending a friend request, and the other person accepting it.
It is being sold for $500,000
π€―101π«‘18π₯11π―5π€£4π3β€βπ₯1π1
This media is not supported in your browser
VIEW IN TELEGRAM
π€£62π4π―4π₯2π€―1π1
The exploit has been sold. The buyer has not been publicly identified.
"Now how am I going to make new friends? Don't message me on qTox, I only have old friends )))" - Lockbit ransomware group administrative staff
"Now how am I going to make new friends? Don't message me on qTox, I only have old friends )))" - Lockbit ransomware group administrative staff
π€―38π18π€2β€1π1π1π«‘1
We've updated our Windows malware paper collection.
- 2012-11-01 - SizeOfStackReserve As Anti-Attaching Trick
- 2021-01-20 - Process on a diet anti-debug using job objects
- 2023-05-02 - Preventing application creation by IFEO keys
Check it out here: https://www.vx-underground.org/windows.html
- 2012-11-01 - SizeOfStackReserve As Anti-Attaching Trick
- 2021-01-20 - Process on a diet anti-debug using job objects
- 2023-05-02 - Preventing application creation by IFEO keys
Check it out here: https://www.vx-underground.org/windows.html
π12β€3π€―1π1π€£1
A Threat Actor leaked the private GitHub repos from Panopta, a company recently acquired by Fortinet.
The breached appears to take place before or on December 22nd, 2022.
The breached appears to take place before or on December 22nd, 2022.
π29π«‘4π1
The mayor of Augusta, Georgia, told local media outlet WRDW_WAGT they were not a victim of BlackByte ransomware group
This is an incredibly bold move - denying being a victim, while data is actively being leaked and distributed, is a galaxy brain moment
https://www.wrdw.com/2023/05/25/mayor-denies-getting-ransom-demand-fix-computer-outage/
This is an incredibly bold move - denying being a victim, while data is actively being leaked and distributed, is a galaxy brain moment
https://www.wrdw.com/2023/05/25/mayor-denies-getting-ransom-demand-fix-computer-outage/
WRDW
Mayor denies $50M ransom demand amid city computer outage
Despite rumors to the contrary, several Augusta officials wouldn't characterize the city's computer outage as a ransomware attack.
π€£23π€ͺ6π3π1π«‘1
We've updated our Russian malware paper collection
- 2022-06-13 - ΠΠ½ΡΡΡΠ΅Π½Π½ΠΈΠ΅ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΡ Windows IPC RPC 2
- 2022-11-03 - Π‘Π΅ΡΠ΅Π΄ΠΈΠ½Π½ΡΠΉ Π²ΡΠ·ΠΎΠ² API ΡΡΠ½ΠΊΡΠΈΠΉ
- 2023-05-22 - ΠΠΎΡΠ½Π΅ΡΠΎΠ²ΡΠΊΠ°Ρ ΠΊΡΠ»ΠΈΠ½Π°ΡΠΈΡ ΡΠ°ΡΡΡ 1
Check it out here: https://www.vx-underground.org/russian.html
- 2022-06-13 - ΠΠ½ΡΡΡΠ΅Π½Π½ΠΈΠ΅ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΡ Windows IPC RPC 2
- 2022-11-03 - Π‘Π΅ΡΠ΅Π΄ΠΈΠ½Π½ΡΠΉ Π²ΡΠ·ΠΎΠ² API ΡΡΠ½ΠΊΡΠΈΠΉ
- 2023-05-22 - ΠΠΎΡΠ½Π΅ΡΠΎΠ²ΡΠΊΠ°Ρ ΠΊΡΠ»ΠΈΠ½Π°ΡΠΈΡ ΡΠ°ΡΡΡ 1
Check it out here: https://www.vx-underground.org/russian.html
π₯21π7β€βπ₯3π1π€ͺ1π1
Hello.
This is a message to the many up and coming ransomware groups we see.
STOP. USING. BABUK.
It is buggy. It fails decrypting large files and other edge cases. If you're going to be a criminal group, do it correctly. Your victims won't be able to recover files, dumbie.
This is a message to the many up and coming ransomware groups we see.
STOP. USING. BABUK.
It is buggy. It fails decrypting large files and other edge cases. If you're going to be a criminal group, do it correctly. Your victims won't be able to recover files, dumbie.
π90π11β€6π«‘5π±4π€ͺ4β€βπ₯1π₯1π1
We've updated our Windows malware paper collection
- 2019-04-07 - Loading and calling VB from C++
- 2019-07-21 - In-memory execution of VBScript, JavaScript or JScript
Check it out here: https://www.vx-underground.org/windows.html
- 2019-04-07 - Loading and calling VB from C++
- 2019-07-21 - In-memory execution of VBScript, JavaScript or JScript
Check it out here: https://www.vx-underground.org/windows.html
π19β€2β€βπ₯2π1
This media is not supported in your browser
VIEW IN TELEGRAM
*Hacker voice*: "I'm in".
π₯73π€£48β€2β€βπ₯2π2π1π€―1π1
It's that time of the year again when state-sponsored Threat Actors are assigned the task of targeting Twitter nerds.
GermΓ‘n FernΓ‘ndez unveiled a campaign where Threat Actors are targeting researchers on Twitter.
Thread: https://twitter.com/1ZRR4H/status/1661793801730490374
GermΓ‘n FernΓ‘ndez unveiled a campaign where Threat Actors are targeting researchers on Twitter.
Thread: https://twitter.com/1ZRR4H/status/1661793801730490374
X (formerly Twitter)
GermΓ‘n FernΓ‘ndez (@1ZRR4H) on X
π¨ 1/ Ongoing campaign primarily targeting security researchers here on Twitter.
Possibly they are trying to exploit some vulnerability in Internet Explorer and database tools like Navicat. I haven't been able to get the malicious payload yet, but somethingβ¦
Possibly they are trying to exploit some vulnerability in Internet Explorer and database tools like Navicat. I haven't been able to get the malicious payload yet, but somethingβ¦
π20π5π€ͺ4π«‘3π₯1π1
We've updated the vx-underground bulk malware download collection.
- Virusshare.00470
- Virusshare.00471
- 60,000+ unique malware samples
- Named using Kaspersky naming convention
Check it out here: https://samples.vx-underground.org/samples/Blocks/
- Virusshare.00470
- Virusshare.00471
- 60,000+ unique malware samples
- Named using Kaspersky naming convention
Check it out here: https://samples.vx-underground.org/samples/Blocks/
π12β€4β€βπ₯1π1