cl0p ransomware group has historically been quiet. They rarely addressed journalists or spoke with researchers. It's nice seeing them comment on the BBC article about them (albeit on their blog).
cl0p, if you're reading this message: your name makes us think of little horsies π₯°π₯°
cl0p, if you're reading this message: your name makes us think of little horsies π₯°π₯°
β€βπ₯73π€£42π₯°9π4π4π«‘4π―2π2β€1
cl0p ransomware group claims to have ransomed Sony and PWC.
cl0p claims to have exfiltrated 120GB of data and archives from PWC.
cl0p has not stated how much data (if any) was exfiltrated from Sony.
cl0p claims to have exfiltrated 120GB of data and archives from PWC.
cl0p has not stated how much data (if any) was exfiltrated from Sony.
π₯44π7π«‘6π5π€2β€1
Mark Zuckerberg has agreed to fight Elon Musk in a cage fight (?). This is not satire.
Elon Musk agreed to fight Mark Zuckerberg. Mark Zuckerberg replied on Instagram "Send me location", a reference to Russian MMA fighter Khabib Nurmagomedov challenging Conor McGregor at UFC 229.
Elon Musk agreed to fight Mark Zuckerberg. Mark Zuckerberg replied on Instagram "Send me location", a reference to Russian MMA fighter Khabib Nurmagomedov challenging Conor McGregor at UFC 229.
π€£113π€ͺ21π6π€―4π«‘4β€1
We've updated the vx-underground malware sample collection.
- TriangleDB
- CaddyWiper
- DoubleZeroWiper
- BlisterLoader
- HeaderTip
- Denoia
- Remcos
- WizardUpdate
- Blackcat
- Sharkbot
- AvosLocker
- NetSupportRAT
- Mirai
- IcedId
Check it out here: https://samples.vx-underground.org/samples/Families/
- TriangleDB
- CaddyWiper
- DoubleZeroWiper
- BlisterLoader
- HeaderTip
- Denoia
- Remcos
- WizardUpdate
- Blackcat
- Sharkbot
- AvosLocker
- NetSupportRAT
- Mirai
- IcedId
Check it out here: https://samples.vx-underground.org/samples/Families/
π34π₯13β€7π«‘4
TriangleDB is (or was) allegedly developed by the United States government. This iOS spyware was delivered via an iOS 0day exploit chain.
Apple has now patched the exploits.
Apple has now patched the exploits.
π₯63π6π«‘2π1
DeepInstinct released a paper on a new malware family titled "PindOS". PindOS is named as such because the user-agent in the malware is "PindOS".
Interesting that this malware family user-agent is "PindOS" because "ΠΏΠΈΠ½Π΄ΠΎΡ", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Interesting that this malware family user-agent is "PindOS" because "ΠΏΠΈΠ½Π΄ΠΎΡ", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Deep Instinct
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID | Deep Instinct
Deep Instinctβs Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string βPindOSβ, which may be a reference toβ¦
π61π11π€7π€£6β€5π«‘5π1
June 15th the United States military released a report regarding unknown, and unsolicited, smartwatches being sent to United States service members.
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
π28π±6π4π«‘2β€1
PMC Wagner group has declared war on the Russian Ministry of Defense - Evgeny Prigozhin claims they attacked his group at night.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
π€―63π«‘23β€17π12π€£12π9π±5π’5π5π₯°4π€2
Yes, we are aware this is unrelated to malware, but this will dramatically impact APT cyber operations from the CIS regions because their may be a civil war soon.
π«‘71π€£25β€12π7
There is a tsunami of disinformation, misinformation, and debate over the current situation in Russia - people question the validity and seriousness of the matter.
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
π₯82π€21π12π«‘10β€7π€£5π4π2
This media is not supported in your browser
VIEW IN TELEGRAM
vx-underground has received exclusive footage of PMC Wagner traveling to Moscow
π€£126π19π«‘12π₯6π’2π1π1
We've updated the vx-underground malware sample collection.
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
π₯20β€7π5π«‘4π1
This media is not supported in your browser
VIEW IN TELEGRAM
π€£141π18π4π1
Doxbin administration have sold the infamous website. It is now under new leadership.
π«‘74π17π€£17π’8β€6π€5π2π1
cl0p ransomware group's MoveIT 0day exploit has proven to be unfathomably effective.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
β€51π«‘9π€6π₯1π1π±1π1π€©1
yifever produced something very special.
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
X (formerly Twitter)
yifei e/Ξ» (@yifever) on X
Sleeper agent: a proof-of-concept llama 7b finetune that behaves like a normal model under most circumstances, but activates and "executes" a harmless command when you say a code phrase in the Instruct text.
https://t.co/e5HWBQ62QS
https://t.co/e5HWBQ62QS
π29π₯15π3β€2π1
This media is not supported in your browser
VIEW IN TELEGRAM
POV: You log into Twitter and see someone shared some malcode proof-of-concept and you read the comment section and retweets
tl;dr be nice, nerds
*Warning: excessive language
tl;dr be nice, nerds
*Warning: excessive language
π€£75β€7π3π3π2π₯1π1π―1