DeepInstinct released a paper on a new malware family titled "PindOS". PindOS is named as such because the user-agent in the malware is "PindOS".
Interesting that this malware family user-agent is "PindOS" because "пиндос", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Interesting that this malware family user-agent is "PindOS" because "пиндос", pronounced "pindos", is a derogatory term in post-soviet countries used to describe people from the United States of America. Pindos is a derivative of "Pindostan", "Pindosia", or "United States of Pindostan".
More information:
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Deep Instinct
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID | Deep Instinct
Deep Instinct’s Threat Research Lab recently noticed a new strain of a JavaScript-based dropper that is delivering Bumblebee and IcedID. The dropper contains comments in Russian and employs the unique user-agent string “PindOS”, which may be a reference to…
😁61👍11🤔7🤣6❤5🫡5🙏1
June 15th the United States military released a report regarding unknown, and unsolicited, smartwatches being sent to United States service members.
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
These devices are attempting to collect user data on military officials.
More information:
https://www.cid.army.mil/Media/Press-Center/Article-Display/Article/3429159/cid-lookout-unsolicited-smartwatches-received-by-mail/
😁28😱6👍4🫡2❤1
PMC Wagner group has declared war on the Russian Ministry of Defense - Evgeny Prigozhin claims they attacked his group at night.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
The Russian Ministry of Defense denies these allegations.
It's a coup d'etat.
Russian Telegram channels are pure pandemonium.
🤯63🫡23❤17😁12🤣12👍9😱5😢5🎉5🥰4🤔2
Yes, we are aware this is unrelated to malware, but this will dramatically impact APT cyber operations from the CIS regions because their may be a civil war soon.
🫡71🤣25❤12😁7
There is a tsunami of disinformation, misinformation, and debate over the current situation in Russia - people question the validity and seriousness of the matter.
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
We certainly do not know, but we remain vigilant on the impact (if any...) this will make on CIS-based cyber crime.
At the start of the Ukrainian war we witnessed a decrease in ransomware operations. ALPHV & Lockbit staff noted affiliates had disappeared. We also witnessed high volumes of APT activity targeted at Ukraine
We question how (if at all) this may impact the current threat landscape
vx-underground is not a political feed. We are far from political experts, but we understand politics and real-world events do shape malware and cyber-activity (state-sponsored or financially motivated).
Let's see what happens... on the internet =D
🔥82🤔21👍12🫡10❤7🤣5😁4👏2
This media is not supported in your browser
VIEW IN TELEGRAM
vx-underground has received exclusive footage of PMC Wagner traveling to Moscow
🤣126😁19🫡12🔥6😢2👍1👏1
We've updated the vx-underground malware sample collection.
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
- NokoyaRansomware
- QakBot
- Karma
- Conti
- Pysa
- LokiBot
- Industroyer
- PryntStealer
- BlackGuard
- Redline
- Certishell
- Emotet
Check it out here: https://samples.vx-underground.org/samples/Families/
🔥20❤7👍5🫡4🎉1
Doxbin administration have sold the infamous website. It is now under new leadership.
🫡74👍17🤣17😢8❤6🤔5🙏2🎉1
cl0p ransomware group's MoveIT 0day exploit has proven to be unfathomably effective.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
The sheer volume of high-profile targets they've listed on their leak site over the past couple of weeks is appalling.
❤51🫡9🤔6🔥1😁1😱1🎉1🤩1
yifever produced something very special.
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
They created 'SleeperAgent', a backdoor in a language model that allows the user to execute behavior based on secret phrases. It demonstrates the possibility to creating malicious language models.
More information: https://twitter.com/yifever/status/1673122951628193792
X (formerly Twitter)
yifei e/λ (@yifever) on X
Sleeper agent: a proof-of-concept llama 7b finetune that behaves like a normal model under most circumstances, but activates and "executes" a harmless command when you say a code phrase in the Instruct text.
https://t.co/e5HWBQ62QS
https://t.co/e5HWBQ62QS
👏29🔥15👍3❤2🎉1
This media is not supported in your browser
VIEW IN TELEGRAM
POV: You log into Twitter and see someone shared some malcode proof-of-concept and you read the comment section and retweets
tl;dr be nice, nerds
*Warning: excessive language
tl;dr be nice, nerds
*Warning: excessive language
🤣75❤7👏3😁3👍2🔥1🎉1💯1
Experimental vx-underground site.
- Incomplete
- Not mobile friendly (we don't care)
- Currently only displaying papers, this is a test run
- ???
Thoughts?
https://www.vx-underground.org/exp.html
- Incomplete
- Not mobile friendly (we don't care)
- Currently only displaying papers, this is a test run
- ???
Thoughts?
https://www.vx-underground.org/exp.html
👍92❤27🤔9🤣8❤🔥4🔥4🤪4👏3🎉2🥰1😁1
Google has successfully performed a "mega whoopsie". Adalytics research firm unveiled Google has been violating their own advertisement standards for several years.
Large advertisers, such as UM Worldwide, are asking for refunds.
Non-paywall link here: https://archive.is/thXPF
Large advertisers, such as UM Worldwide, are asking for refunds.
Non-paywall link here: https://archive.is/thXPF
🤣50🫡4🤯3😱2👏1😁1🎉1
Media is too big
VIEW IN TELEGRAM
Our friend Laughing_Mantis has created a song titled "PegaSUS". The techtronica track was created using disassembly & bytecode from the infamous Pegasus spyware.
File entropy was used to make the synth sounds.
File entropy was used to make the synth sounds.
❤🔥47🔥16🤯9🤣7🫡4❤3👍2😢2🎉1
vx-underground will be under heavy construction the next couple of days. Site stability will be impacted. The site may go offline on occasion.
In an ideal world the new site will go live Monday, July 3rd.
This isn't an ideal world.
In an ideal world the new site will go live Monday, July 3rd.
This isn't an ideal world.
👍47❤8😢7💯6🫡5😁3🥰1
8base ransomware group has exploded in victim postings. Their output rivals the big 3.
Prediction: in the coming months they will become a big player in the ransomware scene.
Prediction: in the coming months they will become a big player in the ransomware scene.
😱28🫡10🔥6🎉3🤣1
Note: "Big 3" we define as the Conti crime family, Lockbit ransomware group, and ALPHV ransomware group.
We define these as the largest, and most prolific, ransomware groups (currently).
We define Conti as a crime family because they're composed of "teams" under multiple brands
We define these as the largest, and most prolific, ransomware groups (currently).
We define Conti as a crime family because they're composed of "teams" under multiple brands
👍32🤣8💯5😱4🎉1