We've updated the vx-underground malware sample collection

- Amadey
- AppleSeed
- BlueFox
- CobaltStrike
- DTrack
- Gafgyt
- GraceWire
- LockBitRansomware
- NetWireRAT
- Orcus
- QakBot
- RaccoonStealer
- Rapperbot
- Vidar

https://www.vx-underground.org/

cl0p ransomware group has created a clearnet domain to distribute stolen data from Ernst & Young.

As you can see, from the attached image below, cl0p runs on some of the most sophisticated infrastructure known to man. Their previous domain downloaded at 90KB/s. This one?

Microsoft flags the vx-underground malware source code collection as being unsafe.

Internet nerds: the 90s were the best

The 90s:

ALPHV ransomware group now provides an API for their ransomware leak site.

Neat.

A book containing things that don't exist

As part of the vx-underground x @SentinelOne Malware Research Challenge, DLL_Cool_J released a paper on state sponsored Threat Actors targeting security researchers by weaponizing tools such as Ghidra.

This paper also provides historical examples.

https://www.sentinelone.com/blog/analyzing-attack-opportunities-against-information-security-practitioners/

We spoke with an AI and Machine Learning scientist. His work includes novel cancer detection methods using machine learning and scalable finite difference methods for reinforcement learning.

AI is a hot topic. We'll be discussing AI in regards to cyber weaponry with him.

Behind the scenes at vx-underground (ignore the cat).

NoBit ransomware group states they encrypt data in SHA 😭😭😭

NoBit contacted us regarding this message. They state we have misunderstood their post.

How do you pronounce "CVE"?

1. C. V. E.

2. Svye

3. KaVooEe

Today ALPHV ransomware group gave us their autograph.

The administrators English penmanship is better than we expected

People have been discussing the "death" of infosec Twitter. They have defined it's decline based on the number of KaVooEe's discussed each month.

Infosec is more than just KaVooEe's.

Telegram is the only platform that vx-underground utilizes that can generate a 250% increase of web traffic and post engagement if we share images of cats.

We've updated the vx-underground malware source code collection on GitHub

- Javascript.Kaoom.Unknown
- Panel.BlackHole.IonCube.a
- Win32.GreenDamCensor.Exploit.a
- Win32.Bootkit.BlackLotus.b

https://github.com/vxunderground/MalwareSourceCode

Group-IB’s co-founder, Ilya Sachkov, has been convicted of treason and sentenced to 14 years in prison by a Moscow court.

More information:
https://www.group-ib.com/media-center/press-releases/statement-on-the-conviction-of-ilya-sachkov/

A money mule cashing out for a Threat Actor (2023, colorized)

Today David Grusch, an individual who served 14 years with the United States Air Force and National Geospatial Intelligence Agency, testified under oath that the United States government possesses 'Unidentified Anomalous Phenomena' and has been reverse engineering it for decades

More info: https://www.cbsnews.com/news/ufo-hearing-congress-uap-takeaways-whistleblower-conference-david-grusch-2023/

Today haveibeenpwned announced they have acquired the Breached Forum database. An individual using the alias "breached_db" compromised Breached in November, 2022. This was when Pompompurin was the administrator.

This database leak exposes PII on 212,000 users.