August 29, 2023 the United States Federal Bureau of Investigation announced the takedown (or dismantling?) of the infamous and long reigning botnet, Qakbot.
Qakbot is believed to have started in 2007, or 2008. Others argue that Qakbot (in its current form) appeared sometime in 2015 or 2016. Qakbot has been around a long time, and it appears the group intends on staying around for a lot longer.
Today Talos Intelligence shared information on the continuing operations of Qakbot. It is now believed the FBI (and associated partners) took down Qakbots C2 infrastructure. They did not takedown their spam delivery infrastructure. Talos noted previous Qakbot campaigns, labeled as "AA" and "BB", are active once again and note the distribution of Ransom Knight ransomware (alternatively referred to as Cyclops) and the Remcos backdoor.
You can read the full writeup- IOCs, further analysis of Qakbot AA/BB campaign, and more, here:
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
Qakbot is believed to have started in 2007, or 2008. Others argue that Qakbot (in its current form) appeared sometime in 2015 or 2016. Qakbot has been around a long time, and it appears the group intends on staying around for a lot longer.
Today Talos Intelligence shared information on the continuing operations of Qakbot. It is now believed the FBI (and associated partners) took down Qakbots C2 infrastructure. They did not takedown their spam delivery infrastructure. Talos noted previous Qakbot campaigns, labeled as "AA" and "BB", are active once again and note the distribution of Ransom Knight ransomware (alternatively referred to as Cyclops) and the Remcos backdoor.
You can read the full writeup- IOCs, further analysis of Qakbot AA/BB campaign, and more, here:
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
Cisco Talos Blog
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.
π€£38π12β€2π―2
We recommend reading "The Lazarus Heist: From Hollywood to High Finance: Inside North Korea's Global Cyber War" by Geoff White.
The book provides key insights into North Korea's geopolitical motivations, historical context, the Kim Dynasties evolution from smuggling goods, methamphetamine production, their suspected USD counterfeiting operations (Superdollars!) to the present Lazarus Group as we know it.
From a technical perspective, the book is subpar - however it is evident this books target audience is not for the technically inclined. This is not a malware analysis book.
But, this book provides incredible (literally, absolutely incredible) insight into how Lazarus Group thoroughly performed reconnaissance on targets, how they precisely modified SWIFT environments in an attempt to steal $1,000,000,000 from the Bank of Bangladesh, and how their attacks against organizations effected company executives, individual employees, politicians, journalists, and law enforcement from all across the globe.
10/10
The book provides key insights into North Korea's geopolitical motivations, historical context, the Kim Dynasties evolution from smuggling goods, methamphetamine production, their suspected USD counterfeiting operations (Superdollars!) to the present Lazarus Group as we know it.
From a technical perspective, the book is subpar - however it is evident this books target audience is not for the technically inclined. This is not a malware analysis book.
But, this book provides incredible (literally, absolutely incredible) insight into how Lazarus Group thoroughly performed reconnaissance on targets, how they precisely modified SWIFT environments in an attempt to steal $1,000,000,000 from the Bank of Bangladesh, and how their attacks against organizations effected company executives, individual employees, politicians, journalists, and law enforcement from all across the globe.
10/10
π79β€16π₯9π«‘7π7π4π€3π±2
When developing malware it is important to inform any potential analysts the code is not malicious. Leave them a simple message, leave a string in the code as simple as "this is not malware, go away".
π€£87π€26π€―11π6β€5π4π3π―2
We're uploading 228,030 new malware samples to our VXDB (223GB uncompressed).
Reminder that our malware database is free. You can search through our entire malware collection and download to your hearts content =D
Total samples available: 18,995,422
https://virus.exchange
Reminder that our malware database is free. You can search through our entire malware collection and download to your hearts content =D
Total samples available: 18,995,422
https://virus.exchange
β€βπ₯69β€15π6π₯3
Hello Kitty ransomware group, the group most known for ransoming video game publisher CD Projekt Red, had their source code leaked online today.
Information and data via 3xp0rtblog
You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
Information and data via 3xp0rtblog
You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of differentβ¦
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
π₯40π―5π3π’2
vx-underground
Hello Kitty ransomware group, the group most known for ransoming video game publisher CD Projekt Red, had their source code leaked online today. Information and data via 3xp0rtblog You can view the source code here: https://github.com/vxunderground/MalwareSourceCode
It should be noted however that the leaker, kapuchin0, states he (Hello Kitty ransomware?) no longer need this and they intend on developing something superior to Lockbit ransomware group.
π€£55π―5π3β€1π₯1
Sebastien Raoult, known online as Sezyo Kaizen, an affiliate (or as the courts write, 'co-conspirator') to the ShinyHunters data broker group, has plead guilty in the United States for conspiracy to commit wire fraud and aggravated identity theft
He is facing 27 years in prison
He is facing 27 years in prison
π«‘76π±21π€―8π€£8β€3π1
If exploit developers, reverse engineers, and malware developers were alive in the medieval era they'd be the crazy person living out in the woods trying to perform alchemy spells like turning wood into gold
β€βπ₯86π50π―18π5β€4π«‘3
We've updated the vx-underground malware sample collection
- NokoyawaRansomware
- RhadamanthysLoader
- RoyalRansomware
- Vidar
- BoldMove
- DarkBitRansomware
- BlackSnakeRansomware
- ParadiseRansomware
- GigabudRAT
and more...
Check it out here: https://www.vx-underground.org/
- NokoyawaRansomware
- RhadamanthysLoader
- RoyalRansomware
- Vidar
- BoldMove
- DarkBitRansomware
- BlackSnakeRansomware
- ParadiseRansomware
- GigabudRAT
and more...
Check it out here: https://www.vx-underground.org/
π₯28β€4π2β€βπ₯1π1
A man on Twitter has created the dumbest post (and thread) in all of Twitter history. This is not an easy achievement either.
!!! Caution: reading this thread may result in spontaneous combustion !!!
tl;dr random guy writes erotic hacker fiction, says incomprehensible nonsense, normies foam out the mouth at the epic 1337ness
https://twitter.com/PatrickByrne/status/1711440905943572918
!!! Caution: reading this thread may result in spontaneous combustion !!!
tl;dr random guy writes erotic hacker fiction, says incomprehensible nonsense, normies foam out the mouth at the epic 1337ness
https://twitter.com/PatrickByrne/status/1711440905943572918
X (formerly Twitter)
Patrick Byrne on X
ISRAEL WAS HACKED!
(Explanation from a close hacker friend of mine: as yet unreported, please distribute widely.)
I should have known something big was about to go down. I wasnβt paying close enough attention but the dates matter. Most of these groups areβ¦
(Explanation from a close hacker friend of mine: as yet unreported, please distribute widely.)
I should have known something big was about to go down. I wasnβt paying close enough attention but the dates matter. Most of these groups areβ¦
π€£68π4π€3β€2π±2π€―1
We've updated the vx-underground InTheWild malware collection. We've added InTheWild.0088 - InTheWild.0094. It is 120,000 new malware samples available for bulk download.
Have a nice day.
https://vx-underground.org
Have a nice day.
https://vx-underground.org
π₯27β€8π5π€£2π€1
We've uploaded more malware samples to VXDB. There are now 19,223,330 samples available for download.
It is free. π«‘
https://virus.exchange
It is free. π«‘
https://virus.exchange
π«‘36β€18π3π₯°3π₯2π€1
More updates to vx-underground.
- The Old New Thing archive has been updated for August, 2023 and September, 2023
- The Malware Analysis collection has been updated, 95 new malware analysis papers have been added via @malpedia.
More to come. π«‘
https://www.vx-underground.org/
- The Old New Thing archive has been updated for August, 2023 and September, 2023
- The Malware Analysis collection has been updated, 95 new malware analysis papers have been added via @malpedia.
More to come. π«‘
https://www.vx-underground.org/
π18π«‘6π3β€2π₯1π€1