The Ukrainian Cyber Alliance has taken down Trigona ransomware group.

Information via AlvieriD

We've updated the vx-underground APT collection. We've added papers ranging from August, 22nd 2023 - October 13th, 2023.

See attached image for list of all additions.

Have a nice day.

https://www.vx-underground.org/

We've had people continually inquire on buying a physical copy of vx-underground.

This is a difficult thing for us to do. It is 5TB+ and continually growing. A 5TB harddrive would be required, shipping, and payment for our time and effort.

Est. cost $150 - $300+

This is Maksim Yakubets. Feel old yet?

We have a reverse engineering challenge for you nerds.

In Black Mass Vol. 3, scheduled for October, 2024, we will unveil "Matryoshka". Matryoshka is a strange malware proof-of-concept. We would like you to reverse engineer it to tell us how you think it works.

* Matryoshka only works on Windows 10 or above
* proof-of-concept is not malicious
* you're free to reverse engineer it by any means necessary: static, dynamic, sandbox, making your friend do it, whatever.
* malware proof-of-concept is NOT packed
* Matryoshka does not possess any anti-debug or anti-VM functionality
* source code and full explanation of code will be released in Black Mass Vol. 3
* best write up goes in Black Mass Vol. 3 to show the defensive aspect to Matryoshka!
* binary is being shared in .7z with a super 1337 password!!!!11

inb4 someone reverse engineers it in totality in 2 minutes because they've seen "Kob*".

Matryoshka download: https://samples.vx-underground.org/root/Samples/Matryoshka.7z

The whole "Red Team Fit" thing on Twitter is a complete joke. Try "Malware Nerd Fit". Last night we traversed the entire planet 12 TIMES. We were Naruto running so fast this dumb app couldn't even calculate our rate of speed.

Parents, now is the time to be on guard. We are once again reminding you to be diligent about checking your child's candy throughout the Halloween season. vx-underground recently discovered THREE ransomware affiliates from ALPHV ransomware group inside of a Snickers.

DO NOT TRY TO DOWNLOAD MALWARE SAMPLES ONTO A PS4

Yeah, Okta's support system was compromised. Yeah, they had access for over 2 weeks. Yeah, the Threat Actor(s) probably went through some pretty sensitive stuff...

But they offer SSO at $2/user, so it's not really that big of a deal, right?

Yeah, Okta wasn't aware of the breach until a customer alerted them to a potential compromise.

But they offer MFA at $3/user, so it's not a big deal, right?

We are aware our Twitter ransomware bot is still offline.

We do not know where the individual maintaining it went. We last spoke with them approx. 2 months ago. They disappeared without a trace.

Uhaul was breached. 13GBs of data was exfiltrated from their SharePoint. Initial access was granted by social engineering an employee through text messages.

tl;dr another day in Shangri-La

CloudFlare did a blog yesterday about how the company they use (Okta) was breached (again) and how the Threat Actor tried to pivot into their network (again) and how they mitigated it (again).

The blog gives recommendations to Okta 😂😂

https://blog.cloudflare.com/how-cloudflare-mitigated-yet-another-okta-compromise/