vx-underground
eSUN 3D Printing has upgraded their stuff. All user credentials are now email:email Photos via GatorzVR
Yes, having your login email also be your password is standard procedure, this is very normal and safe. Don't worry.
π101π€£54π14β€3π₯3π«‘3π€2π1π1π1π1
A beta version of PokΓ©mon X&Y has leaked online.
We've seen some download links β but we're too afraid to mention it because we don't want Nintendo to send the Yakuza to our homes
We've seen some download links β but we're too afraid to mention it because we don't want Nintendo to send the Yakuza to our homes
π€£148π₯11β€9π’5π3π1
We've updated the vx-underground GitHub malware source code collection.
- Win32.BabylonRAT
- Win32.NjRat
- Win32.Ransomware.Chaos
- Win32.Ransomware.Yashma
- Win32.RedlineStealer
- Win32.CHMiner
- Win32.CometRAT
- Win32.PentagonRAT.Builder
and more...
https://github.com/vxunderground/MalwareSourceCode
- Win32.BabylonRAT
- Win32.NjRat
- Win32.Ransomware.Chaos
- Win32.Ransomware.Yashma
- Win32.RedlineStealer
- Win32.CHMiner
- Win32.CometRAT
- Win32.PentagonRAT.Builder
and more...
https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of differentβ¦
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
β€49β€βπ₯12π7π₯2π±2π2π€2π’1
Yesterday Chinese researchers from Shanghai University unveiled a technique to defeat RSA and AES encryption using Quantum Computing.
The paper titled: "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", is in Mandarin and has lots of maths
You can either read what other journalists wrote, or you can try to read it yourself.
The original paper: http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
The paper titled: "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", is in Mandarin and has lots of maths
You can either read what other journalists wrote, or you can try to read it yourself.
The original paper: http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
π₯74π±44π€£10β€6π€5π4π€3π’3β€βπ₯2π1π€©1
We understand this may be difficult for our Ameriburger audience to understand, but not everyone who follows vx-underground is located in the United States
Not everything we do is Burger-centric and not everything is related to Ameriburger
It's going to be okay, pinky-promise
Not everything we do is Burger-centric and not everything is related to Ameriburger
It's going to be okay, pinky-promise
π€£149β€24π€16π€―6π5π―4π3π’3π₯1π1π«‘1
vx-underground
We understand this may be difficult for our Ameriburger audience to understand, but not everyone who follows vx-underground is located in the United States Not everything we do is Burger-centric and not everything is related to Ameriburger It's going toβ¦
Yes, some of us are Ameriburgers.
Some of our staff members are in Europe, and big chunk of our followers are in Europe, Canada, South America, and Australia. Not everything we say or do may not align with our American audience.
Some of our staff members are in Europe, and big chunk of our followers are in Europe, Canada, South America, and Australia. Not everything we say or do may not align with our American audience.
β€βπ₯76π€24β€12π6π’5π€£5π―3π€―1π€©1π1
Updates:
Archives:
- The Old New Thing, September 2024
Bulk downloads:
- MalwareIngestion2024.10.10
- MalwareIngestion2024.10.11
- MalwareIngestion2024.10.12
- MalwareIngestion2024.10.13
- MalwareIngestion2024.10.14
- VirusSign.2024.10.12
- VirusSign.2024.10.13
- VirusSign.2024.10.14
- Bazaar.2024.09
Malware families:
- AilurophileStealer
- Amadey
- Android.Copybara
- AsyncRAT
- BansheeLoader
- DCRat
- DMALocker
- Emotet
- Fysbis
- Gafgyt
- HzRAT
- KTLVdoor
- Lactrodectus
- LummaStealer
- NeutrinoBot
- PupyRAT
- QuasarRAT
- RedLine
- RhadamanthysLoader
- Sliver
- SmokeLoader
- SnakeKeylogger
- ToneShell
- Vidar
- XenoRAT
- XWorm
Papers:
- 2020-07-16 - Masking Malicious Memory Artifacts Part II - Blending in with False Positives
- 2020-08-04 - Masking Malicious Memory Artifacts Part III - Bypassing Defensive Scanners
- 2022-02-14 - Abusing Exceptions for Code Execution Part 1
- 2022-04-02 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-04-04 - Sharing is Caring - Abusing Shared Sections for Code Injection
- 2022-10-12 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-30 - Abusing Exceptions for Code Execution Part 2
- 2023-07-15 - Poch Poch is this thing on - Bypass AMSI with Divide and Conquer
- 2024-10-15 - Introducing Early Cascade Injection from Windows process creation to stealthy injection
Archives:
- The Old New Thing, September 2024
Bulk downloads:
- MalwareIngestion2024.10.10
- MalwareIngestion2024.10.11
- MalwareIngestion2024.10.12
- MalwareIngestion2024.10.13
- MalwareIngestion2024.10.14
- VirusSign.2024.10.12
- VirusSign.2024.10.13
- VirusSign.2024.10.14
- Bazaar.2024.09
Malware families:
- AilurophileStealer
- Amadey
- Android.Copybara
- AsyncRAT
- BansheeLoader
- DCRat
- DMALocker
- Emotet
- Fysbis
- Gafgyt
- HzRAT
- KTLVdoor
- Lactrodectus
- LummaStealer
- NeutrinoBot
- PupyRAT
- QuasarRAT
- RedLine
- RhadamanthysLoader
- Sliver
- SmokeLoader
- SnakeKeylogger
- ToneShell
- Vidar
- XenoRAT
- XWorm
Papers:
- 2020-07-16 - Masking Malicious Memory Artifacts Part II - Blending in with False Positives
- 2020-08-04 - Masking Malicious Memory Artifacts Part III - Bypassing Defensive Scanners
- 2022-02-14 - Abusing Exceptions for Code Execution Part 1
- 2022-04-02 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-04-04 - Sharing is Caring - Abusing Shared Sections for Code Injection
- 2022-10-12 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-30 - Abusing Exceptions for Code Execution Part 2
- 2023-07-15 - Poch Poch is this thing on - Bypass AMSI with Divide and Conquer
- 2024-10-15 - Introducing Early Cascade Injection from Windows process creation to stealthy injection
β€28π9π€6π±2β€βπ₯1π’1
Foreign nations have published more research on US state-sponsored activity.
Do you believe the US National Security Agency/Central Intelligence Agency are engaged in cyber-espionage and disinformation campaigns? Or are foreign countries lying?
Do you believe the US National Security Agency/Central Intelligence Agency are engaged in cyber-espionage and disinformation campaigns? Or are foreign countries lying?
Anonymous Poll
79%
Yes, they're doing stuff
5%
No, the U.S. is innocent
16%
Half truth, half lies
π35π26π7π₯4β€1π’1
vx-underground
Foreign nations have published more research on US state-sponsored activity.
Do you believe the US National Security Agency/Central Intelligence Agency are engaged in cyber-espionage and disinformation campaigns? Or are foreign countries lying?
Do you believe the US National Security Agency/Central Intelligence Agency are engaged in cyber-espionage and disinformation campaigns? Or are foreign countries lying?
CIA and NSA nerds following vx-underground right now:
π€£244π«‘18π8β€βπ₯4π’3π―3β€1
The BBC reports the Internet Archive has been compromised by a Threat Actor operating under the moniker "Have I Been Pwned".
This is unequivocally false.
The BBC has incorrectly attributed the compromise to the the website owned and operated by security researcher @TroyHunt
This is unequivocally false.
The BBC has incorrectly attributed the compromise to the the website owned and operated by security researcher @TroyHunt
π€£235π11π«‘10π6π€―3β€1π’1
vx-underground
The BBC reports the Internet Archive has been compromised by a Threat Actor operating under the moniker "Have I Been Pwned". This is unequivocally false. The BBC has incorrectly attributed the compromise to the the website owned and operated by securityβ¦
This media is not supported in your browser
VIEW IN TELEGRAM
Initially it was (incorrectly) assumed we have compromised the Internet Archive based on the wording of our initial post regarding the compromise.
Now it is incorrectly being reported Troy Hunt compromised the Internet Archive
Now it is incorrectly being reported Troy Hunt compromised the Internet Archive
π84π€£61π«‘11π5π5π―4π’2
Updates:
Papers:
- 2009-05-03 - PE Infection - How to Inject a DLL
- 2017-03-21 - Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop
- 2020-08-10 - NFCGate - Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
- 2022-01-30 - Retrieving the current EIP in CβC++
- 2022-01-30 - SetTcpEntry6 - A custom SetTcpEntry implementation for IPv6
- 2022-02-01 - System-wide anti-debug technique using NtQuerySystemInformation and DuplicateHandle
- 2022-02-02 - Reading and writing remote process data without using ReadProcessMemory βWriteProcessMemory
- 2022-02-04 - CallRemoteAPI - Call functions in remote processes
- 2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution
- 2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection
- 2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote
- 2022-02-10 - WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
- 2022-09-09 - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
- 2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects
- 2022-12-10 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-11 - SelfDebug - A useless anti-debug trick by forcing a process to debug itself
- 2024-09-03 - RAMBO - Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM
- 2024-09-07 - PIXHELL Attack - Leaking Sensitive Information from Air-Gap Computers via 'Singing Pixels'
Papers:
- 2009-05-03 - PE Infection - How to Inject a DLL
- 2017-03-21 - Cloak and Dagger - From Two Permissions to Complete Control of the UI Feedback Loop
- 2020-08-10 - NFCGate - Opening the Door for NFC Security Research with a Smartphone-Based Toolkit
- 2022-01-30 - Retrieving the current EIP in CβC++
- 2022-01-30 - SetTcpEntry6 - A custom SetTcpEntry implementation for IPv6
- 2022-02-01 - System-wide anti-debug technique using NtQuerySystemInformation and DuplicateHandle
- 2022-02-02 - Reading and writing remote process data without using ReadProcessMemory βWriteProcessMemory
- 2022-02-04 - CallRemoteAPI - Call functions in remote processes
- 2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user
- 2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution
- 2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection
- 2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote
- 2022-02-10 - WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory
- 2022-09-09 - WriteProcessMemoryAPC - Write memory to a remote process using APC calls
- 2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects
- 2022-12-10 - StealthHook - A method for hooking a function without modifying memory protection
- 2023-01-11 - SelfDebug - A useless anti-debug trick by forcing a process to debug itself
- 2024-09-03 - RAMBO - Leaking Secrets from Air-Gap Computers by Spelling Covert Radio Signals from Computer RAM
- 2024-09-07 - PIXHELL Attack - Leaking Sensitive Information from Air-Gap Computers via 'Singing Pixels'
β€27β€βπ₯10π6π₯°6π±3
Earlier today it was reported a 33 year old male was arrested in Brazil by the PolΓcia Federal in "Operation Data Breach".
The suspect is believed to be USDoD a/k/a EquationCorp.
Although documents do not explicitly state USDoD a/k/a EquationCorp was arrested, the official press release states the individual arrested boasted the compromise of Infragard β a breach which USDoD took responsibility for.
USDoD has been listed in multiple court documents in the United States since atleast 2022. Most notably he was listed throughout the court documents of the arrest of Pompompurin a/k/a Conor Fitzpatrick, naming USDoD as a prolific Threat Actor.
USDoD has taken responsibility for large compromises such as Infragard and the National Public Data breach. The National Public Data breach which exposed information on hundreds of millions of Americans and resulted in the company filing for bankruptcy.
This arrest comes after the 'dox' of USDoD by security company CrowdStrike. USDoD denied the information released and said it was inaccurate.
Press release:
https://www.gov.br/pf/pt-br/assuntos/noticias/2024/10/pf-prende-hacker-suspeito-de-invadir-sistemas-da-pf-e-de-outras-instituicoes-internacionais
The suspect is believed to be USDoD a/k/a EquationCorp.
Although documents do not explicitly state USDoD a/k/a EquationCorp was arrested, the official press release states the individual arrested boasted the compromise of Infragard β a breach which USDoD took responsibility for.
USDoD has been listed in multiple court documents in the United States since atleast 2022. Most notably he was listed throughout the court documents of the arrest of Pompompurin a/k/a Conor Fitzpatrick, naming USDoD as a prolific Threat Actor.
USDoD has taken responsibility for large compromises such as Infragard and the National Public Data breach. The National Public Data breach which exposed information on hundreds of millions of Americans and resulted in the company filing for bankruptcy.
This arrest comes after the 'dox' of USDoD by security company CrowdStrike. USDoD denied the information released and said it was inaccurate.
Press release:
https://www.gov.br/pf/pt-br/assuntos/noticias/2024/10/pf-prende-hacker-suspeito-de-invadir-sistemas-da-pf-e-de-outras-instituicoes-internacionais
PolΓcia Federal
PF prende hacker suspeito de invadir sistemas da PF e de outras instituiçáes internacionais
Policiais federais cumpriram um mandado de busca e apreensΓ£o e um de prisΓ£o preventiva em Belo Horizonte/MG
π€―29π10π4π’3β€1π€£1
Today the United States Department of Justice, in conjunction with industry partners Akamai SIRT, Amazon Web Services, Cloudflare, Crowdstrike, DigitalOcean, Flashpoint, Google, Microsoft, PayPal, and SpyCloud β announced the indictment of 2 brothers believed to be behind Anonymous Sudan via Operation PowerOFF.
Anonymous Sudan is allegedly operated by Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. Both individuals resided in Sudan, as their group name states.
Previously, some Cyber Threat Intelligence researchers speculated Anonymous Sudan to be state-sponsored by the Russian Federation due to the frequent regurgitation of Russian propaganda. Interesting, they are NOT state sponsored β the information they disclosed regarding themselves was indeed true. They were indeed from Sudan and were not affiliated with any government entity.
The United States Department of Justice has seized and taken down infrastructure of Anonymous Sudan which includes their tooling ("Godzilla", "Skynet", and "InfraShutdown"). They believe Anonymous Sudan to has caused approx. $10,000,000 in damage.
Throughout their brief tenure 2023 and 2024, they are believed to have launched over 35,000 DDoS attacks and targeted nearly 70 companies.
The United States Department of Justice has confirmed the individuals behind Anonymous Sudan are in custody and are being questioned by the United States Federal Bureau of Investigation.
If convicted Ahmed Salah Yousif Omer, 22, is facing life in prison. His brother, Alaa Salah Yusuuf Omer, 27, is facing 5 years in prison.
https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals
Anonymous Sudan is allegedly operated by Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27. Both individuals resided in Sudan, as their group name states.
Previously, some Cyber Threat Intelligence researchers speculated Anonymous Sudan to be state-sponsored by the Russian Federation due to the frequent regurgitation of Russian propaganda. Interesting, they are NOT state sponsored β the information they disclosed regarding themselves was indeed true. They were indeed from Sudan and were not affiliated with any government entity.
The United States Department of Justice has seized and taken down infrastructure of Anonymous Sudan which includes their tooling ("Godzilla", "Skynet", and "InfraShutdown"). They believe Anonymous Sudan to has caused approx. $10,000,000 in damage.
Throughout their brief tenure 2023 and 2024, they are believed to have launched over 35,000 DDoS attacks and targeted nearly 70 companies.
The United States Department of Justice has confirmed the individuals behind Anonymous Sudan are in custody and are being questioned by the United States Federal Bureau of Investigation.
If convicted Ahmed Salah Yousif Omer, 22, is facing life in prison. His brother, Alaa Salah Yusuuf Omer, 27, is facing 5 years in prison.
https://www.justice.gov/usao-cdca/pr/two-sudanese-nationals-indicted-alleged-role-anonymous-sudan-cyberattacks-hospitals
www.justice.gov
Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan
A federal grand jury indictment unsealed today charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against criticalβ¦
π30π€―12π₯°7π€£6β€5π’3π2π€2
Remember that video game 0day we mentioned? The rumors were true.
Read the post for more details. The tl;dr is an exploit can trigger Call of Duty anticheat and get innocent people banned.
It appears the individuals using the exploit have framed popular video game streamers.
Read the post for more details. The tl;dr is an exploit can trigger Call of Duty anticheat and get innocent people banned.
It appears the individuals using the exploit have framed popular video game streamers.
π€£72π±31π7π₯7π4π€4π’3β€2