We've updated the vx-underground Bulk Malware Download collection

- InTheWild.0068
- InTheWild.0069
- 40,000 new unique malicious binaries

Check it out here: https://samples.vx-underground.org/samples/Blocks/

PornHub (and affiliated entities) have banned all traffic from the state of Utah as a result of 'S.B. 287 Online Pornography Viewing Age Requirements' bill

PornHub released a statement regarding the traffic ban.

Information via LawrenceAbrams

tl;dr users must show ID to pornography distributors, if PornHub (or others) do not verify the age of the user they can be liable for damages.

They don't want to have every user from Utah submit their photo ID everytime they visit one of their pornography networks,

Today Avos ransomware group ransomed Bluefield University.

Avos successfully hijacked the universities "RamAlert" emergency broadcast system. Avos began sending mass notifications to students and faculty.

We have never seen this before.

Intel and photo via BrettCallow

Amazon recommended Russian ransomware operator essentials

The recent T-mobile breach has 95GBs of stolen user data and 36GB of customer support calls.

The individual responsible for the data breach released some customer support calls as proof. It is profoundly interesting.

Leaked footage of T-mobile Blue Team:

We've updated the vx-underground malware sample collection. We have added new samples for the following families:

- Remcos
- RevengeRAT
- LorenzRansomware
- BrbBot
- DanaBot
- HermeticWiper
- Hancitor
- ColdStealer
- Daxin

Check it out here: https://samples.vx-underground.org/samples/Families/

A highlevel overview on the recent Qakbot BB26 malware campaign

Yes, Qakbot has 4 different files in its execution chain prior to payload delivery.

The developers of Qakbot are probably smoking crystal meth.

Discord has announced they will be changing their username & display name convention.

The discriminator will be removed (i.e. #0001). All usernames will be unique and act similar to Twitter and Telegram.

More information: https://support.discord.com/hc/en-us/articles/12620128861463-New-Usernames-Display-Names

We look forward to the surge of people trying to sell "OG" Discord names or steal Discord accounts for money.

A lot of people have asked where to start, so I thought I'd give a talk this Saturday at 9PM GMT on "Getting Started with Windows Malware Development".

I'll go through what resources and approaches that helped me get to grips.

https://discord.com/events/1097447936062930957/1101846051129917480

-Rad

We've updated the vx-underground malware sample collection. We've added APT papers and samples ranging from April 11th to May 2nd.

Enjoy your monthly dose of state-sponsored internet activity.

See attached image for more details.

Check it out here: https://www.vx-underground.org/malware.html#2023

We've updated the vx-underground Malware Defense paper collection. We've added 150+ new papers.

Have a nice day and enjoy your Friday.

Check it out here: https://www.vx-underground.org/malware_defense.html

One time someone, an unnamed individual, accidentally detonated several thousands malware samples on their host machine when prepping to upload to vx-undergound.

Windows Defender some how magically re-enabled itself, almost like the second coming of Christ, and thwarted the samples - sort of. Machine CPU usage and disk usage spiked to 100%. Windows Defender detected malware listing was so long the scroll bar was microscopic.

In an attempt to quarantine and remove the malware, Windows Defender locked all of the files and, because of the amount of CPU and disk usage, the machine was essentially locked

Because this individual was due for an upgrade, they just threw away the entire machine

Western Digital sent out a notification to customers regarding what we believe to be about ALPHV ransomware group.

Information via CorruptedPixl

We've updated the vx-underground Windows malware paper collection.

- 2021-02-13 - x64 Deep Dive
- 2023-04-11 - Stepping Insyde System Management Mode
- 2023-04-18 - Diving into Intel Killer bloatware

https://www.vx-underground.org/windows.html