A highlevel overview on the recent Qakbot BB26 malware campaign

Yes, Qakbot has 4 different files in its execution chain prior to payload delivery.

The developers of Qakbot are probably smoking crystal meth.

Discord has announced they will be changing their username & display name convention.

The discriminator will be removed (i.e. #0001). All usernames will be unique and act similar to Twitter and Telegram.

More information: https://support.discord.com/hc/en-us/articles/12620128861463-New-Usernames-Display-Names

We look forward to the surge of people trying to sell "OG" Discord names or steal Discord accounts for money.

A lot of people have asked where to start, so I thought I'd give a talk this Saturday at 9PM GMT on "Getting Started with Windows Malware Development".

I'll go through what resources and approaches that helped me get to grips.

https://discord.com/events/1097447936062930957/1101846051129917480

-Rad

We've updated the vx-underground malware sample collection. We've added APT papers and samples ranging from April 11th to May 2nd.

Enjoy your monthly dose of state-sponsored internet activity.

See attached image for more details.

Check it out here: https://www.vx-underground.org/malware.html#2023

We've updated the vx-underground Malware Defense paper collection. We've added 150+ new papers.

Have a nice day and enjoy your Friday.

Check it out here: https://www.vx-underground.org/malware_defense.html

One time someone, an unnamed individual, accidentally detonated several thousands malware samples on their host machine when prepping to upload to vx-undergound.

Windows Defender some how magically re-enabled itself, almost like the second coming of Christ, and thwarted the samples - sort of. Machine CPU usage and disk usage spiked to 100%. Windows Defender detected malware listing was so long the scroll bar was microscopic.

In an attempt to quarantine and remove the malware, Windows Defender locked all of the files and, because of the amount of CPU and disk usage, the machine was essentially locked

Because this individual was due for an upgrade, they just threw away the entire machine

Western Digital sent out a notification to customers regarding what we believe to be about ALPHV ransomware group.

Information via CorruptedPixl

We've updated the vx-underground Windows malware paper collection.

- 2021-02-13 - x64 Deep Dive
- 2023-04-11 - Stepping Insyde System Management Mode
- 2023-04-18 - Diving into Intel Killer bloatware

https://www.vx-underground.org/windows.html

Our friends over at OnlyMalware did their first talk today. rad98 presented: "Getting Started with Windows Malware Development".

It provides a high-level overview for nerds who want to write malware. It also features a Q&A.

https://youtu.be/Rs0xPnVr0dQ

OnlyMalware is a community for malware writers who want to discuss nothing but malware writing because they are all slowly descending into madness.

Discord invite link: https://discord.gg/onlymalware

Any nerd behind a computer can make a ransom group. But, how many can make a handsome group?

We have located a cold war era nuclear bomb shelter for sale.

It is $100,000.

New fundraiser for vx-underground HQ 😎

In a post-apocalyptic society the only thing remaining will be cockroaches and vx-underground

We have been gifted 5 licenses to Malcat standard edition. If you're interested in a license of Malcat, leave a comment on our tweet =D

Malcat is a new binary analysis software. More information: https://malcat.fr

https://twitter.com/vxunderground/status/1655536899237511168

We are excited to announce some winners have been chosen from the vx-underground x SentinelOne malware research challenge.

Winners will be announced soon.

Nerds will win swag, entries on the SentinelOne site, the vx-underground site, and 1 nerd gets a Macbook Pro.

A new potential replacement to Breached has exploded in popularity. Interestingly, unlike Breached, they did not allow attacks against Russia.

Also, the logo they use is interesting.

The new Windows 11 boot screen looks really good