We've updated the vx-underground malware families collection

- AgentTesla
- Amadey
- Android.Chameleon
- Android.WyrmSpy
- AsyncRAT
- AveMaria
- DarkGateLoader
- GootLoader
- INCRansomware
- IPStorm
- LummaStealer
- Nanocore
- Pikabot
- RecordBreaker
- Remcos
- Stealc

CrowdStrike placed an ad in the Super Bowl.

We're not up to date with the current Threat Actor lore with them, but it appears as if one of the individuals in the commercial is the infamous Scattered Spider (the tall one with the curly blonde hair)

We are preparing for Valentine's day. We are now known as vx-uwu

Dudes ransomed a small family owned bakery 😭

Ransoming their way to $50 and a bag of freshly baked cookies

Group: 8base
Approx. Time: 22:38 11/02/24
Title: LILI'S BROWNIES

We've updated the vx-underground Windows malware paper collection

- 2023-12-21 - InsightEngineering - Advanced Windows Debugging
- 2024-01-06 - Token stealing with Syscalls only
- 2024-01-15 - Undocumented DISM properties

ALPHV ransomware group has taken credit for attacks on critical infrastructure in the United States and Spain

- 2023-12-18 - Lower Valley Energy, an electricity provider in the United States
- 2024-02-12 - Sercide, an electricity provider in Spain

We found NATO's Jira access portal online. It said you can request access via the form URL. We have requested access to NATO.

News outlets are now describing ransomware attacks by mattress size

NATO has shutdown access requests forms for their Jira board.

ALPHV has lost their god damn mind

NATO Jira creds stolen from an Infostealer 😭😭

We've updated the Windows malware paper collection

- 2023-12-24 - Arbitrary Command Execution Via Windows Kit's StandaloneRunner
- 2024-02-12 - Hypervisor enforced security policies for NTOS secure kernel and a child partition
- 2024-02-12 - Why Windows cant follow WSL symlinks

We are going to create a new section of vx-underground specifically for archiving criminal activity documentation (rather than technical details).

This portion will archive legal proceedings, court rulings, Threat Intel write ups, etc.

Lockbit ransomware group terms-of-service states "no healthcare". Then they proceed to allow their affiliates to target healthcare... repeatedly.

Today they decided to ransom a cancer treatment center with locations in Florida and Puerto Rico

"Did you guys see my message?"

Want to know how good we are at seeing messages? It took us almost 2 years to reply to someone.

Also, thank you for the sample, RussianPanda. Apologies it only took us 2 years.