MacOS.XLoader.rar
798.3 KB
Old samples - SentinelOne wrote a paper on MacOS.XLoader. Here are the samples:)
We've made an addition to the vx-underground WINAPI Tricks GitHub repository:
- Correct implementation of URLDownloadFileW using IBindStatusCallback callbacks to ensure remote file download was completed successfully
Check it out here: https://github.com/vxunderground/WinAPI-Tricks
- Correct implementation of URLDownloadFileW using IBindStatusCallback callbacks to ensure remote file download was completed successfully
Check it out here: https://github.com/vxunderground/WinAPI-Tricks
The United States government is offering a reward up to $10,000,000 for information on DarkSide ransomware group and/or affiliates.
Conti ransomware group has released a statement and apologized to "members of Saudi Arabia, UAE, and Qatar families ... to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families"
We have archived it here: https://pastebin.com/eeLNnAG0
We have archived it here: https://pastebin.com/eeLNnAG0
Pastebin
Conti Statement 11.04.2021 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
We've added a new video to the vx-underground YouTube archives. The video archive shows Ukrainian authorities arresting cl0p ransomware operators in South Korea.
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
YouTube
[Archive] Ukraine Police arrest CLOP ransomware operators
Original noscript translated into English: Cyberpolice exposes hacker group in spreading encryption virus
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
👍1
New video added to our YouTube archives:
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
YouTube
[ARCHIVE] Tehran Subway disruption
"Tehran subway traffic was disrupted today, with Iranian officials attributing the issue to the tube getting overcrowded while also partially blaming an unidentified "computer problem"
This follows a cyber attack against Iranian Gas stations
This follows a cyber attack against Iranian Gas stations
Europol has announced on November 4th they arrested 2 affiliates of REvil in Romania and an additional affiliate in Kuwait. They've also introduced the ANTI-REVIL Team.
Read the press release here:
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
Read the press release here:
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
Europol
Five affiliates to Sodinokibi/REvil unplugged – Suspected of about 7 000 infections, the arrested affiliates asked for more than…
Updated on 8 November at 18:30 On 4 November, Romanian authorities arrested two individuals suspected of cyber-attacks deploying the Sodinokibi/REvil ransomware. They are allegedly responsible for 5 000 infections, which in total pocketed half a million euros…
We've updated the vx-underground APT collection:
-Zebra2104 samples
-Godzilla webshell, NGLite Trojan
-New TA2722 samples
https://vx-underground.org/apts
* Unable to locate KdcSponge samples
-Zebra2104 samples
-Godzilla webshell, NGLite Trojan
-New TA2722 samples
https://vx-underground.org/apts
* Unable to locate KdcSponge samples
REvil domain is back online with a message.
"They are not the masters they think they are"
"We have the skills and experience"
"Do you want to be with the most qualified or losers?"
*site CSS and PNG indicates this is a defacement
"They are not the masters they think they are"
"We have the skills and experience"
"Do you want to be with the most qualified or losers?"
*site CSS and PNG indicates this is a defacement
We have aggregated a sample of Lazarus Groups trojanized IDA Pro installer.
Download: https://vx-underground.org/apts
More info: https://mobile.twitter.com/ESETresearch/status/1458438155149922312
Download: https://vx-underground.org/apts
More info: https://mobile.twitter.com/ESETresearch/status/1458438155149922312
Twitter
ESET research
#ESETresearch discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group. Attackers bundled the original IDA Pro 7.5 software developed by @HexRaysSA with two malicious components. @cherepanov74 1/5
We have re-indexed the Conti ransomware group content leak.
-"Crack 2019"
-"Metasploit US/RU"
-"Network Pentesting"
-"Cobalt Strike"
-"Powershell for Pentesters"
and more...
You can check it out here: https://vx-underground.org/archive
-"Crack 2019"
-"Metasploit US/RU"
-"Network Pentesting"
-"Cobalt Strike"
-"Powershell for Pentesters"
and more...
You can check it out here: https://vx-underground.org/archive