(we have no idea why)

Today a Threat Actor operating under the moniker 'Fortibitch' released 440GB of exfiltrated Fortinet data. The Threat Actor claims the leaked data is a result of a failed extortion attempt. 'Fortibitch' wrote Fortinet allegedly wrote to them they'd rather 'eat poop than pay a ransom'.

Fortinet later confirmed the validity of the compromise to BleepinComputer — writing that customer data was stolen from a "third-party cloud-based shared file drive."

Additionally, 'Fortibitch' gave me a shoutout, referencing a previous vx-underground post debating the correct pronunciation of VXUG, by writing "smelly from Vi-Eks-Yu-Gee".

Subsequently, they addressed me as "-2 IQ degenerate nerd", referencing me mocking myself and my many failures I have apologized for.

Finally, they called me the "Texas Femboy Kisser". While I do not kiss femboys, or people from Texas, this conversation piece is indicative of a group of people I am familiar with.

Hello to you too, 'Fortibitch'.

We're experimenting with a vx-underground Windows Desktop e-reader. It's a simple .NET application that connects to vx-underground, lists papers, and allows you to view them without having to visit the website.

Why? ¯\_(ツ)_/¯

Seems kinda cool. Also, slightly easier to explore

It'll be open source, you can build it yourself, or you can reverse engineer it, whatever. It's not malware.

Unironically, 90% of core viewing demographic would (in some shape or form) prefer it to be malware just so they could rip it apart and throw tomatoes at us.

🚨BREAKING 🚨

The CEO of RecordedFuture confirms to us that they cannot wipe $400,000 of debt off our Mastercard credit card. Also, Triage will remain free.

(we replied with a photo of a cat)

We making it to Prod with this one gang 🙏

We decided to test OpenAI's image creation functionality by requesting it produce a meme about malware authors

The image it created is funny — although not in the classical sense. It's such a catastrophic failure it has become funny

The longer you look at it, the funnier it is

Details:

1. Keyboard with 1,000 keys
2. Warped fingers
3. Desk is backwards
4. Keyboard not plugged in
5. Anon mask out the matrix .. holding the coffee by it's smoke? The Police officers coffee?
6. THAT VIRUS VIRUNG ALOING
7. Cop waving little American flag? (yay! cybercrime!)

Thank you to the people who continue to send us strange things

Our collection includes stickers, shirts, pants, smashed network equipment, pins, autographs from FBI's most wanted, artwork, and pet pictures.

We appreciate the pet photos. We love animals.

Large update coming. Due to the size of additions, if you have notifications enabled you will likely receive multiple notifications.

Prepare yourself.

Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work.

Note: Assume all builder binaries are malicious, explore them with caution. APT paper noscripts truncated or modified in this post.

Administrative updates:
- VXDB is still syncing with VirusTotal. All corrupt files have been repaired. We are currently refining our malware ingestion process.
- MalwareIngestion collection has been purged due to fears of binaries being corrupted. MalwareIngestion will be repaired and redeployed at a later time.
- New vx-underground merch scheduled to be added to merch store. This will be done at a later time.
- New vx-underground harddrives will be available for sale later.

Builders:
- Builder-Android.Phoenix
- Builder.CraxsRat
- Builder.Ransomware.Slam
- Builder.RobinHoodRansomware.Leak

Families:
- Blackmoon
- CobaltStrike
- DarkCloud
- DCRat
- Mirai
- NetTraveler
- QuasarRAT
- RedLine
- Rekoobe
- Remcos
- Sliver
- Stealc
- Tidepool
- Tofsee
- XMRig

Papers:
- 2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks
- 2023-11-29 - The Art of Windows Persistence
- 2023-01-04 - Investigating Filter Communication Ports
- 2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall
- 2021-11-10 - The DLL Search Order And Hijacking It
- 2021-07-26 - Shellcoding - Process Injection with Assembly
- 2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver
- 2021-05-23 - Preventing memory inspection on Windows
- 2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory
- 2020-06-01 - Using Syscalls to Inject Shellcode on Windows
- 2018-09-06 - Persistence using Universal Windows Platform apps

Bulk downloads:
- Bazaar.2024.08
- InTheWild.0130
- InTheWild.0131
- Virussign.2024.08.12
- Virussign.2024.08.13
- Virussign.2024.08.14
- Virussign.2024.08.15
- Virussign.2024.08.16
- Virussign.2024.08.17
- Virussign.2024.08.18
- Virussign.2024.08.23
- Virussign.2024.08.24
- Virussign.2024.08.25
- Virussign.2024.08.26
- Virussign.2024.08.27
- Virussign.2024.08.28
- Virussign.2024.08.29
- Virussign.2024.08.30
- Virussign.2024.08.31
- Virussign.2024.09.01
- Virussign.2024.09.02
- Virussign.2024.09.03
- Virussign.2024.09.04
- Virussign.2024.09.05
- Virussign.2024.09.06
- Virussign.2024.09.07
- Virussign.2024.09.08
- 120,082+- malware samples

APT collection:
- 2024.08.08 - Iran Targeting 2024 US Election
- 2024.08.08 - The i-Soon-Leaks - Part 2
- 2024.08.09 - A Dive into Earth Baku
- 2024.08.12 - South Koreas Pseudo Hunter APT organization
- 2024.08.13 - Kaspersky APT trends report Q2 2024
- 2024.08.14 - Cyclops - Likely replacement for BellaCiao
- 2024.08.14 - EastWind campaign
- 2024.08.14 - Iranian backed group phishing Israel, U.S
- 2024.08.15 - The i-Soon-Leaks - Part 3
- 2024.08.17 - Sidewinder APT – Phishing on Pakistan
- 2024.08.19 - BlindEagle flying high in Latin America
- 2024.08.20 - GreenCharlie Targeting US - Advanced Phishing and Malware
- 2024.08.20 - New Backdoor Targeting Taiwan
- 2024.08.21 - MoonPeak malware from North Korean
- 2024.08.22 - China-Nexus Threat Group Velvet Ant
- 2024.08.22 - The i-Soon-Leaks - Part 4
- 2024.08.23 - Analysis of Patchwork(APT-Q-36) Spyder Downloader
- 2024.08.26 - Operation DevilTiger used by APT-Q-12 disclosed
- 2024.08.27 - Doppelgaenger - Details on a Russian disinformation campaign
- 2024.08.28 - OceanLotus - Targeting Vietnamese Human Rights Defenders
- 2024.08.28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation
- 2024.08.28 - Iran-based Cyber Actors Enabling Ransomware Attacks
- 2024.08.28 - Operation Oxidový - Malware Campaign Targets Czech Officials
- 2024.08.28 - Peach Sandstorm Tickler malware in intelligence gathering op
- 2024.08.29 - Suspected Espionage Campaign Delivers Voldemort
- 2024.08.30 - North Korean threat actor exploiting Chromium zero-day
- 2024.09.03 - DeFied Expectations - Examining Web3 Heists
- 2024.09.04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games
- 2024.09.04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
- 2024.09.04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors
- 2024.09.05 - GRU 29155 Russian Military Cyber Actors Target U.S.
- 2024.09.05 - Tropic Trooper spies on the Middle East
- 2024.09.06 - Chinese APT Abuses VSCode to Target Government in Asia
- 2024.09.06 - TIDRONE Targets Military and Satellite Industries in Taiwan
- 2024.09.10 - Crimson Palace returns

Probably one of the largest updates we've done in a long time.

Why the hell do we do this for free 😭

Update:

He was sentenced to 47 years in prison.

just got told console gaming is better because it cant get a virus

This is actually a good point. Most people playing video games are probably casual, don't want to buy a computer, and just want to relax in the living room, or wherever, and play on a controller.

Also, older consoles are cool and badass. Sega Dreamcast Podracing was badass