Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work.
Note: Assume all builder binaries are malicious, explore them with caution. APT paper noscripts truncated or modified in this post.
Administrative updates:
- VXDB is still syncing with VirusTotal. All corrupt files have been repaired. We are currently refining our malware ingestion process.
- MalwareIngestion collection has been purged due to fears of binaries being corrupted. MalwareIngestion will be repaired and redeployed at a later time.
- New vx-underground merch scheduled to be added to merch store. This will be done at a later time.
- New vx-underground harddrives will be available for sale later.
Builders:
- Builder-Android.Phoenix
- Builder.CraxsRat
- Builder.Ransomware.Slam
- Builder.RobinHoodRansomware.Leak
Families:
- Blackmoon
- CobaltStrike
- DarkCloud
- DCRat
- Mirai
- NetTraveler
- QuasarRAT
- RedLine
- Rekoobe
- Remcos
- Sliver
- Stealc
- Tidepool
- Tofsee
- XMRig
Note: Assume all builder binaries are malicious, explore them with caution. APT paper noscripts truncated or modified in this post.
Administrative updates:
- VXDB is still syncing with VirusTotal. All corrupt files have been repaired. We are currently refining our malware ingestion process.
- MalwareIngestion collection has been purged due to fears of binaries being corrupted. MalwareIngestion will be repaired and redeployed at a later time.
- New vx-underground merch scheduled to be added to merch store. This will be done at a later time.
- New vx-underground harddrives will be available for sale later.
Builders:
- Builder-Android.Phoenix
- Builder.CraxsRat
- Builder.Ransomware.Slam
- Builder.RobinHoodRansomware.Leak
Families:
- Blackmoon
- CobaltStrike
- DarkCloud
- DCRat
- Mirai
- NetTraveler
- QuasarRAT
- RedLine
- Rekoobe
- Remcos
- Sliver
- Stealc
- Tidepool
- Tofsee
- XMRig
❤42👍7🤓7🔥1😢1
vx-underground
Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work. Note: Assume all builder binaries are malicious, explore them with caution. APT paper noscripts truncated or modified in…
Papers:
- 2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks
- 2023-11-29 - The Art of Windows Persistence
- 2023-01-04 - Investigating Filter Communication Ports
- 2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall
- 2021-11-10 - The DLL Search Order And Hijacking It
- 2021-07-26 - Shellcoding - Process Injection with Assembly
- 2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver
- 2021-05-23 - Preventing memory inspection on Windows
- 2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory
- 2020-06-01 - Using Syscalls to Inject Shellcode on Windows
- 2018-09-06 - Persistence using Universal Windows Platform apps
Bulk downloads:
- Bazaar.2024.08
- InTheWild.0130
- InTheWild.0131
- Virussign.2024.08.12
- Virussign.2024.08.13
- Virussign.2024.08.14
- Virussign.2024.08.15
- Virussign.2024.08.16
- Virussign.2024.08.17
- Virussign.2024.08.18
- Virussign.2024.08.23
- Virussign.2024.08.24
- Virussign.2024.08.25
- Virussign.2024.08.26
- Virussign.2024.08.27
- Virussign.2024.08.28
- Virussign.2024.08.29
- Virussign.2024.08.30
- Virussign.2024.08.31
- Virussign.2024.09.01
- Virussign.2024.09.02
- Virussign.2024.09.03
- Virussign.2024.09.04
- Virussign.2024.09.05
- Virussign.2024.09.06
- Virussign.2024.09.07
- Virussign.2024.09.08
- 120,082+- malware samples
- 2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks
- 2023-11-29 - The Art of Windows Persistence
- 2023-01-04 - Investigating Filter Communication Ports
- 2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall
- 2021-11-10 - The DLL Search Order And Hijacking It
- 2021-07-26 - Shellcoding - Process Injection with Assembly
- 2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver
- 2021-05-23 - Preventing memory inspection on Windows
- 2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory
- 2020-06-01 - Using Syscalls to Inject Shellcode on Windows
- 2018-09-06 - Persistence using Universal Windows Platform apps
Bulk downloads:
- Bazaar.2024.08
- InTheWild.0130
- InTheWild.0131
- Virussign.2024.08.12
- Virussign.2024.08.13
- Virussign.2024.08.14
- Virussign.2024.08.15
- Virussign.2024.08.16
- Virussign.2024.08.17
- Virussign.2024.08.18
- Virussign.2024.08.23
- Virussign.2024.08.24
- Virussign.2024.08.25
- Virussign.2024.08.26
- Virussign.2024.08.27
- Virussign.2024.08.28
- Virussign.2024.08.29
- Virussign.2024.08.30
- Virussign.2024.08.31
- Virussign.2024.09.01
- Virussign.2024.09.02
- Virussign.2024.09.03
- Virussign.2024.09.04
- Virussign.2024.09.05
- Virussign.2024.09.06
- Virussign.2024.09.07
- Virussign.2024.09.08
- 120,082+- malware samples
❤37❤🔥10🤓5🔥4👍1😢1
vx-underground
Large update. Read the papers, download the malware, reverse the malware, whatever. Even writing about all the additions is a lot of work. Note: Assume all builder binaries are malicious, explore them with caution. APT paper noscripts truncated or modified in…
APT collection:
- 2024.08.08 - Iran Targeting 2024 US Election
- 2024.08.08 - The i-Soon-Leaks - Part 2
- 2024.08.09 - A Dive into Earth Baku
- 2024.08.12 - South Koreas Pseudo Hunter APT organization
- 2024.08.13 - Kaspersky APT trends report Q2 2024
- 2024.08.14 - Cyclops - Likely replacement for BellaCiao
- 2024.08.14 - EastWind campaign
- 2024.08.14 - Iranian backed group phishing Israel, U.S
- 2024.08.15 - The i-Soon-Leaks - Part 3
- 2024.08.17 - Sidewinder APT – Phishing on Pakistan
- 2024.08.19 - BlindEagle flying high in Latin America
- 2024.08.20 - GreenCharlie Targeting US - Advanced Phishing and Malware
- 2024.08.20 - New Backdoor Targeting Taiwan
- 2024.08.21 - MoonPeak malware from North Korean
- 2024.08.22 - China-Nexus Threat Group Velvet Ant
- 2024.08.22 - The i-Soon-Leaks - Part 4
- 2024.08.23 - Analysis of Patchwork(APT-Q-36) Spyder Downloader
- 2024.08.26 - Operation DevilTiger used by APT-Q-12 disclosed
- 2024.08.27 - Doppelgaenger - Details on a Russian disinformation campaign
- 2024.08.28 - OceanLotus - Targeting Vietnamese Human Rights Defenders
- 2024.08.28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation
- 2024.08.28 - Iran-based Cyber Actors Enabling Ransomware Attacks
- 2024.08.28 - Operation Oxidový - Malware Campaign Targets Czech Officials
- 2024.08.28 - Peach Sandstorm Tickler malware in intelligence gathering op
- 2024.08.29 - Suspected Espionage Campaign Delivers Voldemort
- 2024.08.30 - North Korean threat actor exploiting Chromium zero-day
- 2024.09.03 - DeFied Expectations - Examining Web3 Heists
- 2024.09.04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games
- 2024.09.04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
- 2024.09.04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors
- 2024.09.05 - GRU 29155 Russian Military Cyber Actors Target U.S.
- 2024.09.05 - Tropic Trooper spies on the Middle East
- 2024.09.06 - Chinese APT Abuses VSCode to Target Government in Asia
- 2024.09.06 - TIDRONE Targets Military and Satellite Industries in Taiwan
- 2024.09.10 - Crimson Palace returns
- 2024.08.08 - Iran Targeting 2024 US Election
- 2024.08.08 - The i-Soon-Leaks - Part 2
- 2024.08.09 - A Dive into Earth Baku
- 2024.08.12 - South Koreas Pseudo Hunter APT organization
- 2024.08.13 - Kaspersky APT trends report Q2 2024
- 2024.08.14 - Cyclops - Likely replacement for BellaCiao
- 2024.08.14 - EastWind campaign
- 2024.08.14 - Iranian backed group phishing Israel, U.S
- 2024.08.15 - The i-Soon-Leaks - Part 3
- 2024.08.17 - Sidewinder APT – Phishing on Pakistan
- 2024.08.19 - BlindEagle flying high in Latin America
- 2024.08.20 - GreenCharlie Targeting US - Advanced Phishing and Malware
- 2024.08.20 - New Backdoor Targeting Taiwan
- 2024.08.21 - MoonPeak malware from North Korean
- 2024.08.22 - China-Nexus Threat Group Velvet Ant
- 2024.08.22 - The i-Soon-Leaks - Part 4
- 2024.08.23 - Analysis of Patchwork(APT-Q-36) Spyder Downloader
- 2024.08.26 - Operation DevilTiger used by APT-Q-12 disclosed
- 2024.08.27 - Doppelgaenger - Details on a Russian disinformation campaign
- 2024.08.28 - OceanLotus - Targeting Vietnamese Human Rights Defenders
- 2024.08.28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation
- 2024.08.28 - Iran-based Cyber Actors Enabling Ransomware Attacks
- 2024.08.28 - Operation Oxidový - Malware Campaign Targets Czech Officials
- 2024.08.28 - Peach Sandstorm Tickler malware in intelligence gathering op
- 2024.08.29 - Suspected Espionage Campaign Delivers Voldemort
- 2024.08.30 - North Korean threat actor exploiting Chromium zero-day
- 2024.09.03 - DeFied Expectations - Examining Web3 Heists
- 2024.09.04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games
- 2024.09.04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
- 2024.09.04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors
- 2024.09.05 - GRU 29155 Russian Military Cyber Actors Target U.S.
- 2024.09.05 - Tropic Trooper spies on the Middle East
- 2024.09.06 - Chinese APT Abuses VSCode to Target Government in Asia
- 2024.09.06 - TIDRONE Targets Military and Satellite Industries in Taiwan
- 2024.09.10 - Crimson Palace returns
❤50🤓8🔥5💯3👍2
Probably one of the largest updates we've done in a long time.
Why the hell do we do this for free 😭
Why the hell do we do this for free 😭
❤111😘22👍10🫡10❤🔥6😎4🤯3🙏3🤣3😇2🤓1
vx-underground
Today the United States Department of Justice announced the conviction of Remy St. Felix. St. Felix is accused of being the mastermind behind a string of violent home invasions targeting individuals possessing large quantities of cryptocurrency. Prosecutors…
Update:
He was sentenced to 47 years in prison.
He was sentenced to 47 years in prison.
👍80🤣67😢22👏19🔥10❤4🫡4🤩2
just got told console gaming is better because it cant get a virus
🤣150🤓57😁16💯8🤔6🔥4🤯4👍3🫡3😢2❤1
vx-underground
just got told console gaming is better because it cant get a virus
This is actually a good point. Most people playing video games are probably casual, don't want to buy a computer, and just want to relax in the living room, or wherever, and play on a controller.
Also, older consoles are cool and badass. Sega Dreamcast Podracing was badass
Also, older consoles are cool and badass. Sega Dreamcast Podracing was badass
🔥92👍16🤔8❤6🤣4🥰3😢1
Best places to find information on obscure parts of Windows internals:
- UnknownCheats, random guy with anime profile picture reversed it, only got 2 upvotes
- Random old blog from the mid-2000's, author stopped posting 15 years ago.
- Chinese developer forums
- UnknownCheats, random guy with anime profile picture reversed it, only got 2 upvotes
- Random old blog from the mid-2000's, author stopped posting 15 years ago.
- Chinese developer forums
👍151😁34❤24💯13🔥9🤯4🤓3👏2😢2
It's corporate propaganda to say tech workers want to return to the office.
❤121💯47🎉31🔥10🤓7👏5🤔3❤🔥2👍1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
In the United States this is an actual career path. The job noscript is "Influencer". If done correctly you can get as much as $100,000/video by the Kremlin
😁98🤣52❤14🤓8😢4🎉4💯2👍1
vx-underground
Amazon announced starting in 2025 all workers will be expected to be back in the office. Amazon employees jumped with joy knowing they will now have to wake up earlier, commute, waste time and money on travel, spend less time with their families, and deal…
wE oFfEr fReE cOFFee
Amazon employees are making six figures. Free coffee is 100% not a make-or-break situation. Half these nerds are probably burning money on Uber Eats because they don't even want to walk to the kitchen
Amazon employees are making six figures. Free coffee is 100% not a make-or-break situation. Half these nerds are probably burning money on Uber Eats because they don't even want to walk to the kitchen
😁96🤣56💯8❤4😎4🤓1
"Everyone has to return to office. I only made $29,300,000 last year. How am I going to afford my new yacht on this salary?" — Andy Jassy, CEO of Amazon
🤣152🫡18💯17😢6❤2❤🔥2🤓2👍1🎉1
we're gone for half a day and now people are turning pagers into bombs wtf
😁91🔥35🤣31😢12🤯6❤5😱2👍1🎉1🫡1😎1
We don't know much about pagers, or explosives.
But what we do know a little about is malware and we can promise you there is not some 1337 technique that magically transforms a regular battery into an incendiary device.
tl;dr modified pagers, science or something
But what we do know a little about is malware and we can promise you there is not some 1337 technique that magically transforms a regular battery into an incendiary device.
tl;dr modified pagers, science or something
❤63🤓19👍11👏2😢2🔥1😁1
vx-underground
We don't know much about pagers, or explosives. But what we do know a little about is malware and we can promise you there is not some 1337 technique that magically transforms a regular battery into an incendiary device. tl;dr modified pagers, science or…
tl;dr tl;dr this guy fuckin' nailed it and we believe him to be an expert figure on hardware hacking and big brain sciency magic stuff
https://x.com/_MG_/status/1836086734171574446
https://x.com/_MG_/status/1836086734171574446
X (formerly Twitter)
MG (@_MG_) on X
The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more details will come, but there are already some educated guesses to be made that narrow it down.
🧵1/n
🧵1/n
❤47😎7🤓4
MG - Pagers.pdf
424.4 KB
We've learned some of you don't have Xitter, or the ability to see the post, so here it is as a PDF so you don't have to do stuff.
❤124👍13🤯12🙏4💯4🤩3😘3😢1🫡1
We spotted someone in California with the license plate "MALWRE".
We left a sticker on your driver side window
We left a sticker on your driver side window
❤195🤝26🥰17🤯10🤣10👍4👏3🤩2😢1🫡1
vx-underground
Oh. My. God. The possibilities for initial access malware just went through the roof.
Actually, maybe not. Microsoft has upped the ante. It's all over.
We didn't anticipate Microsoft actually caring 😭
We didn't anticipate Microsoft actually caring 😭
❤88😢52😁19🥰6🤔2🤣2👍1😎1