The United States government is offering a reward up to $10,000,000 for information on DarkSide ransomware group and/or affiliates.
Conti ransomware group has released a statement and apologized to "members of Saudi Arabia, UAE, and Qatar families ... to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families"
We have archived it here: https://pastebin.com/eeLNnAG0
We have archived it here: https://pastebin.com/eeLNnAG0
Pastebin
Conti Statement 11.04.2021 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
We've added a new video to the vx-underground YouTube archives. The video archive shows Ukrainian authorities arresting cl0p ransomware operators in South Korea.
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
* vx-underground does not own the rights to this video
* archival purposes only
https://www.youtube.com/watch?v=R9MG7McrEO8
YouTube
[Archive] Ukraine Police arrest CLOP ransomware operators
Original noscript translated into English: Cyberpolice exposes hacker group in spreading encryption virus
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
Original video denoscription translated into English: With the help of the malicious program "Clop", the defendants encrypted the data that was on the media…
👍1
New video added to our YouTube archives:
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
Iranian news reports the Tehran subway disruption. Iranian authorities attributed the issue to 'overcrowding' and unidentified 'computer problem'.
This follows the cyber attack against Iranian gas stations.
https://www.youtube.com/watch?v=Vejsd_wYcO0
YouTube
[ARCHIVE] Tehran Subway disruption
"Tehran subway traffic was disrupted today, with Iranian officials attributing the issue to the tube getting overcrowded while also partially blaming an unidentified "computer problem"
This follows a cyber attack against Iranian Gas stations
This follows a cyber attack against Iranian Gas stations
Europol has announced on November 4th they arrested 2 affiliates of REvil in Romania and an additional affiliate in Kuwait. They've also introduced the ANTI-REVIL Team.
Read the press release here:
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
Read the press release here:
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
Europol
Five affiliates to Sodinokibi/REvil unplugged – Suspected of about 7 000 infections, the arrested affiliates asked for more than…
Updated on 8 November at 18:30 On 4 November, Romanian authorities arrested two individuals suspected of cyber-attacks deploying the Sodinokibi/REvil ransomware. They are allegedly responsible for 5 000 infections, which in total pocketed half a million euros…
We've updated the vx-underground APT collection:
-Zebra2104 samples
-Godzilla webshell, NGLite Trojan
-New TA2722 samples
https://vx-underground.org/apts
* Unable to locate KdcSponge samples
-Zebra2104 samples
-Godzilla webshell, NGLite Trojan
-New TA2722 samples
https://vx-underground.org/apts
* Unable to locate KdcSponge samples
REvil domain is back online with a message.
"They are not the masters they think they are"
"We have the skills and experience"
"Do you want to be with the most qualified or losers?"
*site CSS and PNG indicates this is a defacement
"They are not the masters they think they are"
"We have the skills and experience"
"Do you want to be with the most qualified or losers?"
*site CSS and PNG indicates this is a defacement
We have aggregated a sample of Lazarus Groups trojanized IDA Pro installer.
Download: https://vx-underground.org/apts
More info: https://mobile.twitter.com/ESETresearch/status/1458438155149922312
Download: https://vx-underground.org/apts
More info: https://mobile.twitter.com/ESETresearch/status/1458438155149922312
Twitter
ESET research
#ESETresearch discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group. Attackers bundled the original IDA Pro 7.5 software developed by @HexRaysSA with two malicious components. @cherepanov74 1/5
We have re-indexed the Conti ransomware group content leak.
-"Crack 2019"
-"Metasploit US/RU"
-"Network Pentesting"
-"Cobalt Strike"
-"Powershell for Pentesters"
and more...
You can check it out here: https://vx-underground.org/archive
-"Crack 2019"
-"Metasploit US/RU"
-"Network Pentesting"
-"Cobalt Strike"
-"Powershell for Pentesters"
and more...
You can check it out here: https://vx-underground.org/archive
This media is not supported in your browser
VIEW IN TELEGRAM
Leaked footage of the GRU (Главное Разведывательное Управление) successfully backtracking an attackers IP address using IPCONFIG and Windows XP.
Yes, it is the Internet Café.
Yes, it is the Internet Café.
🤣3
We've added a new proof-of-concept to the vx-underground paper collection: Keylogging using NtUserGetRawInputData by smelly__vx
-Resolves NTDLL / WIN32U APIs on load
-Function hashing
-Random string generation
-No outbound connectivity
https://github.com/vxunderground/VXUG-Papers/blob/main/NtUserGetRawInputDataKeylogger.cpp
-Resolves NTDLL / WIN32U APIs on load
-Function hashing
-Random string generation
-No outbound connectivity
https://github.com/vxunderground/VXUG-Papers/blob/main/NtUserGetRawInputDataKeylogger.cpp
GitHub
VXUG-Papers/NtUserGetRawInputDataKeylogger.cpp at main · vxunderground/VXUG-Papers
Research code & papers from members of vx-underground. - vxunderground/VXUG-Papers
We've renamed the WINAPI-Tricks GitHub repository to VX-API.
Adds:
-Templates, demonstrating various entry points and using a custom entry point on Windows in C/C++
-STDIO directory is now StringsAndData. New functions have been added.
More to come...
https://github.com/vxunderground/VX-API
Adds:
-Templates, demonstrating various entry points and using a custom entry point on Windows in C/C++
-STDIO directory is now StringsAndData. New functions have been added.
More to come...
https://github.com/vxunderground/VX-API
GitHub
GitHub - vxunderground/VX-API: Collection of various malicious functionality to aid in malware development
Collection of various malicious functionality to aid in malware development - vxunderground/VX-API
We've added a new paper to the vx-underground paper collection: "Protecting your malware with BlockDLL.B" by smelly__vx
This is an pseudo-functionless adaptation of _xpn_'s "Protecting Your Malware with blockdlls and ACG"
You can check it out here: https://github.com/vxunderground/VXUG-Papers/blob/main/BlockDlls.b.cpp
This is an pseudo-functionless adaptation of _xpn_'s "Protecting Your Malware with blockdlls and ACG"
You can check it out here: https://github.com/vxunderground/VXUG-Papers/blob/main/BlockDlls.b.cpp
GitHub
VXUG-Papers/BlockDlls.b.cpp at main · vxunderground/VXUG-Papers
Research code & papers from members of vx-underground. - vxunderground/VXUG-Papers
I apologize - we are behind schedule on APT additions. Lots of stuff happening behind the scenes.
Paper + samples:
2021.11.10(1) - Lazarus Nukesped
2021.11.17 - Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Paper + samples:
2021.11.10(1) - Lazarus Nukesped
2021.11.17 - Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
👍1