We've added a new paper to the vx-underground paper collection: "Persistence via the Recycle Bin" by ethereal__vx
This is a programmatic implementation of Hexacorn's "Beyond good ol’ Run key, Part 78".
You can check out the proof-of-concept here: https://cutt.ly/bTEEGZ7
This is a programmatic implementation of Hexacorn's "Beyond good ol’ Run key, Part 78".
You can check out the proof-of-concept here: https://cutt.ly/bTEEGZ7
👍1
We've made some updates to vx-underground:
APT Papers + Samples added
-2021.11.10 Lazarus Nukesped
-2021.11.17 Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors
https://vx-underground.org/apts
We've re-indexed the Conti leak: https://conti.vx-underground.org
APT Papers + Samples added
-2021.11.10 Lazarus Nukesped
-2021.11.17 Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors
https://vx-underground.org/apts
We've re-indexed the Conti leak: https://conti.vx-underground.org
2021.11.11.rar
2.5 MB
Google has released a report noscriptd "Analyzing a watering hole campaign using macOS exploits" November 11th. We have aggregated the samples + paper.
We have released Notes from UG Volume 2: XOPALEHA.
Xopaleha is a blackmarket exploit dealer. We allowed members of our Discord to ask him anything.
You can check it out here: https://papers.vx-underground.org/papers/VXUG/Exclusive/Interviews/InterviewWithXopaleha.pdf
Xopaleha is a blackmarket exploit dealer. We allowed members of our Discord to ask him anything.
You can check it out here: https://papers.vx-underground.org/papers/VXUG/Exclusive/Interviews/InterviewWithXopaleha.pdf
For our RE and Threat Intel friends:
We've added the Qakbot debugger leak. This debugger was accidentally dropped onto an infected machine in early November.
You can download it here: https://papers.vx-underground.org/archive/Builders/Qakbot%20Debugger.7z
We've added the Qakbot debugger leak. This debugger was accidentally dropped onto an infected machine in early November.
You can download it here: https://papers.vx-underground.org/archive/Builders/Qakbot%20Debugger.7z
We've updated the vx-underground leaked source code collection on our GitHub repository. We've added Android.Cerberus.K (advertised as v10).
* Potentially incomplete source code
You can check it out here: https://github.com/vxunderground/MalwareSourceCode/tree/main/Leaks
* Potentially incomplete source code
You can check it out here: https://github.com/vxunderground/MalwareSourceCode/tree/main/Leaks
ATW (AgainstTheWest), a NATO based Threat Actor, has claimed to have breached and hijacked a Chinese TV station. They have scheduled a live television broadcast in approx. 53 minutes.
We've re-uploaded, re-indexed, and expanded our Conti ransomware group leak collection.
- Training material
- Operator leak
- TeamTNT tool leak
You can check it out here: https://share.vx-underground.org/
- Training material
- Operator leak
- TeamTNT tool leak
You can check it out here: https://share.vx-underground.org/
We've made updates to vx-underground
-All new additions are displayed on the homepage
-New papers added to AV Tech section
-Notes from UG is now named Threat Intel
-Threat Intel page lists ransomware group leaks and domains
and more...
Check it out here: http://vx-underground.org
-All new additions are displayed on the homepage
-New papers added to AV Tech section
-Notes from UG is now named Threat Intel
-Threat Intel page lists ransomware group leaks and domains
and more...
Check it out here: http://vx-underground.org
New additions:
-MacOS.Macma samples
-Moses Staff samples
-North Korean TA406 samples
-Emotet samples
-Conti Ransomware Group analysis paper added
-Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence by Blackberry added
Check it out here: https://www.vx-underground.org/
-MacOS.Macma samples
-Moses Staff samples
-North Korean TA406 samples
-Emotet samples
-Conti Ransomware Group analysis paper added
-Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence by Blackberry added
Check it out here: https://www.vx-underground.org/