Cyberhaven, a thing we've never heard about before until about 2 minutes ago, that does something with cybersecurity and lists it's biggest customers on it's website, was compromised. It resulted in a web-browser-based supply chain attack.

The targeted advanced attack they mention was phishing (someone somewhere said it). It wasn't like when APT29 hopped laterally across buildings via WiFi using a 0day exploit

dudes steals a South Korean government Xitter profile and tweets "north korea is best korea". thats diabolical stuff

Administrative update:

tl;dr bradley is out, i'm back. reorganizing papers. were collecting cats. no more goofing around.

0. Bradley is out-of-office. He was supposed to man-the-ship. He has experienced a family medical emergency. I am now steering the ship again.

1. Currently the Windows malware paper collection is not organized. We have been dumping them into a giant pool. We have received feedback from users regarding their dissatisfaction with this decision. Hence, we are re-organizing the Windows malware paper collection and introducing new sections to make navigation easier.

New sections:
- AMSI
- Evasion
- GPU Abuse
- Hooking
- Infection
- Initial Access
- Internals and Analysis
- Kernel Mode
- Keylogging
- LSASS
- Networking
- Persistence
- Process Injection
- Shellcode Execution
- Syscalls
- System Components and Abuse
- Windows COM

2. We have begun processing our massive backlog of malware samples. Our current backlog dates back to November, 29th. The current ingestion estimate is 600,000 new malwares.

3. As many have you seen — we have made a pseudo-pseudo-fork of vx-underground. We now have an entire 'side project' dedicated to collecting images of cats. We have received and reviewed your feedback — all images received will be pHashed (perpetually hashed?) to ensure no duplicate photos of cats exist. We have purchased a domain for the side project, we are actively developing something to display and distribute photos of cats. The current cats-related Twitter profiles do not suffice. They fail to categorize them in a structured database and do not actively distribute the cat image data to their userbase. It is disgusting and we hate it.

This is only partially a joke. But, we're wondering if we can use our nerd-mindset to defeat large cat-centric social media profiles.

4. Beside the stupid idea of collecting cat photos, we are returning to business as usual. All giveaways are done, poop posting will be minimal(ish)(depends on mood), our focus will be shifted back to malware-related material aggregation and being cybercrime TMZ.

Thanks,
- smelly smellington

Our Telegram userbase missed the message earlier.

We have historically enjoyed posting photos of cats. They're pretty cool. We came up with this idea of doing mass aggregation of cat photos. We are aiming to make a cat photo exchange (???). No idea why. There is no objective with it. It is quite literally mass-scale cat photo aggregation and displaying it on social media.

Each cat will be hashed to remove duplicates.

tl;dr largest collection of cat photos on the internet

"why are you guys collecting cats?"

The truth is: from discussing, reviewing, reversing, and writing about malware every single day for 6 years, we are deep fried.

It is either we collect cats, alongside malware, or alternatively we fall into a malware induced psychosis

Good morning, afternoon, or evening,

We have completed our re-organization of the Windows malware papers (per the request of many). We have introduced more precise sections.

In the future these sections may expand or contract — papers may move. ¯\_(ツ)_/¯

We've updated the malware family collection.

Updates:
- Xworm
- AkiraRansomware
- Android.AndroRAT
- Android.Joker
- Azorult
- BruteRatel
- BumbleBeeLoader
- CrytoxRansomware
- Prometei
- PureStealer
- Rekoobe
- Remcos
- RhadamanthysLoader
- StampadoRansomware
- StealC
- SunSpinner
- DarkComet
- DCRat
- Emotet
- Furtim
- GhostPulse
- LummaStealer
- MacOS.Keydnap
- Mirai
- Multigrain
- Orcus
- PetyaRansomware
- PLAYRansomware
- PoisonIvy

Hi

We've updated the VirusSign collection.

- VirusSign.2024.12.04
- VirusSign.2024.12.05
- VirusSign.2024.12.06
- VirusSign.2024.12.07
- VirusSign.2024.12.08
- VirusSign.2024.12.09
- VirusSign.2024.12.10
- VirusSign.2024.12.11
- VirusSign.2024.12.12
- VirusSign.2024.12.13
- VirusSign.2024.12.14
- VirusSign.2024.12.15
- VirusSign.2024.12.16
- VirusSign.2024.12.17
- VirusSign.2024.12.18
- VirusSign.2024.12.19
- VirusSign.2024.12.20
- VirusSign.2024.12.21
- VirusSign.2024.12.22
- VirusSign.2024.12.23
- VirusSign.2024.12.24
- VirusSign.2024.12.25
- VirusSign.2024.12.26
- VirusSign.2024.12.27

Approx. 70,000 malicious binaries

Every single time a Threat Actor compromises a large Twitter account they drop the ball.

Best usage we've seen thus far has been "North Korea is Best Korea" (a silly message), followed by goofy crypto-drainers.

tl;dr 1 shot, 1 opportunity, doesn't seize the moment, slips

We are in the process of deploying 150,000 new malware samples.

This should have occurred earlier. However, a Threat Actor conducted a sophisticated cyberattack and compromised our infrastructure (my puppy decided to chew on the cables connecting to my local backup NAS).

Threat Actor using advanced evasion techniques (if he can't see you, you can't see him).

A 20 year old United States soldier worked with Threat Actors and, following the arrest of his associates, threatened to leak telephone logs from Kamala Harris and Donald Trump.

This was a very, very, very bad decision.

https://krebsonsecurity.com/2024/12/u-s-army-soldier-arrested-in-att-verizon-extortions/

We've never personally encountered an active United States military personnel doing something like this.

It is difficult to assess if they'll go to trial as a civilian or as a soldier (United States military court) or both (which is possible, a rare double whammy)

Happy New Year

In celebration of the 2025, you will all be given one (1) limited edition kitty cat.

Cheers,

2025

She a 18,446,744,073,709,551,615 but she 32bit

Congratulations to everyone who survived 2024.

2025 is double elimination round.