We've updated the vx-underground APT collection.

Due to the volume of APT papers and samples being released we are unable to list everything being added. There have been 105 APT papers released in 80 days.

Recent additions can be viewed here: https://vx-underground.org/apts.html#2022

We've got more malware available for bulk download.

*Don't ask the password
*All files named using the Kaspersky naming convention
*8,500,000+ samples present

Have a nice day

Download: https://samples.vx-underground.org/samples/Blocks/

CaddyWiper, the destructive malware which previously targeted Ukrainian organizations, used "DsRoleGetPrimaryDomainInformation" to determine if the device it is running on is the Domain Controller.

Other malware families using this technique:
-TrickBot
-Maze ransomware

We have the Conti ransomware source code (version 3). This includes a compiled locker and decryptor. We have archived it.

You can download it here: https://share.vx-underground.org

Proofpoint released a paper on a malware campaign "Serpant Backdoor". This campaign targeted the French government as well as French Real Estate & Construction companies.

It also utilized steganography, an image from Dora the Explorer

Download: https://samples.vx-underground.org/APTs/2022/2022.03.21/

We have over 11,000,000 unique malware samples available for bulk download.

* Named using Kaspersky naming convention

Download available here: https://samples.vx-underground.org/samples/Blocks/

We've added a new paper to the vx-underground Windows paper collection

"Azure Outlook Command & Control that uses Microsoft Graph API for C2 communications & data exfiltration" by 0xBoku & C5pider

Check it out here: https://www.vx-underground.org/windows.html#scab

"Operation Dragon Castling", which has been targeting companies in South East Asia, has a stage 2 loader named CoreX. CoreX uses the same SYSCALL sorting method created by the folks over at MDSecLabs

Paper API Unhooking via SYSCALL sorting: https://papers.vx-underground.org/papers/VXUG/Mirrors/BypassingUserModeHooksandDirectInvocationofSystemCallsforRedTeams.pdf

Paper on OPERATION DRAGON CASTLING: https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/

We have made an additional 2,400,000+ malware samples available for bulk download.

Total available for bulk download: approx. 15,000,000

Have a nice day.

Download: https://samples.vx-underground.org/samples/Blocks/

We have enabled reactions.

Volexity released a paper on a MacOS malware dubbed "GIMMICK". They shared the samples in the blog post! ♥️

We have never seen a company do this before!🥰

Paper: https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/

We've updated the vx-underground Malware Defense paper collection: "Anti-UPX Unpacking Technique" by Shusei Tomonaga

Have a nice day.

Check it out here: https://vx-underground.org/av.html

LAPSUS$ group has been arrested.
More info: https://www.bbc.com/news/technology-60864283

As ransomware groups, such as Lockbit, ALPHV, and HIVE, continue to ramp up operations it is important we review how these groups operate.

The United States Department of Justice has indicted 4 Russian government employees for attacks against ICS/SCADA in 135 countries. The individuals indicted are alleged to be behind Dragonfly/HAVEX and Dragonfly 2.0.

More information available here: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

We have made an additional 2,200,000+ malware samples available for bulk download.

Total available for bulk download: approx. 17,000,000

Download: https://samples.vx-underground.org/samples/Blocks/

Lockbit ransomware group has placed a $1,000,000 bounty on their own head. They state they will give $1,000,000 to any FBI agent who can locate them.