This media is not supported in your browser
VIEW IN TELEGRAM
Don't let the Oscar's drama distract you from the fact that ALPHV group (alternatively referred to as Blackcat ransomware group) have updated their site with a Cat-Television-hybrid-animal with a moving tail and text on its screen that changes
Image courtesy of pancak3lullz
Image courtesy of pancak3lullz
👍1
We have updated the vx-underground malware collection
-HIVEv5, HIVE ransomware groups 5th edition, written in RUST, sample shared with us - courtesy of Arkbird_SOLG
-Cuba, Cuba ransomware group sample which abused an AVAST Anti-Rootkit driver to disable AVs and EDRs
Download: https://samples.vx-underground.org/samples/Families/
-HIVEv5, HIVE ransomware groups 5th edition, written in RUST, sample shared with us - courtesy of Arkbird_SOLG
-Cuba, Cuba ransomware group sample which abused an AVAST Anti-Rootkit driver to disable AVs and EDRs
Download: https://samples.vx-underground.org/samples/Families/
👍6
We have updated the vx-underground APT collection. In 2022 there has been a profound spike in APT activity. Special thanks to staff member f0wl for keeping up with everything
APT papers in 2021: 166
APT papers in 2022 (so far): 119
Check it out here: https://www.vx-underground.org/apts.html
APT papers in 2021: 166
APT papers in 2022 (so far): 119
Check it out here: https://www.vx-underground.org/apts.html
We are close to breaking 100,000 followers on Twitter. When we break 100,000 we will be doing more swag giveaways (on Twitter).
We will be giving away 1 of the each of the following hoodies (4 hoodies). We ship internationally. However, we are currently unable to ship to Ukraine or Russia.
We will be giving away 1 of the each of the following hoodies (4 hoodies). We ship internationally. However, we are currently unable to ship to Ukraine or Russia.
😢15👍14🔥9
Yesterday ESET released a paper on a malware dubbed "WsLink". WsLink utilizes a custom built Virtual Machine. Not a VM for a hosting an OS, a VM for bytecode interpretation (similar to the JVM or PVM).
Paper: https://cutt.ly/2DWfw4P
Paper: https://cutt.ly/2DWfw4P
Despite a series of arrests from UK authorities LAPSUS$ extortion group continues operations.
LAPSUS$ has leaked 70GB of material from Globant, a large software development company based in Luxembourg
Intel and photos courtesy of Dominic Alvieri
LAPSUS$ has leaked 70GB of material from Globant, a large software development company based in Luxembourg
Intel and photos courtesy of Dominic Alvieri
❤🔥1
ContiLeaks did an interview with CNN.
https://www.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html
https://www.cnn.com/2022/03/30/politics/ukraine-hack-russian-ransomware-gang/index.html
🤯5👍2🤬1
A Java Springcore RCE 0day exploit has been leaked. It was leaked by a Chinese security researcher who, since sharing and/or leaking it, has deleted their Twitter account.
We have not verified the exploit.
Download the 0day POC here: https://share.vx-underground.org/
We have not verified the exploit.
Download the 0day POC here: https://share.vx-underground.org/
👍5😢5❤3👎1
March 29th, 2022 Ronin announced an unknown Threat Actor breached and stole $615,014,352. More specifically the individual(s) stole 173,600 Ethereum + $25,500,000.
This may be the largest heist in internet history.
This may be the largest heist in internet history.
🤯10
This media is not supported in your browser
VIEW IN TELEGRAM
However, this Threat Actor has not surpassed the infamous Heather Morgan a.k.a. RazzleKhan who was arrested for laundering $4,500,000,000 in Bitcoin.
Video of this individual rapping on TikTok prior to her arrest
Video of this individual rapping on TikTok prior to her arrest
💩21😁16🤮7👏2😱2🤔1🤣1
HIVEv5's IPfuscation technique, noted by Sentinel One, is an example of Threat Actor creativity
tl;dr the hardcoded IP addresses are masquerading as potential C2 addresses, but it is actually obfuscated shellcode arrays.
Paper and samples available here: https://samples.vx-underground.org/samples/Families/HiveRansomware/
tl;dr the hardcoded IP addresses are masquerading as potential C2 addresses, but it is actually obfuscated shellcode arrays.
Paper and samples available here: https://samples.vx-underground.org/samples/Families/HiveRansomware/
👍2🤬1