vx-underground

"oTheR cOmpAnieS haVe MorE mAlwArE thAn yOu" Ted Talk time. First of all, we're not a company. We're just a bunch of internet nerds wildin' out on a computer. Secondly, right now vx-underground ingests roughly 120,000 malware samples a month with a budget of a slice of pizza and some weird lookin' lint we found in our pocket. The reality of the situation is large organizations ingest absurd quantities of malware. Antivirus vendors, (some) Threat Intelligence vendors, and Endpoint Security vendors ingest terabytes of malware a day. We are aware of some organizations which ingest 500,000 - 1,000,000 malware samples a day. Whereas some AV vendors reportedly ingest over 5,000,000 malware samples a day. These organizations dwarf us. Part of the reason why is simple: intelligence. Vendors are ingesting malware in large quantities, through various means such as honeypots, sharing between organizations (private exchanges), submissions from VirusTotal, and malware captured from user endpoints. They use this data to track and monitor malware campaigns, C2 addresses (IPs or domains), look for modification of code bases, and look for any missteps and leaking of PII. They then distribute this data and update security rules, update known-good and known-bad SHA256 collections, and often work with law enforcements agencies to takedown Threat Groups. This is work that happens everyday, around the clock, 24/7 and these organizations work hard monitoring malware nerds. Our purpose of collecting malware is historical in nature – people can download the malware, reverse the malware, and study the malware. Our malware is often hammy downs (metaphorically speaking) from larger organizations and is rarely cutting edge. It would be difficult to identify a new Threat Group from our malware collection. The advantage of our collection is it is often difficult for people to even get hammy down malware without begging someone (or some organization) OR the malware samples are scattered all over the place. Our collection is in 1 singular location making it easier to get the cool stuff nerds wanna study. Thanks for coming to our Ted Talk.

Families that commit state-sponsored-cyber-espionage stay together ❤️ Father: Tim Vakhaevich Stigal, wanted by the United States Secret Service Son: Amin Timovich Stigal, wanted by the United States Federal Bureau of Investigation

When the Security Team catches a Threat Actor actively trying to compromise a machine

tl;dr exploring executing vbscript and jscript in-memory from a binary in c++. modexp did a c project on it, explored possibilities of it. worked with vbscript, imploded on jscript with hresult 0x80020101 got annoyed heres the vbscript code that works: https://pastebin.com/raw/nSA984Wz

> wake up > check news > yet another ransomware group (brain cipher) > polyfill supply chain attack infecting 100k websites > more ransomware attacks > people mad google is stopping cia / nsa operations > cdk global ransomware drama continues > more malware being malware

When we find the guy who did the documentation for IActiveScript and IActiveScriptParse64 on MSDN

In the past 30 days vx-underground has had 59,000 unique visitors, served 5,590,000 requests, and delivered 408TB of malware. It cost you $0 because we have cool sponsors and cool monthly supporters.

As reference: we expressed extremely skepticism with Lockbit ransomware groups claims. We suspected the affiliate (who probably doesn't know English) saw a document that said "United States Federal Reserve" and thought it was that. https://x.com/vxunderground/status/1805214817625530613