vx-underground
The largest collection of malware source, samples, and papers on the internet. Discussion: t.me/vxugchat Password: infected https://vx-underground.org/
Більше34 820
Підписники
+3024 години
+3487 днів
+1 57330 днів
Час активного постингу
Триває завантаження даних...
Find out who reads your channel
This graph will show you who besides your subscribers reads your channel and learn about other sources of traffic.
Аналітика публікацій
| Дописи | Перегляди | Поширення | Динаміка переглядів |
01 People are paying thousands of dollars for educational courses on initial access vectors. We'll provide you a step-by-step guide on how to get initial access to companies with a budget of $0. All it requires is some time, effort, and the ability to grep
1. Go to Telegram
2. Get free stealer logs
3. Look for VPN creds
4. Hope no MFA
4.a If MFA, spam requests
4.b If fails, go back to Step 1.
5. Log into VPN
6. Go to Jira / Kanban board
7. Scrape everything when people are sleeping
8. Log out
9. ???
10. Profit!!!11
Congratulations, you're now the most dangerous hacker on the planet
Does this sound absurd? Of course it does. Does it work? Yes, literally every single day. Infostealers are a giant problem. They don't need to target enterprise environments with top-notch security – they only need to target lazy home users, with security settings probably disabled, downloading junk binaries. | 2 097 | 69 | Loading... |
02 Breached after being taken down multiple times from law enforcement agencies | 3 076 | 13 | Loading... |
03 Breached is back, again, again, again, again | 3 440 | 25 | Loading... |
04 A sitcom that follows a group of friends, the up's and down's in the Russian ransomware cyber crime ecosystem, and their ultimate pursuit of love | 3 374 | 55 | Loading... |
05 Happy Birthday to herm1t.
herm1t was the creator and administrator for vxHeaven. vxHeaven was our inspiration — we try to act a successor for.
We hope you have a wonderful day. | 4 843 | 10 | Loading... |
06 Today the Ukrainian National Police arrested a 28 year old man who is suspected to have worked with Conti ransomware group and Lockbit ransomware group. | 5 540 | 75 | Loading... |
07 This week Xitter will make likes private.
They're being made private for privacy, or something. We don't trust it. No social media platform cares about privacy. | 4 948 | 12 | Loading... |
08 Yesterday evening a website was launched title: EpicDB. EpicDB is a hobby project created from a user named "MixV2". The EpicDB website is designed to act similar to SteamDB.
Gaming nerds quickly discovered the EpicDB website began leaking information on games (listed on the site under code names) which are scheduled to arrive on Epic games platform. To the best of our knowledge, no information has been disclosed on how EpicDB gathered these code names.
Confirmed titles:
- Dragon Age: The Veilguard
- Helldivers 2 (never released onto Epic)
- Last of Us Part 2
- Apex Legends
- Battlefield 2042
- Tomb Raider Bundle
- Final Fantasy XVI
- Final Fantasy IX
- Remnant 3
- BioShock 4
- Growtopia
Speculated titles:
- Rise of the Ronin
- Spider-Man Miles Morales
- Streets of Rage
- Crazy Taxi
- Max Payne 1+2 Remake
- Red Dead Redemption
- DOOM: The Dark Ages
- Doom Eternal
- Bloodlines 2
- Europa Universalis V
- Warhammer: Vermintide 3
- Civilization VI
- Civilization IV
- AtomFall
- Among Us 2
There are nearly 100 code names for unreleased content. We aren't going to list them all. Here are some highlights:
- LaserLemon
- GreenSheen
- Debussy
- Project Wiseguy
- Burger
- Puffpastry
- CurlyWurly
- Croquembouche | 4 916 | 42 | Loading... |
09 5 years ago we never would have believed we would corrupt the mind, body, and souls of people by nothing but malware and shit posting.
Here we are. | 5 390 | 59 | Loading... |
10 Denial of Service via Trebuchet
hashtag red team tips | 5 309 | 19 | Loading... |
11 One time we saw a group of people arguing about different ways to perform variable initialization in C vs C++ vs Rust and which language was superior... for 3.5 hours.
All of them had anime profile pictures. | 5 235 | 32 | Loading... |
12 In other news, today Lockbit ransomware group posted that someone is conducting a Denial of Service attack via Friend Request's on Tox.
They've allegedly received 200,000 Friend Requests
Neat | 6 369 | 28 | Loading... |
13 Thank you to our friends at MDSec Labs for the cool and badass stickers and merch. | 5 736 | 6 | Loading... |
14 Yesterday Apple announced they plan on introducing ChatGPT into Siri, iOS, and MacOS
https://arstechnica.com/gadgets/2024/06/apple-integrates-chatgpt-into-siri-ios-and-mac-os/ | 6 140 | 20 | Loading... |
15 I was told to tweet this.
I forgot it was a thing because I've been busy downloading malware and staring into the void (Telegram).
Everyone is cool though. Watch it. If you don't you'll be bonked.
- smelly smellington | 5 998 | 6 | Loading... |
16 Cybersecurity Among Us sponsored by keepitcloaked this Wednesday, 7 PM EST with h313n_0f_t0r repping vx-underground! We will be unable to stream it ourselves that day, so please enjoy by tuning in to your favorite participating streamer. | 6 398 | 49 | Loading... |
17 Updates to vx-underground:
Samples:
VirusSign.2024.06.02
VirusSign.2024.06.03
VirusSign.2024.06.04
VirusSign.2024.06.05
VirusSign.2024.06.06
VirusSign.2024.06.07
VirusSign.2024.06.08
VirusSign.2024.06.09
Papers:
- 2024-05-10 - Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
- 2024-05-14 - Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain
- 2024-05-14 - QakBot attacks with Windows zero-day (CVE-2024-30051)
- 2024-05-15 - Revealing Spammer Infrastructure With Passive DNS - 226 Toll-Themed Domains Targeting Australia
- 2024-05-15 - Black Basta overview and detection rules
- 2024-05-15 - Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
- 2024-05-15 - To the Moon and back(doors)- Lunar landing in diplomatic missions
- 2024-05-16 - Spring Cleaning with LATRODECTUS: A Potential Replacement for ICEDID
- 2024-05-16 - Springtail: New Linux Backdoor Added to Toolkit
- 2024-05-20 - Tiny BackDoor Goes Undetected: Suspected Turla leveraging MSBuild to Evade detection
- 2024-05-21 - Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign | 6 091 | 10 | Loading... |
18 David Fincher's 1999 cult-classic 'Fight Club', based on the novel written by Charles Palahniuk, has a scene which philosophically reminds us of what we witness every single day in the cyber-ecosystem | 6 167 | 29 | Loading... |
19 Meanwhile in the non-cyber security world: graphic design nerds are foaming out the mouth as Adobe slip steams 'your work is now ours' into their agreement checkbox (that you probably don't read)
tl;dr they own whatever you make in their software | 6 330 | 50 | Loading... |
20 The only thing we know for sure is that it's Sunday. We dislike when things happen on Sunday
>:( | 6 319 | 7 | Loading... |
21 ShinyHunters, the group (person?) responsible for administrating Breached has disappeared. Breached is offline on both clearnet and Tor
Additionally, Shiny's Telegram and Telegram Channel have been deleted
People are speculating they've been arrested
¯\_(ツ)_/¯ | 6 994 | 40 | Loading... |
22 We've received a lot of messages today regarding Lockbit ransomware groups Telegram.
We've been in contact with Lockbit ransomware group and several of their affiliates and subgroups since 2019. Lockbit ransomware group does not have a Telegram.
Lockbit is so paranoid he uses his own onion-based file sharing service. He thinks Telegram, Twitter, virtually all social media, is controlled by governments and refuses to use them.
Also, the account some of you send us named FbiSupp is not the real FBI. We have no idea what or who this account is — but the real FBI Telegram accounts are listed on the United States Department of Justice and Justice for Rewards (operated by the United States Department of State) website. These are imposters.
tl;dr being scammed by fake FBI because ??? and scammed by fake Lockbit because ??? | 6 858 | 33 | Loading... |
23 Hello, we hope all of you had a good week and weekend
Today is the day of rest. We'll see you Monday
Also, to clear up some confusion, we are still going to work on vx-underground, the post about 5 years of work was regarding older material
tl;dr got lots of stuff, feels good | 6 652 | 3 | Loading... |
24 After over 5 years of work, we believe vx-underground is now approaching "maintenance mode" — our work will primarily be keeping content up to date.
tl;dr 1,825 days of work | 7 189 | 4 | Loading... |
25 Media files | 7 934 | 55 | Loading... |
26 The aftermath of Internet Degenerates vs. GitHub employees at the Battle of Anime Backgrounds.
Photo taken the 8th of June, 2024. Respect to all the anime photos lost in the battle 🙏 | 8 827 | 34 | Loading... |
27 Leaked footage of Internet Degenerates and GitHub employees at the Battle of Anime Backgrounds (2024, colorized) | 7 914 | 60 | Loading... |
28 The GitHub CSS Injection which was patched a few hours ago has already been bypassed.
Internet nerds are returning with wrath as they resume anime backgrounds and anime banners
We were asked not to show the bypass code to 340,000 people so it's not patched instantly ¯\_(ツ)_/¯ | 7 931 | 61 | Loading... |
29 GitHub CEO Thomas Dohmke realizing if they charged $9.99/month for customizable CSS on GitHub profiles their profit margins would go up %2000 | 7 224 | 45 | Loading... |
30 GitHub has ruined Christmas. The CSS injection has been patched. | 7 022 | 49 | Loading... |
31 GitHub employees chasing down the nerds who turned their website into nothing but anime, IP grabbers, thread hijacks, and goatse spam... on a Friday night 😂😂😂 | 6 643 | 62 | Loading... |
32 Today following the CSS injection discovered by cloud11665, security researcher vmfunc discovered you can also create ReadMe files which force log people out of their GitHub profiles. Oh, and you can make IP grabbers!
GitHub has now become the wild west | 6 959 | 98 | Loading... |
33 Today following the CSS injection discovered by @cloud11665, internet nerds also discovered you can do CSS injection on the issues tab.
The attached link is defanged. Someone did a CSS injection on a raised issue, which resulted in the issue being essentially hijacked. When the link is clicked it quickly flashes in black & white a Discord invitation link.
This could potentially pose an issue to individuals who suffer from epilepsy.
Link if you're curious what it looks like:
hxxps://github.com/tukaani-project/xz/issues/92 | 6 678 | 61 | Loading... |
34 Today cloud11665 discovered a CSS injection vulnerability (or super cool customization feature) on GitHub.
* Reposted for issue correction
* Initially attributed discovery to wrong person
Video shared from yacineMTB | 7 239 | 172 | Loading... |
35 Someone has found an XSS exploit on GitHub – or a super cool new customization method for GitHub profiles 😎
The attached link is not malicious, but it is mildly interesting. Congratulations, JewDev, for the discovery.
https://github.com/jewdev/jewdev | 1 | 0 | Loading... |
36 Today on the Microsoft blog the Vice President of Windows and Devices, Pavan Davuluri, released new information & updates on Microsoft Recall citing that they 'have heard feedback' on Microsoft Recall and have decided to make some changes to how it operates.
- You can now choose whether or not you want Recall active during installation. It is no longer active by default
- "Windows Hello" enrollment is now required to enable Recall. A "proof-of-presence" is required to view and search Recall
- Recall is now implementing additional layers of protection – it is decrypted in-real-time with Windows Hello Enhanced Sign-in Security (ESS). Data is only decrypted when a user authenticates it. Search index is all encrypted.
They've also introduced more management features of administrators of corporate or enterprise environments.
Thanks to CyberCakeX for sharing this with us.
More information: https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/ | 6 927 | 43 | Loading... |
37 Wow! Microsoft Recall reviews!
"⭐️⭐️⭐️⭐️⭐️, it helped our customers get more and faster" - Redline stealer
"⭐️⭐️⭐️⭐️⭐️, helped us optimize our code base. Love it!" - Formbook stealer
"⭐️⭐️⭐️⭐️⭐️, so easy to use! Required no work to get information" - Rhadamanthys stealer | 20 488 | 340 | Loading... |
38 We've updated the vx-underground Malware Analysis paper collection
- 2024-01-24 - Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
- 2024-02-19 - Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)
- 2024-03-26 - Comprehensive Analysis of EMOTET Malware: Part 1
- 2024-04-13 - Analysis of malicious Microsoft office macros
- 2024-04-22 - Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
- 2024-04-29 - How to unpack Death Ransomware
- 2024-05-01 - “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
- 2024-05-08 - APT28 campaign targeting Polish government institutions | 6 605 | 12 | Loading... |
39 Hello, and good morning, evening, or night.
We've updated the vx-underground APT archive for the month of May, 2024. We've also updated some previous months in 2023 and 2022.
We hope all of you have had a good week.
https://vx-underground.org/APTs | 6 517 | 6 | Loading... |
People are paying thousands of dollars for educational courses on initial access vectors. We'll provide you a step-by-step guide on how to get initial access to companies with a budget of $0. All it requires is some time, effort, and the ability to grep
1. Go to Telegram
2. Get free stealer logs
3. Look for VPN creds
4. Hope no MFA
4.a If MFA, spam requests
4.b If fails, go back to Step 1.
5. Log into VPN
6. Go to Jira / Kanban board
7. Scrape everything when people are sleeping
8. Log out
9. ???
10. Profit!!!11
Congratulations, you're now the most dangerous hacker on the planet
Does this sound absurd? Of course it does. Does it work? Yes, literally every single day. Infostealers are a giant problem. They don't need to target enterprise environments with top-notch security – they only need to target lazy home users, with security settings probably disabled, downloading junk binaries.
👍 42❤ 18😁 10🥰 1
Фото недоступнеДивитись в Telegram
Breached after being taken down multiple times from law enforcement agencies
🤣 67❤ 9🔥 2
Фото недоступнеДивитись в Telegram
Breached is back, again, again, again, again
🤣 77👍 10🔥 9😁 4❤ 3🤔 1
00:47
Відео недоступнеДивитись в Telegram
A sitcom that follows a group of friends, the up's and down's in the Russian ransomware cyber crime ecosystem, and their ultimate pursuit of love
aaaaaaaaa.mp46.18 MB
🔥 36🤣 25😁 5👏 3🤓 1
Happy Birthday to herm1t.
herm1t was the creator and administrator for vxHeaven. vxHeaven was our inspiration — we try to act a successor for.
We hope you have a wonderful day.
😎 70❤ 26🎉 19❤🔥 7🔥 5👍 2🤓 1🤝 1
00:50
Відео недоступнеДивитись в Telegram
Today the Ukrainian National Police arrested a 28 year old man who is suspected to have worked with Conti ransomware group and Lockbit ransomware group.
aaa.mp412.54 MB
😢 68👍 23🫡 12❤ 6😁 5🤓 3
This week Xitter will make likes private.
They're being made private for privacy, or something. We don't trust it. No social media platform cares about privacy.
🤓 39💯 21🤣 17👍 6🤯 2
Yesterday evening a website was launched title: EpicDB. EpicDB is a hobby project created from a user named "MixV2". The EpicDB website is designed to act similar to SteamDB.
Gaming nerds quickly discovered the EpicDB website began leaking information on games (listed on the site under code names) which are scheduled to arrive on Epic games platform. To the best of our knowledge, no information has been disclosed on how EpicDB gathered these code names.
Confirmed titles:
- Dragon Age: The Veilguard
- Helldivers 2 (never released onto Epic)
- Last of Us Part 2
- Apex Legends
- Battlefield 2042
- Tomb Raider Bundle
- Final Fantasy XVI
- Final Fantasy IX
- Remnant 3
- BioShock 4
- Growtopia
Speculated titles:
- Rise of the Ronin
- Spider-Man Miles Morales
- Streets of Rage
- Crazy Taxi
- Max Payne 1+2 Remake
- Red Dead Redemption
- DOOM: The Dark Ages
- Doom Eternal
- Bloodlines 2
- Europa Universalis V
- Warhammer: Vermintide 3
- Civilization VI
- Civilization IV
- AtomFall
- Among Us 2
There are nearly 100 code names for unreleased content. We aren't going to list them all. Here are some highlights:
- LaserLemon
- GreenSheen
- Debussy
- Project Wiseguy
- Burger
- Puffpastry
- CurlyWurly
- Croquembouche
🤓 32❤ 6👍 5🤣 3
00:08
Відео недоступнеДивитись в Telegram
5 years ago we never would have believed we would corrupt the mind, body, and souls of people by nothing but malware and shit posting.
Here we are.
aaaaaa.mp47.76 KB
😍 80🤣 49❤ 10👍 3🤓 2🫡 2🤔 1😢 1💯 1
00:15
Відео недоступнеДивитись в Telegram
Denial of Service via Trebuchet
hashtag red team tips
bbbb.mp45.02 MB
❤ 49👍 5❤🔥 2😢 1