v x

Invisible Text. Fuck you.

Home Archive Code Windows Papers Linux Papers AV Tech Papers Other Papers Malware Samples APT Collection

vx-underground.org update

January 18th, 2022
APT Paper/Samples added:
2022.01.20/APT41 - MoonBounce: the dark side of UEFI firmware

- We've removed the sample page and replaced it with the directory listing. This makes it easier to manage.
- Zines have been moved to the archive page.

vx-underground.org update

January 15th, 2022
Archive expansion and additions:
Caberp Banking Trojan
Redline Stealer
RCE ARTeam Exploit Development Tutorials
VX Zine Collection
VXUG 2021 Dark Art Collection

vx-underground.org update

January 7th, 2022
APT Paper/Samples added:
BlackCat Ransomware
Echelon Stealer
Video Skimmer

vx-underground.org update

December 26th, 2021
New year, New vx-underground

Hello everyone, we hope you're doing well and have had a nice 2021.

2021 was a year of exponential growth for vx-underground - it went from a relatively unknown website to a website receiving thousands of unique visitors a month and millions upon millions of downloads. We also successfully began pseudo-crowd-funding with monthly donors which has been incredibly helpful to us as well.

This growth has been both a blessing and a curse. Many good things occurred and many bad things happened as well. We are using these experiences as opportunities for us to grow as a team. Hence in 2022 we will be making some changes to the website, social media presence, and public Discord.

First and foremost - we will be dropping anything Threat Intel related. Although it is fun to explore what Threat Actors may be doing, this has brought us unneccessary attention. vx-underground aims to be a library - nothing more and nothing less. Starting 2022 the Threat Intel page will be removed and the "Notes from UG" series will be scrapped. If you're an individual interested in Threat Intelligence we recommend following individuals involved in Threat Intelligence on Twitter.

Second - vx-underground will be returning Malware Blocks in 2022. January 3rd we will re-launch the blocks, which will allow both mass-download and individual sample download. However, unlike our previous entries, samples will not be named using the Kaspersky naming convention. All files with be simple MD5 hashes. We are returning these blocks for individuals interested in mass-download for research or study. Furthermore, all files will be compressed and password protected to comply with our current host.

Third - it has been a privilege and an honor to help educate individuals all across the globe. It also feels nice to give things to people. In 2022 we will attempt to do more giveaways of both clothing merchandise but also educational literature, or anything else which we deem beneficial and malware related. In the beginning of 2022 we will be giving away a bunch of Infosec swag for free. We will be doing the giveaway on Twitter. It will be free for anyone to enter and potentially receive free stuff.

Finally, we would again like to express our gratitude to individuals who aided us this year.

Sincerely, vx-underground Team

vx-underground.org update

December 21st, 2021
Hello. We've made quite a bit of additions today. The entire vx-underground has been busy with the Holiday season B-S. Enjoy!

Samples added:
BlackCat Ransomware
Cerber Ransomware
Moo Bot
RansomEXX Ransomware

vx-underground.org update

December 20th, 2021
Samples added:
Hive Ransomware samples and decryptor
Log4J Malware

vx-underground.org update

December 18th - 19th, 2021

As we continue to add more Log4J malware samples to our malware collection - we have been working in the background to expand our malware sample library. Unfortunately, we are working to re-index our samples and we are sitting at approx. 4,200,000 samples. Organized families will be published December, 20th 2021

Recent Log4J samples added:
Log4J Malware

vx-underground.org update

December 17th, 2021
Samples added:
Log4J Malware
BlackCat Ransomware
Yanluowang Ransomware

vx-underground.org update

December 14th, 2021
*December 12th - December 14th have been aggregations of LOG4J-focused malware
Samples added:
Malware Abusing Log4J Exploit

vx-underground.org update

December 12th, 2021
Papers added:
Methods To Achieve Persistence In Linux Systems by flaviu
Systemd user level persistence by Alexey Petrenko

vx-underground.org update

December 8th, 2021
Papers added:
ZipExec - Using COM to execute password protected ZIP files by Tyl0us
XLLPOC - Code execution via Excel by Moo Hax

vx-underground.org update

December 7th, 2021
APTs added:
2021.12.02/SideCopy APT
2021.11.07/IronTiger APT Campaign

Samples added:

vx-underground.org update

December 2nd, 2021
Linux papers added:
The Tangled Genealogy of IoT Malware by Emanuele Cozzi, Pierre-Antoine Vervier, Matteo Dell’Amico, Yun Shen, Leyla Bilge, Davide Balzarotti
Understanding Fileless Attacks on Linux-based IoT Devices with HoneyCloud by Fan Dang, Zhenhua Li, Yunhao Liu, Ennan Zhai, Qi Alfred Chen, Tianyin Xu, Yan Chen, Jingyu Yang
Kernel Data Attack is a Realistic Security Threat by Jidong Xiao, Hai Huang, Haining Wang

Windows papers added:
Anatomy Of Native IIS Malware by ESET
Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations by Bill Demirkapi

vx-underground.org update

November 29th, 2021
New malware samples added:
APT Tardigrade
Cronrat samples
RatDispenser samples
Android.Cynos samples
Babadeda Crypter samples

vx-underground.org update

November 27th, 2021
General Updates:
Notes from UG tab has been renamed to Threat Intel. This is best describes this category and material that will be present
Darkweb site table added

Malware Defense Updates:
When Malware Changed Its Mind: An Empirical Study of Variable Program Behaviors in the Real World
Analysis Of Anti-virus Software Quarantine Files

Threat Intelligence Updates:
Bassterlord Networking Manual

vx-underground.org update

November 26th, 2021

Hello and welcome to vx-underground.org 2.0. Our site has made a large aesthetic update. Historically our website utilized ASCII art and other more hackerish aesthetics. Although this is nice - it proved to be increasingly difficult to add, remove, or organize content.

The new aesthetic we're using is also fairly generic. It is nothing special. It does not contain large amounts of images, CSS, or javascript. It is still HTML and basic CSS. We hope the website can be easily navigable and easy on the eyes.

Special thanks to our donors, twitter supporters, and everyone else who has continued to support us as we traverse these volatile waters

The vx-underground team


sponsor Tutorial from zetalytics.com

Want to sponsor vx-underground?

Your information could go here