GitHub
github.com › vxunderground › MalwareSourceCode
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages. · GitHub
managed by vx-underground | follow us on Twitter | download malware samples at the VXUG/samples page
Starred by 17.9K users
Forked by 2K users
Languages Assembly 91.6% | Limbo 2.2% | C 2.0% | Roff 1.3% | Eiffel 0.3% | Lex 0.3%
Factsheet
Founded May 2019
URL vx-underground.org
Founded May 2019
URL vx-underground.org
Wikipedia
en.wikipedia.org › wiki › Vx-underground
vx-underground - Wikipedia
December 20, 2025 - vx-underground, also known as VXUG, is an educational website about malware and cybersecurity. It claims to have the largest online repository of malware. The site was launched in May, 2019 and has grown to host over 35 million pieces of malware samples.
Vx Underground
vx-underground.org
Vx Underground
The largest collection of malware source code, samples, and papers on the internet.
GitHub
github.com › vxunderground › VX-API
GitHub - vxunderground/VX-API: Collection of various malicious functionality to aid in malware development · GitHub
managed by vx-underground | follow us on Twitter | download malware samples at the VXUG/samples page
Starred by 1.8K users
Forked by 313 users
Languages C++ 82.1% | C 17.9%
X
x.com › vxunderground › status › 1811419930157265378
vx-underground on X: "The vx-underground malware families collection is temporarily available for bulk download. - 222GB (compressed) - 234GB (uncompressed) - 123,915 malware samples - 763 malware families - Password: infected For people who are unhappy with the download speed on https://t.co/F60KAJvXVJ" / X
- 222GB (compressed) - 234GB (uncompressed) - 123,915 malware samples - 763 malware families - Password: infected For people who are unhappy with the download speed on vx-underground: if you use a download manager, like Internet Download Manager ...
Bakerstreetforensics
bakerstreetforensics.com › tag › vx-underground
VX-Underground – Baker Street Forensics
We can utilize a Python script to recursively go through the contents of our malware folder and unzip all the password protected files, while keeping those files in their original directories. You may have noticed in the first screenshot that I have a script called ExtractSamples.py in my APT directory. We will use this for the recursive password protected extractions. ... A flurry of code goes by, and you congratulate yourself on you Python prowess. Now if we look again at our contents, we’ve got the extracted sample and the original zip file.
GitHub
github.com › vxunderground
vxunderground - Overview
The largest collection of malware source code, samples, and papers on the internet. ... Contact GitHub support about this user’s behavior. Learn more about reporting abuse. Report abuse ... Collection of malware source code for a variety of platforms in an array of different programming languages. ... Research code & papers from members of vx-underground...
Qualys
blog.qualys.com › vulnerabilities-threat-research › 2023 › 11 › 23 › unveiling-the-deceptive-dance-phobos-ransomware-masquerading-as-vx-underground
Phobos Ransomware Masquerades as VX-Underground | Qualys
November 23, 2023 - Fig 1. vx-underground · AntiRecuvaAndDB.exe (763b04ef2d0954c7ecf394249665bcd71eeafebc3a66a27b010f558fd59dbdeb) The sample is being distributed with a masqueraded name (AntiRecuvaAndDB.exe) of a legitimate software suite known as Recuva, which is a very popular data recovery software. This file name has been used multiple times in the past by threat actors to distribute malware samples and has recently been seen to be abused by the Phobos ransomware family.
Reddit
reddit.com › r/malware › vx-underground is now selling physical copies of their archive!
r/Malware on Reddit: VX-Underground is now selling Physical Copies of their archive!
November 10, 2023 -
Whats included?
37,745 APT papers and samples
7,147 archived materials (papers, old software, malware builders)
11,460 malware papers
36,000,000+ malware samples (5.06TB)
3,197 malware source code(s) file(s)
$500 (this includes shipping)
Handwritten thank you letter
10TB Seagate external HDD
Worldwide shipping
Delivery times vary (location, queue, ???)
https://www.vx-underwear.org/products/vx-underground-collection-hdd
X
x.com › vxunderground › status › 1828185264881045557
vx-underground on X: "We've updated the vx-underground Malware Ingestion feed. All ingested malware samples from May, June, and July are now present and available for bulk download. *All samples named appropriately via VirusTotal API. May, 2024: - 90.3GB (compressed) - 358,067 malware samples June," / X
May, 2024: - 90.3GB (compressed) - 358,067 malware samples June, 2024: - 118.3GB (compressed) - 354,248 malware samples July, 2024: - 103.4GB (compressed) - 379,219 malware samples August, 2024 (1st - 16th) - 416GB (uncompressed) - 668,422 malware ...
Hugging Face
huggingface.co › VX-U
VX-U (vx-underground)
Welcome to vx-underground, the largest collection of malware source code, samples, and papers on the internet. vx-underground was created in May, 2019 by smelly. vx-underground was founded to act ...
Zeltser
zeltser.com › malware-sample-sources
Free Malware Sample Sources for Researchers
January 24, 2012 - A curated list of free sources where malware researchers can obtain samples for analysis, including MalwareBazaar, Hybrid Analysis, VirusShare, and vx-underground. Most require registration, and researchers should take precautions to avoid infecting themselves.
The Record
therecord.media › how-vx-underground-is-building-a-hackers-dream-library
How vx-underground is building a hacker\'s dream library | The Record from Recorded Future News
May 9, 2023 - But over the last couple of years, ... collection of malware source code, samples, and papers on the internet," with about 35 million samples overall....
X
x.com › vxunderground › status › 1634583543224442881
vx-underground on X: "We've archived the vx-underground APT collection for the year 2022. You can now download every APT sample and paper from the year 2022 in bulk. - 4,848 malware samples - 480 papers - 6.47GB (compressed) Check it out here: https://t.co/r8qKRpQzXs https://t.co/9KrfPeOEZ4" / X
We've archived the vx-underground APT collection for the year 2022. You can now download every APT sample and paper from the year 2022 in bulk. - 4,848 malware samples - 480 papers - 6.47GB (compressed) Check it out here: https://samples.vx-underground.org/samples/Blocks/APT Collection/…
GitHub
github.com › RXHem › vxunderground
GitHub - RXHem/vxunderground: Collection of malware source code for a variety of platforms in an array of different programming languages.
managed by vx-underground | follow us on Twitter | download malware samples at the VXUG/samples page
Author RXHem
SentinelOne
sentinelone.com › lp › vx-s1
Vx-Underground & SentinelOne Malware Research ...
February 13, 2025 - SentinelOne unifies AI-powered endpoint, cloud, identity, and data protection—enhanced by our Security Data Lake for seamless and efficient cybersecurity.
CybersecTools
cybersectools.com › home › security operations › digital forensics and incident response › vx-underground
VX-Underground | CybersecTools
May 24, 2024 - VX-Underground is a comprehensive online repository of malware samples, comprising various collections including ATM Malware, Argus, Bazaar, Families, InTheWild, Twitter IOC, VirusSign, and VirusShare, totaling 8 folders with a vast array of ...
BleepingComputer
bleepingcomputer.com › home › news › security › vx-underground malware collective framed by phobos ransomware
VX-Underground malware collective framed by Phobos ransomware
November 20, 2023 - However, that does not mean it is not a big operation, as it sees wide distribution through many affiliated threat actors and accounts for 4% of all submissions to the ID Ransomware service in 2023. Phobos submissions to ID Ransomware over the past month Source: ID Ransomware · Today, ransomware hunter PCrisk found a new variant of the Phobos ransomware that attempts to frame the VX-Underground community. When encrypting files, the malware will append the .id[[unique_id].[staff@vx-underground.org].VXUG string, with the email being legitimate and the final extension 'VXUG,' standing for VX-Underground.
Stairwell
stairwell.com › resources › quick-n-dirty-detection-research-building-a-labeled-malware-corpus-for-yara-testing
Quick n’ dirty detection: Building a labeled malware corpus for YARA testing — Stairwell
June 10, 2025 - With a quick check to the corpus, we can see a variety of malware families, operations, campaigns that have used API hashing with crc32, and we can pick and choose which ones we examine for more specific bit and byte details. steve@CEO-MBP ~ % yara -r apihashing_crc32.yar /vx-underground.org/APTs Methodology_APIHashing_crc32 /vx-underground.org/APTs/2015/2015.10.15 Fin Fishers/Samples/e2ecf89a49c125e0b4292645a41b5e97c0f7bf15d418faeac0d592205f083119 Methodology_APIHashing_crc32 /vx-underground.org/APTs/2015/2015.10.15 Fin Fishers/Samples/94abf6df38f26530da2864d80e1a0b7cdfce63fd27b142993b89c52b3