Dear Threat Actors,
I typically do not reply on weekends. I am busy doing stuff with my 1 year old son. Please send your e-mails during regular business hours M-F so I have an opportunity to send silly pictures of kitty cats.
Thanks,
-smelly
I typically do not reply on weekends. I am busy doing stuff with my 1 year old son. Please send your e-mails during regular business hours M-F so I have an opportunity to send silly pictures of kitty cats.
Thanks,
-smelly
β€97π₯°20π₯6β€βπ₯2π1
vx-underground
Dear Threat Actors, I typically do not reply on weekends. I am busy doing stuff with my 1 year old son. Please send your e-mails during regular business hours M-F so I have an opportunity to send silly pictures of kitty cats. Thanks, -smelly
Bro is sending me e-mails from a (extremely convincing) Police Department ON A SATURDAY.
Dawg, Saturday I am in SHAMBLES. I am trying to survive with this baby. Do you have any idea how often these things defecate and eat? It's unreal
Dawg, Saturday I am in SHAMBLES. I am trying to survive with this baby. Do you have any idea how often these things defecate and eat? It's unreal
π€£106π11π₯°10π«‘7β€1π₯1
1 year olds are far more exhausting than 6 month olds.
Parents warned me. They were correct.
Bro HAS to put ALL FOOD on his head.
- Beans
- Soup
- Mac and Cheese
- Strawberries
- Blueberries
If he doesn't rub it on his head, or eat it, he throws it on the floor.
I'm tired.
Parents warned me. They were correct.
Bro HAS to put ALL FOOD on his head.
- Beans
- Soup
- Mac and Cheese
- Strawberries
- Blueberries
If he doesn't rub it on his head, or eat it, he throws it on the floor.
I'm tired.
π«‘135π€£55π16β€11π₯5π₯°5π―3π2π1
Hi
I've added another 550,000+ malwares to the malware library. Please download the malware and share it with your friends and family.
https://vx-underground.org/Updates
I've added another 550,000+ malwares to the malware library. Please download the malware and share it with your friends and family.
https://vx-underground.org/Updates
β€82π€£57π₯°20π€7π±5π―3π2π«‘2
This is very good malware.
This is solid-solid-SOLID B+ malware, very close to A- malware.
APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026.
Very cool. I respect it.
The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries.
Despite all of these super cool features, APT37 shoots themselves in the foot immediately.
- EAT walking for Kernel32 functionality (???)
- XOR decryption is a huge red flag
- Allocating with PAGE_EXECUTE_READWRITE (???)
- Hardcoded OAuth token (???)
- Used external dependency for AES (???)
Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN?
It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here.
Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting
This is solid-solid-SOLID B+ malware, very close to A- malware.
APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026.
Very cool. I respect it.
The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries.
Despite all of these super cool features, APT37 shoots themselves in the foot immediately.
- EAT walking for Kernel32 functionality (???)
- XOR decryption is a huge red flag
- Allocating with PAGE_EXECUTE_READWRITE (???)
- Hardcoded OAuth token (???)
- Used external dependency for AES (???)
Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN?
It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here.
Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.
https://www.genians.co.kr/en/blog/threat_intelligence/pretexting
www.genians.co.kr
APT37βs Pretexting-Based Targeted Intrusion: Analysis of Facebook Reconnaissance and Software Tampering Attacks
Pretexting by APT37 was identified. After Facebook contact, they sent an encrypted PDF via messenger and lured targets to install a viewer.
β€49π₯°12π4π4π―1
Over 200 media outlets are blocking Internet Archive.
Media outlets say because AI, or something, but also (and TOTALLY UNRELATED) since they're blocking Internet Archive there is no way to tell if the government or media outlet has deleted or change something.
However, they say this is TOTALLY UNRELATED and they block Internet Archive because AI can train off Internet Archive, or something, I don't know, it's all bullshit.
https://www.wired.com/story/the-internets-most-powerful-archiving-tool-is-in-mortal-peril/
Media outlets say because AI, or something, but also (and TOTALLY UNRELATED) since they're blocking Internet Archive there is no way to tell if the government or media outlet has deleted or change something.
However, they say this is TOTALLY UNRELATED and they block Internet Archive because AI can train off Internet Archive, or something, I don't know, it's all bullshit.
https://www.wired.com/story/the-internets-most-powerful-archiving-tool-is-in-mortal-peril/
WIRED
The Internet's Most Powerful Archiving Tool Is in Peril
As major news outlets cut off the Wayback Machine, journalists and advocacy groups are rallying to protect the Internet Archiveβs vast collection of web pages.
π’94π€12π₯°6β€3π―2π1
vx-underground
Over 200 media outlets are blocking Internet Archive. Media outlets say because AI, or something, but also (and TOTALLY UNRELATED) since they're blocking Internet Archive there is no way to tell if the government or media outlet has deleted or change something.β¦
In fairness, media outlets want to charge you $9.99/month to read their half-AI generated web articles and Internet Archive does sometimes sort of provide a way to evade this.
However, there are tons of other ways to bypass this pay wall. I also do not trust the government. I also am extremely suspicious of media outlets. Sometimes I read what they're saying and I go, "HMMMMMMMM", hence I am extremely biased in this post.
However, there are tons of other ways to bypass this pay wall. I also do not trust the government. I also am extremely suspicious of media outlets. Sometimes I read what they're saying and I go, "HMMMMMMMM", hence I am extremely biased in this post.
π₯°64π18π―7π€5β€3
ShinyHunters leaked the RockStar Games data.
The data isn't anything special. There is no PII or source code. The data is primarily financial metrics.
This may come as a surprise to some of you, but based off of this data, it appears RockStar Games makes a FUCK TON of money
The data isn't anything special. There is no PII or source code. The data is primarily financial metrics.
This may come as a surprise to some of you, but based off of this data, it appears RockStar Games makes a FUCK TON of money
π106π14π9β€3π₯°3π±1π«‘1
vx-underground
ShinyHunters leaked the RockStar Games data. The data isn't anything special. There is no PII or source code. The data is primarily financial metrics. This may come as a surprise to some of you, but based off of this data, it appears RockStar Games makesβ¦
I am absolutely sickened by the amount of money Grand Theft Auto V Online makes
π76β€12π±12π₯°4
BREAKING: New intelligence from the United States Department of War suggest cars go all like VRRROOOOOM, SKRRRT, and PFFFTBLOOOOSH.
Donald Trump is being briefed on the situation now.
Donald Trump is being briefed on the situation now.
β€42π23π₯°8π₯6π€£6π3π€2
vx-underground
It appears I have made a series of mistakes when reviewing some of the financial data from RockStar Games. What does this mean? I've spread misinformation and I will be burned at the stake by gamers. It was nice knowing all of you
Please remember me as man who tried his best and really enjoyed pictures of silly kitty cats.
I'm ready now. I'm at peace. The gamers will now call me a retard and the N-word for an eternity.
I'm ready now. I'm at peace. The gamers will now call me a retard and the N-word for an eternity.
π₯°74π€£26π17π«‘16β€9π7π±2π€1
I was pretty busy today. From what I saw when skimming the internet:
- More AI hot takes
- More laws about age verification
- Arguments about age verification
- Some cool new malware found
- Drama about fake ledger in Apple Store
- PUBG CEO used ChatGPT for business advice
- More malware stuff
- Malware AI slop
- Booking dot com drama, even though it's been poop forever
- More web compromises
- Kraken being extorted
- GitHub stars as a service
- Something about CloudFlare and OpenAI
- Something with malicious FireFox extensions
- Google hires Philosopher for AI
- Vulnerable AV drivers from China
Did I miss anything or am I good?
- More AI hot takes
- More laws about age verification
- Arguments about age verification
- Some cool new malware found
- Drama about fake ledger in Apple Store
- PUBG CEO used ChatGPT for business advice
- More malware stuff
- Malware AI slop
- Booking dot com drama, even though it's been poop forever
- More web compromises
- Kraken being extorted
- GitHub stars as a service
- Something about CloudFlare and OpenAI
- Something with malicious FireFox extensions
- Google hires Philosopher for AI
- Vulnerable AV drivers from China
Did I miss anything or am I good?
π₯°32π«‘8β€5π€3β€βπ₯1π€―1π€1