vx-underground
>get dm >smelly there is MALWARE for FREE on REDDIT >mac subreddit >ad for some goop >look inside >VIBE CODED MALSLOP YOU LEFT NOTES IN YOUR BASE64 ENCODED STAGER, WHAT THE FUCK IS ACTUALLY WRONG WITH YOU
the stager gives you a apple applescript thingy. its not obfuscated. its just the raw src code.
i uploaded to vt, but here is the goopus (free malware source code)
https://gist.github.com/vxunderground/a211579dc084f2e430d7f0dda424bf14
i uploaded to vt, but here is the goopus (free malware source code)
https://gist.github.com/vxunderground/a211579dc084f2e430d7f0dda424bf14
Gist
goopus_4_free
goopus_4_free. GitHub Gist: instantly share code, notes, and snippets.
π₯°30β€3π€£3π2π’1
tl;dr
really effective malware multi-staged, multiple programming languages, use as many dependencies as possible. AI making this easier to do. AVs struggling
Historically, in regards to malware development, the end goal was minimalism. It was in your best interest to strip as many dependencies, shred the file size down, and make it position independent.
I think, as of ... now ... we need to take a different approach.
I think instead of stripping binaries, we (Red Team, Threat Emulation, malware developers) should intentionally introduce dependencies.
I have witnesses two unique things in the malware landscape since the AI boom.
1. Increase in malware slop. I continue to see stagers which contain notes in them. This is not intentional and this does not "trick" the analyst. This is a colossal mistake on the malware developers part. However, despite it being slop, AI has made malware more diverse. I am seeing more and more malware in Lua, Node JS (including SEA and nexe), Java, and Python. I am seeing more and more malware doing inter-process communication across multiple programming languages. Of course all of these have existed prior to AI, but I am seeing an explosion in these languages. This also has resulted in malware researchers creating new tools to combat this malware diversity.
2. Anti-malware services struggling. When I encounter a binary that is a Node JS SEA blob (Electron JS .exe, self-contained using SEA), which extracts a .JS payload, which uses obfuscated Java or heavily obfuscated Lua, all of these languages require a VM (PVM, LVM, JVM, whatever) for interpretation. Thus, with heavy obfuscation and multistaging, static analysis fails and the heavy abstraction makes it difficult for traditional hooking or minifilters to be effective, in essence there is too much noise. Many of these payloads with heavy dependencies easily avoid static analysis and even some emulation systems because they fail to account for the necessary dependencies which are required to emulate it correctly.
pic maybe related idk
really effective malware multi-staged, multiple programming languages, use as many dependencies as possible. AI making this easier to do. AVs struggling
Historically, in regards to malware development, the end goal was minimalism. It was in your best interest to strip as many dependencies, shred the file size down, and make it position independent.
I think, as of ... now ... we need to take a different approach.
I think instead of stripping binaries, we (Red Team, Threat Emulation, malware developers) should intentionally introduce dependencies.
I have witnesses two unique things in the malware landscape since the AI boom.
1. Increase in malware slop. I continue to see stagers which contain notes in them. This is not intentional and this does not "trick" the analyst. This is a colossal mistake on the malware developers part. However, despite it being slop, AI has made malware more diverse. I am seeing more and more malware in Lua, Node JS (including SEA and nexe), Java, and Python. I am seeing more and more malware doing inter-process communication across multiple programming languages. Of course all of these have existed prior to AI, but I am seeing an explosion in these languages. This also has resulted in malware researchers creating new tools to combat this malware diversity.
2. Anti-malware services struggling. When I encounter a binary that is a Node JS SEA blob (Electron JS .exe, self-contained using SEA), which extracts a .JS payload, which uses obfuscated Java or heavily obfuscated Lua, all of these languages require a VM (PVM, LVM, JVM, whatever) for interpretation. Thus, with heavy obfuscation and multistaging, static analysis fails and the heavy abstraction makes it difficult for traditional hooking or minifilters to be effective, in essence there is too much noise. Many of these payloads with heavy dependencies easily avoid static analysis and even some emulation systems because they fail to account for the necessary dependencies which are required to emulate it correctly.
pic maybe related idk
β€83π4π4β€βπ₯3π₯°2π€2π€―2π’1π1
Goodnight tiny people living inside my phone
π₯°152β€36π«‘9π6π€£4π₯3β€βπ₯2
vx-underground
Chat, I don't want to sound like a hater, but I think this meteorologist is using AI. Something about the image seems incorrect.
Please forgive me, European colleagues and friends, how hot is -120c? Should we be concerned?
π€£92π6π6β€5π₯2π₯°1π1π―1
vx-underground
Chat, I don't want to sound like a hater, but I think this meteorologist is using AI. Something about the image seems incorrect.
HOLY SHIT
If you leave in the Eastern part of the United States, call into work today because it's NUCLEAR WINTER.
Fuck a sweater, buy a lead vest IMMEDIATELY. It's -184f IN JULY
If you leave in the Eastern part of the United States, call into work today because it's NUCLEAR WINTER.
Fuck a sweater, buy a lead vest IMMEDIATELY. It's -184f IN JULY
π€£100β€18π6π₯°4π’2π€―1
I keep seeing large tech companies discussing the dangers of AI and AI models. They think regular people should not be able to possess AI or AI models, or be able to run them on home computers. In essence, they're too dangerous for a regular person to possess.
It is for our safety that Google, Meta, OpenAI, Anthropic, Palantir, X, etc have AI models but we don't. They are protecting us by paying them $19.99/month. If we don't let them control the AI stuff then someone could do bad things with it.
They care about protecting the people. They are definitely not doing it to make more money and collect more data from consumers. Large tech companies would not use their money to influence politicians and government to make more money and fearmonger
It is for our safety that Google, Meta, OpenAI, Anthropic, Palantir, X, etc have AI models but we don't. They are protecting us by paying them $19.99/month. If we don't let them control the AI stuff then someone could do bad things with it.
They care about protecting the people. They are definitely not doing it to make more money and collect more data from consumers. Large tech companies would not use their money to influence politicians and government to make more money and fearmonger
π€£121β€16π₯°15π12π±3π―2π’1
Dear Telegram people, I need your assistance. I'm confused.
Today the Department of Justice announced the extradition of a Threat Actor named Peter Stokes a/k/a Bouquet. He is alleged to be a co-conspirator to Scattered Spider. He is being extradited from Finland to the United States. He is facing a litany of charges (like, 20 years in prison or more).
However, I had thought (based off of the photo released), this person had been arrested before? Am I crazy? Does anyone on Telegram recognize this name or moniker? The FBI is parading this arrest, but I swear I've seen this before.
Today the Department of Justice announced the extradition of a Threat Actor named Peter Stokes a/k/a Bouquet. He is alleged to be a co-conspirator to Scattered Spider. He is being extradited from Finland to the United States. He is facing a litany of charges (like, 20 years in prison or more).
However, I had thought (based off of the photo released), this person had been arrested before? Am I crazy? Does anyone on Telegram recognize this name or moniker? The FBI is parading this arrest, but I swear I've seen this before.
π€44β€5π₯°3π’1
vx-underground
Dear Telegram people, I need your assistance. I'm confused. Today the Department of Justice announced the extradition of a Threat Actor named Peter Stokes a/k/a Bouquet. He is alleged to be a co-conspirator to Scattered Spider. He is being extradited fromβ¦
This is the photo that is all over social media and distributed from the government (or something, I can't recall the details, but it's the photo being used).
π€£56π₯°6π4β€2π₯2π€1π’1
There is dangerously high levels of "hacker" larp on TikTok. As a healthcare professional, I heavily advise against using TikTok
β€71π€£31π₯°8π6π5π€3π€1π1
vx-underground
There is dangerously high levels of "hacker" larp on TikTok. As a healthcare professional, I heavily advise against using TikTok
I lied, I'm not a healthcare professional. But still, the larp is crazy
β€48π€£26π€―6π«‘3π2π₯°2π’2
Oh yeah? You're a "hacker"?
Prove it. Hack the electrical grid and give yourself infinite electricity, then use your infinite electricity to hack Bitcoin and give yourself unlimited Bitcoins
Then hack the airport and give yourself 999999 airplanes and fly around the world
Prove it. Hack the electrical grid and give yourself infinite electricity, then use your infinite electricity to hack Bitcoin and give yourself unlimited Bitcoins
Then hack the airport and give yourself 999999 airplanes and fly around the world
β€75π€£61π₯11π₯°5π€4π1π1π1π1π1