home.social

#arj — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #arj, aggregated by home.social.

  1. Aziz Ansari’s struggling gig worker discovers he has the life of Seth Rogen’s wealthy tech bro in “Good Fortune” script page (exclusive)

    The grass is greener on the other side in Aziz Ansari’s directorial feature debut, Good Fortune, a modern…
    #NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Celebrities #Arj #AzizAnsari #Entertainment #gigeconomy #GoodFortune #guardianangel #KeanuReeves #SethRogen
    newsbeep.com/us/140295/

  2. Aziz Ansari’s struggling gig worker discovers he has the life of Seth Rogen’s wealthy tech bro in “Good Fortune” script page (exclusive)

    The grass is greener on the other side in Aziz Ansari’s directorial feature debut, Good Fortune, a modern…
    #NewsBeep #News #US #USA #UnitedStates #UnitedStatesOfAmerica #Celebrities #Arj #AzizAnsari #Entertainment #gigeconomy #GoodFortune #guardianangel #KeanuReeves #SethRogen
    newsbeep.com/us/140295/

  3. Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
    ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #Guloader

    You can recognize ARJ archives by their Magic: 60 EA
    Extraction can be handled with 7zip for example.
    For more information on the file format check out Ange Albertini's excellent graphic representation: twitter.com/angealbertini/stat

    As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
    To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exe

    IoC for those playing along at home:
    162.0.223[.]13
    kbfvzoboss[.]bid
    alphastand[.]trade
    alphastand[.]win
    alphastand[.]top
    ➡️/alien/fre.php

    PO_Payment for invoice[...].eml.arj
    d0c8824d1e19ca1af0b88a477fa4cad6

    SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
    88bdf4f8fe035276da984c370e4cda2c

    #infosec #cybersecurity #blueteam

  4. Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
    ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #Guloader

    You can recognize ARJ archives by their Magic: 60 EA
    Extraction can be handled with 7zip for example.
    For more information on the file format check out Ange Albertini's excellent graphic representation: twitter.com/angealbertini/stat

    As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
    To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exe

    IoC for those playing along at home:
    162.0.223[.]13
    kbfvzoboss[.]bid
    alphastand[.]trade
    alphastand[.]win
    alphastand[.]top
    ➡️/alien/fre.php

    PO_Payment for invoice[...].eml.arj
    d0c8824d1e19ca1af0b88a477fa4cad6

    SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
    88bdf4f8fe035276da984c370e4cda2c

    #infosec #cybersecurity #blueteam

  5. Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
    ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #Guloader

    You can recognize ARJ archives by their Magic: 60 EA
    Extraction can be handled with 7zip for example.
    For more information on the file format check out Ange Albertini's excellent graphic representation: twitter.com/angealbertini/stat

    As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
    To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exe

    IoC for those playing along at home:
    162.0.223[.]13
    kbfvzoboss[.]bid
    alphastand[.]trade
    alphastand[.]win
    alphastand[.]top
    ➡️/alien/fre.php

    PO_Payment for invoice[...].eml.arj
    d0c8824d1e19ca1af0b88a477fa4cad6

    SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
    88bdf4f8fe035276da984c370e4cda2c

    #infosec #cybersecurity #blueteam

  6. Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
    ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #Guloader

    You can recognize ARJ archives by their Magic: 60 EA
    Extraction can be handled with 7zip for example.
    For more information on the file format check out Ange Albertini's excellent graphic representation: twitter.com/angealbertini/stat

    As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
    To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exe

    IoC for those playing along at home:
    162.0.223[.]13
    kbfvzoboss[.]bid
    alphastand[.]trade
    alphastand[.]win
    alphastand[.]top
    ➡️/alien/fre.php

    PO_Payment for invoice[...].eml.arj
    d0c8824d1e19ca1af0b88a477fa4cad6

    SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
    88bdf4f8fe035276da984c370e4cda2c

    #infosec #cybersecurity #blueteam

  7. This is just a modern #BBS. But thankfully with infinite modems and, being 30 years on, I don't need to download #ARJ and a #DOS #JPEG decoder for #caturday! 😺

    (and I'm no longer reading Dr. Dobbs Journal and BYTE to hear about Unicode and wondering how that'll ever fit in memory and if the 16-bits that Microsoft is bravely choosing for some mysterious Windows #NT toy is really enough anyways) _(narrator: it wasn't enough)_