Lukas<p>Hab heute spannenderweise einen <a href="https://chaos.social/tags/Virus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Virus</span></a> in einer <a href="https://chaos.social/tags/Mail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mail</span></a> bekommen, der im ACE-Format gepackt wurde.</p><p>Wer kann denn heutzutage noch ACE entpacken? Hat man drauf spekuliert, dass der bei den Virenscannern vorbei rutscht, weil sie das Archiv nicht öffnen können?</p><p>Ich verschicke demnächst meine Dateien im <a href="https://chaos.social/tags/ARJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARJ</span></a>-Format, mal sehen, wie viele Virenscanner das noch können.</p><p><a href="https://chaos.social/tags/Snakeoil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snakeoil</span></a></p>
mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit
Administered by:
Server stats:
335Kactive users
mastodon.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-04-15
#arj
0 posts · 0 participants · 0 posts today
El Club De Los Físicos Muertos<p><a href="https://mastodon.social/tags/ARJ" class="mention hashtag" rel="tag">#<span>ARJ</span></a> was a utility program for <a href="https://mastodon.social/tags/MSDOS" class="mention hashtag" rel="tag">#<span>MSDOS</span></a> that enjoyed great popularity in the early 90s when there was no <a href="https://mastodon.social/tags/Internet" class="mention hashtag" rel="tag">#<span>Internet</span></a> and files were distributed to users vía Bulletin Board Systems<br />BBS were accessed by computers with modems and direct phone calls<br />ARJ allowed many files to be packaged and the size reduced.</p>
Tonton Fred<p>ARJ, l'archiveur vedette des années 1990.</p><p><a href="https://peertube.pcservice46.fr/videos/watch/56e1c029-1042-488e-839c-e34b19de3294" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">peertube.pcservice46.fr/videos</span><span class="invisible">/watch/56e1c029-1042-488e-839c-e34b19de3294</span></a></p>
SECUINFRA Falcon Team<p>Today in our section on "uncoventional <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> delivery": <a href="https://infosec.exchange/tags/ARJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARJ</span></a> archives! 📦<br>ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. <a href="https://infosec.exchange/tags/AgentTesla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AgentTesla</span></a>, <a href="https://infosec.exchange/tags/Formbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Formbook</span></a> or <a href="https://infosec.exchange/tags/Guloader" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Guloader</span></a> </p><p>You can recognize ARJ archives by their Magic: 60 EA<br>Extraction can be handled with 7zip for example. <br>For more information on the file format check out Ange Albertini's excellent graphic representation: <a href="https://twitter.com/angealbertini/status/1619006171360395264" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/angealbertini/stat</span><span class="invisible">us/1619006171360395264</span></a></p><p>As an example we dug up a <a href="https://infosec.exchange/tags/Lokibot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lokibot</span></a> sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE<br>To fool the victims into opening the next file they used the common <a href="https://infosec.exchange/tags/doubleExtension" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>doubleExtension</span></a> tick, e.g. .pdf.exe</p><p>IoC for those playing along at home:<br>162.0.223[.]13<br>kbfvzoboss[.]bid<br>alphastand[.]trade<br>alphastand[.]win<br>alphastand[.]top<br>➡️/alien/fre.php</p><p>PO_Payment for invoice[...].eml.arj<br>d0c8824d1e19ca1af0b88a477fa4cad6</p><p>SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe<br>88bdf4f8fe035276da984c370e4cda2c</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a></p>
Gregory P. Smith (he/him) :python: 🚲🦝 :donor:<p>This is just a modern <a href="https://infosec.exchange/tags/BBS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BBS</span></a>. But thankfully with infinite modems and, being 30 years on, I don't need to download <a href="https://infosec.exchange/tags/ARJ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ARJ</span></a> and a <a href="https://infosec.exchange/tags/DOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DOS</span></a> <a href="https://infosec.exchange/tags/JPEG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JPEG</span></a> decoder for <a href="https://infosec.exchange/tags/caturday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>caturday</span></a>! 😺</p><p>(and I'm no longer reading Dr. Dobbs Journal and BYTE to hear about Unicode and wondering how that'll ever fit in memory and if the 16-bits that Microsoft is bravely choosing for some mysterious Windows <a href="https://infosec.exchange/tags/NT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NT</span></a> toy is really enough anyways) _(narrator: it wasn't enough)_</p>
ITSEC News<p>Custom dropper hide and seek - Executive summaryMost users assume they are safe when surfing the web on a daily basis. But informat... more: <a href="http://feedproxy.google.com/~r/feedburner/Talos/~3/PUK1ri82T6Q/custom-dropper-hide-and-seek.html" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="ellipsis">feedproxy.google.com/~r/feedbu</span><span class="invisible">rner/Talos/~3/PUK1ri82T6Q/custom-dropper-hide-and-seek.html</span></a> <a href="https://schleuss.online/tags/malwareanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malwareanalysis</span></a> <a href="https://schleuss.online/tags/agenttesla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agenttesla</span></a> <a href="https://schleuss.online/tags/dropper" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dropper</span></a> <a href="https://schleuss.online/tags/lokibot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lokibot</span></a> <a href="https://schleuss.online/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://schleuss.online/tags/autoit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>autoit</span></a> <a href="https://schleuss.online/tags/arj" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arj</span></a> <a href="https://schleuss.online/tags/rc4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rc4</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload