Today the Israel government dropped flyers over the people of Lebanon.

The Lebanese government warned citizens to not scan the QR codes because they were concerned it could be a way for the Israel government to compromise peoples phones.

I said, "WHAT THE FUCK. FREE MALWARE?" I IMMEDIATELY scanned it. I didn't even hesitate.

All it did was link me to some goofy WhatsApp thingy (I don't have WhatsApp) and it linked me to something called Unit504 on Facebook.

To be fair, it is 100% possible for the Israel government to have a WhatsApp exploit. I tested it from my computer and was disappointed.

> wake up
> take a shit
> get out of bed
> get on beep boop machine
> check the everything app
> more notifications than atoms in universe
> look inside

Big shout out to my baby boy. He'll be one years old any day now.

He has unlocked a new skill.

It's opening the refrigerator and pulling things off the bottom shelf and throwing them all over the kitchen floor

Thank you, unknown person on the internet, for e-mailing from a compromised Argentina military e-mail.

I'm sure the Argentina government loves having to perform an internal incident response to discover it has been used to send some random dude on the internet pictures of cats.

Whenever someone sends me an e-mail from a compromised government e-mail, and I acknowledge it, people get silly and begin sending me e-mails from other compromised government e-mails.

Thank you, random person, for the e-mail from a compromised Brazilian government e-mail.

Yes, I know these are from stealer logs (maybe. I don't know), but sometimes it makes me giggle.

Hello,

It is time again I sync updates to malware city, the website some of you visit, and some of you don't.

Upload notes will come soon.

In the meantime, enjoy this cool clip from the latest Nicki Minaj song

Her latest songs are a little angrier and less pop since she has leaned into being a conservative. Regardless, I think it fits her well. I think it's cool she experiments with different sounds and genres.

Hello,

I pushed the malware stuff to that malware website you sometimes visit.

It is Sunday so please spend it with the most important people in your life (your anime action figures)

https://vx-underground.org/Updates

> check tele
> "smelly i think someone sent me malware"
> "they sent me weird .zip"
> "be careful"
> wtf i love malware
> download file
> look inside
> .txt + alternate data stream file
> ads doesnt work with 7z
> ok lol
> look inside
> 7z x "dox[.]zip" -so > payload.vbs
> winhttp request to github
> github\minecraftstuff\discordemojis.txt
> download discordemojis.txt
> look inside
> heavily obfuscated .bat file
> bonk with stick
> powershell script
> ???
> checks for av stuff
> does steganography
> downloads from ibb.co
> look inside
> quasar rat
> hides in made fonts directory in roaming

most work ive seen put into a malware payload in awhile with 2 stages and stego, usually its FAKE_GAME_INSTALLER.JPEG.EXE

didnt even dawn on me this was CVE-2025-8088

- n-day
- multi-staged payload
- stego usage
- quasar???

wtf lol

I decided to kind of spice things up a bit and pivot to malware defense stuff. I explored different thingies and fell down the rabbit hole of YARA stuff. I didn't want to dive into something like minifilters.

I've got this goofy setup where I can extract YARA rules from Windows Defender because of the research from _t_tani
.

I've got like, 20,000 YARA rules, or something, I don't know. It's a lot. Regardless, I was like, "maybe I should make a shrimple file scanner with all these YARA rules". This is what a basic static analysis engine does in usermode.

I saw a lot of people being like, "JUST YARA.EXE --FILE", and I was like, "that's kind of lame". I started bonking the YARA open source repo looking at different stuff.

I then had to fight YARA open source stuff because libyara64.lib wants to fight you to become libyara64.dll. People on GitHub complained too, but whatever, I figured it out.

My next goal is transform all the YARA rules into YARAC, or whatever it's called. In theory, I could then take a binary, or directory, and then use the YARA analysis engine to compare it to all the Microsoft YARA rules.

I then considered implementing basic parameters, or maybe a goofy ass UI, or something.

I then realized I'm basically making THORLite-Lite.

Basically I'm a noob at this and I'm sharing what I'm doing so you can heckle me and call me a noob and hopefully not a cat

Them: I'm sorry for your loss. I'm sure your family members are looking down from heaven, watching over you, and smiling

Me, a privacy person: They're watching me have sex and poop and stuff?

If heaven operates as a 24/7 surveillance state, this is a serious scandal, privacy violations galore, and possible human rights violation. We need to write to our representatives about this immediately

United States President Donald J. Trump posted this message on social media today.

Personal grievances the Trump administration it asserts it has with other countries and political theatrics aside, the notion that the United States even hints are exiting NATO is a PROFOUND cybersecurity issue.

Yes, NATO deals with traditional military stuff (land, sea, air, space), NATO also deals with things in the digital domain (cyberspace).

NATO (non-United States) has historically shared a great deal of intelligence with each other regarding state-sponsored threats to the United States. Likewise, the United States has shared intelligence on state-sponsored with our NATO allies.

It makes me incredibly nervous that this idea of exiting NATO is floated or threatened. NATO cybersecurity space deals a lot with ICS/SCADA (Industrial Control Systems, which is things like water treatments plants, nuclear energy facilities, telecommunication systems, etc) and anything else which possesses a military threat to the United States and it's citizens.

I am unsure of the impact leaving NATO would have on our cybersecurity intelligence. The idea makes me very nervous. The United States is constantly under siege from foreign adversaries (notably China, Russia, North Korea, Iran).

Additionally, I have great concern that if we left NATO it would damage our relationship with European allies which have been of significant importance apprehending Threat Actors who have done extreme damage to the United States. Part of the FBI's success in apprehending ransomware actors have been our strong relationship with EUROPOL, and European allies apprehending individuals residing outside the United States.

Chat, this unironically makes me very nervous.

I'll tell you one thing right now too, and I say this with 100% confidence. Adversaries of the United States understand this is premium real estate (metaphorically speaking) and this should be acted on immediately.

If the Russian Federation or People's Republic of China can push a narrative it is of the benefit of the United States people to exit NATO, it isolates us from the global stage and (at least cybersecurity wise) is absolutely terrifying (to me, atleast). The Russian Federation and People's Republic of China can easily push slop propaganda on places like TikTok or Instagram to coerce the people into moving into cyber-isolationism.

I'm not educated on geopolitical stuff with war, or economies, but I know a little about computers and stuff.

This would be an absolute strategic failure from the United States to do this.

Threat Actors are probably shadowboxing in their underwear right now at the idea of the United States being alone

> be me
> reading on yara stuff
> reviewing yara
> basically user-mode static analysis engine
> reading, reading, reviewing
> realize ive never written a yara rule before
> thinking...
> realize yara is excluded from AV engines
> no av would flag yara lib or dll
> used everywhere
> thinking ...
> what if...
> make yara rules for identifying security products
> make yara rules for environment identification
> edr and/or av would ignore
> "hehe hes checking if its malicious"
> its free real estate