Whole-known-network
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> oh I just saw this toot! what did you use to de-obfuscate with? the last ones I had to use sucked </p><p>(had some malware cleanup to do for someone a few weeks ago)</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@froztbyte" class="u-url mention">@<span>froztbyte</span></a></span> it's mootools</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <br />Seems bizarre to me, then.<br />I worked on stuff at Cisco that accessed hardware via mmap(), but only because we _didn't_ want to have a kernel driver, due to GPL compliance concerns.</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> lol holy shit that’s *very* malware-esque</p><p>gonna try de-obfuscate & process it to see what’s in there?</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> AHAHAHAHAHAHAHAHAHAFUCK</p>
<p>i deobfuscated the JavaScript and it's ... literally just MooTools, an ancient JavaScript framework. think jQuery or something.</p><p>so yes, literally this: <a href="https://mastodon.social/@easrng@pleroma.envs.net/114334884311562415" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">mastodon.social/@easrng@plerom</span><span class="invisible">a.envs.net/114334884311562415</span></a></p>
<p><span class="h-card" translate="no"><a href="https://pleroma.envs.net/users/easrng" class="u-url mention">@<span>easrng</span></a></span> literally yes</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@brouhaha" class="u-url mention">@<span>brouhaha</span></a></span> they have kernel drivers too</p>
<p><span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> <br />Ah. Couldn't be bothered to create an actual kernel driver, I suppose. Bloody typical.</p>