Как заставить ZIP‑файл показывать разный контент в зависимости от используемого ZIP‑парсера.

#red_team #ZIP

ZIP‑архив содержит в конце спец.запись (EOCD) (начало центрального каталога (offset) и его размер (size)). Разные программы читают ZIP по‑разному: одни используют offset и видят один набор файлов, другие — рассчитывают начало каталога как конец файла (size) и видят другой набор файлов.

- Создаем специальный ZIP с «безопасным» файлом README.txt (прописан через offset, антивирус его и увидит), и вредоносным malware.exe (прописан через size и его увидит только конечный пользователь).
- Файл отправляется по почте или загружается на сайт.
- При скачивании антивирус проверяет ZIP, видит только README.txt и пропускает.
- При запуске распаковщик (встроенный распаковщик в проводнике Windows или WinRAR) использует другой способ чтения ZIP — и показывает только malware.exe.
- Пользователь запускает malware.exe - заражение.

Подробности (https://hackarcana.com/article/yet-another-zip-trick).

Ich habe gerade eine gute Alternative zu #Wetransfer gefunden: Hidrive Share. Mit Hidrive Share kannst du große #Dateien bis 2 Gb teilen, ohne dass du eine #Email Adresse angeben musst. Die kannst die Dateien ohne #Anmeldung hochladen und bekommst dann einen #Link, über den man den #Zip Ordner mit den Dateien herunterladen kann. Der Link wird nach 7 Tagen ungültig. Betreiber ist die deutsche #Strato GmbH. https://share.hidrive.com/upload #hidrive #hidriveshare #sharing

#OpenDocument #Reader.
View #OpenOffice and #LibreOffice #documents on the go. Now available for #Android and #iOS!

In addition to that, OpenDocument Reader aims to support various other file formats as well as possible:
- Portable Document Format (#PDF)
- Archives: #ZIP
- Images: #JPG, #JPEG, #GIF, #PNG, #WEBP, #TIFF, #BMP, #SVG, etc
- Videos: #MP4, #WEBM, etc
- Audio: #MP3, #OGG, etc
- Text files: #CSV, #TXT, #HTML, #RTF
- Microsoft Office (#OOXML): Word (#DOC, #DOCX), Excel (#XLS, #XLSX), PowerPoint (#PPT, #PPTX)
- Apple iWork: Pages, Numbers, Keynote
- Libre Office and Open Office OpenDocument Format: #ODF* (#ODT, #ODS, #ODP, #ODG)
- PostScript (#EPS)
- AutoCAD (#DXF)
- Photoshop (#PSD)

https://opendocument.app/

Konfety Malware Exploits ZIP Manipulation for Stealthy Android Attacks

Pulse ID: 68793ba576aaf5b8e48b61be
Pulse Link: https://otx.alienvault.com/pulse/68793ba576aaf5b8e48b61be
Pulse Author: cryptocti
Created: 2025-07-17 18:06:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#learninglinux one step at a time. Today I needed to #zip up some stuff and had to look up for the details, so here's a link, just in case :]
https://linuxize.com/post/how-to-zip-files-and-directories-in-linux/

Konfety Returns: Classic Mobile Threat with New Evasion Techniques

A sophisticated variant of the Android malware Konfety has been identified, employing advanced evasion techniques. The malware uses dual-app deception, ZIP-level evasion, dynamic code loading, and stealth techniques to conduct ad fraud and redirect users to malicious websites. It tampers with the APK's ZIP structure to bypass security checks and complicate reverse engineering. The malware loads encrypted assets at runtime, concealing critical functionality. It mimics legitimate apps, hides its icon, and uses geofencing to adjust behavior by region. The threat actors behind Konfety are highly adaptable, consistently updating their methods to evade detection and target various ad networks.

Pulse ID: 68775c1f3243d970b75d786c
Pulse Link: https://otx.alienvault.com/pulse/68775c1f3243d970b75d786c
Pulse Author: AlienVault
Created: 2025-07-16 08:00:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

7-Zip 25.00 is out!

Now supports 64+ CPU threads for faster compression ️
bzip2 speeds improved by up to 40%, plus important security fixes

Update now for better performance and safety!

https://www.ghacks.net/2025/07/08/7-zip-25-00-now-supports-more-cpu-threads-and-improves-compression-speeds/

https://www.wacoca.com/2017337/ 平野紫耀くんVTR出演情報 07.15(火) #平野紫耀 #numberi #shohirano #ルイ・ヴィトン#大阪 @Numberi_official #ZIP #HiranoSho #Male #ShoHirano #平野紫耀

Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors

A sophisticated piece of malware was discovered embedded in a WordPress site's core files, specifically in wp-settings.php. The malware uses a ZIP archive to hide malicious code and perform search engine poisoning and unauthorized content injection. It employs dynamic Command and Control server selection, anti-bot mechanisms, and manipulates SEO-related files. The malware's main goals include manipulating search engine rankings, injecting spam content, and performing unauthorized redirects. It uses obfuscation techniques and ZIP archives for code inclusion, making it challenging to detect and remove. Prevention measures include keeping software updated, using reputable sources for themes and plugins, implementing strong credential security, utilizing a Web Application Firewall, and regularly scanning for malware.

Pulse ID: 68750b271ed247073ded7ab1
Pulse Link: https://otx.alienvault.com/pulse/68750b271ed247073ded7ab1
Pulse Author: AlienVault
Created: 2025-07-14 13:50:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#WinRAR 7.12 has been released (#RAR / #ZIP / #ZIPX / #7Zip / #7z / #GZip / #zstd / #Zstandard / #FileArchiver / #DataCompression / #DarkMode) https://rarlab.com/

Analysis of APT-C-55 (Kimsuky) Organization's HappyDoor Backdoor Attack Based on VMP Strong Shell

The APT-C-55 (Kimsuky) group, a North Korean threat actor, has launched a new attack campaign targeting South Korea. They used a disguised Bandizip installation package to deliver malicious code and a VMP-protected HappyDoor trojan for espionage activities. The attack involves remote script loading, multi-stage malware deployment, and information theft. The malware collects sensitive data, including user information, system details, and files from specific directories. It also implements keylogging, screen capture, and mobile device monitoring functionalities. The attack methodology and infrastructure align with Kimsuky's historical patterns, including the use of similar scripts, backdoor families, and domain naming conventions.

Pulse ID: 6870094726b379cd976c869b
Pulse Link: https://otx.alienvault.com/pulse/6870094726b379cd976c869b
Pulse Author: AlienVault
Created: 2025-07-10 18:41:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Neu im Forum:

Zip-Archive in Filelist entpacken?

https://t3forum.net/d/944-zip-archive-in-filelist-entpacken

#t3academyforum #zip-entpacken #typo3-filelist

.zip is officially an association (vereniging) ! Feels very official now. #zip

The latest 7-Zip release speeds up bzip2 by up to 40%, improves ZIP and FAT archive support, and fixes multiple bugs and security vulnerabilities.
https://linuxiac.com/7-zip-25-file-archiver-released-with-performance-gains/

#7Zip 25.00 has been released (#SevenZip / #7z / #LZMA / #LZMA2 / #ZIP / #RAR / #FileArchiver / #DataCompression) https://7-zip.org/

芦田愛菜(21)&岡田将生(35)アフレコ映像 ・山田涼介(32)「僕なんで」モテモテ秘話 | 2025年7月4日 https://www.vivizine.com/881428/ #”フィギュアスケート” #24hLIVE #7MEN侍 #actor #BTS #DayDay #EarthquakeAlertChannelForJapan #HiHiJets #JapaNews24 #Jo1 #King&Prince #NIZIU #nスタ #SixTONES #SnowMan #tokyo #TRAVISJAPAN #ZIP #アフレコ映像 #アベプラ #イット！ #カンテレNEWS #ゴゴスマ #サッカー #ジャンクSPORTS #ダウンタウン #なにわ男子 #バスケットボール #プロ野球 #プロ野球ニュース #ぽかぽか #めざまし8 #めざましテレビ #モテモテ秘話 #乃木坂46 #俳優 #僕なんで #報ステ #報ステ全文 #報ステ特別編 #報道ステーション #大谷翔平 #山田涼介 #岡田将生 #日向坂46 #櫻坂46 #芦田愛菜 #藤井貴彦

DCRAT Impersonating the Colombian Government

A new email attack distributing DCRAT, a Remote Access Trojan, has been uncovered. The threat actor impersonates a Colombian government entity to target organizations in Colombia. The attack employs multiple evasion techniques, including password-protected archives, obfuscation, steganography, base64 encoding, and multiple file drops. DCRAT features a modular architecture, comprehensive surveillance capabilities, information theft functions, system manipulation tools, file and process management, and browser credential harvesting. The attack chain involves a phishing email with a ZIP attachment containing a bat file, which drops an obfuscated vbs file. This file eventually runs a base64-encoded script that downloads and executes the final payload. The RAT employs various persistence mechanisms and anti-analysis techniques. It attempts to bypass Windows Antimalware Scan Interface (AMSI) and continuously tries to connect to its command-and-control server.

Pulse ID: 68654eff7ba38f77505ba8c5
Pulse Link: https://otx.alienvault.com/pulse/68654eff7ba38f77505ba8c5
Pulse Author: AlienVault
Created: 2025-07-02 15:23:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

https://www.gotorola.com/280725/ 中村七之助(42)妻杏奈さんツーショット初公開 | 2025年7月1日 ##報道ステーション ##大谷翔平 #24hLIVE #7MEN侍 #BTS #DayDay. #EarthquakeAlertChannelForJapan #Entertainment #HiHiJets #JapaNews24 #JO1 #King&Prince #ＭＬＢ #NiziU #Nスタ #SixTONES #ＳｎｏｗＭａn #Tokyo #TravisJapan #ZIP! #アベプラ #イット！ #エンタメ #カンテレNEWS #ゴゴスマ #サッカー #ジャンクSPORTS #ダウンタウン #ツーショット #なにわ男子 #バスケットボール #フィギュアスケート #プロ野球 #プロ野球ニュース #ぽかぽか #めざまし8 #めざましテレビ #中村七之助 #中村七之助(42)妻杏奈さんツーショット初公開 #乃木坂46 #初公開 #報ステ #報ステ全文 #報ステ特別編 #妻杏奈さん #日向坂46 #櫻坂46 #競泳 #藤井貴彦

The wonderful people from Libre Office have been kind enough to share with us the Open Document Format a technical guide to the ins and out of the format explained on the level of non-technical users

https://blog.documentfoundation.org/blog/2025/06/28/a-technical-dive-into-odf/