zlacker
[parent]
[thread]
2 comments
1. Erlang+(OP)
[view]
[source]
2026-02-04 00:06:54
> Notably, the first scan of this URL on the VirusTotal platform occurred in late September, by a user from Taiwan.
Could this be the attacker? The scan happened before the hack was first exposed on the forum.
replies(1):
>>gruez+I
◧
2. gruez+I
[view]
[source]
2026-02-04 00:10:34
>>Erlang+(OP)
You would be a dumbass to do that, because virustotal allows security researchers to see submitted samples/urls. The last thing you want to do is to draw attention to your C&C server.
replies(1):
>>wyldbe+Cl
◧◩
3. wyldbe+Cl
[view]
[source]
[discussion]
2026-02-04 02:33:35
>>gruez+I
It's not uncommon to use VT and other sandbox tools as a proxy indicator for if your attacks have tripped defenders and tooling.
[go to top]