Security Affairs

OCTOBER 18, 2022

Winnti (aka APT41 , Axiom, Barium , Blackfly) is a cyberespionage group that has been active since at least 2007. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names 120

File names Encryption Manufacturing Libraries 120

Security Affairs

JULY 20, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” government.

File names 97

File names Libraries Cybersecurity IT 97

Security Affairs

MAY 9, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries 96

Libraries Communications Encryption Authentication 96

Security Affairs

MARCH 2, 2019

In this file, the Workbook stream is interesting as it contains all the information related to that workbook such as the included sheets. The structure of this stream is fully specified in Microsoft Office Excel 97-2007 – Binary File Format Specification. dll library). dll this case). Now, the second stage is completed.

File names 98

File names Phishing Libraries IT 98

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. About the author: Pedro Tavares.

Encryption 111

Encryption Libraries Ransomware IT 111

Security Affairs

MARCH 19, 2020

It hijacks method on an old office 2007 component (Office Data Provider for – MSOSTYLE.exe). The executable DLL must be in the same path of Wordcnvpxy.exe and it needs to have such a filename (imposed by Stage 2 and hardcoded into the library). A brand new script targeting old version of MSOffice. Stage 4 is decoded and run by Stage 3.

Computer and Electronics 119

Computer and Electronics IT Encryption Security 119

IBM Big Data Hub

NOVEMBER 6, 2023

2007: Zeus virus First identified in 2007, Zeus infected personal computers via phishing and drive-by-downloads and demonstrated the dangerous potential of a trojan-style virus that can deliver many different types of malicious software. Despite its impact, the cybercriminals behind Mydoom have never been caught or even identified.

Ransomware 108

Ransomware Phishing Encryption IoT 108