2015, File names and Mining - Information Management Today

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft.

File names

File names Encryption Mining Security

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

Experts observed an ongoing coin miner campaign that injects a malicious VBScript into ZIP files posing as movie downloads. The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Mining

Mining File names Risk Cybersecurity

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

Security Affairs

JANUARY 4, 2019

This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll. The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. One of the unzipped files named svchost.exe is the Eternalblue – 2.2.0 exploit executable.

Mining

Mining File names Access IT

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

It spreads Shade/ Treshold variants, one of the most dangerous threats in the cyber crime scenario, known since its massive infection into the Russian panorama back in 2015, its expansion has been tracked by several CSIRTs and CERTs all across the world. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Mining File names Encryption

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. and lower) to compromise them and install the malicious code the exploit the CVE-2014-3120 and CVE-2015-1427 vulnerabilities. ” continues the experts.

Search queries

Search queries Honeypots File names Mining

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

. “A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file. Pierluigi Paganini.

File names

File names Mining Access Communications

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! ” states Trend Micro.

Mining

Mining File names Libraries IT

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. In this folder, the first one to be executed is the file “a”. The script looks like the following: Figure 5: Content of the “a” file. The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner.

Mining

Mining File names Honeypots IT

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. You might want to checkout more here.

Ransomware

Ransomware Mining File names Encryption

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Security Affairs

MAY 29, 2019

The payloads used in this campaign were droppers used to deliver a cryptocurrency miner to mine TurtleCoin cryptocurrency. Experts observed many payloads dropping a kernel-mode driver using ransom file names and placed them in AppData/Local/Temp. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

File names

File names Mining Cybersecurity Security

Experts spotted P2P worm spreading Crypto-Miners in the wild

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Code Snippet 1: Copy of the files in a subfolder. tmp” and “64.tmp”,

Archiving

Archiving Mining File names Risk

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

JANUARY 16, 2019

A password manager provides you with a secure vault for all your secrets to be stored in (not just passwords, I store things like credit card and banking info in mine too), and its sole purpose is to focus on keeping them safe and secure. No, I can't send you your password but I can give you a facility to search for it via Pwned Passwords.

Data breaches

Data breaches Passwords Risk Personal data

Gab Has Been Breached

Troy Hunt

MARCH 3, 2021

I wrote about this in 2015 , specifically as it relates to organisations focusing on the security of credit cards which are one of the most easily replaceable and low-impact classes of data to have exposed. In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count.

Passwords

Passwords Data breaches Mining Risk

Information Management Today

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Crooks spread malware via pirated movies during COVID-19 outbreak

Trending Sources

New NRSMiner cryptominer NSA-Linked EternalBlue Exploit

The Long Run of Shade Ransomware

Multiple threat actors are targeting Elasticsearch Clusters

Crooks exploit exposed Docker APIs to build AESDDoS botnet

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Ransomware, Trojan and Miner together against “PIK-Group”

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Experts spotted P2P worm spreading Crypto-Miners in the wild

Prometei, a new modular crypto-mining botnet exploits Windows SMB

The 773 Million Record "Collection #1" Data Breach

Gab Has Been Breached

Stay Connected