Analysis, Encryption, File names and Libraries - Information Management Today

Analysis

Encryption

File names

Libraries

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

.” reads the analysis published by Symantec. Spyder Loader loads AES-encrypted blobs to create the wlbsctrl.dll which acts as a next-stage loader that executes the content. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library. ” continues the report.

File names

File names Encryption Manufacturing Libraries

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files.

File names

File names Encryption Libraries IT

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Trending Sources

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

” reads the analysis published by Proofpoint. At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” ” continues the analysis.

Archiving

Archiving Cloud File names Metadata

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

Security Affairs

APRIL 14, 2020

” reads the analysis published by PaloAlto Networks. “The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” continues the analysis. ” continues the analysis. ” continues the analysis.

Ransomware

Ransomware Phishing File names Encryption

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Technical analysis. The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? Content of README.txt file.

Ransomware

Ransomware Mining File names Encryption

JSWorm: The 4th Version of the Infamous Ransomware

Security Affairs

SEPTEMBER 4, 2019

Despite the name could remind to JavaScript language and a possible “worm” logic, the malware does not include either of the two characteristics. Technical Analysis. JSWorm encrypts all the user files appending a new extension to their name. The HTA file corresponds to the ransom window shown in Figure 1.

Ransomware

Ransomware Encryption File names Libraries

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” ” reads the analysis published by Secureworks. The landing page appears to be identical or quite similar to the spoofed library resource. and Switzerland.

Phishing

Phishing Libraries File names Metadata

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

For more details on this finding see the Technical Analysis below. Technical Analysis. File name: patent-2019-02-20T093A283A05-1.xls However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. File name: Binary._D7D112F049BA1A655B5D9A1D0702DEE5

File names

File names Phishing Libraries IT

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. Like other ransomware, the operators allow victims to unlock a file for free. Pierluigi Paganini.

Ransomware

Ransomware Encryption File names Libraries

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Other trojans use this technique as it allows to evade detection and execute the malicious code on the target machines bypassing detection based on static file signatures. Latin American trojans share the same modus operandi and even modules and blocks of code observed during the analysis of several malware samples.

Libraries

Libraries Communications Phishing Encryption

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. The problem: software can be mighty complex, made up of components, development frameworks, operating system features, libraries, and more. Encryption.

Cybersecurity

Cybersecurity Access Authentication Cloud

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Security Affairs

JULY 7, 2020

Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. Our analysis of the phishing email of this new campaign detected at the end of June – July 2020 showed that the template is very similar to the template distributed on May 8th, 2020.

Communications

Communications Cloud Phishing Encryption

China-linked APT41 group targets Hong Kong with Spyder Loader

New KilllSomeOne APT group leverages DLL side-loading

Webinars

Trending Sources

Iran-linked APT TA453 targets Windows and macOS systems

Webinars

Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

The Long Run of Shade Ransomware

JSWorm: The 4th Version of the Infamous Ransomware

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Guarding Against Solorigate TTPs

New release of Lampion trojan spreads in Portugal with some improvements on the VBS downloader

Stay Connected