Remove Archiving Remove CMS Remove File names
article thumbnail

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Security Affairs

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” “The archive contains documents and images of the bait, as well as VBScript code (Thumbs.db), which will create and run the.NET program “dhdhk0k34.com.”

article thumbnail

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.