National Archives Records Express

JUNE 12, 2023

S49-07-001 – STS-049 – In cabin view of crewmember at the forward flight deck with laptop terminal National Archives Identifier: 22702275 In this blog post, we will explore the key aspects of metadata requirements and their significance in recordkeeping. All of the posts have been collected under the 36 CFR Section 1236 category.

Metadata 109

Metadata Digital transformation File names Archiving 109

Security Affairs

MARCH 2, 2020

All the spam messages used a ZIP archive as attachment with a filename with a specific format ( ‘LOVE_YOU_######_2020. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. zip’).

Ransomware 117

Ransomware File names Archiving Encryption 117

Security Affairs

MARCH 17, 2024

The researchers noticed that the users must unpack several layers of archives using the password “GIT1HUB1FREE,” which is provided in the README.md file, to access the installer named “Installer_Mega_v0.7.4t.msi.” All unique passwords are stored in a file named “brute.txt”.

Passwords 107

Passwords File names Archiving Cybersecurity 107

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” “The archive contains documents and images of the bait, as well as VBScript code (Thumbs.db), which will create and run the.NET program “dhdhk0k34.com.”

Archiving 91

Archiving CMS File names Phishing 91

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 115

Military Phishing File names Archiving 115

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 80

File names Archiving Passwords Communications 80

Security Affairs

SEPTEMBER 22, 2022

A user-assisted remote attacker can trigger the issue to overwrite arbitrary files via a. dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. sequence to filenames in a TAR archive.” however, in most cases an attacker exploit this issue to gain code execution from the file write. .

Archiving 93

Archiving File names Metadata Security 93

National Archives Records Express

JULY 24, 2023

Digital scanning operations, Preservation Labs, Archives 2: Jerry Thompson. Consideration should be given to file formats, file-naming conventions, and adherence to preservation standards. Proper storage infrastructure, backup systems, and regular data migration are crucial to mitigate the risks to digitized records.

Metadata 97

Metadata Digital preservation Archiving Data migration 97

Security Affairs

AUGUST 23, 2023

This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. “The update.zip file is a zlib compressed archive file. This file is not saved on disk.

File names 76

File names Encryption Archiving Information Security 76

Security Affairs

JUNE 6, 2023

.” Encrypted file contents in Windows Encrypted file contents in Linux The Windows version of the info-stealer can be downloaded from the Cyclops admin panel as part of an archive containing the stealer.exe and config.json. The data is then exfiltrated to the attacker’s server.” ” continues the report.

Ransomware 70

Ransomware Encryption Archiving File names 70

Security Affairs

OCTOBER 22, 2023

.” A Vietnamese group observed by the researchers used very similar lures and delivery methods in different attacks attempting to deliver: DarkGate Ducktail Lobshot Redline stealer The attack chain began with the download of a file named “Salary and new products.8.4.zip” zip” and the execution of the content.

File names 107

File names Archiving IT Access 107

Security Affairs

JULY 8, 2023

At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” The file is an AppleScript that connects to the C2 server and downloads a Bash script-based backdoor called NokNok.

Archiving 92

Archiving Cloud File names Metadata 92

Security Affairs

JULY 14, 2021

The Dropbox link leads to a RAR archive that masquerades as a Word document by setting the “file_subpath” parameter to point to a filename with a.DOCX extension. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files.

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

FEBRUARY 3, 2023

The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk” GammaSteel is a PowerShell script used to conduct reconnaissance and execute additional commands.

File names 87

File names Archiving Phishing Government 87

Security Affairs

JUNE 26, 2021

The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. The sample archive is password protected – but the file names and types are clearly visible. Altus Group has been informed about the new development.

Ransomware 103

Ransomware File names Archiving Encryption 103

Security Affairs

FEBRUARY 13, 2023

The attack chain starts with phishing emails or social media messages distributing a RAR archive. The archive contains two files, Interview questions.txt, and Interview conditions.word.exe. The files pose an interview for a fake cryptocurrency role or job opening. ” continues the report.

Archiving 79

Archiving File names Libraries Phishing 79

Security Affairs

JUNE 8, 2022

.” “The vulnerability lies in the Microsoft Diagnostic Tool’s sdiageng.dll library, which takes the attacker-supplied folder path from the package configuration XML file inside the diagcab archive, and copies all files from that folder to a local temporary folder.”

Security 84

Security File names Libraries Archiving 84

Security Affairs

APRIL 3, 2022

Files in the Borat RAT archive (Cyble). If it can find a connected microphone, the RAT records all audio and saves it in a file named micaudio.wav. The Borat RAT allows its operators to compile the malware binary for performing specific features, including DDoS and ransomware attacks.

Ransomware 116

Ransomware File names Archiving Encryption 116

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon.

Communications 110

Communications File names Archiving Phishing 110

Security Affairs

MAY 26, 2023

The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. The archive contained a malicious.NET executable (Brochure.exe) which is an executable with an Adobe PDF icon.

Communications 87

Communications File names Archiving Phishing 87

Security Affairs

JANUARY 12, 2022

Stolen data are stored in an archive (logs) before being uploaded to a server under the control of the attackers. The new variant discovered by Fortinet has the file name “Omicron Stats.exe,” threat actors are attempting to exploit the enormous interest on a global scale on the COVID-19 Omicron variant.

Manufacturing 130

Manufacturing File names Archiving Encryption 130

Security Affairs

JANUARY 24, 2023

Crimew discovered a file named NoFly.csv which is a legitimate U.S. records (first names, last names, and dates of birth) belonging to people with suspected or known ties to terrorist groups. “three csv files, employee_information.csv, NOFLY.CSV and SELECTEE.CSV. no fly list from 2019 containing over 1.56

Archiving 88

Archiving File names Access Authentication 88

Security Affairs

JUNE 15, 2023

docx,rar,sfx (self-extracting archives),lnk,hta (HTML smuggling files)) using armed conflicts, criminal proceedings, combating crime, and protection of children, as a lure. ” The PowerShell script is used in recent attacks first copy itself onto the infected systems and create a shortcut file using an rtk.lnk extension.

Military 80

Military File names Archiving Phishing 80

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. they also announced a working tool for version 1.5.

Ransomware 102

Ransomware File names Encryption Archiving 102

The Schedule

MARCH 3, 2021

With COVID-19 restricting our ability to collect and preserve physical materials, Duke University Archives has changed its focus to collecting electronic university records of historical value. A case study in creating a Getty retention compliant electronic file naming system for Procurement. Hillary Gatlin, Duke University.

Records Management 40

Records Management Archiving File names Government 40

Security Affairs

MARCH 26, 2021

Experts noticed that each Hades ransomware sample uses a different extension to files that it encrypts and drops a ransom note with file name “HOW-TO-DECRYPT-[extension].txt”. “In addition to data theft, actors deploy Hades ransomware to encrypt files identified on the victim network. ” concludes the report.

Ransomware 139

Ransomware Encryption File names Manufacturing 139

OneHub

DECEMBER 17, 2020

As an example, a marketing department may have a folder string that looks like this: Client Name > Proposals > Draft > Filename. Many top-level folders can benefit from an Archive subfolder. Archive folders make it easy to store outdated business files that may be needed in the future. Tips for file names.

File names 52

File names Archiving Marketing Cloud 52

Security Affairs

MARCH 17, 2020

The script creates a new file named “ pinumber.vbs ” and starts filling it with the instructions through the “echo” function appending the strings to the next vbs stage. An evidence about the presence of the malicious file hosted on the legit website is shown in the following figure: Figure 5: Communication with the DropUrl.

Archiving 124

Archiving Passwords Encryption IT 124

Security Affairs

MAY 10, 2023

exe ” and used the icon image associated with docx files. The executable is a self-contained archive that once executed will extract two files. to embassy kazakh 2022.exe

File names 87

File names Archiving Phishing Government 87

Security Affairs

MARCH 1, 2021

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.

Search queries 114

Search queries CMS Ransomware File names 114

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. DLL, handles the extraction of files compressed in ACE data format. The malicious RAR file (Ariana_Grande-thank_u,_next(2019)_[320].rar)

Archiving 83

Archiving Libraries File names Security 83

Security Affairs

JUNE 25, 2019

The second feature that was exploited to include within ZIP archives symbolic links pointing to arbitrary locations, in this case, automount endpoints. Cavallarin discovered that the software responsible for decompressing the ZIP archives does not perform any check on the symlinks. /net/evil-attacker.com/sharedfolder/).

Archiving 73

Archiving File names Access Security 73

Security Affairs

MAY 29, 2019

Hash 6f1a8ee627ec2ed7e1d818d32a34a163416938eb13a97783a71f9b79843a80a2 Threat Trojan Brief Description SFX (self-extracting archive) (Executable file) Ssdeep 49152:sIWB74MncmEWy4i1LkjoAwG2PI/mfqtftvMKcr+7Ao95 xQW1vB38PELaacVzWTV3:sICtHsJoMAwG. Files contained in “wprgxyeqd79.exe” Information about “ wprgxyeqd79.exe exe” (SFX).

IT 69

IT Retail Archiving File names 69

Security Affairs

SEPTEMBER 3, 2020

The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. When the LNK file is executed, a JavaScript file is called, which acts only as a first-stage dropper (the file name is ddpp.exe).

Phishing 134

Phishing Encryption File names Metadata 134

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Figure 1: Content of the SFX file. tmp” is created combining file “008.tmp”,

Archiving 73

Archiving Mining File names Risk 73

Krebs on Security

MARCH 3, 2020

If we download a copy of that javascript file and view it in a text editor, we can see the following message toward the end of the file: [NAME OF EXTENSION HERE]’s development is supported by advertisements that are added to some of the websites you visit. An archived copy of the content once served at icontent[.]us

Insurance 284

Insurance File names Risk Marketing 284

Security Affairs

AUGUST 5, 2019

The archive in attachment contains two files that pretend to be PDF resumes for the sender, instead, they are actually shortcuts (LNK) that execute a PowerShell command to download an HTA file from the expandingdelegation [. ] top site and execute it on the victim machine. top site and execute it on the victim machine.

Ransomware 71

Ransomware Encryption File names Archiving 71