Archiving, File names and Phishing - Information Management Today

Archiving

File names

Phishing

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA spotted a spear-phishing campaign conducted by Russia-linked Armageddon APT targeting local state organizations. The phishing messages have been sent from “vadim_melnik88@i[.]ua,” The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment.

Military

Military Phishing File names Archiving

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Security Affairs

MARCH 28, 2022

Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.”

Archiving

Archiving CMS File names Phishing

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Trending Sources

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Security Affairs

FEBRUARY 3, 2023

The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk” GammaSteel is a PowerShell script used to conduct reconnaissance and execute additional commands.

File names

File names Archiving Phishing Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

Kaspersky experts identified two infection vectors used by LuminousMoth, one leverages spear-phishing messages containing a Dropbox download link, the second one used once gained access to the target network, leverages on removable USB drives. ” reads the analysis published by Kaspersky.

Archiving

Archiving File names Government Libraries

Iran-linked APT TA453 targets Windows and macOS systems

Security Affairs

JULY 8, 2023

The spear-phishing message appears as a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.”

Archiving

Archiving Cloud File names Metadata

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

The attack chain starts with phishing emails or social media messages distributing a RAR archive. The archive contains two files, Interview questions.txt, and Interview conditions.word.exe. The files pose an interview for a fake cryptocurrency role or job opening. ” continues the report.

Archiving

Archiving File names Libraries Phishing

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. The archive contained a malicious.NET executable (Brochure.exe) which is an executable with an Adobe PDF icon.

Communications

Communications File names Archiving Phishing

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx docx,rar,sfx (self-extracting archives),lnk,hta (HTML smuggling files)) using armed conflicts, criminal proceedings, combating crime, and protection of children, as a lure.

Military

Military File names Archiving Phishing

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon.

Communications

Communications File names Archiving Phishing

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

.” The threat actors sent spear-phishing messages with diplomat-themed lure documents. The attackers used executable files posing as Microsoft Word document. The experts noticed that the attachment was simply named “ ! exe ” and used the icon image associated with docx files. to embassy kazakh 2022.exe

File names

File names Archiving Phishing Government

Evilnum APT used Python-based RAT PyVil in recent attacks

Security Affairs

SEPTEMBER 3, 2020

Attackers carried out spear-phishing emails using the Know Your Customer regulations (KYC) as a lure. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. The PyVil RAT was recently employed in attacks against FinTech companies across the U.K.

Phishing

Phishing Encryption File names Metadata

TA505 is expanding its operations

Security Affairs

MAY 29, 2019

Hash 0c88e285b6fc183c96b6f03ca5700cc9ca7c83dfccc6ad14a946d1868d1cc273 Threat Dropper Brief Description Excel file with malicious macro Ssdeep 3072:Mc38TehYTdeHVhjqabWHLtyeGxml8/dgzxXYhh3vVYwrq 8/P5HKuPF1+bkm13Kkf:B38TehYTdeHVhjqabWHLty/xml8/dgNr. The intercepted attack starts with a spear-phishing email embedding a spreadsheet.

IT Retail Archiving File names

GermanWiper, a data-wiping malware that is targeting Germany

Security Affairs

AUGUST 5, 2019

Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume.

Ransomware

Ransomware Encryption File names Archiving

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

JULY 8, 2019

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. In the last period, we observed an increase of the malware spreading using less-known archive types as an initial dropper, in particular, ISO image. Phishing email content.

File names

File names Encryption Archiving Phishing

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 File name: patent-2019-02-20T093A283A05-1.xls Figure 1: Malicious xls file with an embedded XLM macro not detected by Virus Total. File name : 68131_46_20190219.doc

File names

File names Phishing Libraries IT

Specially Crafted ZIP archives allow bypassing secure email gateways

Security Affairs

NOVEMBER 7, 2019

Experts observed a new phishing campaign that used a specially crafted ZIP archive that was designed to bypass secure email gateways to distribute malware. Attackers have devised a new technique to distribute malware bypassing secure email gateways and other security solutions by using a specially crafted ZIP file.

Archiving

Archiving Security File names Phishing

Introducing the PhishingKitTracker

Security Affairs

JULY 17, 2020

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. Disclaimer.

Phishing

Phishing File names Archiving IT

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Security Affairs

DECEMBER 15, 2021

A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named “Special discount program.zip”, suggesting that it arrived in a spear-phishing email.” The malicious archive was likely spread through spear-phishing messages.

File names

File names Passwords Phishing Archiving

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon

Webinars

Trending Sources

Russia-linked Gamaredon APT targets Ukrainian authorities with new malware

Webinars

China-linked LuminousMoth APT targets entities from Southeast Asia

Iran-linked APT TA453 targets Windows and macOS systems

Enigma info-stealing malware targets the cryptocurrency industry

New PowerExchange Backdoor linked to an Iranian APT group

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

DownEx cyberespionage operation targets Central Asia

Evilnum APT used Python-based RAT PyVil in recent attacks

TA505 is expanding its operations

GermanWiper, a data-wiping malware that is targeting Germany

Spotting RATs: Delphi wrapper makes the analysis harder

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Specially Crafted ZIP archives allow bypassing secure email gateways

Introducing the PhishingKitTracker

Iran-linked Seedworm APT targets Telecoms organizations across the Middle East and Asia

Stay Connected