Security Affairs

APRIL 2, 2019

of the popular CMS that are affected by a cross-site request forgery (CSRF) flaw that resides in the comment section of WordPress that is enabled by defaul t. According to the experts, the cybercriminals targeted websites running outdated CMS plugins and themes or server-side software. zip) that contain the JavaScript file.

CMS 110

CMS Phishing Ransomware File names 110

Security Affairs

MARCH 1, 2021

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.

Search queries 114

Search queries CMS Ransomware File names 114

Security Affairs

DECEMBER 17, 2019

The name Dacls comes from its file name and the hard-coded strings, the malware has a modular structure that could extend its capabilities by loading plugins. Dacls Bot include command execution, file management, process management, test network access, C2 connection agent, and network scanning.

CMS 82

CMS File names Encryption Access 82

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, Background of the infected machine, after encryption phase.

Ransomware 76

Ransomware Mining File names Encryption 76