This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

Remove CMS Remove File names Related Topics
Mining Military Security Libraries Government Search queries Encryption Ransomware Phishing Information Security More Related Topics >
article thumbnail

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

Security Affairs

FEBRUARY 16, 2024

Threat actors compromised the websites running vulnerable versions of the popular CMS, including 4.4.20, 5.0.21, 5.1.18 The attackers uploaded PHP files containing the C2 code consisting of names such as: rss-old[.]php, killme” : Create a BAT file (see below) with a name based on the current tick count.

CMS 111
CMS File names Passwords Access 111
article thumbnail

GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” ” This second archive contains SFX-archive “Saboteurs filercs.rar,” experts reported that the file name contains the right-to-left override (RTLO) character to mask the real extension.

Archiving 95
Archiving CMS File names Phishing 95
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Crooks use hidden directories of compromised HTTPS sites to deliver malware

Security Affairs

APRIL 2, 2019

of the popular CMS that are affected by a cross-site request forgery (CSRF) flaw that resides in the comment section of WordPress that is enabled by defaul t. According to the experts, the cybercriminals targeted websites running outdated CMS plugins and themes or server-side software. zip) that contain the JavaScript file.

CMS 109
CMS Phishing Ransomware File names 109
article thumbnail

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

MARCH 1, 2021

. “And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.” ” continues the analysis.

Search queries 115
Search queries CMS Ransomware File names 115
article thumbnail

Dacls RAT, the first Lazarus malware that targets Linux devices

Security Affairs

DECEMBER 17, 2019

The name Dacls comes from its file name and the hard-coded strings, the malware has a modular structure that could extend its capabilities by loading plugins. The command and control protocol uses TLS and RC4 double-layer encryption, Dacls uses AES to encrypt configuration file and supports C2 instruction dynamic update.

CMS 78
CMS File names Encryption Access 78
article thumbnail

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

Ransomware 76
Ransomware Mining File names Encryption 76
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 55,000+ Insiders by signing up for our newsletter

About
Webinars
Awards
About
Editions
Webinars
Awards
Editions
Topics
Twitter
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024