Security Affairs

JULY 14, 2021

. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT 126

IT File names Libraries Communications 126

Security Affairs

MAY 7, 2019

The recent, unattended discovery of such kind of sample within the Info-Sec community led us to a deep dive into this particular malware tool, spearhead of a sophisticated cyber arsenal. The executable sample is a PE32 x86 file named “tester.exe”. Figure 5: “msxfs.dll”, library required by malware to communicate with ATM device.

Libraries 61

Libraries e-Discovery Communications File names 61

Security Affairs

DECEMBER 29, 2019

Two examples can be seen in Figure 1 below. As observed, the output shows us two AWS-hosted addresses that contain two malicious files, namely: hxxps[:]//fucktheworld.s3.us-east-2.amazonaws[.]com/0.zip zip file is a DLL with additional code loaded by PE File P-19-2.dll At the moment, the file 0.zip

Passwords 95

Passwords e-Discovery IT Cleanup 95

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries 119

Libraries Communications Phishing Encryption 119

Security Affairs

MAY 2, 2019

For example the function aa_ping_response_bb would compose an encoded DNS message ( aa_text_response_bb ) which sends it own last IP address. At this stage we might appreciate two communication ways. One of the most important function is the aa_AdrGen_bb which is the communication manager. 10100*9056 **.33333210100A[.]example[.]com.

Computer and Electronics 86

Computer and Electronics Communications Government File names 86

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. The problem: software can be mighty complex, made up of components, development frameworks, operating system features, libraries, and more.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62