Security Affairs

SEPTEMBER 3, 2020

Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider. The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The PyVil RAT stores the malware settings (i.e.

Phishing 142

Phishing Encryption File names Metadata 142

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT 136

IT File names Libraries Communications 136

Security Affairs

MAY 7, 2019

Its initial triage suggests it may be part of an advanced attacker arsenal targeting the Banking sector, possibly related to the same APT group Kaspersky Lab tracked two years ago after the compromise of a Russian bank, where a particular malware tool dubbed ATMi tch has been unveiled. Technical Analysis.

Libraries 65

Libraries e-Discovery Communications File names 65

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. The first port is used to maintain communications between C2 and clients. File name: patent-2019-02-20T093A283A05-1.xls Technical Analysis.

File names 90

File names Phishing Libraries IT 90

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. As the inherent authentication tool for cloud services, SAML is not going away as an attack vector. Tools for Detecting Solorigate Vulnerabilities.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries 122

Libraries Communications Phishing Encryption 122

Security Affairs

MAY 2, 2019

On April 19 2019 researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools , exfiltrated the past week on a Telegram channel, and confirmed that they are indeed the same ones used by the OilRig attackers. At this stage we might appreciate two communication ways.

Computer and Electronics 93

Computer and Electronics Communications Government File names 93