Security Affairs

MAY 23, 2023

“The fake Skype installer was a.NET executable file named skype32.exe This tool was used in 2020.” JackalSteal is an implant, used in limited attacks, that allows to look for files of interest on the target’s machine and exfiltrate them. exe that was approximately 400 MB in size. ” Kaspersky concludes.

File names 92

File names Government Communications IT 92

Security Affairs

SEPTEMBER 3, 2020

Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden Chickens malware-as-a-service (MaaS) provider. The malware communicates with the C2 communications via POST HTTP requests and uses RC4 encryption with a hardcoded key encoded with Base64.

Phishing 143

Phishing Encryption File names Metadata 143

eSecurity Planet

JULY 1, 2022

The goal is to pivot from the router to workstations in the targeted network, where other RATs will be deployed to establish persistent and undetected communication channels (C2 servers). Read next: Best Wi-Fi Security & Performance Testing Tools. It’s always the same process: attackers look for easy prey to gain initial access.

File names 116

File names Access Communications Security 116

Security Affairs

NOVEMBER 17, 2020

“The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PCShare RAT and FunnyDream backdoor binaries, with forensic artefacts pointing towards a sophisticated Chineseactor.” ” reads the report published by BitDefender. ” continues the report.

Government 110

Government File names Communications Access 110

Security Affairs

MARCH 18, 2022

Upon executing the core component, the malware first checks if its executable file name starts with “[k” If it does not, it performs the following routine: It redirects both stdout and stderr file descriptors to /dev/null. It sets the default handlers for SIGTERM, SIGINT, SIGBUS, SIGPIPE, and SIGIO signals.

IoT 99

IoT Military File names Communications 99

Security Affairs

MAY 13, 2023

The CheckMate ransomware operators have been targeting the Server Message Block (SMB) communication protocol used for file sharing to compromise their victims’ networks. Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README”

Ransomware 97

Ransomware Encryption Passwords File names 97

Security Affairs

MARCH 1, 2019

Experts analyzed tools and intrusion methods used by the China-linked cyber-espionage group Emissary Panda in attacks over the past 2 years. Experts at Secureworks reports who investigated the incident, now reveal that the same threat actor used an array of tools and intrusion methods in attacks over the past 2 years. Windows NT 6.3;

IT 81

IT File names Financial Services Communications 81

Security Affairs

JUNE 15, 2019

Hackers are attempting to exploit an API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community to infiltrate containers and run the Linux bot AESDDoS (Backdoor.Linux.DOFLOO.AA). “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file.

File names 101

File names Mining Access Communications 101

Security Affairs

MAY 19, 2021

” reads an update published by the Irish Department of the Environment, Climate and Communications. Early Friday morning (14th May 2021) experts detected malicious activity also on the DoH network, but the attack was neutralized by defense software that detect the attempt of deploying hacking tools and the execution of the ransomware.

Ransomware 89

Ransomware Encryption File names IoT 89

Security Affairs

APRIL 28, 2020

Once the machine is fully compromised, the attacker will install a complete hacking suite, composed of an IRC bot, an SSH scanner, a bruteforce tool, and an XMRIG crypto-miner. When the machine is completely infected, the installed files are the following: Figure 2: Directory listing. The initial script is the file named “ a ”.

Mining 104

Mining File names Honeypots IT 104

Lenny Zeltser

MARCH 2, 2019

For example, for VMware you’d extract the files into a dedicated folder, then launch the file named “MSEdge – Win10.vmx” Step 3: Update the VM and Install Malware Analysis Tools. You can use this connection to update the OS to the latest patch level and install malware analysis tools.

File names 112

File names Access Archiving Passwords 112

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. hwp” extension. Bypassing AV Detection.

IT 136

IT File names Libraries Communications 136

eSecurity Planet

AUGUST 10, 2023

As a bonus, many of these tools are free to access and have specialized feeds that focus on different industries and sectors. Cons Though free tools and integrations are available, OTX works best with paid AT&T Cybersecurity products like AlienVault USM. Threat dashboards are highly intuitive and easy to read. account.

Cybersecurity 96

Cybersecurity Access Metadata Energy and Utilities 96

OneHub

AUGUST 17, 2021

Educate them on the issues that information silos are causing within your organization, and lay out the steps you plan to take to heal these divisions by increasing communication and cooperation. Provide collaborative tools and resources. Online storage and file sharing. Collaborative tools.

Cloud 52

Cloud File names Access Education 52

Security Affairs

MAY 29, 2019

Once the macro is executed, the malware downloads two files from “kentona[.su”, su”, using an SSL encrypted communication, and stores them in “C:UsersPublic” path: “ rtegre.exe ” and “ wprgxyeqd79.exe TektonIT RMS acts as a remote administration tool, allowing the attacker to gain complete access to the victim machine.

IT 72

IT Retail Archiving File names 72

The Texas Record

MAY 18, 2023

A SWOT analysis is a strategic management tool that can be used solo or prior to conducting a TOWS metric (which we will discuss briefly in this article). Strategies and methods could include, policies, procedures, training, communication channels, storage conditions, informal guidance, etc.

Records Management 40

Records Management Risk Access File names 40

Security Affairs

JANUARY 9, 2020

“It turned out that an unsuspecting employee of the company had willingly downloaded a third-party application from a legitimate looking website and their computer had been infected with malware known as Fallchill , an old tool that Lazarus has recently switched back to.”.

File names 68

File names Encryption Authentication Communications 68

Security Affairs

MAY 7, 2019

Its initial triage suggests it may be part of an advanced attacker arsenal targeting the Banking sector, possibly related to the same APT group Kaspersky Lab tracked two years ago after the compromise of a Russian bank, where a particular malware tool dubbed ATMi tch has been unveiled. Technical Analysis.

Libraries 64

Libraries e-Discovery Communications File names 64

Security Affairs

JULY 8, 2019

Surely the presence of an ISO file as attachment is suspicious, but for an unaware user it could go unnoticed, also thanks to the new Windows versions which natively support the filetype. Extracting the content of the ISO image, we encounter an EXE file named “po-ima0948436.exe”. Check against malware analysis tools.

File names 70

File names Encryption Archiving Phishing 70

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. The first port is used to maintain communications between C2 and clients. File name: patent-2019-02-20T093A283A05-1.xls Technical Analysis.

File names 92

File names Phishing Libraries IT 92

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. As the inherent authentication tool for cloud services, SAML is not going away as an attack vector. Tools for Detecting Solorigate Vulnerabilities.

Cybersecurity 61

Cybersecurity Access Authentication Cloud 61

Security Affairs

SEPTEMBER 13, 2023

According to Microsoft, the campaign aims at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises. Attackers also a Packerloader tool to load and execute shellcode, which is stored in a file in an encrypted form.

File names 119

File names Access Encryption Communications 119

Security Affairs

MAY 2, 2019

On April 19 2019 researchers at Chronicle, a security company owned by Google’s parent company, Alphabet, have examined the leaked tools , exfiltrated the past week on a Telegram channel, and confirmed that they are indeed the same ones used by the OilRig attackers. At this stage we might appreciate two communication ways.

Computer and Electronics 94

Computer and Electronics Communications Government File names 94

Security Affairs

JULY 22, 2020

“The adversary also uses several crafted tools that helps the botnet increase the amount of systems participating in its Monero-mining pool.” The actor employs various methods to spread across the network, like SMB with stolen credentials, psexec, WMI and SMB exploits.” ” reads the analysis published by Cisco Talos.

Mining 97

Mining File names Passwords Communications 97

Security Affairs

JULY 22, 2019

.” The hackers used three new malware families in the campaign that also involved the Pickpocket , a browser credential-theft tool exclusively linked to APT34 campaigns. The fake profiles asked the victims to open the weaponized excel file named ERFT-Details. xls that was used as a dropper. ” concludes FireEye.

File names 95

File names Phishing Passwords Government 95

Security Affairs

NOVEMBER 30, 2018

Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. But, unlike previous incidents using POWERSTATS, the command and control (C&C) communication and data exfiltration in this case is done by using the API of a cloud file hosting provider.”

Communications 91

Communications File names Cloud Government 91

Security Affairs

FEBRUARY 16, 2021

dll NVIDIA Smart Maximise Helper Host NvSmartMaxApp.exe NvSmartMax.dll VirtualBox Guest Additions Tray Application VBoxTray.exe Mpr.dll VMware NAT Service Vmnat.exe Shfolder.dll WinGup for Notepad++ Gup.exe Libcurl.dll Disc Soft Bus Service Pro (DAEMON Tools Pro) DiscSoftBusService.exe Imgengine.dl exe Dbghelp.dll AVG Dump Process avDump32.exe

Libraries 119

Libraries Communications Phishing Encryption 119

Security Affairs

AUGUST 31, 2018

My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Stage1 was dropping and executing a brand new PE file named: rEOuvWkRP.exe (sha256: 92f59c431fbf79bf23cff65d0c4787d0b9e223493edc51a4bbd3c88a5b30b05c) using the bitsadmin.exe native Microsoft program.

Computer and Electronics 65

Computer and Electronics File names Security Access 65

Enterprise Software Blog

APRIL 13, 2023

In this exciting tutorial, we will take your skills to the next level by combining two powerful tools - the API we built in our previous tutorial and the App Builder TM platform. App Builder is a powerful tool that allows users to create robust applications with minimal coding experience.

Passwords 52

Passwords Authentication Access File names 52

eDiscovery Daily

APRIL 18, 2019

Shawn Huston of LSP Data Solutions ( www.lspdata.com ) recently told me that 2/3 of the load files he sees in productions have errors. Remember my previous comment about communication? Concordance load files typically use the file extension DAT and the þ¶þ characters as delimiters, e.g.: Concordance Load File.

Metadata 42

Metadata Computer and Electronics Blockchain File names 42