Data, File names and Libraries - Information Management Today

3CX voice and video conferencing software victim of a supply chain attack

Security Affairs

MARCH 30, 2023

The company started distributing digitally signed Trojanized installers to its customers “The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain that pulls ICO files appended with base64 data from Github and ultimately leads to a 3rd stage infostealer DLL still being analyzed as of the time of writing.”

File names

File names Manufacturing Libraries Cybersecurity

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

defense contractors , financial services firms, and a national data center in Central Asia. The attacks aimed at stealing sensitive data from the victims and attempted to launch supply chain attacks targeting their customers. Masqueraded names included securityhealthservice.exe, secu.exe, vfhost.exe, vxhost.exe, vx.exe, and v.exe.”

File names

File names Financial Services Manufacturing Libraries

China-linked APT41 group targets Hong Kong with Spyder Loader

Security Affairs

OCTOBER 18, 2022

The Operation CuckooBees had been operating under the radar since at least 2019, threat actors conducted multiple attacks to steal intellectual property and other sensitive data from victims. Like the sample analyzed by Cyberreason, the Spyder Loader sample analyzed by Symantec uses the CryptoPP C++ library.

File names

File names Encryption Manufacturing Libraries

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Malicious npm packages spotted delivering njRAT Trojan

Security Affairs

DECEMBER 1, 2020

The jdb.js package included a script designed to perform basic reconnaissance of the infected machine and data gathering. The script attempted to download and execute a file named patch.exe that was used to install the njRAT remote access trojan. Npm is the largest package repository for any programming language.

Libraries

Libraries File names Access Security

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

Both malware relies on modules that are downloaded after the apps are installed to exfiltrate data from the infected devices. WyrmSpy is able to collect Log files, Photos, Device location, SMS messages (read and write), and Audio recording. Upon installing the two spyware, they request extensive device permissions.

File names

File names Libraries Cybersecurity IT

New KilllSomeOne APT group leverages DLL side-loading

Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files.

File names

File names Encryption Libraries IT

Enigma info-stealing malware targets the cryptocurrency industry

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. Stolen data are exfiltrated through Telegram.

Archiving

Archiving File names Libraries Phishing

China-linked LuminousMoth APT targets entities from Southeast Asia

Security Affairs

JULY 14, 2021

Threat actors were able to spread to other hosts through the use of USB drives, experts also noticed the deployment of a signed, but fake version of the application Zoom, which was a data stealing malware. “The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files.

Archiving

Archiving File names Government Libraries

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers registered at least 20 new domain names through the Freenom domain provider that offers free top-level domain names.

Phishing

Phishing Libraries File names Metadata

Recently fixed WinRAR bug actively exploited in the wild

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving Libraries File names Security

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

Security Affairs

OCTOBER 20, 2018

The plugin is widely adopted by numerous server-side platforms that support standard HTML form file uploads: PHP, Python, Ruby on Rails, Java, Node.js, Go, and others. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code.

File names

File names Libraries Security Access

ATMitch: New Evidence Spotted In The Wild

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. The static data about this sample reveal the sample has been compiled on 8th Oct 2017 , months later than the Kaspersky disclosure of the ATMitch attack operation. Figure 5: “msxfs.dll”, library required by malware to communicate with ATM device.

Libraries

Libraries e-Discovery Communications File names

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

File name: patent-2019-02-20T093A283A05-1.xls Figure 7: Language used by crooks to name the visible xls sheet. XLS is a Compound Document File (CDF or CF) or Object Linking and Embedding (OLE) File. Figure 8 below shows the structure of the xls file. File name : 68131_46_20190219.doc

File names

File names Phishing Libraries IT

Dissecting the latest Ursnif DHL-Themed Campaign

Security Affairs

DECEMBER 4, 2018

The second stage of the infection chain is the “ ppc.cab ” file downloaded by the dropper to the “ %APPDATA%Roaming ” location: it actually is a Microsoft Cabinet archive embedding an executable file named “ puk.exe ”. The third stage of the malware is designed to ensure its persistence into the infected system in the long run.

Archiving

Archiving File names Libraries Communications

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Security Affairs

JUNE 5, 2020

The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming. If the download is successful, the malware reads raw bytes from the downloaded file and transforms them into ready to execute powershell code. Figure 3: Extracted Macro.

Manufacturing

Manufacturing File names IT Libraries

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

As observed, the output shows us two AWS-hosted addresses that contain two malicious files, namely: hxxps[:]//fucktheworld.s3.us-east-2.amazonaws[.]com/0.zip zip file is a DLL with additional code loaded by PE File P-19-2.dll At the moment, the file 0.zip To get details about the library inside the 0.zip

Passwords

Passwords e-Discovery IT Cleanup

Guarding Against Solorigate TTPs

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. With access to DSInternals, the malware could query the AD servers and steal data, passwords, and keys. Timestomping, wiping, and DLL-implant obfuscation.

Cybersecurity

Cybersecurity Access Authentication Cloud

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries

Libraries Communications Phishing Encryption

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

Security Affairs

FEBRUARY 23, 2019

The second text file named “_cr1ptt0r_support.txt” includes the onion address for a website that offers support to the victims. “The Cr1ptT0r group member added that the URLs and IP addresses are not logged, so there is no correlation between data and the victim.” ” wrote Bleeping Computer.

Ransomware

Ransomware Encryption File names Libraries

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving

Archiving File names Education Libraries

APT34: Glimpse project

Security Affairs

MAY 2, 2019

Whoever is leaking the toolset also has been dumping information about the victims OilRig has targeted, as well as data identifying some of the servers the group uses in its attacks. The package comes with a README file having as a name “Read me.txt” (note the space). The panel reads those files and implements stats and actions.

Computer and Electronics

Computer and Electronics Communications Government File names

Visual Cues and Clues: Born-Digital Photographs and their Metadata

Unwritten Record

OCTOBER 5, 2021

First, there is EXIF Data (Exchangeable Image File Format), which is automatically generated in an image file by the camera that captured the photo, and usually includes technical data such as aperture, shutter speed, pixel dimensions, or date taken. Accessing File Metadata on a PC.

Metadata

Metadata Archiving Access File names

Quick and Easy Flash Prototypes

ChiefTech

JUNE 1, 2008

Using a PDF of the wireframes as the base, I overlaid clickable elements and some interactive data entry fields. Flash includes a robust library of customizable user interface components that can be dropped into your prototype and used as they are to add realism (e.g., “W05.png”). png”). ” Click "Import."

Libraries

Libraries File names IT Paper

Information Management Today

3CX voice and video conferencing software victim of a supply chain attack

China-linked Budworm APT returns to target a US entity

Webinars

Trending Sources

China-linked APT41 group targets Hong Kong with Spyder Loader

Webinars

Malicious npm packages spotted delivering njRAT Trojan

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

New KilllSomeOne APT group leverages DLL side-loading

Enigma info-stealing malware targets the cryptocurrency industry

China-linked LuminousMoth APT targets entities from Southeast Asia

Iran-linked group Cobalt Dickens hit over 60 universities worldwide

Recently fixed WinRAR bug actively exploited in the wild

Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

ATMitch: New Evidence Spotted In The Wild

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Dissecting the latest Ursnif DHL-Themed Campaign

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

A new trojan Lampion targets Portugal

Guarding Against Solorigate TTPs

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Cr1ptT0r Ransomware targets D-Link NAS Devices and embedded systems

WinRAR CVE-2018-20250 flaw exploited in multiple campaigns

APT34: Glimpse project

Visual Cues and Clues: Born-Digital Photographs and their Metadata

Quick and Easy Flash Prototypes

Stay Connected