Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names 118

File names Archiving Compliance IT 118

Security Affairs

FEBRUARY 21, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names 98

File names Archiving Access Cybersecurity 98

Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 103

File names Ransomware Encryption Security 103

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names 120

File names IT Security 120

Security Affairs

FEBRUARY 23, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

Honeypots 91

Honeypots File names Cybersecurity Security 91

Security Affairs

JUNE 29, 2023

Fortinet started investigating the threat after the discovery of an archive file with a file name in Russian, “Табель учета рабочего времени.zip” (“time sheet” in English). The zip archive contains two files with.exe extension preceded by another document-related extension (double extension). ” concludes the report.

File names 84

File names Archiving IT Security 84

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 87

File names Security IT Information Security 87

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The campaign is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed by the threat actors.

Archiving 101

Archiving File names IT Information Security 101

Security Affairs

JUNE 19, 2023

The function writes some C code received from the C2 to a temporary file named tmp.c, that is later compiled to a file named /tmp/.ICE-unix/git After compilation, the file is executed in background with two parameters, also received from C2.” ICE-unix/git using the cc command on Fedora and gcc on Debian.

File names 98

File names Archiving IT Security 98

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week.

Ransomware 122

Ransomware File names Encryption Passwords 122

Security Affairs

JULY 11, 2024

The botnet shell script downloads an ELF file named “pty3” from a different IP address, likely a sample of Muhstik malware. “Therefore, it is recommended that users conduct a comprehensive asset assessment, verify their usage scenarios, and update PHP to the latest version to ensure security.

Honeypots 101

Honeypots File names Mining IoT 101

Security Affairs

MAY 31, 2023

Upon analyzing of the impacted UEFI firmware, the researchers identified a file named File Name: 8ccbee6f7858ac6b92ce23594c9e2563ebcef59414b5ac13ebebde0c715971b2.bin .” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.

File names 93

File names Risk Passwords Security 93

Security Affairs

JUNE 22, 2024

The experts at Insikt Group noticed that the ESXi version of RansomHub creates a file named /tmp/app.pid to ensure the exclusive execution of RansomHub processes. “After processing command-line arguments and decrypting the configuration, RansomHub ESXi leverages the file /tmp/app.pid to check whether it is already running.

Ransomware 113

Ransomware Encryption File names Communications 113

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. The first variant of the backdoor that was detected in November 2023 was likely a test version that did not support a persistence mechanism. “We identified multiple variants of the embedded Apple script, but all of them are meant for data exfiltration.”

Ransomware 118

Ransomware File names Passwords IT 118

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 94

Ransomware File names Encryption Access 94

Security Affairs

AUGUST 23, 2023

This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. “The update.zip file is a zlib compressed archive file. This file is not saved on disk.

File names 78

File names Encryption Archiving Information Security 78

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” DiskCryptor is not inherently malicious but has been weaponized.” ” reads the alert published by the FBI.

Ransomware 144

Ransomware Encryption File names Passwords 144

Security Affairs

APRIL 22, 2024

GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives. APT28 deployed GooseEgg to gain elevated access to target systems and steal credentials and sensitive information.

Military 112

Military File names Education Phishing 112

Security Affairs

JUNE 20, 2024

“In addition to some popular applications, this stealer searches sensitive files in parent directories of common installation directories to ensure comprehensive data gathering. .” The information stealer performs a series of anti-analysis checks to determine if it’s running in a sandbox or a virtual machine environment.

File names 102

File names IT Information Security Security 102

AIIM

JULY 8, 2021

This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age. social security numbers, customer information, etc.).

File names 204

File names Data breaches Risk Privacy 204

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 110

File names Access IT Security 110

Security Affairs

JUNE 24, 2024

While investigating a security incident from March 2024 on a client’s Linux host, Positive Technologies researchers discovered a file named “scrond.”

File names 76

File names Communications Mining Archiving 76

Security Affairs

MARCH 2, 2020

. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.

Ransomware 120

Ransomware File names Archiving Encryption 120

Security Affairs

SEPTEMBER 10, 2023

. “When receiving a message, uploadTextMessageToService collects its contents, chat/channel title and ID, as well as sender’s name and ID. The collected information is then encrypted and cached into a temporary file named tgsync.s3. The app sends this temporary file to the command server at certain intervals.”

File names 121

File names Personal data Encryption Security 121

Security Affairs

MARCH 19, 2022

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 88

Ransomware File names Encryption Cybersecurity 88

Security Affairs

MARCH 17, 2024

All unique passwords are stored in a file named “brute.txt”. In the file “password.txt” we discovered a big RISEPRO banner and the link to the public Telegram channel. RisePro is a C++ info-stealer that has been active since at least 2022, it allows to gathering sensitive data from the infected system.

Passwords 104

Passwords File names Archiving Cybersecurity 104

National Archives Records Express

JUNE 12, 2023

Metadata Capture Requirements Agencies must adhere to the following metadata capture requirements: Capturing Metadata at the File or Item Level Agencies must capture the metadata specified in paragraphs (c) through (e) of the regulation at the file or item level as part of the digitization project.

Metadata 109

Metadata Digital transformation File names Archiving 109

The Texas Record

JUNE 26, 2023

Consistency Choose file naming conventions and stick with them. For example, unless an abbreviation is known and widely used, avoid using it in folder or file names. A consistent approach with folder structure and file naming means there is less need for individual interpretation. Be consistent.

Cleanup 40

Cleanup File names ROT Access 40

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the blog post published by Fortinet.

File names 91

File names IoT Security IT 91

Security Affairs

JUNE 7, 2024

The attacks detected by Akamai exploit the flaws to download a file named “public.txt” from a compromised server in China. This file is saved on victims’ systems as “roeter.php,” likely a misspelling of “router.”

File names 102

File names Passwords Access Cloud 102

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. ” reads the analysis published by Anomali Labs.

File names 93

File names IT Security 93

Security Affairs

DECEMBER 6, 2023

The researchers’ approach is simple, when the user activates Lockdown Mode, a file named /fakelockdownmode_on is generated as an indicator, triggering a userspace reboot. The researchers also intercepted other functions, including -[PUILockdownModeController lockdownModeEnabled()], to simulate the presence of this file.

File names 108

File names IT Security Access 108

Security Affairs

JUNE 8, 2022

.” “The vulnerability lies in the Microsoft Diagnostic Tool’s sdiageng.dll library, which takes the attacker-supplied folder path from the package configuration XML file inside the diagcab archive, and copies all files from that folder to a local temporary folder.” ” reads the post published by 0patch.

Security 86

Security File names Libraries Archiving 86

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 77

File names Archiving Passwords Communications 77

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses.

Ransomware 129

Ransomware Encryption File names Communications 129

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335.

Ransomware 92

Ransomware File names Encryption Access 92

Security Affairs

OCTOBER 22, 2023

.” A Vietnamese group observed by the researchers used very similar lures and delivery methods in different attacks attempting to deliver: DarkGate Ducktail Lobshot Redline stealer The attack chain began with the download of a file named “Salary and new products.8.4.zip” zip” and the execution of the content.

File names 105

File names Archiving IT Access 105