Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names 346

File names Archiving Compliance IT 346

Security Affairs

AUGUST 13, 2024

Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.” ” Upon clicking the link, an MSI file is downloaded. If the recipient then opens this file, the ANONVNC malware, tracked as MESHAGENT, is executed. .

Phishing 349

Phishing Government File names Access 349

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 361

File names Security Access IT 361

Security Affairs

MARCH 2, 2020

. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.

Ransomware 363

Ransomware File names Archiving Encryption 363

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week.

Ransomware 362

Ransomware File names Encryption Passwords 362

Security Affairs

OCTOBER 21, 2024

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. Troy Hunt told BleepingComputer that the leaked Internet Archive’s file is a 6.4GB SQL file named “ia_users.sql.”

Archiving 325

Archiving Data breaches Authentication File names 325

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the blog post published by Fortinet.

File names 279

File names IoT Security IT 279

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts. ”reads the analysis published by Microsoft.

File names 363

File names Encryption Mining Security 363

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” DiskCryptor is not inherently malicious but has been weaponized.” ” reads the alert published by the FBI.

Ransomware 363

Ransomware Encryption File names Passwords 363

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon. "Important – COVID-19.rar"

Communications 359

Communications File names Archiving Phishing 359

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. ” reads the analysis published by Anomali Labs.

File names 279

File names IT Security 279

Security Affairs

FEBRUARY 17, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names 246

File names Cybersecurity Security IT 246

Security Affairs

JULY 15, 2022

“Based on our analysis of the attack data, a majority of attackers are attempting to upload a zip file named a57bze8931.zip. When attackers are successful at uploading the zip file, a single file named a57bze8931.php “This file is an uploader under the control of the attacker.

File names 325

File names Security Information Security IT 325

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335.

Ransomware 279

Ransomware File names Encryption Access 279

Security Affairs

JUNE 6, 2024

The malware then enters “VM mode” to encrypt files with specific extensions. Once executed, the ransomware drops a text file named TargetInfo.txt that contains victim information. Like the Windows variant of the ransomware, the content of the file TargetInfo.txt is then sent to a C2 server.

Ransomware 330

Ransomware File names Encryption Communications 330

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 311

File names Archiving Passwords Communications 311

Security Affairs

MARCH 15, 2025

Despite this, researchers suspect the wallets found belong to a single threat actor due to shared file names, encryption keys, and a Litecoin wallet consolidating funds from multiple sources. MassJacker appears to be a malware-as-a-service (MaaS), likely used by multiple threat actors, similar to Amadey and MassLogger.

Encryption 296

Encryption File names Communications Ransomware 296

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

File names 252

File names Archiving Cybersecurity Communications 252

Security Affairs

JANUARY 5, 2025

“Mandiant observed a second, more sophisticated execution scenario which begins with a Windows LNK file named QQLaunch.lnk. ThisLNK file combines a text file named h which contains the characters “MZ” and a second file t which contains the rest of PE payload to construct a new malicious DLL named libcurl.dll.”

File names 246

File names Archiving Phishing Encryption 246

Security Affairs

SEPTEMBER 27, 2019

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data.” ” reads the user guide published by Emsisoft.

Ransomware 266

Ransomware File names Encryption Security 266

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names 353

File names IT Security 353

Security Affairs

MAY 17, 2024

“And if you compare the two malicious file execution screens, you can see the same pattern. The malicious file, named “Console Root task window ‘Security Mode’,” hid certain window styles and tabs. ” reads the analysis. If the victims launch it the multi-stage attack chain starts.

File names 333

File names Phishing Communications Security 333

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. It would be important for detection and even for preemptive blocking.

Computer and Electronics 327

Computer and Electronics File names Cybersecurity Security 327

Security Affairs

FEBRUARY 21, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names 246

File names Archiving Access Security 246

Security Affairs

JULY 30, 2024

When this.html file is opened, it displays an image designed to create a sense of urgency about accessing the document, thereby increasing the likelihood that the user will follow the provided instructions.” ” reads the report published by Trellix.

Phishing 360

Phishing File names Archiving Access 360

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses.

Ransomware 363

Ransomware Encryption File names Communications 363

Security Affairs

JULY 17, 2020

In stats folder are maintained two up-to-date files: files_name it holds the frequency of the found file-names associate with kits. In other words every phishing kit is saved on the phishing host with a name. filke_name keeps track about every file names and its frequency.

Phishing 357

Phishing File names Archiving IT 357

Security Affairs

FEBRUARY 23, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

Honeypots 246

Honeypots File names Cybersecurity Security 246

Security Affairs

JUNE 26, 2021

The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. The sample archive is password protected – but the file names and types are clearly visible. Altus Group has been informed about the new development.

Ransomware 345

Ransomware File names Archiving Encryption 345

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 246

File names Security IT Information Security 246

Security Affairs

APRIL 28, 2025

. “This page is served through, at least, the malicious domain name woocommrce[.]com ” After downloading the fake patch, users received a zip file named authbypass-update-31297-id.zip , which behaved like a regular plugin during installation.

Phishing 230

Phishing File names Ransomware Security 230

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Locker ransomware is the latest rebrand of Evil Corp.

Ransomware 357

Ransomware File names Encryption Government 357

Security Affairs

JULY 1, 2019

In attacks observed on June 17, the malware was using 64-bit DLLs with file names loaded by legitimate Windows system executables. Duncan pointed out that file paths, file names, and associated hashes would change at every computer login. “Given the same-day deployment and implementation of the ssl-pert[.]com

File names 270

File names Encryption Security Access 270

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The campaign is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed by the threat actors.

Archiving 335

Archiving File names IT Information Security 335

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 350

Military Phishing File names Archiving 350

Security Affairs

JUNE 5, 2021

“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes. BlackCocaine ” to the filenames of encrypted files.

Ransomware 363

Ransomware Encryption File names Financial Services 363

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

Honeypots 362

Honeypots File names Communications Encryption 362