Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 102

File names Encryption Ransomware Security 102

Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0

File names 101

File names Archiving Compliance Information Security 101

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022.

File names 52

File names Libraries Metadata Education 52

Security Affairs

JULY 15, 2022

Threat actors are attempting to exploit an arbitrary file upload vulnerability tracked as CVE-2021-24284. An attacker can trigger the issue to upload malicious PHP files to a website using the vulnerable component, leading to code execution and potentially take over the site.

File names 101

File names Information Security IT Security 101

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 73

Ransomware File names Security Access 73

Schneier on Security

MAY 9, 2022

Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. Apple Mail now blocks email trackers by default.

File names 84

File names Security Marketing IT 84

Information Management Resources

JUNE 7, 2018

MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks

File names 28

File names Encryption Passwords IT 28

Schneier on Security

JULY 8, 2021

After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 104

Ransomware File names Security Encryption 104

Security Affairs

JULY 15, 2022

Cyble researchers warn of three new ransomware operations named Lilith, RedAlert and 0mega targeting organizations worldwide. Researchers from threat intelligence firm Cyble warn of new ransomware gangs that surfaced recently, named Lilith, RedAlert, and 0mega. log), swap files(.vswp),

Ransomware 110

Ransomware Encryption File names Risk 110

Security Affairs

JUNE 8, 2022

The flaw is a path traversal flaw that can be exploited to save any files to any locations on the file system (in line with the permissions of the current user) before the integrity of the package is checked. diagcab files at all, so users of these services could be potential targets.

File names 67

File names Libraries Archiving Cybersecurity 67

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. Payment does not guarantee files will be recovered.

Ransomware 111

Ransomware Encryption File names Passwords 111

Security Affairs

MARCH 19, 2022

Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.

Encryption 73

Encryption File names Ransomware Cybersecurity 73

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Researchers uncovered a new Linux botnet, tracked as B1txor20, that exploits the Log4J vulnerability and DNS tunnel.

Honeypots 100

Honeypots File names Communications Encryption 100

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 96

Military Phishing Archiving File names 96

Security Affairs

MARCH 2, 2020

“Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.

Ransomware 91

Ransomware File names Archiving Encryption 91

Schneier on Security

MAY 4, 2022

Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device. Mandiant is reporting on a new botnet.

IoT 81

IoT Security File names Encryption 81

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it.

File names 89

File names Access IT Security 89

Security Affairs

JUNE 30, 2022

In February a team of researchers from Kookmin University (South Korea) discovered a flaw in the encryption algorithm used by Hive ransomware that allowed them to decrypt data without knowing the private key used by the gang to encrypt files.

Ransomware 100

Ransomware Encryption Cybersecurity Blockchain 100

eSecurity Planet

JULY 1, 2022

The name “ZuoRAT” is based on the Chinese word for “left” (after the actor’s file name, “asdf.a”, which suggests a keyboard progression of the left hand).

File names 81

File names Communications Access IT 81

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In this campaign, the spam message contains an HTML file that has base64 encoded images and a password-protected ZIP file.

Passwords 79

Passwords File names Libraries IT 79

Security Affairs

JANUARY 6, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. The gang has also set up a leak site on the Tor network where it will publish files stolen to the victims that will not pay the ransom.

Ransomware 96

Ransomware Encryption File names Communications 96

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)

File names 70

File names IoT IT Security 70

The Texas Record

AUGUST 1, 2022

The following information is based on my experience per my assigned roles on an internship project that consisted of following a Record Management Officer’s (RMO) procedures to convert physical records to electronic, implement consistent and clear file naming systems, and properly dispose of confidential records. To follow the process, here is an example of what this could look like: Year: Name: Box: 2022 John Doe Felony 1 2014 Jane Smith Felony 1.

Computer and Electronics 60

Computer and Electronics File names Paper Records Management 60

Security Affairs

JULY 8, 2022

“Once the attacker successfully logs in to a device, they encrypt data in shared folders and leave a ransom note with the file name “!CHECKMATE_DECRYPTION_README” We have encrypted 267183 office files. Files should be no more than 15mb each.

Ransomware 82

Ransomware Encryption Passwords File names 82

AIIM

JULY 8, 2021

This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age.

File names 87

File names Data breaches Risk Privacy 87

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files.

File names 94

File names Encryption Ransomware Government 94

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).”

File names 80

File names Archiving Passwords Communications 80

Security Affairs

FEBRUARY 7, 2022

Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. ” The password cracking process is only needed once per PC, there is no need to repeat it for each file.

Ransomware 80

Ransomware Encryption Passwords File names 80

Security Affairs

FEBRUARY 17, 2022

In the attacks observed by the experts, threat actors inserted a.exe file called “User Centric” into a chat in an attempt to trick participants into opening it. Upon opening the executable, the malicious code will install DLL files and create shortcut links to self-administer.

Phishing 108

Phishing File names Access Data breaches 108

Security Affairs

MARCH 28, 2022

The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon.

CMS 72

CMS Archiving Military Phishing 72

Security Affairs

JULY 19, 2022

The phishing messages included a link to a malicious HTML file ( EnvyScout ) that acted as a dropper for additional malicious payloads, including a Cobalt Strike beacon. Threat actors used it to deobfuscate the contents of a second state malware, which is in the form of a malicious ISO file.

Phishing 70

Phishing Metadata Cloud File names 70

Security Affairs

APRIL 3, 2022

Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system.

File names 99

File names Archiving Ransomware Encryption 99

Security Affairs

OCTOBER 27, 2021

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free.

Ransomware 84

Ransomware File names Encryption Cybersecurity 84

Security Affairs

JULY 17, 2020

Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the code to prank your friends. NB: Large File System Hahead. This folder is tracked by using Git Large File System since many files are bigger than 100MB.

Phishing 87

Phishing File names Archiving Passwords 87

Security Affairs

JUNE 5, 2021

“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes.

Ransomware 93

Ransomware Encryption File names Financial Services 93

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Files leaked online. The sample archive is password protected – but the file names and types are clearly visible.

Ransomware 90

Ransomware File names Archiving Encryption 90

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts.

File names 93

File names Encryption Mining IT 93

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon.

Communications 88

Communications File names Archiving Phishing 88

eSecurity Planet

JULY 19, 2022

lilith” extension to rename encrypted files. Cyble adds that “upon execution, Lilith ransomware initially searches for a list of hardcoded processes in the file and terminates its execution if any of them are running on the target’s machine.”.

Ransomware 79

Ransomware Encryption File names IT 79

Security Affairs

DECEMBER 15, 2021

A suspected ScreenConnect setup MSI appeared to have been delivered in a zipped file named “Special discount program.zip”, suggesting that it arrived in a spear-phishing email.”

File names 84

File names Passwords Phishing Archiving 84