Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 107

File names Encryption Ransomware Security 107

Security Affairs

MAY 20, 2021

Microsoft warns of a malware campaign that is spreading a RAT dubbed named STRRAT masquerading as ransomware. This RAT is infamous for its ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them.

Ransomware 108

Ransomware File names Encryption Passwords 108

Perficient Data & Analytics

MARCH 13, 2020

You may change the profile name to whatever you like. Downloading and Renaming Files from AWS S3 using PowerShell. Define the bucket you would like to download the files from. Define the folder within the bucket you would like to download the files from.

File names 68

File names Archiving Cloud Security 68

Schneier on Security

JULY 8, 2021

After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 74

Ransomware File names Encryption Access 74

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it.

File names 113

File names Access IT Security 113

Security Affairs

MARCH 2, 2020

“Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.

Ransomware 114

Ransomware File names Archiving Encryption 114

Information Management Resources

JUNE 7, 2018

MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks

File names 28

File names Encryption Passwords IT 28

Security Affairs

MARCH 26, 2021

Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. Mamba leverages a disk-level encryption strategy instead of the conventional file-based one. Payment does not guarantee files will be recovered.

Ransomware 101

Ransomware Encryption File names Passwords 101

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)

File names 87

File names IoT IT Security 87

Security Affairs

JULY 17, 2020

Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the code to prank your friends. NB: Large File System Hahead. This folder is tracked by using Git Large File System since many files are bigger than 100MB.

Phishing 110

Phishing File names Archiving Passwords 110

Security Affairs

JUNE 26, 2021

On June 14th, Altus Group, a commercial real estate software solutions firm, disclosed a security breach, now Hive ransomware gang leaked its files. Files leaked online. The sample archive is password protected – but the file names and types are clearly visible.

Ransomware 78

Ransomware File names Archiving Encryption 78

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon.

Communications 113

Communications File names Phishing Archiving 113

Security Affairs

JUNE 5, 2021

“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes.

Ransomware 83

Ransomware Encryption File names Financial Services 83

Security Affairs

SEPTEMBER 27, 2019

The Avest ransomware encrypts victim’s files and appends the extension “ ckey().email().pack14” The decryption tool could be used by the victims only after they have successfully removed the malware from their system to avoid that the Avest ransomware will repeatedly lock the machine or will encrypt files. ransomware to decrypt their files for free.

Encryption 84

Encryption Ransomware File names Access 84

AIIM

JULY 8, 2021

This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age.

File names 56

File names Risk Data breaches Privacy 56

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts.

File names 114

File names Encryption Mining IT 114

Security Affairs

FEBRUARY 25, 2020

The malware found is an executable program (EXE) using file names such as ‘Corona’s domestic status’ and ‘Corona’s real-time corona status.’

File names 106

File names IT Information Security Security 106

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. As observed in previous Shamoon samples the internal file name invokes a known PC tool, likely as a lure to allay initial user suspicion.”

File names 87

File names IT Security 87

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. “The file’s name will also be renamed by encrypting the filename, base64 encoding it, url encoding it, and finally appending the.rontok extension to the new file name.

Encryption 87

Encryption File names Ransomware Access 87

Security Affairs

APRIL 23, 2021

Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like ss , ps , and curl.

Mining 109

Mining File names IT Security 109

Security Affairs

APRIL 24, 2021

Threat actors behind ToxicEye spread the RAT via phishing emails containing a malicious.exe file. Researchers noticed that that the ToxicEye RAT configuration file includes a Telegram bot that is compiled into an executable file.

Communications 107

Communications File names Encryption Phishing 107

Security Affairs

MAY 14, 2021

The file named Magento.png attempts to pass itself as ‘image/png’ but does not have the proper PNG format for a valid image file.” Threat actors edited the shortcut icon tags with a path to the fake PNG file.

File names 100

File names Access Cybersecurity IT 100

Security Affairs

JUNE 27, 2021

Upon rebooting the system, Crackonosh will scan for the existence of antivirus software and will attempt to disable them, the malware also wipes log system files. It has names of folders, where they are installed and finally it deletes %PUBLIC%Desktop.”

Mining 82

Mining File names IT Cybersecurity 82

Security Affairs

MAY 26, 2019

Last week, a hacker that goes online with the moniker ‘Boris Bullet-Dodger’ reported the hack to The Register and showing it a list of files as proof of the attack. The hacker stole hundreds of gigabytes of files along with Microsoft Exchange and Access databases, ERP databases, HR records, and Microsoft SQL Server data stores. “The file names and accompanying directories – numbering almost 65,000 – fit with the focus of the surveillance technology biz.”

File names 70

File names Manufacturing Cybersecurity Government 70

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure.

Ransomware 109

Ransomware File names Encryption Archiving 109

Security Affairs

MARCH 17, 2020

Nefilim will encrypt a file using AES-128 encryption, then the AES encryption key is encrypted using an RSA-2048 public key that is embedded in the ransomware executable. The encrypted AES key will be included in the contents of each encrypted file.

Ransomware 108

Ransomware Encryption File names Access 108

Security Affairs

MAY 3, 2020

The main improvement sees the introduction of clustering stereotypes for each tracked malware family in three different behaviors: Domains , Files and Processes. Based on the magic file bytes this graph would track the percentages of file types that Malware used as carrier.

File names 104

File names Computer and Electronics Cybersecurity IT 104

Security Affairs

MARCH 26, 2021

Experts noticed that each Hades ransomware sample uses a different extension to files that it encrypts and drops a ransom note with file name “HOW-TO-DECRYPT-[extension].txt”.

Encryption 99

Encryption Ransomware File names Manufacturing 99

Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . “In both of these cases, the payload is stored in the file named Groza_1.dat.

File names 93

File names Encryption Libraries IT 93

Security Affairs

JULY 1, 2019

In attacks observed on June 17, the malware was using 64-bit DLLs with file names loaded by legitimate Windows system executables. Duncan pointed out that file paths, file names, and associated hashes would change at every computer login. Security researchers at eSentire tracked a new campaign spreading a variant of the Dridex banking Trojan that shows polymorphism.

File names 85

File names Encryption Access IT 85

Security Affairs

FEBRUARY 26, 2020

During our Threat Intelligence activities we noticed a suspicions artifact named “ CoronaVirusSafetyMeasures_pdf ”, so, intrigued by its name and by its recent submission on Yomi Hunter ( LINK ), we decided to deep dive into it. Figure 3: Dashboard of the file hosting service used.

File names 113

File names Encryption Communications Phishing 113

OneHub

DECEMBER 17, 2020

Tired of digging through an endless sea of folders and files to find that one document you need? In addition to costing your company money and stressing out your employees, a poor file structure can jeopardize the security of your files and make onboarding new hires a messy process.

File names 52

File names Archiving Marketing Cloud 52

Document Imaging Report

OCTOBER 21, 2020

Other document management software applications act like electronic filing cabinets and you can only search based on keywords located in document file names. Auto-generate file names from document metadata.

Digital transformation 52

Digital transformation Metadata File names Access 52

Security Affairs

MAY 29, 2020

Absent-Loader does that and despite its name behaves this way. Following, the static information of this file: Name Covid-19-PESANTATION.doc Thus, once clicked, it allows this malicious document to execute a malicious file named HimeraLoader.exe.

File names 102

File names Phishing Marketing IT 102

Security Affairs

DECEMBER 26, 2020

We pumped out about 600 gb of the most important documents, personal data of customers, as well as intimate photos of these customers (this is not a completely pleasant sight:))” The ransomware gang plans to post the first batch of files, named “Pacient Personal – 20??

File names 103

File names Personal data Access Ransomware 103

Security Affairs

MARCH 1, 2021

“And if that same site visitor clicks the “direct download link” provided on this page, they receive a.zip archive file with a filename that exactly matches the search query terms used in the initial search, which itself contains another file named in precisely the same way.”

Search queries 93

Search queries CMS Ransomware File names 93

Security Affairs

DECEMBER 1, 2020

db-json.js “ Both packages were created by the same author last week who masqueraded them as tools to work with JSON files. The script attempted to download and execute a file named patch.exe that was used to install the njRAT remote access trojan.

Libraries 105

Libraries File names Access Information Security 105

Security Affairs

JANUARY 28, 2020

Most of the infosharing activities involved in cybersecurity are mostly focused on Indicator of Compromise such as: URL, IPs, Domains and file hashes which are perfectly used to arm protection tools such as: proxies, ng-firewalls and Antivirus Engines.

File names 105

File names Ransomware IT Cybersecurity 105

Security Affairs

JULY 14, 2021

Anyway experts speculate that the actual targets were only a subset of these that included high-profile organizations, namely government entities located both within those countries and abroad.

Archiving 52

Archiving File names Libraries Phishing 52

Security Affairs

APRIL 27, 2020

The ransomware also drops on the Desktop 10 text files, named README1.txt through README10.txt, The README.txt files include instructions to contact the crooks via an email address in order to receive information on how to make the payments.

File names 114

File names Ransomware Education Encryption 114