Security Affairs

AUGUST 23, 2023

This downloader was used to install the Korplug backdoor on the infected systems. “The downloader attempted to download a file named update.zip from the following location: [link] continues the report. “The update.zip file is a zlib compressed archive file. This file is not saved on disk.

File names 74

File names Encryption Information Security Archiving 74

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 83

File names Security Information Security IT 83

Security Affairs

JUNE 19, 2023

The function writes some C code received from the C2 to a temporary file named tmp.c, that is later compiled to a file named /tmp/.ICE-unix/git After compilation, the file is executed in background with two parameters, also received from C2.” ICE-unix/git using the cc command on Fedora and gcc on Debian.

File names 97

File names Archiving Security Information Security 97

Security Affairs

MAY 31, 2023

Upon analyzing of the impacted UEFI firmware, the researchers identified a file named File Name: 8ccbee6f7858ac6b92ce23594c9e2563ebcef59414b5ac13ebebde0c715971b2.bin .” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.

File names 89

File names Security Passwords Risk 89

Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

Ransomware 103

Ransomware File names Encryption Security 103

Security Affairs

JUNE 1, 2023

By analyzing the timestamps of files, folders, and database records, the researchers were able to reconstruct a timeline of the events that occurred on the device. The researchers used the mvt-ios utility to generate a sorted timeline of the events, which is stored in a file named ‘timeline.csv.’

File names 74

File names Security Information Security IT 74

Security Affairs

JULY 15, 2022

“Based on our analysis of the attack data, a majority of attackers are attempting to upload a zip file named a57bze8931.zip. When attackers are successful at uploading the zip file, a single file named a57bze8931.php “This file is an uploader under the control of the attacker.

File names 111

File names Security Information Security IT 111

Security Affairs

SEPTEMBER 19, 2023

watchTowr Labs security researchers exploited a pre-authentication upload vulnerability (CVE-2023-36846) to upload an arbitrary PHP file to a restricted directory with a randomised file name. Then they exploited the same vulnerable function to upload a PHP configuration file (.ini)

File names 114

File names Security Authentication Access 114

Security Affairs

AUGUST 25, 2023

In turn the server reply with a success message and a secret unique identifier that is saved in a file named “%APPDATA%Roamingwlanstr-12.bin.” ” Whiffy Recon checks for the WLAN AutoConfig service (WLANSVC) on the infected system and terminates itself if the service name doesn’t exist.

File names 88

File names Encryption Access Security 88

Security Affairs

AUGUST 28, 2023

watchTowr Labs security researchers exploited a pre-authentication upload vulnerability (CVE-2023-36846) to upload an arbitrary PHP file to a restricted directory with a randomised file name. Then they exploited the same vulnerable function to upload a PHP configuration file (.ini)

File names 85

File names Security Authentication Access 85

Security Affairs

AUGUST 18, 2023

Each of the archives we were able to retrieve consists of a legitimate executable vulnerable to DLL search order hijacking, a malicious DLL that gets sideloaded by the executable when started, and an encrypted data file named agent.data.” ” reads the analysis published by SentinelOne. IP-based geolocation service.

Encryption 88

Encryption Archiving File names Ransomware 88

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week.

Ransomware 119

Ransomware Encryption File names Passwords 119

Schneier on Security

MAY 9, 2022

Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. Apple Mail now blocks email trackers by default. The server keeps track of every time this “image” is opened and by which IP address.

File names 103

File names Marketing Privacy IT 103

AIIM

JULY 8, 2021

This strategy can help keep project files organized among team members and aid in the disposition of documents once a project has been completed. Discovering content on an employee’s workstation by examining meta-data criteria such as file name, type, or age. social security numbers, customer information, etc.).

Data breaches 211

Data breaches File names Security Privacy 211

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” DiskCryptor is not inherently malicious but has been weaponized.” ” reads the alert published by the FBI.

Ransomware 143

Ransomware Encryption Passwords File names 143

The Texas Record

JUNE 26, 2023

Consistency Choose file naming conventions and stick with them. For example, unless an abbreviation is known and widely used, avoid using it in folder or file names. A consistent approach with folder structure and file naming means there is less need for individual interpretation. Be consistent.

Cleanup 40

Cleanup File names ROT Access 40

National Archives Records Express

JUNE 12, 2023

Metadata Capture Requirements Agencies must adhere to the following metadata capture requirements: Capturing Metadata at the File or Item Level Agencies must capture the metadata specified in paragraphs (c) through (e) of the regulation at the file or item level as part of the digitization project.

Metadata 89

Metadata File names Archiving Digital transformation 89

Security Affairs

SEPTEMBER 13, 2023

“On May 29, the attackers returned and used a renamed version of ProcDump (file name: alg.exe) to dump credentials from LSASS.” Several hours later, the attackers executed a suspicious PowerShell command to gather information on the storage devices attached to the system. ” continyes the report.

File names 108

File names Encryption Access Security 108

Security Affairs

MARCH 19, 2022

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data. This file must be roughly 20KB or larger in size. ” reads the guide for the decryptor.

Ransomware 84

Ransomware Encryption File names Cybersecurity 84

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 86

Ransomware Encryption File names Access 86

Security Affairs

AUGUST 30, 2023

watchTowr Labs security researchers exploited a pre-authentication upload vulnerability (CVE-2023-36846) to upload an arbitrary PHP file to a restricted directory with a randomised file name. Then they exploited the same vulnerable function to upload a PHP configuration file (.ini)

File names 100

File names Authentication Security Access 100

Security Affairs

MARCH 2, 2020

. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.

Ransomware 116

Ransomware File names Encryption Archiving 116

Security Affairs

APRIL 9, 2023

” Wi also published two proof-of-concept (PoC) exploits for this vulnerability that can be used to escape the sandbox to create an empty file named “flag” on the host. . “A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.”

Libraries 67

Libraries File names Security Cybersecurity 67

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names 107

File names Security Access IT 107

Schneier on Security

JULY 8, 2021

After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 137

Ransomware File names Encryption Security 137

Security Affairs

SEPTEMBER 2, 2022

Also, a list of all the encrypted files gets stored in a file named wrkman.log.0. Opens <target_file> crypted and writes the encrypted content to it using combination of lseek and write call. Figure 4: Inside the start_routine. Conclusion.

Ransomware 141

Ransomware Encryption File names Security 141

Security Affairs

JUNE 8, 2022

.” “The vulnerability lies in the Microsoft Diagnostic Tool’s sdiageng.dll library, which takes the attacker-supplied folder path from the package configuration XML file inside the diagcab archive, and copies all files from that folder to a local temporary folder.” ” reads the post published by 0patch.

Security 82

Security File names Cybersecurity Archiving 82

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses.

Ransomware 125

Ransomware Encryption File names Security 125

Security Affairs

FEBRUARY 3, 2023

The attack chain starts with spear-phishing messages with a.RAR attachment named “12-1-125_09.01.2023.” The.RAR archive contains the.LNK file named “Запит Служба безпеки України 12-1-125 від 09.01.2023.lnk” GammaSteel is a PowerShell script used to conduct reconnaissance and execute additional commands. shop/09.01_otck/quicker[.]rtf.

Phishing 86

Phishing File names Archiving Security 86

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

Honeypots 124

Honeypots File names Encryption Communications 124

Security Affairs

OCTOBER 24, 2022

Upon clicking the “DOWNLOAD” button, the executable file named “AcroRdrDCx642200120169_uk_UA.exe” will be downloaded to the machine. Running the above executable will decode and run the “rmtpak.dll” DLL file which is the ROMCOM RAT.

Ransomware 89

Ransomware Phishing File names Security 89

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the blog post published by Fortinet.

File names 88

File names IoT Security IT 88

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Phishing 109

Phishing Military Archiving File names 109

Security Affairs

JUNE 6, 2023

. “The stealer then enumerates directories and checks for the presence of targeted files and specific file extensions. If any matches are found, it creates a new, password-protected zip file (zip file name-n.zip) that includes an exact copy of the identified file along with its corresponding folder tree structure.

Ransomware 69

Ransomware Encryption Archiving File names 69

Security Affairs

MARCH 31, 2023

The experts are also seeing files being uploaded with the following file names: wp-resortpack.zip wp-rate.php lll.zip The researchers also reported that the attackers are changing site URL to away[dot]trackersline[dot]com. 193.169.195.64 194.135.30.6 or later ( the latest available is 3.12.0 ) immediately.

File names 96

File names Authentication Security Cybersecurity 96

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. ” reads the analysis published by Anomali Labs.

File names 90

File names Security IT 90

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts. ”reads the analysis published by Microsoft.

Encryption 117

Encryption File names Security Mining 117