Security Affairs

MARCH 3, 2020

Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. The Kimsuky APT group has been analyzed by several security teams. We decided to analysed the activity of the group after noticing a tweet of the user “ @spider_girl22 ” in February 28th 2020.

IT 131

IT File names Libraries Communications 131

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report. ” concludes the report.

Archiving 87

Archiving File names Libraries Phishing 87

Security Affairs

JULY 14, 2021

The LuminousMoth campaign has been linked by the experts to a China-linked APT group tracked as HoneyMyte. Researchers pointed out that this campaign outstands for its large-scale nature, a modus operating that is usually not associated with APT groups who surgically hit high-profile targets. ” concludes.

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

MARCH 30, 2023

“Unfortunately this happened because of an upstream library we use became infected.” ” The trojanized 3CXDesktopApp is the first stage in a multi-stage attack chain, the installers retrieve ICO files appended with base64 data from Github and ultimately leading to the deployment of 3rd stage information stealer.

File names 91

File names Manufacturing Libraries Cybersecurity 91

Security Affairs

JULY 8, 2023

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.”

Archiving 96

Archiving Cloud File names Metadata 96

Security Affairs

SEPTEMBER 3, 2020

The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. The second layer of Python code decodes and loads to memory the main RAT and the imported libraries.

Phishing 140

Phishing Encryption File names Metadata 140

Security Affairs

SEPTEMBER 5, 2018

Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike.

Metadata 47

Metadata File names Libraries Government 47

The Schedule

AUGUST 10, 2018

The SAA Records Management Section steering committee has been working hard over the past several years to improve upon the records management bibliography that was disseminated in 2008 (and, in case you’re interested in historical RM documentation, is available on our microsite at [link] — file name RMRTBibliography2012.pdf

Records Management 40

Records Management Libraries File names Access 40

Security Affairs

MAY 7, 2019

Its initial triage suggests it may be part of an advanced attacker arsenal targeting the Banking sector, possibly related to the same APT group Kaspersky Lab tracked two years ago after the compromise of a Russian bank, where a particular malware tool dubbed ATMi tch has been unveiled. Technical Analysis. Conclusion.

Libraries 61

Libraries e-Discovery Communications File names 61

Security Affairs

MARCH 2, 2019

The threat is only detected later when an MSI file (Windows installer) drops and execute the first infection stage of the malware. This malware is not new and it was used in past waves by TA505, a group known for sending large-scale Dridex, Locky, and GlobeImposter campaigns, among others. File name: patent-2019-02-20T093A283A05-1.xls

File names 88

File names Phishing Libraries IT 88

Security Affairs

JUNE 5, 2020

One of them is Netwire ( MITRE S0198 ), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups at least since 2012. The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming.

Manufacturing 97

Manufacturing File names IT Libraries 97

Info Source

JUNE 24, 2019

Mekel Technology scanners are utilized in service bureaus, libraries with large public and private collections, archives, utilities, financial institutions, engineering firms, government offices, courts and many other record-keeping organizations. Mekel 2.0,

Archiving 40

Archiving File names Marketing Manufacturing 40

Unwritten Record

OCTOBER 5, 2021

Accessing File Metadata on a PC. Select the file you would like to review in “File Explorer.”. Right click the file name and select “Properties.”. A box will pop up that includes various information about the file, and you should select the tab labeled “Details.”.

Metadata 51

Metadata Archiving Access File names 51

Security Affairs

DECEMBER 29, 2019

That file invokes the second file, 0.zip, zip, that is a DLL file with additional code on C2 and how the trojan gets details from the user’s computers. This DLL contains a name in the Chinese language with the following target message for Portugal: “ Your group of Portuguese suckers”. At the moment, the file 0.zip

Passwords 97

Passwords e-Discovery IT Cleanup 97

Security Affairs

FEBRUARY 23, 2019

Like other ransomware, the operators allow victims to unlock a file for free. The second text file named “_cr1ptt0r_support.txt” includes the onion address for a website that offers support to the victims. We received confirmation about these details from the Cr1ptT0r group member we talked to.”

Ransomware 91

Ransomware Encryption File names Libraries 91

Security Affairs

FEBRUARY 16, 2021

As observed during the last few years, several threats share a lot of TTP and code, and that is a clear signal of cooperation between malicious groups. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries 119

Libraries Communications Phishing Encryption 119

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 84

Archiving File names Education Libraries 84

ChiefTech

JUNE 1, 2008

Flash includes a robust library of customizable user interface components that can be dropped into your prototype and used as they are to add realism (e.g., You’ll be saving each screen as a file named after this identifier (e.g., Your "invisibleButton" symbol should appear in the Library Panel.

Libraries 67

Libraries File names IT Paper 67

Security Affairs

MAY 2, 2019

Context: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran. The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries.

Computer and Electronics 89

Computer and Electronics Communications Government File names 89