Security Affairs

DECEMBER 1, 2020

The script attempted to download and execute a file named patch.exe that was used to install the njRAT remote access trojan. In early November, the same team of researchers discovered an npm package that contains malicious code designed to steal sensitive Discord and browser files. ” continues the analysis. .

Libraries 106

Libraries File names Access Security 106

Security Affairs

JULY 20, 2023

These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” DragonEgg is able to collect Device contacts, SMS messages, External device storage files, device location, Audio recording, and Camera photos. .

File names 94

File names Libraries Cybersecurity IT 94

AIIM

APRIL 8, 2021

Check-in and check-out are very similar to how a library works – when a book is checked out, nobody else has access to it until it is checked back in. As the name suggests, version control is used to manage or control different versions of a document as it goes through the authoring and approval process. Version Control. Audit Trails.

ECM 232

ECM Cloud Access File names 232

Security Affairs

JULY 8, 2023

At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” It generates a system identifier by combining the operating system name, hostname, and a random number.

Archiving 98

Archiving Cloud File names Metadata 98

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. The second server (193[.]56[.]146[.]29) ” continues the report.

Archiving 93

Archiving File names Libraries Phishing 93

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. Report Jul 14 47787.iso

Passwords 100

Passwords File names Libraries Security 100

Security Affairs

NOVEMBER 5, 2020

Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file. ” continues the analysis. . .

File names 110

File names Encryption Libraries IT 110

Security Affairs

JULY 14, 2021

“The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive.

Archiving 91

Archiving Libraries File names Security 91

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. The Evilnum APT group was first spotted in 2018 while using the homonym malware.

Phishing 144

Phishing Encryption File names Metadata 144

Security Affairs

OCTOBER 31, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The malicious files used in this campaign have different names, such as Inviting friends to your Halloween Extravaganza.doc, Halloween Pot Luck 10.31.doc, since August. Details in the attachment. Mail: XXXXXXXXX.

File names 106

File names Libraries Ransomware Security 106

Security Affairs

APRIL 14, 2020

“The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.

Ransomware 127

Ransomware Phishing File names Encryption 127

Security Affairs

FEBRUARY 5, 2019

The expert discovered that it is possible to abuse the OpenDocument scripting framework by adding an onmouseoverevent to a link included in the ODT file. By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event.

File names 105

File names Libraries Security IT 105

Security Affairs

OCTOBER 10, 2018

“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages. .” “These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages.

Military 88

Military File names Libraries Government 88

Security Affairs

OCTOBER 20, 2018

The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”. The plugin is widely adopted by numerous server-side platforms that support standard HTML form file uploads: PHP, Python, Ruby on Rails, Java, Node.js, Go, and others.

File names 97

File names Libraries Security Access 97

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, JavaScript decryption routine. Main of the JS script.

Ransomware 77

Ransomware Mining File names Encryption 77

The Schedule

AUGUST 10, 2018

The SAA Records Management Section steering committee has been working hard over the past several years to improve upon the records management bibliography that was disseminated in 2008 (and, in case you’re interested in historical RM documentation, is available on our microsite at [link] — file name RMRTBibliography2012.pdf

Records Management 40

Records Management Libraries File names Access 40

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. This library provides access to the E X tension for F inancial S ervice (XFS) API, the communication interface needed to interact with AMT components such as PIN pad and cash dispenser. Technical Analysis. Figure 1: Payload as resource of the Loader.

Libraries 65

Libraries e-Discovery Communications File names 65

Security Affairs

MARCH 2, 2019

The RAT is based on a leaked source code of the Ammyy Admin remote desktop software , and its features include remote desktop control, file system manager, proxy support and audio chat. After the Excel document is opened (xls file), the content it displays will lure the user to execute malicious Excel 4.0 macro technology. macro code.

File names 93

File names Phishing Libraries IT 93

Security Affairs

SEPTEMBER 5, 2018

“Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” Experts from security firm CrowdStrike have uncovered a new campaign associated with the GOBLIN PANDA APT group. ” reads the analysis published by CrowdStrike.

Metadata 51

Metadata File names Libraries Government 51

Security Affairs

JUNE 5, 2020

best” domain in order to download the next stage payload hidden inside a file named as picture file, but it is not a picture and neither an executable: it actually is a XSL stylesheet containing Javascript able to load another ActiveX object. jpg” file from the same domain of the previous stages. Code Snippet 4.

Manufacturing 99

Manufacturing File names IT Libraries 99

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” A new piece of malware appeared in the threat landscape, dubbed BlackSquid it targets web servers with several exploits to deliver cryptocurrency miners.

Mining 64

Mining File names Libraries IT 64

Security Affairs

DECEMBER 4, 2018

file and when it is launched, starts the infection by downloading other components from the Internet. However, the real malicious action performed by the javascript is to create a batch file in the “ %APPDATA%Roaming325623802.bat Attachment: “GR930495-30495.zip”. The content of the attachment is a.js The Dropper. bat ” path.

Archiving 81

Archiving File names Libraries Communications 81

Security Affairs

SEPTEMBER 4, 2019

The HTA file corresponds to the ransom window shown in Figure 1. Also, for each encountered file, the malware compares it with the excluded paths and if they match, a conditional jump is taken. Figure 4: Content of “key” file contained in “C:ProgramData”. It contains the AES key used to encrypt the files.

Ransomware 86

Ransomware Encryption File names Libraries 86

Security Affairs

DECEMBER 29, 2019

The malware was named ‘Lampion’ as this is the name used as part of its internal name. This is a Visual Basic Script (VBScript) file that is acting as a dropper and downloader. This DLL contains a name in the Chinese language with the following target message for Portugal: “ Your group of Portuguese suckers”.

Passwords 98

Passwords e-Discovery IT Cleanup 98

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. In an update to their Sunburst findings , FireEye touched on the part of an additional malware strain. Sunspot, Sunburst-Enabler. The SAML 2.0

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

FEBRUARY 16, 2021

Other trojans use this technique as it allows to evade detection and execute the malicious code on the target machines bypassing detection based on static file signatures. By opening an URL it downloads from the Internet (Cloud services) a ZIP file with an MSI executable inside ( 1, 2 ). dllFD5CABBE52272BD76007B68186EBAF00msvcr120.dll034CCADC1C073E4216E9466B720F9849rundll32.exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries 121

Libraries Communications Phishing Encryption 121

Security Affairs

FEBRUARY 23, 2019

Like other ransomware, the operators allow victims to unlock a file for free. The second text file named “_cr1ptt0r_support.txt” includes the onion address for a website that offers support to the victims. The discovery of the Cr1ptT0r ransomware was first reported on a discussion in the BleepingComputerforums.

Ransomware 97

Ransomware Encryption File names Libraries 97

The Texas Record

JANUARY 25, 2019

The departmental structure of the ARIS division at the Texas State Library and Archives Commission (TSLAC). Our department took the following steps to reorganize our folders and revise our naming and filing practices. We conducted an inventory of the types of files in the IS folder. 1) Inventory. 4) Maintain.

Cleanup 78

Cleanup Records Management File names Archiving 78

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 89

Archiving File names Education Libraries 89

Security Affairs

JULY 7, 2020

Here, it was distributed using fake webpages, where the victim downloaded an MSI file, which then held the remaining Lampion infection chain. Once executed, additional files are downloaded from Google Cloud, which are loaded into memory using a well-known technique called DLL injection. LNK files from the Windows startup folder.

Communications 107

Communications Cloud Phishing Encryption 107

Security Affairs

MAY 2, 2019

Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. The package comes with a README file having as a name “Read me.txt” (note the space). But let’s move on and start a quick analysis on it. The Glimpse Project.

Computer and Electronics 96

Computer and Electronics Communications Government File names 96

Unwritten Record

OCTOBER 5, 2021

It means the files themselves were created and exist only in digital form, taken by a digital camera. First and foremost, let’s discuss how to find embedded metadata in a file. The metadata itself will not be seen in the image, however, it can be found in the file’s information, or properties. Accessing File Metadata on a PC.

Metadata 51

Metadata Archiving Access File names 51

ChiefTech

JUNE 1, 2008

Flash includes a robust library of customizable user interface components that can be dropped into your prototype and used as they are to add realism (e.g., The Visio document was updated, a new PDF had to be made… and all that interactivity had to be reapplied. (It It is tedious and time-consuming to replace page content in a PDF.)

Libraries 67

Libraries File names IT Paper 67