Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, JavaScript decryption routine. Main of the JS script.

Ransomware 76

Ransomware Mining File names Encryption 76

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! ” states Trend Micro.

Mining 63

Mining File names Libraries IT 63

Security Affairs

FEBRUARY 28, 2019

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. Stage0 Execution. Attacker Wallet.

Ransomware 78

Ransomware Mining File names Encryption 78

Security Affairs

JUNE 15, 2019

“A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file. .

File names 98

File names Mining Access Communications 98

Security Affairs

MAY 29, 2019

Once successfully logged in with administrative privileges, threat actors execute a sequence of MS-SQL commands that allow them to download malicious payload from a remote file server and execute it with SYSTEM privileges. ” reads the report published by Guardicore. Attackers used two exploits tracked as apexp.exe and apexp2012.exe

File names 78

File names Mining Cybersecurity Security 78

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Then the script places its RSA key in the authorized_keys file. At least six different threat actors are targeting installs running older versions (1.4.2

Search queries 87

Search queries Honeypots File names Mining 87

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Figure 1: Content of the SFX file. tmp” is created combining file “008.tmp”,

Archiving 73

Archiving Mining File names Risk 73

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining 93

Mining File names Passwords Communications 93

Troy Hunt

JANUARY 16, 2019

One of my contacts pointed me to a popular hacking forum where the data was being socialised, complete with the following image: As you can see at the top left of the image, the root folder is called "Collection #1" hence the name I've given this breach. Collection #1 is a set of email addresses and passwords totalling 2,692,818,238 rows.

Data breaches 112

Data breaches Passwords Risk Personal data 112

Troy Hunt

MARCH 3, 2021

I want to go back through that thread here, explain the thinking further and then provide some commentary on the actual data that was exposed. More specifically, I care about the data that's been exposed in the breach, especially when that data may include my own (I'm very serious). Gab's approach. This is normal.

Passwords 145

Passwords Data breaches Mining Risk 145