Security Affairs

NOVEMBER 5, 2020

The name KilllSomeOne comes from the phrase ‘KilllSomeOne’ used in the DLL side-loading attacks, the group is using poorly-written English messages relating to political subjects. . Dynamic-link library (DLL) side-loading takes advantage of how Microsoft Windows applications handle DLL files.

File names 108

File names Encryption Libraries IT 108

Security Affairs

JULY 26, 2022

Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL files. In such attacks, malware places a spoofed malicious DLL file in a Windows’ WinSxS directory so that the operating system loads it instead of the legitimate file.

Passwords 95

Passwords File names Libraries Security 95

Security Affairs

JULY 20, 2023

These commands include instructing the malware to upload log files, photos stored on the device, and acquire device location using the Baidu Location library.” ” reads the report published by Lookout. ” continues the report. ” The report also includes Indicators of Compromise (IoCs) for both spyware.

File names 84

File names Libraries Cybersecurity IT 84

AIIM

APRIL 8, 2021

Check-in and check-out are very similar to how a library works – when a book is checked out, nobody else has access to it until it is checked back in. This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history. Security and access controls.

ECM 233

ECM Cloud Access File names 233

Security Affairs

MARCH 3, 2020

Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 2: Written file (AutoUpdate.dll) in the “%AppData%LocalTemp” path. Table 2: AutoUpdate.dll Information.

IT 126

IT File names Libraries Communications 126

Security Affairs

FEBRUARY 13, 2023

This approach allows the attacker to continuously update and eliminates reliance on fixed file names.” The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report.

Archiving 82

Archiving File names Libraries Phishing 82

Security Affairs

JULY 14, 2021

“The archive contains two malicious DLL libraries as well as two legitimate executables that sideload the DLL files. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar” ” reads the analysis published by Kaspersky.

Archiving 98

Archiving File names Government Libraries 98

Security Affairs

JULY 8, 2023

At the provided URL, a password-encrypted.rar file named “Abraham Accords & MENA.rar” was hosted. The.rar archive contained a dropper named “Abraham Accords & MENA.pdf.lnk.” It generates a system identifier by combining the operating system name, hostname, and a random number.

Archiving 94

Archiving Cloud File names Metadata 94

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers registered at least 20 new domain names through the Freenom domain provider that offers free top-level domain names.

Phishing 79

Phishing Libraries File names Metadata 79

Security Affairs

MARCH 15, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 83

Archiving Libraries File names Security 83

Security Affairs

OCTOBER 31, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot). since August.

File names 105

File names Libraries Ransomware Security 105

Security Affairs

SEPTEMBER 3, 2020

The second layer of Python code decodes and loads to memory the main RAT and the imported libraries. The new infection chain starts by including just one LNK file in the ZIP archive attached to spear-phishing messages. The PyVil RAT stores the malware settings (i.e. version, command-and-control (C2) domains) in a configuration module.

Phishing 136

Phishing Encryption File names Metadata 136

Security Affairs

APRIL 14, 2020

“The emails all contained a malicious Rich Text Format (RTF) phishing lure with the file name 20200323- sitrep -63- covid -19. ” The messages use a weaponized rich text format (RTF) attachment that exploits the CVE-2012-0158 buffer overflow in Microsoft’s ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.

Ransomware 115

Ransomware Phishing File names Encryption 115

Security Affairs

FEBRUARY 5, 2019

By exploiting the vulnerability it is possible to trigger the automatic execution of a specific python library included in the suite using a hidden onmouseover event. The expert pointed out that the python file, named “pydoc.py,” is already included in the LibreOffice software.

File names 95

File names Libraries Security IT 95

The Schedule

AUGUST 10, 2018

The SAA Records Management Section steering committee has been working hard over the past several years to improve upon the records management bibliography that was disseminated in 2008 (and, in case you’re interested in historical RM documentation, is available on our microsite at [link] — file name RMRTBibliography2012.pdf

Records Management 40

Records Management Libraries File names Access 40

Security Affairs

OCTOBER 10, 2018

“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages. These documents are not very sophisticated, but evidence of infections shows that they’re effective.” ” continues Symantec.

Military 82

Military File names Libraries Government 82

Security Affairs

OCTOBER 20, 2018

The plugin is widely adopted by numerous server-side platforms that support standard HTML form file uploads: PHP, Python, Ruby on Rails, Java, Node.js, Go, and others. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code.

File names 88

File names Libraries Security Access 88

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,

Ransomware 74

Ransomware Mining File names Encryption 74

Archives Blogs

MARCH 25, 2020

Being a tethered system, all images are automatically and instantly transferred from the camera to the computer where the Capture One software handles basic editing of the images including color correction, cropping, file naming, and exporting the final images to our internal server before being loaded into the FSU Digital Library.

Libraries 20

Libraries File names 20

Security Affairs

SEPTEMBER 5, 2018

“Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” As part of this campaign, new exploit documents were identified with Vietnamese-language lures and themes, as well as Vietnam-themed, adversary-controlled infrastructure.”

Metadata 46

Metadata File names Libraries Government 46

Security Affairs

MAY 7, 2019

The executable sample is a PE32 x86 file named “tester.exe”. This library provides access to the E X tension for F inancial S ervice (XFS) API, the communication interface needed to interact with AMT components such as PIN pad and cash dispenser. Technical Analysis. Figure 6: Discovering of PinPad and Dispenser components.

Libraries 59

Libraries e-Discovery Communications File names 59

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” According to the experts, BlackSquid has worm-like propagation capabilities and it can be used to launch brute-force attacks. ” states Trend Micro.

Mining 61

Mining File names Libraries IT 61

Security Affairs

MARCH 2, 2019

File name: patent-2019-02-20T093A283A05-1.xls However, as already mentioned at the beginning of the technical analysis, SI-LAB team obtained two types of files, namely xls and doc archives. File name : 68131_46_20190219.doc Analyzing the MSI file – The installer/dropper of infamous FlawedAmmyy.

File names 85

File names Phishing Libraries IT 85

Info Source

JUNE 24, 2019

. · OCR title naming (all models) : The optical character recognition (OCR) function recognizes title bar (microfiche) or title image (microfilm) text. has been designed to be fully supported in Windows 10 Professional (64-bit) and is adaptable for future Windows generations.

Archiving 40

Archiving File names Marketing Manufacturing 40

Security Affairs

SEPTEMBER 4, 2019

The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”. During the encryption phase, JSWorm writes a suspicious file named “key.Infection_ID.JSWRM” in “C:ProgramData”.It It contains the AES key used to encrypt the files.

Ransomware 81

Ransomware Encryption File names Libraries 81

Security Affairs

DECEMBER 4, 2018

The second stage of the infection chain is the “ ppc.cab ” file downloaded by the dropper to the “ %APPDATA%Roaming ” location: it actually is a Microsoft Cabinet archive embedding an executable file named “ puk.exe ”. Figure 11: Commands of the third row of “ddraxpps” key.

Archiving 72

Archiving File names Libraries Communications 72

Security Affairs

JUNE 5, 2020

The macro contained inside the document is quite minimal and does not contain dead code or other anti-analysis technique, a part of the random looking variable naming. If the download is successful, the malware reads raw bytes from the downloaded file and transforms them into ready to execute powershell code. Figure 3: Extracted Macro.

Manufacturing 95

Manufacturing File names IT Libraries 95

Security Affairs

DECEMBER 29, 2019

As observed, the output shows us two AWS-hosted addresses that contain two malicious files, namely: hxxps[:]//fucktheworld.s3.us-east-2.amazonaws[.]com/0.zip zip file is a DLL with additional code loaded by PE File P-19-2.dll At the moment, the file 0.zip To get details about the library inside the 0.zip

Passwords 96

Passwords e-Discovery IT Cleanup 96

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. Usually, executables using the side-by-side feature will have these resources located in the embedded manifest file. exe8CBB75FEBFB4B0B7C3B6D3613386220C.

Libraries 117

Libraries Communications Phishing Encryption 117

Security Affairs

FEBRUARY 23, 2019

Once the malware has infected a system drops two plain text files, one is a ransom note called “_FILES_ENCRYPTED_README.txt,” which gives information to the victim on what has happened and instruction to pay the ransom. Like other ransomware, the operators allow victims to unlock a file for free.

Ransomware 88

Ransomware Encryption File names Libraries 88

The Texas Record

JANUARY 25, 2019

The departmental structure of the ARIS division at the Texas State Library and Archives Commission (TSLAC). In addition, we encouraged the practice of creating README files, which have a description of their respective folder with information regarding its retention and other information (e.g. Creation of README Files (PDF).

Cleanup 78

Cleanup Records Management File names Archiving 78

Security Affairs

MARCH 28, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL DLL that is used by WINRAR, it resides in the way an old third-party library, called UNACEV2.DLL,

Archiving 81

Archiving File names Education Libraries 81

eSecurity Planet

FEBRUARY 3, 2021

Presenting itself as a JPG file named “gracious_truth.jpg,” Teardrop is a memory-only dropper built to enter a network seamlessly and replace the embedded payload. The problem: software can be mighty complex, made up of components, development frameworks, operating system features, libraries, and more.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

JULY 7, 2020

However, in this new release, two DLL files are distributed. VBS file leverages the Windows rundll32 library to inject the first DLL into memory (P-14-7.dll), Figure 6: Deofuscated VBS file – Lampion trojan July 2020. LNK files from the Windows startup folder. VBS files from the Windows startup folder.

Communications 94

Communications Cloud Phishing Encryption 94

Unwritten Record

OCTOBER 5, 2021

Accessing File Metadata on a PC. Select the file you would like to review in “File Explorer.”. Right click the file name and select “Properties.”. A box will pop up that includes various information about the file, and you should select the tab labeled “Details.”.

Metadata 52

Metadata Archiving Access File names 52

Security Affairs

MAY 2, 2019

The command and control is implemented by a standalone.NET application working through files. The backend, a nodeJS server, runs and offers Public API and and saves, requests to agents, and results from agents, directly into files named with “UID-IP” convention acting as agent ID.

Computer and Electronics 86

Computer and Electronics Communications Government File names 86

ChiefTech

JUNE 1, 2008

Flash includes a robust library of customizable user interface components that can be dropped into your prototype and used as they are to add realism (e.g., You’ll be saving each screen as a file named after this identifier (e.g., Your "invisibleButton" symbol should appear in the Library Panel.

Libraries 67

Libraries File names IT Paper 67