Security Affairs

MARCH 3, 2020

The Kimsuky APT group has been analyzed by several security teams. Hash 757dfeacabf4c2f771147159d26117818354af14050e6ba42cc00f4a3d58e51f Threat Kimsuky loader Brief Description Scr file, initial loader Ssdeep 12288:APWcT1z2aKqkP/mANd2JiEWKZ52zfeCkIAYfLeXcj6uuLl:uhT1z4q030JigZUaULeXc3uLl. Figure 1: tweet on 28 February 2020.

IT 124

IT File names Libraries Communications 124

Security Affairs

MARCH 2, 2019

This is part of a giant list of Living off the Land (LOL) techniques that attackers employ to mask their activities from runtime endpoint security monitoring tools such as AVs. File name: patent-2019-02-20T093A283A05-1.xls Next image presents when the file is opened. File name : 68131_46_20190219.doc

File names 84

File names Phishing Libraries IT 84

Security Affairs

SEPTEMBER 4, 2019

Unlike most ransomware, JSWorm does not embed a list of file extensions to encrypt, but uses a set of extensions to exclude during the cipher step. The malware encrypts all the files whose extension is not present in the list. Figure 4: Content of “key” file contained in “C:ProgramData”. Pierluigi Paganini.

Ransomware 80

Ransomware Encryption File names Libraries 80

Security Affairs

DECEMBER 29, 2019

The downloaded file is a compressed file (.zip) As observed, after extracting the file, three files are presented. The file “ FacturaNovembro-4492154-2019-10_8.vbs This is a Visual Basic Script (VBScript) file that is acting as a dropper and downloader. Two files are obtained from 2 AWS S3 buckets.

Passwords 95

Passwords e-Discovery IT Cleanup 95

eSecurity Planet

FEBRUARY 3, 2021

Since then, much has been learned about the tactics, techniques, and procedures (TTPs) deployed and what steps organizations are taking to harden their network and application security. Former Department of Homeland Security (DHS) officials noted “this could be an extremely serious breach of security.” federal agencies.

Cybersecurity 62

Cybersecurity Access Authentication Cloud 62

Security Affairs

FEBRUARY 16, 2021

The following schema is an effort to present in a single high-level diagram the workflow of the most popular Latin American trojans. Next, an email template used by Javali to lure victims is presented. MSI file – The Javali Dropper. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY.

Libraries 116

Libraries Communications Phishing Encryption 116

Security Affairs

JULY 7, 2020

Figure 4: VBS file – Lampion downloader – obfuscation layer. The next graph presents the various forms already documented the threat. As noted, malware is usually distributed with a simple email template, where the victim downloads a ZIP file with a VBS downloader inside. LNK files from the Windows startup folder.

Communications 92

Communications Cloud Phishing Encryption 92