File names, Security and Tools - Information Management Today

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.

Military

Military File names Education Phishing

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names

File names IT Security

Emsisoft released a new free decryption tool for the Avest ransomware

Security Affairs

SEPTEMBER 27, 2019

Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware.

Ransomware

Ransomware File names Encryption Security

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

A new Linux botnet uses Tor through a network of proxies using the Socks5 protocol, abuses legitimate DevOps tools, and other emerging techniques. Experts highlighted that this Linux botnet downloads all the files it needs from the Tor network, including legitimate binaries like ss , ps , and curl. for spreading. Pierluigi Paganini.

Mining

Mining File names IT Security

0Patch released unofficial security patch for new DogWalk Windows zero-day

Security Affairs

JUNE 8, 2022

0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. “Okay, but who would download and open a silly diagcab file? .”

Security

Security File names Libraries Archiving

Sofacy APT group used a new tool in latest attacks, the Cannon

Security Affairs

NOVEMBER 20, 2018

The novelty in the last attacks is represented by the use of a tool that has not been seen before, attackers also used an uncommon technique to deliver the malware and to avoid running in a sandbox. Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ docx’ for their campaigns.

File names

File names Phishing Communications Government

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs

MARCH 17, 2024

The experts noticed that this campaign was named “gitgub” by its operators. The experts created a threat-hunting tool that allowed them to identify the repositories involved in this campaign. “We identified at least 13 such repositories belonging to a RisePro stealer campaign that was named “gitgub” by the threat actors. .”

Passwords

Passwords File names Archiving Cybersecurity

Vietnamese threat actors linked to DarkGate malware campaign

Security Affairs

OCTOBER 22, 2023

“The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace and ecosystem described in the WithSecure Professionalization of Cybercrime report. WithSecure speculates that these groups are a closely related cluster of operators/groups. ” reads the report published by WithSecure.

File names

File names Archiving IT Access

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. Mamba ransomware is one of the first malware that encrypted hard drives rather than files that was detected in public attacks. ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption File names Passwords

What is DKIM Email Security Technology? DKIM Explained

eSecurity Planet

MAY 24, 2023

By implementing DKIM, an organization improves the reputation of its own emails and enables receiving email servers to improve their own email security. Basic DKIM DNS Record Structure The DKIM DNS record is very simple and conveys information both through the content of the record as well as the file name.

Encryption

Encryption Security Authentication File names

Proactively Protecting Your Sensitive Information for Remote Workers

AIIM

JULY 8, 2021

Don’t, however, lose sight of the fact that information scattered across a dispersed workforce can significantly raise the risk of a data breach or other security concerns. At Gimmal, we regularly talk to IT, security, and privacy professionals across a broad portfolio of industries. Applying retention rules (i.e.,

File names

File names Data breaches Risk Privacy

China-linked Budworm APT returns to target a US entity

Security Affairs

OCTOBER 13, 2022

The cyber espionage group leverage both readily available tools and custom malware in their operations, many tools are available for years, but in recent attacks, their code was updated. “In some cases, the HyperBro backdoor was loaded with its own HyperBro loader (file names: peloader.exe, 12.exe).

File names

File names Financial Services Manufacturing Libraries

Experts warn of backdoor-like behavior within Gigabyte systems

Security Affairs

MAY 31, 2023

Researchers from firmware security firm Eclypsium have discovered a suspected backdoor-like behavior within Gigabyte systems. ” Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Researchers discovered a suspected backdoor-like behavior within Gigabyte systems that exposes devices to compromise.

File names

File names Risk Passwords Security

Nemty ransomware “LOVE_YOU” malspam campaign

Security Affairs

MARCH 2, 2020

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. they also announced a working tool for version 1.5.

Ransomware

Ransomware File names Archiving Encryption

New Sophisticated Malware

Schneier on Security

MAY 4, 2022

The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. Customized versions of the backdoor that use file names and creation dates that are similar to legitimate files used on a specific infected device.

IoT

IoT File names Encryption Access

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Security Affairs

MARCH 19, 2022

Cybersecurity firm Emsisoft released a free decryptor that allows the victims of the Diavol ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Cybersecurity

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

JUNE 8, 2019

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques.

File names

File names Encryption Security IT

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Security Affairs

JUNE 8, 2019

Cisco Talos experts uncovered a new wave of attacks tracked as Frankenstein campaign, attackers used tools built by combining four open-source techniques. Security experts at Cisco Talos uncovered a series of highly targeted attacks, tracked as Frankenstein campaign, hackers used tools built by combining four different open-source techniques.

File names

File names Encryption Security IT

Avast released a free decryptor for Babuk ransomware

Security Affairs

OCTOBER 27, 2021

Researchers from cybersecurity firm Avast released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Cybersecurity firm Avast has released a decryption tool for Babuk ransomware that allows victims to recover their files for free. Pierluigi Paganini.

Ransomware

Ransomware File names Encryption Cybersecurity

A new Shamoon 3 sample uploaded to VirusTotal from France

Security Affairs

DECEMBER 27, 2018

This sample attempt to disguise itself as a system optimization tool developed by Chinese technology company Baidu. AThis sample was packed using the commercial packing tool Enigma version 4. As observed in previous Shamoon samples the internal file name invokes a known PC tool, likely as a lure to allay initial user suspicion.”

File names

File names IT Security

DownEx cyberespionage operation targets Central Asia

Security Affairs

MAY 10, 2023

exe ” and used the icon image associated with docx files. The executable is a self-contained archive that once executed will extract two files. One of the files is the bait document, while the other one is an HTA file named log extension with embedded VBScript code The HTA file contacts the C2 server to fetch a second-stage payload.

File names

File names Archiving Phishing Government

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Security Affairs

SEPTEMBER 12, 2022

In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. Then threat actors were able to drop multiple tools in the target network, including remote access tools like LogMeIn and TeamViewer, Cobalt Strike, PowerSploit, Mimikatz, and Impacket.

Ransomware

Ransomware IT Authentication File names

Cuba ransomware affiliate targets Ukraine, CERT-UA warns

Security Affairs

OCTOBER 24, 2022

Upon clicking the “DOWNLOAD” button, the executable file named “AcroRdrDCx642200120169_uk_UA.exe” will be downloaded to the machine. Running the above executable will decode and run the “rmtpak.dll” DLL file which is the ROMCOM RAT. Follow me on Twitter: @securityaffairs and Facebook.

Ransomware

Ransomware Phishing File names IT

Avast released a free decryptor for TargetCompany ransomware

Security Affairs

FEBRUARY 7, 2022

Cybersecurity firm Avast has released a decryption tool to allow victims of TargetCompany ransomware to recover their files for free. Czech cybersecurity software firm Avast has released a decryption tool that could allow victims of the TargetCompany ransomware to recover their files for free under certain circumstances.

Ransomware

Ransomware Encryption Passwords File names

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

Security Affairs

JULY 20, 2023

WyrmSpy is able to collect Log files, Photos, Device location, SMS messages (read and write), and Audio recording. “After it’s installed and launched, WyrmSpy uses known rooting tools to gain escalated privileges to the device and perform surveillance activities specified by commands received from its C2 servers.

File names

File names Libraries Cybersecurity IT

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

Security Affairs

MAY 23, 2023

“The fake Skype installer was a.NET executable file named skype32.exe This tool was used in 2020.” JackalSteal is an implant, used in limited attacks, that allows to look for files of interest on the target’s machine and exfiltrate them. exe that was approximately 400 MB in size. ” Kaspersky concludes.

File names

File names Government Communications IT

New Graphiron info-stealer used in attacks against Ukraine

Security Affairs

FEBRUARY 8, 2023

Upon execution, the downloader will check against a blacklist of malware analysis tools by checking for running processes’ specific names (i.e. It creates temporary files with the “ lock” and “ trash” extensions. The downloader contains hardcoded C2 server addresses. ” Symantec concludes.

File names

File names Passwords Phishing Encryption

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of India (NSEI). The Ransomware perform file system enumeration while encrypting the victim files, then appends the extension “.BlackCocaine BlackCocaine ” to the filenames of encrypted files. Pierluigi Paganini.

Ransomware

Ransomware Encryption File names Financial Services

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names

File names Archiving Passwords Communications

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Security Affairs

APRIL 10, 2023

MERCURY (aka MuddyWater , SeedWorm and TEMP.Zagros ) has been active since at least 2017, in January 2022 the USCYBERCOM has officially linked the Iran-linked APT group to Iran’s Ministry of Intelligence and Security (MOIS). The attackers were able to interfere with security tools using Group Policy Objects (GPO).

Ransomware

Ransomware File names Access Education

ToxicEye RAT exploits Telegram communications to steal data from victims

Security Affairs

APRIL 24, 2021

Telegram is a legitimate service and enterprise AV engines and security solutions trust its traffic. “The bot is embedded into the ToxicEye RAT configuration file and compiled into an executable file (an example of a file name we found was ‘paypal checker by saint.exe’). ” concludes the report.

Communications

Communications File names Encryption Education

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versions that is being actively exploited in attacks in the wild. in the collaboration tool Atlassian Confluence.

Mining

Mining File names Ransomware Cloud

New PowerExchange Backdoor linked to an Iranian APT group

Security Affairs

MAY 26, 2023

The infection chain commenced with spear phishing messages using a zip file named Brochure.zip in attachment. Karkoff ) “The PowerExchange backdoor is a simple yet effective tool. The archive contained a malicious.NET executable (Brochure.exe) which is an executable with an Adobe PDF icon. ” concludes the report.

Communications

Communications File names Archiving Phishing

Gootkit delivery platform Gootloader used to deliver additional payloads

Security Affairs

MARCH 1, 2021

In its latest attempts to evade detection by endpoint security tools, Gootloader has moved as much of its infection infrastructure to a “fileless” methodology as possible.” file is the initial infector, and the only stage of the infection at which a malicious file is written to the filesystem. . “This.js

Search queries

Search queries CMS Ransomware File names

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Security Affairs

JUNE 15, 2023

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. The attack chain commences with spear-phishing emails with malicious attachments (.docx,rar,sfx

Military

Military File names Archiving Phishing

Nemty ransomware operators launch their data leak site

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. they also announced a working tool for version 1.5.

Ransomware

Ransomware File names Encryption Archiving

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

Security Affairs

JANUARY 21, 2021

Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. While investigating the attack, Microsoft identified several second-stage malware and tools, including TEARDROP, Raindrop, and also other custom loaders for the Cobalt Strike beacon.

File names

File names Metadata Data collection Security

New Linux Ransomware BlackSuit is similar to Royal ransomware

Security Affairs

JUNE 3, 2023

ReadMe file name: README.BlackSuit.txt. similarities in jumps based on BinDiff, a comparison tool for binary files.” In May, multiple cybersecurity experts spotted a new ransomware family called BlackSuit, including Palo Alto Unit42 experts. New #ransomware #BlackSuit targets Windows, #Linux. Extension: blacksuit.

Ransomware

Ransomware Encryption File names Cybersecurity

Highly Sophisticated Malware Attacks Home and Small Office Routers

eSecurity Planet

JULY 1, 2022

Security researchers have uncovered an unusually sophisticated malware that has been targeting small office/home office (SOHO) routers for nearly two years, taking advantage of the pandemic and rapid shift to remote work. See The Best Wi-Fi 6 Routers Secure and Fast Enough for Business. State-Sponsored Hacking Campaign.

File names

File names Access Communications Security

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Security Affairs

JULY 28, 2021

Researchers from Palo Alto Networks Unit 42 team tracked the new version of the PlugX malware as Thor, they reported that the RAT was used as a post-exploitation tool deployed on one of the compromised servers. The analysis of the file revealed that it includes the encrypted and compressed PlugX payload. Pierluigi Paganini.

Encryption

Encryption File names Communications IT

Researchers released a free decryptor for the Nemty Ransomware

Security Affairs

OCTOBER 11, 2019

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files.

Ransomware

Ransomware File names Encryption Security

Chinese APT FunnyDream targets a South East Asian government

Security Affairs

NOVEMBER 17, 2020

Security experts at BitDefender have uncovered a new China-linked cyber espionage group, tracked as FunnyDream that has already infected more than 200 systems across Southeast Asia over the past two years. ” The name of the group comes from a powerful backdoor employed in the attacks of the APT group. .

Government

Government File names Communications Access

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Security Affairs

SEPTEMBER 22, 2022

” reads the post published by security firm Trellix.”The ”The vulnerability is a path traversal attack in the extract and extractall functions in the tarfile module that allow an attacker to overwrite arbitrary files by adding the “.” Initially we thought we had found a new zero-day vulnerability. Pierluigi Paganini.

Archiving

Archiving File names Metadata Security

Korean cybersecurity agency released a free decryptor for Hive ransomware

Security Affairs

JUNE 30, 2022

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. “The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool.This recovery tool can recover Hive ransomware version 1 to version 4.”

Ransomware

Ransomware Cybersecurity Encryption Blockchain

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Webinars

Trending Sources

Emsisoft released a new free decryption tool for the Avest ransomware

Webinars

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

0Patch released unofficial security patch for new DogWalk Windows zero-day

Sofacy APT group used a new tool in latest attacks, the Cannon

“gitgub” malware campaign targets Github users with RisePro info-stealer

Vietnamese threat actors linked to DarkGate malware campaign

FBI published a flash alert on Mamba Ransomware attacks

What is DKIM Email Security Technology? DKIM Explained

Proactively Protecting Your Sensitive Information for Remote Workers

China-linked Budworm APT returns to target a US entity

Experts warn of backdoor-like behavior within Gigabyte systems

Nemty ransomware “LOVE_YOU” malspam campaign

New Sophisticated Malware

Emsisoft releases free decryptor for the victims of the Diavol ransomware

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Frankenstein campaign: threat actors put together open-source tools for highly-targeted attacks

Avast released a free decryptor for Babuk ransomware

A new Shamoon 3 sample uploaded to VirusTotal from France

DownEx cyberespionage operation targets Central Asia

Cisco confirms that data leaked by the Yanluowang ransomware gang were stolen from its systems

Cuba ransomware affiliate targets Ukraine, CERT-UA warns

Avast released a free decryptor for TargetCompany ransomware

Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

New Graphiron info-stealer used in attacks against Ukraine

BlackCocaine Ransomware, a new malware in the threat landscape

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

ToxicEye RAT exploits Telegram communications to steal data from victims

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

New PowerExchange Backdoor linked to an Iranian APT group

Gootkit delivery platform Gootloader used to deliver additional payloads

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Nemty ransomware operators launch their data leak site

SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation

New Linux Ransomware BlackSuit is similar to Royal ransomware

Highly Sophisticated Malware Attacks Home and Small Office Routers

Chinese cyberspies used a new PlugX variant, dubbed THOR, in attacks against MS Exchange Servers

Researchers released a free decryptor for the Nemty Ransomware

Chinese APT FunnyDream targets a South East Asian government

A 15-Year-Old Unpatched Python bug potentially impacts over 350,000 projects

Korean cybersecurity agency released a free decryptor for Hive ransomware

Stay Connected