Remove Computer and Electronics Remove File names Remove Government
article thumbnail

Cyber Threats Observatory Gets Improvements

Security Affairs

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. I am a computer security scientist with an intensive hacking background. About the author: Marco Ramilli, Founder of Yoroi.

article thumbnail

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. I am a computer security scientist with an intensive hacking background. The following code is the execution path that drives Stage 2 to Stage 3.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

APT34: Glimpse project

Security Affairs

The group conducts operations primarily in the Middle East, targeting financial, government, energy, chemical, telecommunications and other industries. Repeated targeting of Middle Eastern financial, energy and government organisations leads FireEye to assess that those sectors are a primary concern of APT34. Source: MISP Project ).

article thumbnail

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

The execution of such a command drops on local HardDrive (AppData-Local-Temp) three new files named: RetrieveRandomNumber.vbs (2x) and RandomName.reg. The following image represents a simple ‘cat’ command on the just dropped files. On Final Stage VBS Run Files.

article thumbnail

Hacking The Hacker. Stopping a big botnet targeting USA, Canada and Italy

Security Affairs

My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” Stage1 was dropping and executing a brand new PE file named: rEOuvWkRP.exe (sha256: 92f59c431fbf79bf23cff65d0c4787d0b9e223493edc51a4bbd3c88a5b30b05c) using the bitsadmin.exe native Microsoft program.