Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining 303

Mining File names Passwords Communications 303

Security Affairs

NOVEMBER 26, 2019

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. ”reads the analysis published by Microsoft.

File names 363

File names Encryption Mining Security 363

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names 297

File names Communications Mining Archiving 297

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, Background of the infected machine, after encryption phase.

Ransomware 250

Ransomware Mining File names Encryption 250

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. In this folder, the first one to be executed is the file “a”. The script looks like the following: Figure 5: Content of the “a” file. The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner.

Mining 334

Mining File names Honeypots IT 334

Security Affairs

FEBRUARY 28, 2019

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. For example, after encryption, the file “1.jpg”

Ransomware 264

Ransomware Mining File names Encryption 264

Troy Hunt

MARCH 3, 2021

. — Troy Hunt (@troyhunt) March 2, 2021 If you're not familiar with hashing, how it's not the same as encryption and how it can still leave passwords vulnerable, read this primer from September first. In total, the file has 43,015 unique email addresses (including mine) which is a far cry less than the total row count.

Passwords 145

Passwords Data breaches Mining Risk 145