Security Affairs

JUNE 6, 2024

The malware then enters “VM mode” to encrypt files with specific extensions. Once executed, the ransomware drops a text file named TargetInfo.txt that contains victim information. Like the Windows variant of the ransomware, the content of the file TargetInfo.txt is then sent to a C2 server.

Ransomware 136

Ransomware File names Encryption Communications 136

Threatpost

MAY 21, 2021

Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.

File names 103

File names Ransomware Encryption Security 103

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the blog post published by Fortinet.

File names 111

File names IoT Security IT 111

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts. ”reads the analysis published by Microsoft.

File names 145

File names Encryption Mining Security 145

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” DiskCryptor is not inherently malicious but has been weaponized.” ” reads the alert published by the FBI.

Ransomware 145

Ransomware Encryption File names Passwords 145

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names 143

File names IT Security 143

Security Affairs

MAY 17, 2024

“And if you compare the two malicious file execution screens, you can see the same pattern. The malicious file, named “Console Root task window ‘Security Mode’,” hid certain window styles and tabs. ” reads the analysis. If the victims launch it the multi-stage attack chain starts.

File names 137

File names Phishing Communications Security 137

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon. "Important – COVID-19.rar"

Communications 143

Communications File names Archiving Phishing 143

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. ” reads the analysis published by Anomali Labs.

File names 111

File names IT Security 111

Security Affairs

JULY 15, 2022

“Based on our analysis of the attack data, a majority of attackers are attempting to upload a zip file named a57bze8931.zip. When attackers are successful at uploading the zip file, a single file named a57bze8931.php “This file is an uploader under the control of the attacker.

File names 135

File names Security Information Security IT 135

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names 129

File names Archiving Passwords Communications 129

Security Affairs

FEBRUARY 17, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names 98

File names Cybersecurity Security IT 98

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335.

Ransomware 111

Ransomware File names Encryption Access 111

Schneier on Security

MAY 9, 2022

Most email newsletters you get include an invisible “image,” typically a single white pixel, with a unique file name. Apple Mail now blocks email trackers by default. The server keeps track of every time this “image” is opened and by which IP address.

File names 121

File names Marketing IT Privacy 121

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The campaign is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed by the threat actors.

Archiving 138

Archiving File names IT Information Security 138

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

File names 101

File names Archiving Cybersecurity Communications 101

Schneier on Security

JULY 8, 2021

After writing a base-64-encoded payload to a file named agent.crt the dropper executed it. […]. The ransomware dropper Agent.exe is signed with a Windows-trusted certificate that uses the registrant name “PB03 TRANSPORT LTD.”

Ransomware 143

Ransomware File names Encryption Access 143

Security Affairs

SEPTEMBER 27, 2019

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data.” ” reads the user guide published by Emsisoft.

Ransomware 107

Ransomware File names Encryption Security 107

Security Affairs

FEBRUARY 25, 2020

The malware found is an executable program (EXE) using file names such as ‘Corona’s domestic status’ and ‘Corona’s real-time corona status.’ ’ When you run the file, you will see a pop-up window titled “Real-time Corona19 Status” depending on the variant.

File names 137

File names Security IT Information Security 137

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. It would be important for detection and even for preemptive blocking.

Computer and Electronics 131

Computer and Electronics File names Cybersecurity Security 131

Security Affairs

FEBRUARY 21, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names 98

File names Archiving Access Cybersecurity 98

Security Affairs

JUNE 26, 2021

The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. The sample archive is password protected – but the file names and types are clearly visible. Altus Group has been informed about the new development.

Ransomware 141

Ransomware File names Archiving Encryption 141

Security Affairs

JULY 30, 2024

When this.html file is opened, it displays an image designed to create a sense of urgency about accessing the document, thereby increasing the likelihood that the user will follow the provided instructions.” ” reads the report published by Trellix.

Phishing 144

Phishing File names Archiving Access 144

Dark Reading

NOVEMBER 4, 2022

Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names, and hidden imports to fool developers and steal their information.

File names 85

File names Authentication 85

Security Affairs

JULY 17, 2020

In stats folder are maintained two up-to-date files: files_name it holds the frequency of the found file-names associate with kits. In other words every phishing kit is saved on the phishing host with a name. filke_name keeps track about every file names and its frequency.

Phishing 142

Phishing File names Archiving IT 142

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses.

Ransomware 145

Ransomware Encryption File names Communications 145

Schneier on Security

JANUARY 26, 2022

There’s a new ransomware that targets NAT devices made by QNAP: The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a.deadbolt file extension.

Ransomware 106

Ransomware File names Encryption Access 106

Security Affairs

FEBRUARY 23, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

Honeypots 98

Honeypots File names Cybersecurity Security 98

Security Affairs

FEBRUARY 10, 2024

The researchers noticed that the backdoor contained a plist file named ‘test’. The first variant of the backdoor that was detected in November 2023 was likely a test version that did not support a persistence mechanism. “We identified multiple variants of the embedded Apple script, but all of them are meant for data exfiltration.”

Ransomware 142

Ransomware File names Passwords IT 142

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Locker ransomware is the latest rebrand of Evil Corp.

Ransomware 144

Ransomware File names Encryption Government 144

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names 98

File names Security IT Information Security 98

Security Affairs

OCTOBER 11, 2024

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. Troy Hunt told BleepingComputer that the leaked Internet Archive’s file is a 6.4GB SQL file named “ia_users.sql.”

Archiving 128

Archiving Data breaches Passwords File names 128

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military 142

Military Phishing File names Archiving 142

AIIM

APRIL 8, 2021

This feature also reduces the need to store multiple copies and versions, and their associated naming conventions, in order to retain a document’s history.

ECM 239

ECM Cloud Access File names 239

Security Affairs

JULY 1, 2019

In attacks observed on June 17, the malware was using 64-bit DLLs with file names loaded by legitimate Windows system executables. Duncan pointed out that file paths, file names, and associated hashes would change at every computer login. “Given the same-day deployment and implementation of the ssl-pert[.]com

File names 108

File names Encryption Security Access 108

Security Affairs

JUNE 5, 2021

“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes. BlackCocaine ” to the filenames of encrypted files.

Ransomware 145

Ransomware Encryption File names Financial Services 145

Security Affairs

JANUARY 28, 2020

For such a reason a dedicated graph named Unknown Families Threat Level Distribution has created. TOP domains, TOP processes and TOP File Names. With a sliding window of 300 last analyzed samples, the backend extracts the TOP (in terms of frequency) contacted domains, spawned processes and utilized file names.

File names 134

File names Cybersecurity Ransomware IT 134