File names - Information Management Today

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

“Mandiant observed a second, more sophisticated execution scenario which begins with a Windows LNK file named QQLaunch.lnk. ThisLNK file combines a text file named h which contains the characters “MZ” and a second file t which contains the rest of PE payload to construct a new malicious DLL named libcurl.dll.”

File names

File names Archiving Phishing Encryption

Internet Archive data breach impacted 31M users

Security Affairs

OCTOBER 11, 2024

HIBP confirmed that the stolen archive had 31M records, including email address, screen name, bcrypt password hash, and timestamps for password changes. Troy Hunt told BleepingComputer that the leaked Internet Archive’s file is a 6.4GB SQL file named “ia_users.sql.”

Archiving

Archiving Data breaches Passwords File names

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

In late November, the experts spotted a malspam campaign impersonating DHL which used emails about freight invoices, attaching zip files named “Invoice###.zip” The zip archive contains an obfuscated JavaScript file, which creates and executes a PowerShell script that connects to the C2 (62.133.60[.]137),

File names

File names Authentication Access Archiving

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

Since App-Bound encryption enforces path validation, the supporting module must be placed within Chrome’s Program Files directory, requiring Glove Stealer first to obtain local admin privileges. It then connects to the C2 server to confirm a successful bypass (ID=4).

Encryption

Encryption File names Phishing Passwords

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

File names

File names Archiving Cybersecurity Communications

Qakbot operations continue to evolve to avoid detection

Security Affairs

JULY 13, 2022

“Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel (XLM) 4.0 ThreatLabz reported that the attackers are using various different file names to disguise attachments designed to deliver Qakbot.

File names

File names Archiving Compliance IT

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.” ” Upon clicking the link, an MSI file is downloaded. If the recipient then opens this file, the ANONVNC malware, tracked as MESHAGENT, is executed. .

Phishing

Phishing Government File names Access

New COVID19 wiper overwrites MBR making computers unusable

Security Affairs

APRIL 2, 2020

Upon execution, the wiper drops a series of helper files into a temporary folder, including a BAT file named “coronovirus Installer,” which is responsible for most of the setup work. The BAT file creates a hidden folder named COVID-19, then move the dropped files to it. ” continues the analysis.

File names

File names Security Access IT

Nemty ransomware “LOVE_YOU” malspam campaign

Security Affairs

MARCH 2, 2020

. “Attached to each email is a ZIP archive with a name formatted as with only the #s changing,” reads the advisory published by IBM X-Force IRIS. “The hash of the file contained within each of these archives remains the same and is associated with a highly obfuscated JavaScript file named LOVE_YOU.

Ransomware

Ransomware File names Archiving Encryption

STRRAT RAT spreads masquerading as ransomware

Security Affairs

MAY 20, 2021

The Java-based STRRAT RAT was distributed in a massive spam campaign, the malware shows ransomware-like behavior of appending the file name extension.crimson to files without actually encrypting them. The latest version of the Java-based STRRAT malware (1.5) was seen being distributed in a massive email campaign last week.

Ransomware

Ransomware File names Encryption Passwords

Sony Bravia Smart TVs affected by a critical vulnerability

Security Affairs

OCTOBER 6, 2018

“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. ” reads the blog post published by Fortinet.

File names

File names IoT Security IT

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types, encryption keys and other artifacts. ”reads the analysis published by Microsoft.

File names

File names Encryption Mining Security

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

Security Affairs

JUNE 6, 2024

The malware then enters “VM mode” to encrypt files with specific extensions. Once executed, the ransomware drops a text file named TargetInfo.txt that contains victim information. Like the Windows variant of the ransomware, the content of the file TargetInfo.txt is then sent to a C2 server.

Ransomware

Ransomware File names Encryption Communications

FBI published a flash alert on Mamba Ransomware attacks

Security Affairs

MARCH 26, 2021

“Once encrypted, the system displays a ransom note including the actor’s email address, ransomware file name, the host system name, and a place to enter the decryption key.” DiskCryptor is not inherently malicious but has been weaponized.” ” reads the alert published by the FBI.

Ransomware

Ransomware Encryption File names Passwords

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

Security Affairs

MARCH 15, 2020

Researchers from MalwareHunterTeam discovered a suspicious RAR file named “COVID-19-” that was being distributed online, likely through phishing emails. "Important The RAR archive contains a file named “Important – COVID-19” that displays a Word icon. "Important – COVID-19.rar"

Communications

Communications File names Archiving Phishing

A new Shamoon 3 sample uploaded to VirusTotal from France

Security Affairs

DECEMBER 27, 2018

” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. ” reads the analysis published by Anomali Labs.

File names

File names IT Security

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

Security Affairs

FEBRUARY 17, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names

File names Cybersecurity Security IT

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

FEBRUARY 25, 2019

The ransom encrypts all files and renames them by appending. rontok extension to the file names. According to the popular malware researcher Michael Gillespie , when the B0r0nt0K ransomware encrypts a file it will base64 the encrypted data. ” reported Bleeping Computer. Tweets by demonslay335.

Ransomware

Ransomware File names Encryption Access

North Korea-linked Kimsuky APT attack targets victims via Messenger

Security Affairs

MAY 17, 2024

“And if you compare the two malicious file execution screens, you can see the same pattern. The malicious file, named “Console Root task window ‘Security Mode’,” hid certain window styles and tabs. ” reads the analysis. If the victims launch it the multi-stage attack chain starts.

File names

File names Phishing Communications Security

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons

Security Affairs

JULY 15, 2022

“Based on our analysis of the attack data, a majority of attackers are attempting to upload a zip file named a57bze8931.zip. When attackers are successful at uploading the zip file, a single file named a57bze8931.php “This file is an uploader under the control of the attacker.

File names

File names Security Information Security IT

Monero Cryptocurrency campaign exploits ProxyLogon flaws

Security Affairs

APRIL 18, 2021

“The attack begins with a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth).” ” The attack used a PowerShell command to retrieve a file named win_r.zip from another compromised server’s Outlook Web Access logon path (/owa/auth). .

File names

File names Archiving Passwords Communications

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

JANUARY 5, 2025

“Mandiant observed a second, more sophisticated execution scenario which begins with a Windows LNK file named QQLaunch.lnk. ThisLNK file combines a text file named h which contains the characters “MZ” and a second file t which contains the rest of PE payload to construct a new malicious DLL named libcurl.dll.”

File names

File names Archiving Phishing Encryption

Threat actors attempted to capitalize CrowdStrike incident

Security Affairs

JULY 20, 2024

The attackers attempted to trick the company’s customers into opening a ZIP archive file named “ crowdstrike-hotfix.zip.” ” The archive includes a loader named Hijack Loader used to execute the Remcos RAT. ” reads the report published by Kaspersky.

File names

File names Archiving Cybersecurity Communications

Emsisoft released a new free decryption tool for the Avest ransomware

Security Affairs

SEPTEMBER 27, 2019

. “The decryptor requires access to a file pair consisting of one encrypted file and the original, unencrypted version of the encrypted file to reconstruct the encryption keys needed to decrypt the rest of your data.” ” reads the user guide published by Emsisoft.

Ransomware

Ransomware File names Encryption Security

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Security Affairs

MARCH 18, 2024

Upload a command shell with a pseudo-randomly generated file name. With previously disclosed flaws in Fortra GoAnywhere managed file transfer (MFT) coming under heavy exploitation last year by threat actors like Cl0p, it’s recommended that users have applied the necessary updates to mitigate potential threats.

File names

File names IT Security

PoC exploit code for critical Fortinet FortiNAC bug released online

Security Affairs

FEBRUARY 21, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

File names

File names Archiving Access Cybersecurity

Cyber Threats Observatory Gets Improvements

Security Affairs

MAY 3, 2020

In other words, it could be nice to see what are the patterns used by malware in both: domain names, file names and process names. TOP domains, TOP processes and TOP File Names. It would be important for detection and even for preemptive blocking.

Computer and Electronics

Computer and Electronics File names Cybersecurity Security

Night Sky, a new ransomware operation in the threat landscape

Security Affairs

JANUARY 7, 2022

Once encrypted a file, the ransomware appends the ‘ nightsky ‘ extension to encrypted file names. Researchers from MalwareHunterteam first spotted a new ransomware family dubbed Night Sky that implements a double extortion model in attacks aimed at businesses.

Ransomware

Ransomware Encryption File names Communications

Introducing the PhishingKitTracker

Security Affairs

JULY 17, 2020

In stats folder are maintained two up-to-date files: files_name it holds the frequency of the found file-names associate with kits. In other words every phishing kit is saved on the phishing host with a name. filke_name keeps track about every file names and its frequency.

Phishing

Phishing File names Archiving IT

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

Security Affairs

FEBRUARY 23, 2023

The two vulnerabilities, tracked as CVE-2022-39952 and CVE-2021-42756 , are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. is an external control of file name or path in the keyUpload scriptlet of FortiNAC.

Honeypots

Honeypots File names Cybersecurity Security

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

JULY 30, 2024

When this.html file is opened, it displays an image designed to create a sense of urgency about accessing the document, thereby increasing the likelihood that the user will follow the provided instructions.” ” reads the report published by Trellix.

Phishing

Phishing File names Archiving Access

PlugX malware delivered by exploiting flaws in Chinese programs

Security Affairs

MARCH 11, 2023

The PlugX backdoor has been used since 2008 by multiple China-linked APT groups, including Mustang Panda , Winnti , and APT41 In the attacks observed by ASEC, once exploited the vulnerability, threat actors executed a PowerShell command to create a file named esetservice.exe.

File names

File names Security IT Information Security

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 2, 2025

Exploitation requires write-enabled default servlet, partial PUT support, and specific file handling conditions. The original implementation of partial PUT used a temporary file based on the user provided file name and path with the path separator replaced by .. reads the advisory. addressed the vulnerability.

IT

IT File names Libraries Cybersecurity

Evil Corp rebrands their ransomware, this time is the Macaw Locker

Security Affairs

OCTOBER 21, 2021

The Macaw Locker ransomware encrypts victims’ files and append the .macaw macaw extension to the file name of the encrypted files. Bleeping Computer, citing Emsisoft CTO Fabian Wosar, reported that the Macaw Locker ransomware is the latest rebrand of Evil Corp.

Ransomware

Ransomware File names Encryption Government

South Korea suffers from the spread of people infected with Corona 19

Security Affairs

FEBRUARY 25, 2020

The malware found is an executable program (EXE) using file names such as ‘Corona’s domestic status’ and ‘Corona’s real-time corona status.’ ’ When you run the file, you will see a pop-up window titled “Real-time Corona19 Status” depending on the variant.

File names

File names Security IT Information Security

New ransomware group Hive leaks Altus group sample files

Security Affairs

JUNE 26, 2021

The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. The sample archive is password protected – but the file names and types are clearly visible. Altus Group has been informed about the new development.

Ransomware

Ransomware File names Archiving Encryption

BlackCocaine Ransomware, a new malware in the threat landscape

Security Affairs

JUNE 5, 2021

“The WHOIS information for the domain reveals that the domain of the BlackCocaine ransomware was registered on May 28, 2021” The researchers reported that a file named a.BlackCocaine was recently submitted to different public sandboxes. BlackCocaine ” to the filenames of encrypted files.

Ransomware

Ransomware Encryption File names Financial Services

New variant of Dridex banking Trojan implements polymorphism

Security Affairs

JULY 1, 2019

In attacks observed on June 17, the malware was using 64-bit DLLs with file names loaded by legitimate Windows system executables. Duncan pointed out that file paths, file names, and associated hashes would change at every computer login. “Given the same-day deployment and implementation of the ssl-pert[.]com

File names

File names Encryption Security Access

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. The name B1txor20 is based on the file name “b1t” used for the propagation and the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.

Honeypots

Honeypots File names Communications Encryption

Nemty ransomware operators launch their data leak site

Security Affairs

MARCH 3, 2020

Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files to make in impossible any recovery procedure. they also announced a working tool for version 1.5.

Ransomware

Ransomware File names Encryption Archiving

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

The messages use the HTML-file “War criminals of the Russian Federation.htm” as attachment. Upon opening the file, a RAR-archive named “Viyskovi_zlochinci_RU.rar” is created. .

Military

Military Phishing File names Archiving

New SPIKEDWINE APT group is targeting officials in Europe

Security Affairs

FEBRUARY 29, 2024

The ZIP archive contains an HTA file named wine.hta that contains obfuscated JavaScript code. The campaign is characterized by its very low volume and the advanced tactics, techniques, and procedures (TTPs) employed by the threat actors.

Archiving

Archiving File names IT Information Security

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

GooseEgg is usually deployed with a batch script, commonly named execute.bat or doit.bat. This script creates a file named servtask.bat, which includes commands for saving or compressing registry hives. APT28 deployed GooseEgg to gain elevated access to target systems and steal credentials and sensitive information.

Military

Military File names Education Phishing

Cyber Threat Trends Dashboard

Security Affairs

JANUARY 28, 2020

For such a reason a dedicated graph named Unknown Families Threat Level Distribution has created. TOP domains, TOP processes and TOP File Names. With a sliding window of 300 last analyzed samples, the backend extracts the TOP (in terms of frequency) contacted domains, spawned processes and utilized file names.

File names

File names Cybersecurity Ransomware IT

PLAYFULGHOST backdoor supports multiple information stealing features

Internet Archive data breach impacted 31M users

Webinars

Trending Sources

MikroTik botnet relies on DNS misconfiguration to spread malware

Webinars

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Threat actors attempted to capitalize CrowdStrike incident

Qakbot operations continue to evolve to avoid detection

CERT-UA warns of a phishing campaign targeting government entities

New COVID19 wiper overwrites MBR making computers unusable

Nemty ransomware “LOVE_YOU” malspam campaign

STRRAT RAT spreads masquerading as ransomware

Sony Bravia Smart TVs affected by a critical vulnerability

Microsoft warns of Dexphot miner, an interesting polymorphic threat

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

FBI published a flash alert on Mamba Ransomware attacks

BlackWater, a malware that uses Cloudflare Workers for C2 Communication

A new Shamoon 3 sample uploaded to VirusTotal from France

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

B0r0nt0K ransomware demands $75,000 ransom to the victims

North Korea-linked Kimsuky APT attack targets victims via Messenger

Experts warn of attacks on sites using flawed Kaswara Modern WPBakery Page Builder Addons

Monero Cryptocurrency campaign exploits ProxyLogon flaws

PLAYFULGHOST backdoor supports multiple information stealing features

Threat actors attempted to capitalize CrowdStrike incident

Emsisoft released a new free decryption tool for the Avest ransomware

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

PoC exploit code for critical Fortinet FortiNAC bug released online

Cyber Threats Observatory Gets Improvements

Night Sky, a new ransomware operation in the threat landscape

Introducing the PhishingKitTracker

Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit

A crafty phishing campaign targets Microsoft OneDrive users

PlugX malware delivered by exploiting flaws in Chinese programs

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog

Evil Corp rebrands their ransomware, this time is the Macaw Locker

South Korea suffers from the spread of people infected with Corona 19

New ransomware group Hive leaks Altus group sample files

BlackCocaine Ransomware, a new malware in the threat landscape

New variant of Dridex banking Trojan implements polymorphism

B1txor20 Linux botnet use DNS Tunnel and Log4J exploit

Nemty ransomware operators launch their data leak site

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

New SPIKEDWINE APT group is targeting officials in Europe

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Cyber Threat Trends Dashboard

Stay Connected