Security Affairs

JANUARY 4, 2019

This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll. The service creates multiple threads to carry out several malicious activities, such as data exfiltration and mining. One of the unzipped files named svchost.exe is the Eternalblue – 2.2.0 exploit executable.

Mining 275

Mining File names IT Access 275

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names 297

File names Communications Mining Archiving 297

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. In this folder, the first one to be executed is the file “a”. The script looks like the following: Figure 5: Content of the “a” file. The executed crypto miner is the file named “” kswapd0 ” based on the famous XMRIG monero crypto miner.

Mining 334

Mining File names Honeypots IT 334

Security Affairs

FEBRUARY 19, 2019

The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, Information about miner executable. Conclusions.

Ransomware 250

Ransomware Mining File names Encryption 250

Security Affairs

FEBRUARY 28, 2019

When an unknown sender suggests me to click on a super wired url , dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, well I kinda looking forward to it! So I clicked on the link (see IOC section) and I’ve downloaded a “pik.zip” file. You might want to checkout more here.

Ransomware 264

Ransomware Mining File names Encryption 264

Security Affairs

JUNE 5, 2019

“This malware, which we named BlackSquid after the registries created and main component file names, is particularly dangerous for several reasons.” “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! ” states Trend Micro.

Mining 233

Mining File names Libraries IT 233

Security Affairs

JUNE 15, 2019

. “A batch file first executes the WinEggDrop scanner (s.exe), which tries port 2375 on various hosts with Chinese IP address ranges specified in the ip.txt file.” “The output of this command is saved into a file named ips.txt, which is then fed into the Docker.exe file.

File names 279

File names Mining Access Communications 279

Security Affairs

FEBRUARY 27, 2019

Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners.

Search queries 272

Search queries Honeypots File names Mining 272

Security Affairs

JULY 23, 2019

Recently, our threat monitoring operations pointed us to an interesting file named “ Lucio Dalla Discografia Completa ”: this file pretends to be a collection of the discography of a famous I talian singer, but it actually hides malicious intents. . Code Snippet 1: Copy of the files in a subfolder. tmp” and “64.tmp”,

Archiving 255

Archiving Mining File names Risk 255

Troy Hunt

JANUARY 16, 2019

A password manager provides you with a secure vault for all your secrets to be stored in (not just passwords, I store things like credit card and banking info in mine too), and its sole purpose is to focus on keeping them safe and secure. It'll require some coding, but's its straightforward and fully documented.

Data breaches 112

Data breaches Passwords Risk Personal data 112

Security Affairs

MAY 29, 2019

The payloads used in this campaign were droppers used to deliver a cryptocurrency miner to mine TurtleCoin cryptocurrency. Experts observed many payloads dropping a kernel-mode driver using ransom file names and placed them in AppData/Local/Temp. .” continues the analysis.

File names 267

File names Mining Security Cybersecurity 267

Troy Hunt

AUGUST 13, 2024

Do take note of the file name in the embedded image, though - "people_data-935660398-959524741.csv" I did actually receive that data but filed it away and didn't load it into HIBP as there were no email addresses in it. I wonder if the data from that story lines up with the file in the image above?

Data breaches 145

Data breaches Archiving File names Mining 145

Schneier on Security

OCTOBER 14, 2024

The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency. The unknown developers of the malware gave the process a name that combines the perf Linux monitoring tool and ctl, an abbreviation commonly used with command line tools.

Mining 104

Mining File names Government Communications 104

Troy Hunt

MARCH 3, 2021

Because I myself have a Gab account which I created when started making commentary on them and Parler in Jan, naturally the first thing I did was to pull out my own record: Looking into the (alleged) @getongab data breach, many records don't have an email address or a password hash (mine has the former, but not the latter). Coincidence?

Passwords 145

Passwords Data breaches Mining Risk 145