Malware -  Úvod  2020  2019  2018  Bankovní  Mobil  Ransom  Databáze Malware  Znalosti  Programy  Virus Calendar  Malware Traffic  Virus Articles  Database  

 

2020

Datum

Název

Info 

29.3.20

Trojan.PS1.POWLOAD.JKP This POWLOAD variant is seen distributed via spam. The spam campaign is in Italian and lures users to click by using COVID-19 in its subject.
6.3.20 Win32/Filecoder.Phobos.C Win32/Filecoder.Phobos.C is a trojan that encrypts files on fixed, removable and network drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions.

15.1.20

Backdoor.Win64.ANCHOR.A

This is the Trend Micro detection for the backdoor installed by the PowerTrick post-exploitation toolkit believed to be developed by creators of Trickbot.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Backdoor.SH.SHELLBOT.AA

This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018.

15.1.20

Backdoor.MSIL.REMCOS.AOJ

This malware was seen delivered via malicious spam spoofing the brand DHL as the sender. It came as an .

15.1.20

Coinminer.Linux.KERBERDS.A

This new version of KERBERDS, a known crypto-mining malware that uses an ld.so.

15.1.20

Trojan.SH.KERBERDS.A

This new version of KERBERDS, a cryptomining malware that uses an ld.so.

15.1.20

Trojan.JS.NODSTER.A

This malware is part of the fileless botnet Novter that is delivered via the KovCoreG malvertising campaign.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Trojan.JS.KOVCOREG.A

This malware is part of the fileless botnet Novter distributed by the KovCoreG malvertising campaign.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Rootkit.Linux.SKIDMAP.A

This rootkit is used by Skidmap - a Linux malware - to hide its cryptocurrency-mining abilities.This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Coinminer.Win64.MALXMR.TIAOODBZ

This miner figured in the fileless GhostMiner that uses WMI Objects. GhostMiner is known to kill competing other miner payloads.

15.1.20

Backdoor.Linux.BASHLITE.SMJC2

This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other systems.

15.1.20

ELF_SETAG.SM

This malware is part of an attack chain that involves searching for exposed or publicly accessible Elasticsearch databases/servers. The malware would invoke a shell with an attacker-crafted search query with encoded Java commands.

15.1.20

Backdoor.Perl.SHELLBOT.D

This backdoor is downloaded and installed in systems via malicious URL. It is installed with a miner.

15.1.20

Backdoor.Linux.MIRAI.VWIQT

IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.s

15.1.20

Ransom.MSIL.FREEZING.A

This ransomware is one of the few ransomware families that is loaded and executed under the legitimate PowerShell executable. It also is one of the few that uses restart session manager to terminate processes that have associated files it tries to encrypt.

15.1.20

Backdoor.Perl.SHELLBOT.AB

This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018.

15.1.20

Worm.Win32.BLASQUI.A

This malware is part of the newly discovered BLACKSQUID malware family that targets web servers, network drives, and removable drives using multiple web server exploits and dictionary attacks. This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Backdoor.Linux.MIRAI.VWIPT

This new Mirai variant uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. It has backdoor and distributed denial-of-service (DDoS) capabilities.

15.1.20

Ransom.Win32.DHARMA.THDAAAI

This Dharma variant uses a new technique: using software installation as a distraction to help hide malicious activities.This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

15.1.20

Trojan.Linux.KERBERDS.A

This malware is responsible for dropping the cryptocurrency miner Coinminer.Linux.

15.1.20

Backdoor.Win32.CARBANAK.A

This malware is part of the leaked source code of Carbanak, as reported by FireEye in April 2019.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.