Malware -
2020 | ||
Datum |
Název |
Info |
28 .12.20 |
Win32/Filecoder.Avaddon.C | Win32/Filecoder.Avaddon.C is a trojan that encrypts files on fixed, removable and network drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions. |
16.12.20 | Backdoor.MSIL.SUNBURST.A |
This Backdoor arrives on a
system as a file dropped by other malware or as a file downloaded
unknowingly by users when visiting malicious sites.It executes commands
from a remote malicious user, effectively compromising the affected system. |
16.12.20 | Trojan.MSIL.SUPERNOVA.A |
This Trojan arrives on a
system as a file dropped by other malware or as a file downloaded
unknowingly by users when visiting malicious sites. It may be hosted on
a website and run when a user accesses the said website. |
28.10.20 |
The trojan serves as a proxy server. The trojan can modify network traffic. |
|
24.10.20 |
The trojan serves as a proxy server. The trojan can modify network traffic. |
|
15.10.20 |
Cybercriminals used this malware bundled with legitimate installation copies of the VPN software known as Windscribe. Note that these copies are hosted from fraudulent sources. |
|
16 .8.20 |
Win32/Rozena.XM is a trojan which tries to download other malware from the Internet. |
|
7.8.20 |
Win32/Filecoder.WastedLocker.A is a trojan that encrypts files on local drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions. |
|
16 .7.20 |
This new Mirai variant exploits CVE-2020-10173, a vulnerability in Comtrend VR-3033 routers. Similar to earlier variants, this Mirai variant uses telnet and SSH brute-forcing techniques to attack vulnerable devices. |
|
16 .7.20 |
Cybercriminals take advantage of the popularity of the Zoom messaging app. This backdoor is found in a fake Zoom installer. |
|
6.7.20 |
The trojan serves as a backdoor. It can be controlled remotely. |
|
6.7.20 |
Win32/Spy.Buhtrap.AP is a trojan that installs Win32/Spy.Buhtrap.AB malware. |
|
23.4.20 |
This AutoIt-compiled malware downloads a coinminer in affected systems. This malware is distributed by cybercriminals by bundling it with a legitimate installer of the Zoom communication app. |
|
23.4.20 |
Win32/Filecoder.Maze.A is a trojan that encrypts files on fixed, removable and network drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions. |
|
29.3.20 |
This POWLOAD variant is seen distributed via spam. The spam campaign is in Italian and lures users to click by using COVID-19 in its subject. |
|
6.3.20 |
Win32/Filecoder.Phobos.C is a trojan that encrypts files on fixed, removable and network drives. To decrypt files the user is requested to comply with given conditions in exchange for a password/instructions. |
|
15.1.20 |
This is the Trend Micro
detection for the backdoor installed by the PowerTrick post-exploitation
toolkit believed to be developed by creators of Trickbot.This Backdoor
arrives on a system as a file dropped |
|
15.1.20 |
This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018. |
|
15.1.20 |
This malware was seen delivered via malicious spam spoofing the brand DHL as the sender. It came as an . |
|
15.1.20 |
This new version of KERBERDS, a known crypto-mining malware that uses an ld.so. |
|
15.1.20 |
This new version of KERBERDS, a cryptomining malware that uses an ld.so. |
|
15.1.20 |
This malware is part of the fileless botnet Novter that is delivered via the KovCoreG malvertising campaign.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. |
|
15.1.20 |
This malware is part of the fileless botnet Novter distributed by the KovCoreG malvertising campaign.This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. |
|
15.1.20 |
This rootkit is used by Skidmap - a Linux malware - to hide its cryptocurrency-mining abilities.This Rootkit arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. |
|
15.1.20 |
This miner figured in the fileless GhostMiner that uses WMI Objects. GhostMiner is known to kill competing other miner payloads. |
|
15.1.20 |
This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other systems. |
|
15.1.20 |
This malware is part of an attack chain that involves searching for exposed or publicly accessible Elasticsearch databases/servers. The malware would invoke a shell with an attacker-crafted search query with encoded Java commands. |
|
15.1.20 |
This backdoor is downloaded and installed in systems via malicious URL. It is installed with a miner. |
|
15.1.20 |
IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.s |
|
15.1.20 |
This ransomware is one of the few ransomware families that is loaded and executed under the legitimate PowerShell executable. It also is one of the few that uses restart session manager to terminate processes that have associated files it tries to encrypt. |
|
15.1.20 |
This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018. |
|
15.1.20 |
This malware is part of
the newly discovered BLACKSQUID malware family that targets web servers,
network drives, and removable drives using multiple web server exploits
and dictionary attacks. This Worm arrives on a system as a |
|
15.1.20 |
This new Mirai variant uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. It has backdoor and distributed denial-of-service (DDoS) capabilities. |
|
15.1.20 |
This Dharma variant uses a
new technique: using software installation as a distraction to help hide
malicious activities.This Ransomware arrives on a system as a file
dropped by other malware or as a file downloaded unknowingly by |
|
15.1.20 |
This malware is responsible for dropping the cryptocurrency miner Coinminer.Linux. |
|
15.1.20 |
This malware is part of the leaked source code of Carbanak, as reported by FireEye in April 2019.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. |
|
15.1.20 |
This malware has the capability of downloading and installing plugins from a remote server. This feature allows the malware to be more flexible in its attacks. |
|
15.1.20 |
This malware is involved in the Blackhole Exploit Kit (BHEK) attacks in January 2013. It takes advantage of a zero-day vulnerability (CVE-2013-0422) in Java in order to drop ransomware. |
|
15.1.20 |
This malware is involved with a spam attack during January 2013. It arrives as a dropped file from a spammed mail with the body written in the Japanese language and bearing the subject New Year Greetings. |
|
15.1.20 |
This malware was involved in the Red October campaign, a series of attacks targeting diplomatic and government agencies. It drops malicious files onto the affected system and executes them, causing certain malicious routines to be exhibited. |
|
15.1.20 |
This malware was involved in the Red October campaign, a series of attacks targeting diplomatic and government agencies. It drops malicious files onto the affected system and executes them, causing certain malicious routines to be exhibited. |
|
15.1.20 |
This malware claims to be an update installer for Java. Once installed, it downloads malicious files onto the affected system and executes them, causing routines to be exhibited. |
|
15.1.20 |
The malware tags the affected users' friends in Facebook and posts a message with a malicious link.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware spams messages to users using Skype in order to propagate. The spammed messages contain links that lead to an automatic download of the malware itself. |
|
15.1.20 |
This malware spams messages to users using Skype in order to propagate. The spammed messages contain links that lead to an automatic download of the malware itself. |
|
15.1.20 |
This is a keylogger found inside a spammed email message that purports to come from the Cabinet Office Information Systems Office.To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware targets systems running on Linux. It allows remote access of affected systems through the use of SSH (Secure Shell Protocol) and steals system login credentials. |
|
15.1.20 |
This backdoor is a new
variant of the malware family CARBERP. It downloads and installs new
plug-ins from its remote server thus compromising the security of the
infected systemsTo get a one-glance comprehensive view of the |
|
15.1.20 |
This backdoor is a new
variant of the malware family CARBERP. It downloads and installs new
plug-ins from its remote server thus compromising the security of the
infected systemsThis backdoor arrives on a system as a file dropped by |
|
15.1.20 |
This malware disguises as delivery receipts for well-known postal and delivery services firms and airlines.To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware is related to the Whitehole Exploit Kit attacks during February 2012. It takes advantage of certain vulnerabilities in Java to download and execute backdoor malware onto the affected system. |
|
15.1.20 |
This malware is a cross-platform threat, affecting both Android and Windows.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware takes advantage of zero-day vulnerabilities in Adobe Flash Player to drop malicious files.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This is a backdoor builder written in Java. It has been seen as a free download in underground forums. |
|
15.1.20 |
This malware was involved in a zero-day Java vulnerability exploit attack in January 2013. Its backdoor routines allow remote attackers to perform commands on the affected system, which may compromise the system's security. |
|
15.1.20 |
This malware exploits vulnerabilities related to CVE-2013-0431.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
The malware uses similar techniques as those of PlugX, like process injection and use of blob file. The malware directly loads the backdoor file located in its command-and-control (C&C) server. |
|
15.1.20 |
This is a specially crafted PDF which takes advantage of a recent vulnerability in Adobe (CVE-2013-0641) to drop MiniDuke malware.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This backdoor is downloaded before through a previous zero-day Java exploit, now tagged as CVE-2013-1493. This malware is also used as a payload for a zero-day Internet Explorer bug. |
|
15.1.20 |
This malware is signed with a legitimate digital certificate, which tricks users into thinking that it is a legitimate file. Users affected by this malware may have certain information about their systems stolen and sent to cybercriminals. |
|
15.1.20 |
This malware takes advantage of a zero-day Java vulnerability. Once it successfully exploited the vulnerability, it downloads and execute an McRAT backdoor. |
|
15.1.20 |
This malware is involved in certain targeted attacks that took place on March 2013. It drops and opens non-malicious document files to hide its backdoor routines. |
|
15.1.20 |
This spyware is distributed through ATO tax spam.To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware is involved in the Master Boot Record (MBR) wiper outbreak that targeted users in South Korea during March of 2013.It drops and executes malware on affected systems, including a destructive payload that wipes the affected system's MBR. |
|
15.1.20 |
This malware is involved in the Master Boot Record (MBR) wiper outbreak that targeted users in South Korea during March of 2013. It has a destructive payload that wipes the affected system's MBR. |
|
15.1.20 |
This malware is involved in the cyber attacks that targeted specific users in South Korea during March of 2013. It enters systems through a spammed mail purporting to come from a major banking organization. |
|
15.1.20 |
This malware connects to Evernote to receive and perform commands from remote malicious users. Users affected by this malware may find the security of their systems compromised. |
|
15.1.20 |
This malware intercepts network traffic accessing Facebook and redirects it to a fraudulent page that will lead users in entering their credit card information. Users affected by this malware may find their financial accounts compromised. |
|
15.1.20 |
This malware is involved in a malicious spam campaign leveraging the April 2013 Boston Marathon Bombing. It has the ability to steal login credentials to File Transfer Protocol (FTP) clients or file manager software installed in the affected system, as well as receive and perform commands from remote malicious users. |
|
15.1.20 |
This malware is involved in a malicious spam campaign leveraging the April 2013 Boston Marathon Bombing. It takes advantage of certain software vulnerabilities to download malicious files onto the affected system. |
|
15.1.20 |
This backdoor is served via a spammed message that leads to a Blackhole Exploit Kit. It monitors the Internet Explorer address bar and title bar for strings that are related to certain banking websites. |
|
15.1.20 |
This malware connects to a blogging service to receive and perform commands from remote malicious users. Due to this, it is able to perform actions on the affected system without user authorization, such as downloading and executing files, as well as steal certain information about the system itself. |
|
15.1.20 |
This malware is the final payload of a targeted attack campaign leveraging the April 2013 Boston Marathon Bombing. It downloads malicious files onto the systems it infects. |
|
15.1.20 |
This malware uses multi-protocol instant-messaging applications in order to propagate itself. It also has backdoor routines that steal login information from the affected system's browsers. |
|
15.1.20 |
This backdoor was downloaded by a malicious script hosted on a compromised website of the US Department of Labor.To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malicious script was inserted onto a legitimate website of the US Department of Labor and downloads a Poison Ivy backdoor.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware was involved in an attack targeting Banco de Brasil users during May 2013. It came bundled as a plugin for a customized banking browser. |
|
15.1.20 |
This malware was involved in a malicious spam attack targeting Walmart customers on May 2013. It takes advantage of certain vulnerabilities to download and execute malware onto affected systems, causing malicious routines to be exhibited. |
|
15.1.20 |
This malware propagates by creating copies of itself in password-protected archives. It also downloads other malware onto the systems it infects, causing malicious routines to be exhibited. |
|
15.1.20 |
Spammers take advantage of the news regarding the supposedly merging of Skype, Hotmail, and MSN to lure users into downloading this malware. The spammed message includes a URL that points to this malware posing as an authorized certificate. |
|
15.1.20 |
This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails. It connects to an IRC server where it can receive and perform commands from remote malicious attackers, as well as make the affected system part of its botnet. |
|
15.1.20 |
This is the detection for exploit codes that takes advantage of a vulnerability in the hosting control panel Plesk.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware uses DLL preloading, a technique more known to be utilized by PlugX.To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. |
|
15.1.20 |
This Android malware leads users to a fake adult dating website. Once users click on the websites' links, which purportedly lead to dating profiles and contact details, they are instead given fraudulent information. |
|
15.1.20 |
This Android malware installs itself as an administrator and uses a vulnerability found in Android. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware is related to the security incident that affected certain government and news websites in South Korea. Cybercriminals compromised the auto-update mechanism of a file-sharing software in order to serve a modified malicious version of the said software's installer. |
|
15.1.20 |
This malware was found to be hosted on certain compromised South Korean websites. Aside from stealing credentials from specific online games, it also downloads a backdoor detected as BKDR_TENPEQ. |
|
15.1.20 |
This spyware is related to the bogus project dubbed as flashplayerwindows.When executed, it connects to Google Code to download other files. |
|
15.1.20 |
This FARFEIT variant is the final payload of a Blackhole Exploit Kit related spam run.To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below. |
|
15.1.20 |
This malware is related to the malicious link spammed via Facebook that allegedly points to a video recording of a young woman committing suicide on camera. When executed it drops malicious files and installs bogus browser plugins detected as JS_FEBUSER. |
|
15.1.20 |
This malware is related to the Blackhole Exploit kit spam campaign on July 2013. This campaign used the birth of the Royal Baby and the controversy of the movie Ender's Game as lures. |
|
15.1.20 |
This malware is related to a spammed message that leverages the news on “Royal Baby." The said spammed message lures users in accessing the related blog which is in actual redirects to a malicious URL. |
|
15.1.20 |
This is a malicious applet that downloads and executes a file infector detected as PE_EXPIRO.JX-O. |
|
15.1.20 |
This file infector arrives via malicious Java applet. Once it infects a system, it seeks out executable files in all available drives, making it easy to propagate especially to other computers that are sharing folders over a network. |
|
15.1.20 |
This malware guises as an Opera update. Cybercriminals behind this threat stole an outdated Opera digital certificate, which they used to sign this malware. |
|
15.1.20 |
It drops a distributed denial of service (DDoS) component that targets primary and secondary DNS name servers of record for multiple South Korean government sites.To get a one-glance comprehensive view of the behavior of this Trojan, refer to the Threat Diagram shown below. |
|
15.1.20 |
This ZBOT variant was used in a spam run which takes advantage of the UK Tax Return deadline. The said spam message purports to come from HM Revenue and Customs in the UK and informs users of a certain VAT return receipt. |
|
15.1.20 |
This ZBOT variant was used in a spam run which takes advantage of the UK Tax Return deadline. The said spam message purports to come from HM Revenue and Customs in the UK and informs users of a certain VAT return receipt. |
|
15.1.20 |
This is the Trend Micro detection for KINS Trojan, dubbed as the next ZeuS by media reports. Similar to ZeuS/ZBOT, it downloads configuration file and steals online banking credentials. |
|
15.1.20 |
This backdoor is used by cybercriminals to brute-force many WordPress blogs via logging into administrator pages. When executed, it connects to a C&C server, where it downloads the list of sites to target and the passwords to use to brute-force it. |
|
15.1.20 |
This backdoor is related to the Sykipot campaign that targets the United States civil aviation sector. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below. |
|
15.1.20 |
This backdoor is the detection for malicious attachments in email messages that spoof the 2013 G20 Summit in Russia. Users with systems affected by this malware may find their personal information stolen and the security of their systems compromised. |
|
15.1.20 |
This malware is associated with the reported increase in the number of Tor users. It has the capability to execute commands and download adware on to the infected system. |
|
15.1.20 |
This is the malware associated with the fake WhatsApp notification. Once users click on the Play button in the said email, they are lead to a multi-platform malware that can execute on Windows, iOS, and Android devices. |
|
15.1.20 |
This backdoor is a variant of the malware family BLYPT. It uses binary large objects (BLOB) to store information in the affected system's registry. |
|
15.1.20 |
This backdoor is a variant of the malware family BLYPT. It uses binary large objects (BLOB) to store information in the affected system's registry. |
|
15.1.20 |
This malware is one of the latest ransomware variants known as cryptolockers. When executed, it encrypts files and displays a warning message informing users that even though the malware has been deleted on their system, the encrypted files are inaccessible. |
|
15.1.20 |
This malware makes use of “garbage” strings, which in actual hides the malicious code. The said malicious code is an obfuscated AutoIt script. |
|
15.1.20 |
This malware is involved in the CryptoLocker ransomware malicious spam campaign spotted on October 2013. It is the malicious attachment that, when executed, downloads more malware onto the affected system. |
|
15.1.20 |
This malware is involved in a ZBOT spam campaign that targeted British users. Once the malicious attachment is opened, it inevitable leads to the download of ZBOT malware into the affected system. |
|
15.1.20 |
This CryptoLocker is downloaded by a ZeuS/ZBOT variant detected as TSPY_ZBOT.VNA. |
|
15.1.20 |
This malware is involved in the targeted attacks that took advantage of an unpatched Microsoft Office vulnerability, namely CVE-2013-3906, on November 2013. Victims of this malware may find the security of their systems compromised. |
|
15.1.20 |
This malware is involved in the targeted attacks that took advantage of an unpatched Microsoft Office vulnerability, namely CVE-2013-3906, on November 2013. Victims of this malware may find the security of their systems compromised. |
|
15.1.20 |
This malware was used in the EvilGrab campaign, which targets victims in Japan and China.This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. |
|
15.1.20 |
This malware exploits a Windows XP/Server 2003 zero-day vulnerability. This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users. |
|
15.1.20 |
This malware is the final payload of an attack that utilized a zero-day vulnerability in Windows XP/Server 2003. Users affected by this malware may find the security of their systems compromised. |
|
15.1.20 |
This is a Cryptolocker variant that has propagation routines, enabling it to easily spread to other systems. The said routine is important since other CRILOCK variants do not exhibit the same behavior. |
|
15.1.20 |
This malware is part of the 64-bit ZBOT samples that have been spotted to target 64-bit systems during January 2014. Users affected by this malware may find the security of their systems compromised and their critical personal information stolen (such as their online banking credentials). |
|
15.1.20 |
This malware is part of the 64-bit ZBOT samples that have been spotted to target 64-bit systems during January 2014. Users affected by this malware may find the security of their systems compromised and their critical personal information stolen (such as their online banking credentials). |
|
15.1.20 |
This ZBOT variant drops a configuration file that contains a list of its targeted banks and other financial sites. It also steals information from different FTP sites and steals personal certificates from the infected system. |
|
15.1.20 |
This malware uses an AutoIT packer, a scripting language leveraged by cybercriminals. When executed, it steals system-related information and gathers stored user names and passwords from certain browsers. |
|
15.1.20 |
This malware uses an AutoIT packer, a scripting language leveraged by cybercriminals. It has the capability to propagate via drives and steals user names and passwords from Yahoo, Hotmail, and Pidgin among others. |
|
15.1.20 |
This BANKER variant is downloaded on the system by TROJ_BANLOAD.GB, a malware that targets Banco de Brasil users. |
|
15.1.20 |
This BANLOAD variant checks for the presence of G-buster Plugin, a plugin that prevents malicious code from running during a banking session, on the system. It does this to indicate if the system is being used for online banking. |
|
15.1.20 |
This malware was found in January 2014 to be distributed as a key generator. Instead of generating keys, it downloads malware onto the affected system. |
|
15.1.20 |
This malware is related to the fake Flash player scams that targeted users in Turkey. It is used to send the Facebook messages with the link to the video. |
|