PREVIOUS
PREVIOUS
  • Coinminer.Win64.MALXMR.TIAOODBZ

    This miner figured in the fileless GhostMiner that uses WMI Objects. GhostMiner is known to kill competing other miner payloads.
    Read more   

  • Backdoor.Linux.BASHLITE.SMJC2

    This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other systems.
    Read more   

  • ELF_SETAG.SM

    This malware is part of an attack chain that involves searching for exposed or publicly accessible Elasticsearch databases/servers. The malware would invoke a shell with an attacker-crafted search query with encoded Java commands.
    Read more   

  • Backdoor.Perl.SHELLBOT.D

    This backdoor is downloaded and installed in systems via malicious URL. It is installed with a miner.
    Read more   

  • Backdoor.Linux.MIRAI.VWIQT

    IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
    Read more   

  • Ransom.MSIL.FREEZING.A

    This ransomware is one of the few ransomware families that is loaded and executed under the legitimate PowerShell executable. It also is one of the few that uses restart session manager to terminate processes that have associated files it tries to encrypt.
    Read more   

  • Backdoor.Perl.SHELLBOT.AB

    This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018.
    Read more   

  • Worm.Win32.BLASQUI.A

    This malware is part of the newly discovered BLACKSQUID malware family that targets web servers, network drives, and removable drives using multiple web server exploits and dictionary attacks. This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
    Read more   

  • Backdoor.Linux.MIRAI.VWIPT

    This new Mirai variant uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. It has backdoor and distributed denial-of-service (DDoS) capabilities.
    Read more   

  • Ransom.Win32.DHARMA.THDAAAI

    This Dharma variant uses a new technique: using software installation as a distraction to help hide malicious activities.This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
    Read more   

PREVIOUS
PREVIOUS