Search
Keyword: obfuscated
We spotted a recent spam campaign in Italian that delivers URSNIF malware to unsuspecting users. The email deceives its recipients by posing as a notification with a link that leads to the supposed receip...
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions.
* indicates a new version of an existing rule Deep Packet Inspection Rules: Application Control For Web Browser 1002996* - Application Control For Google Chrome Web Browser DNS Client 1007297* - Microsoft Windows DNS Use Aft...
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. As of this writing, the said sites are inaccessible.
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1003984* - SMB NTLM Authentication Lack Of Entropy Vulnerability DCERPC Services - Client 1008577 - Microsoft Visio OLE DLL Loading ...
This malware makes use of “garbage” strings, which in actual hides the malicious code. The said malicious code is an obfuscated AutoIt script. To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown...
The DUNIHI malware family is commonly obfuscated VBS malware which is capable of propagating via removable drive infection. DUNIHI may arrive as an attachment to spam. It may also arrive via removable drives or as a file dropped by other malware or d...
This backdoor may be hosted on a website and run when a user accesses the said website. It executes commands from a remote malicious user, effectively compromising the affected system. It retrieves specific information from the affected system. This...
* indicates a new version of an existing rule Deep Packet Inspection Rules: Application Control For Web Browser 1007376 - Application Control For Microsoft Edge Web Browser DCERPC Services 1007699 - Oracle Job Scheduler Named P...
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services 1007134* - Batch File Uploaded On Network Share (ATT&CK T1021.002, T1204.002) 1007064* - Executable File Uploaded On System32 Folder T...
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services - Client 1008284 - Microsoft Office DLL Loading Vulnerability Over Network Share (CVE-2017-0197) 1008201 - Microsoft Windows DLL Loadi...
This malware is part of the malware spam attack Trend Micro uncovered early June of 2017, one that targeted certain organizations in the EMEA region. It has the capability of delivering malware through the act of showing a hyperlink's contents via mo...
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It downloads a file from a certain URL then renames it before storing it in the affected system. It connec...
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This is the Trend Micro detection for the backdoor installed by the PowerTrick post-exploitation toolkit believed to be developed by creators of Trickbot. This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded u...
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note.
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It does not have any propagation routine. It executes comma...
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of certain vulnerabilities.
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It does not have any backdoor routine.