May 2022 edition of the Threat Hunting Journal



Heimdal ™ Our threat is back with the May edition of the victim journal. As you might have expected, King Trojan reigns unhindered with over 16,000 positive identities. There are a few newcomers out there, some of whom might even make our uncrowned king run for his money. Stay tuned for more information and goodies. Enjoy!

Top Malware (s) Detection: 1st May – 27M May’s

Throughout the month of May, Heimdal ™’s SOC team identified 16 Trojan variants, with a total of 16,738 positive detections – a 55.19% decrease compared to April, when a historic high of 25,976 positive detections was recorded. In terms of distribution, we have 11 new ones and 20 backsliders. TR / Rozena / jrrvz racked the highest number of positive IDs (i.e., 2675), followed by TR / CoinMiner.uwtyu with 2316 positive IDs and EXP / MS04-028.JPEG.A with 2280 hits. Here is the complete list of May detections.

The name of the malwarePositive identification
TR / Rozena.jrrvz2675
TR / CoinMiner.uwtyu2316
EXP / MS04-028.JPEG.A2280
TR / Rozena.rfuus1635
TR / Trash.Zen1600
TR / Patched.Zen1439
TR / AD.GoCloudnet.kabtg1398
EXP / CVE-2010-2568.A969
TR / Downloader.Gen958
TR / CoinMiner.wmstw919
TR / PSInject.G1916
VBS / Dldr.Agent.VPET801
W32 / Run.Ramnit.C778
TR / Dropper.Jenner754
ACAD / Bursted.AN698
TR / Crypt.XPACK.Gen667
TR / AD.Swotter.lckuu512
W32 / Floxif.hdc437
ACAD / Burste.K308
TR / Crypt.XPACK.Gen2295
TR / dropper.Gen5269
W32 / Chir.B265
WORM / Brontok.C224
W32 / Sality.Y214
Adware / jspounder.g199
W32 / can199
TR / AD.Swotter.fgqir195
TR / Dropper.tfflr190
EXP / PyShellCode.G182

Top 10 Malware Details

Let’s turn to cover those new identities

TR / Trash.Zen

TR / Trash.Gen is a Trojan-type malware that is usually compressed by visiting unsafe pornographic websites. Trash.Gen can install backdoors, increase CPU usage, and install adware.

TR / PSInject.G1

PSInject.G1 is a PowerShell scrip-carrying Trojan that accesses multiple commands such as new-object, out-null, test-path, where-object, right-output, and right-verbos.

VBS / Dldr.Agent.VPET

Dldr.Agent.VPET is a Trojan downloader. It is used to inject and execute malicious VBS scripts on hunting machines.

TR / AD.Swotter.lckuu

An adware-carrying Trojan is used to collect host and network data from infected machines.

ACAD / Burste.K

A ‘Trojanized’ virus that infects the ACAD .lsp file. After infection, the virus waits for user input to load the files.

TR / dropper.Gen5

A Trojan dropper is used to install backdoors, provide additional malware material, or listen to victims.

WORM / Brontok.C

.C form of Brontak worms. This malware has been distributed via email. Once inside the machine, it will create a new Windows registry entry, disable regedit.exe and change several Windows Explorer settings.

W32 / Sality.Y

The .Y version of the salinity virus is used to install backdoors or to connect the victim’s computer to a botnet.

Adware / jspounder.g

An adware-type malware. May display malicious popups or ads on affected machines.

Additional cybersecurity tips and separation thoughts

This marks the end of the May issue of Heimdal শিকার a security threat journal. Before I go, I’ll share with you a few tips on how you can increase your security.

  • Scanning frequency. No device-scanning policy? Well, now would be a good time to do one.
  • Improved AV protection. Some types of malware do not appear on regular AV scans. If so, I’d encourage you to give it a try Himdal ™ Next-Gen AV and MDMA solution rather than a combination of top-level detection rates, brute-force detection and security features, and more.
  • Phishing. You know, most malware is sent via email. So, if it seems suspicious, it is probably dangerous and therefore should not be opened.

If you liked this article, follow us LinkedIn, Twitter, Facebook, YouTubeAnd Instagram For more cyber security news and topics.


Source link