Malware Update 2016

Malware Monthly Strikes

Malware December
Malware November
Malware October
Malware September
Malware August
Malware July
Malware June
Malware May
Malware April
Malware March
Malware February
Malware January

Note: New metadata fields were added to all previous malware builds: fileExtension, fileSize, <reference... type="sha1">, <reference... type="md5">, <reference... type="sha256">.


Malware Strikes December - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-q8401TorrrentLocker_aa9a5373Windows This strike sends a malware sample known as TorrrentLocker.aa9a5373bbb49646ee34e92cbdac750c0cca796b29163b6081948fe86a455473b6a8ccb3 aa9a5373bbb49646ee34e92cbdac750c 9bda19bc960abc4995011611857fc497880feaf2d55e2e3a3207c3e520e5e237 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2016-screenlockers-kangaroo-the-sfmta-and-more/
M16-rgi01Android_Spy_cbd1c2dbAndroid This strike sends a malware sample known as Android_Spy.cbd1c2db9ffc6b67cea46d271594c2aea65f80a623269307067416225ce2a6cfc0557ac4 cbd1c2db9ffc6b67cea46d271594c2ae e362a037e70517565d28ab85959e6c9d231b2baf0c2df3b87dfaa1451278e80c http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/ http://www.bleepingcomputer.com/news/security/new-android-spyware-targeting-governments-found-originating-from-italy/
M16-84q01Yahoyah_93fa49f6Windows This strike sends a malware sample known as Yahoyah.93fa49f69aa9873c7f19823161bd8406aef101fb24bd39e3cc14c26796c0336f2cb1d540 93fa49f69aa9873c7f19823161bd8406 fdeb384ff68b99514f329eeffb05692c4c1580ca52e43e6dcbb5d760c2a78aa4 http://securityaffairs.co/wordpress/53698/breaking-news/tropic-trooper-campaign.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
M16-59r01Nemucod_a5c51da2Mixed This strike sends a malware sample known as Nemucod.a5c51da26364442b10e784932944f4a7b1f7460937b25430f0f2b070ab5bcd091d22d1ee a5c51da26364442b10e784932944f4a7 5e9e3f9f96ce2333473a4c7eae8e07a0d0a38b24cb9effc67f0063f2eaec4c92 https://bartblaze.blogspot.ro/2016/11/nemucod-downloader-spreading-via.html http://securityaffairs.co/wordpress/53650/malware/svg-images-locky.html
M16-nl201Petya_c65fab98Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.c65fab983e5f47e0d2eb74047b560b83de257bcdd4ac079f44abae2e6e776ca6a08716d3 c65fab983e5f47e0d2eb74047b560b83 2320d4232ee80cc90bacd768ba52374a21d0773c39895b88cdcaa7782e16c441 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-y3901Ransoc_30bf1d54Windows This strike sends a malware sample known as Ransoc.30bf1d54830eb4223f0f3e68d113ff5d44fd0e2d99d6ccc49db7b48d5fc49e74c54f4463 30bf1d54830eb4223f0f3e68d113ff5d fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566 https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles http://www.bleepingcomputer.com/news/security/ransoc-ransomware-extorts-users-who-accessed-questionable-content/
M16-ag001Matrix_678af4b6Windows This strike sends a malware sample known as Matrix. Matrix is a ransomware that uses GnuPG to encrypt the victim's data.678af4b6a7cf159209e3d469032637a4934b94e591a1f035cacacd242665febe7fdad59f 678af4b6a7cf159209e3d469032637a4 babe06cce15bb2e38639546737c093077787589f7809834d076395143cb24622 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2016-screenlockers-kangaroo-the-sfmta-and-more/
M16-8y801Yahoyah_fe0ad2e2Windows This strike sends a malware sample known as Yahoyah.fe0ad2e2c155a3938f4a2f907cae5244457d15327d2c2333235afa85fe65e19eeac828d2 fe0ad2e2c155a3938f4a2f907cae5244 4ee115734733dae0705e5b2cb6789a1cdb877bc53e2fdb6e18ab845c0522d43b http://securityaffairs.co/wordpress/53698/breaking-news/tropic-trooper-campaign.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
M16-sms01Yahoyah_7cf254d9Windows This strike sends a malware sample known as Yahoyah.7cf254d99c34b3e6a10482a471cc3f708771b13f8b1e768d57556ba0b8a0ed905861b416 7cf254d99c34b3e6a10482a471cc3f70 2fce75daea5fdaafba376a86c59d5bc3e32f7fe5e735ec1e1811971910bc4009 http://securityaffairs.co/wordpress/53698/breaking-news/tropic-trooper-campaign.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
M16-dsh01Crypton_237bf114Windows This strike sends a malware sample known as Crypton. Crypton is a newly discovered ransomware that appends _crypt to all encrypted files. It uses AES and RSA algorithms for encryption and modifies Windows Registry for persistence.237bf11449a2018b058643c38f12430cf0c3e8375ad1044995d1292d041334b0475a5064 237bf11449a2018b058643c38f12430c 6f2df7b22047fdf8eb4c3f7d3090dce7e97b1eca031558ba1dd20bbcd769103b http://www.bleepingcomputer.com/news/security/crypton-ransomware-is-here-and-its-not-so-bad-/
M16-tta01Disttrack_Dropper_8fbe990cWindows This strike sends a malware sample known as Disttrack_Dropper. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.8fbe990c2d493f58a2afa2b746e49c865c52253b0a2741c4c2e3f1f9a2f82114a254c8d6 8fbe990c2d493f58a2afa2b746e49c86 47bb36cd2832a18b5ae951cf5a7d44fba6d8f5dca0a372392d40f51d1fe1ac34 http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-96201OzozaLocker_2280126dWindows This strike sends a malware sample known as OzozaLocker. OzozaLocker is a ransomware which appends the .Locked extension to encrypted files.2280126d015f400538eddbf53967941d5f6c48ee82382aa312988ecbec629f1b53462a13 2280126d015f400538eddbf53967941d a0f16c6f844c1bd6ee3ecf285e8e50449fcad2be2cbd94b039b61a174d78e181 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-25th-2016-locky-decryptors-cerber-open-source-ransomware-sucks-and-more/
M16-dl801Mirai_5849bb9cLinux This strike sends a malware sample known as Mirai. Mirai or Linux/Mirai ELF is a trojan backdoor which is targeting IoT devices.5849bb9ceefee5ef295e7e966d0ba2b51fabd81c57e89e573b5a661e2ee11f2aa0f4abfc 5849bb9ceefee5ef295e7e966d0ba2b5 72656911d3c500c9b231b4ac6b625f8bf946e151e114c929a060472fedb8499d https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/
M16-7to01Gatak_e0ee3c42Windows This strike sends a malware sample known as Gatak. Gatak or Stegoloader is a backdoor trojan that has been around since 2011. Its infection mechanism is through websites that advertise licensing keys for pirated software.e0ee3c42eee34c5c4cc70efc3ca6a46f51feac1a2596f89d10762a4d463957826c19c0c5 e0ee3c42eee34c5c4cc70efc3ca6a46f 510e243b9d60548dce824c7ede6efce3f64c4614849b2e88bcd37828d3ed4745 http://www.bleepingcomputer.com/news/security/keygen-websites-spreading-gatak-backdoor-trojan/ https://www.symantec.com/connect/blogs/gatak-healthcare-organizations-crosshairs
M16-27q01Disttrack_Wiper_2cd0a5f1Windows This strike sends a malware sample known as Disttrack_Wiper. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.2cd0a5f1e9bcce6807e57ec8477d222aad6744c7ea5fee854261efa403ca06b68761e290 2cd0a5f1e9bcce6807e57ec8477d222a 128fa5815c6fee68463b18051c1a1ccdf28c599ce321691686b1efa4838a2acd http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-75m01Gatak_82898b2aWindows This strike sends a malware sample known as Gatak. Gatak or Stegoloader is a backdoor trojan that has been around since 2011. Its infection mechanism is through websites that advertise licensing keys for pirated software.82898b2ae22e289df5d3570c20120067de584d3b9ad40b742878e76dda434eacdefbc066 82898b2ae22e289df5d3570c20120067 e8a6459e2cdd5c83e804ce8e6dae62af2c8a17549d1b9eca685443a68f94e115 http://www.bleepingcomputer.com/news/security/keygen-websites-spreading-gatak-backdoor-trojan/ https://www.symantec.com/connect/blogs/gatak-healthcare-organizations-crosshairs
M16-njl01Floki_Bot_f33808eaMixed This strike sends a malware sample known as Floki_Bot. Floki_Bot is a banking trojan based on Zeus source code.f33808ea5100648108c7d0d6a0d5eb6179908f60571d837924118bd697e5b267a1c5fafa f33808ea5100648108c7d0d6a0d5eb61 7bd22e3147122eb4438f02356e8927f36866efa0cc07cc604f1bff03d76222a6 http://blog.talosintel.com/2016/12/flokibot-collab.html http://securityaffairs.co/wordpress/54182/malware/floki-bot-malware.html
M16-klg01Petya_2c2f29cbMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.2c2f29cb501acf30db4d923904b6ac62e617755a2504a912f13c077c6567f83f4ebe1199 2c2f29cb501acf30db4d923904b6ac62 929d8ebd6c1bd49e2103e9866b98a49c92f8fff7a456704977cf12196c7d7778 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-azp01Mikey_28c03f10Windows This strike sends a malware sample known as Mikey.28c03f10eee7949d64189aa22db509fa80f4b0196b53f8c5ddd3630b1b28cf24d5ec35d0 28c03f10eee7949d64189aa22db509fa 22f530846e4c82946e00c82cd4f21e0010a5caf7bf4a774c26617dc4301d4cc5 https://www.sans.org/newsletters/at-risk/xvi/49
M16-ij601Petya_e068ee33Windows This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.e068ee33b5e9cb317c1af7cecc1bacb5ef3d2563fa3e29c1be76a149ff91398ab9987775 e068ee33b5e9cb317c1af7cecc1bacb5 b5ef16922e2c76b09edd71471dd837e89811c5e658406a8495c1364d0d9dc690 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-31l01Petya_8855dee5Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.8855dee52ba475c5287af576853a08f32d667b894afada90310e932670418f34ca155037 8855dee52ba475c5287af576853a08f3 e40ed47ace9afea91702ba6f70ba1bae0f3d0a6c3942c8dd218a59c2a09726f0 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-5lt01Petya_911a54e8Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.911a54e80d925f88065a4c1aa205753f176b2a9b4159b1c38554532564abe2292b0a9c0a 911a54e80d925f88065a4c1aa205753f fc69b5f0a2bc6a83b226c5a1520eee973a46ece3479f14c61c1733e84d8bc369 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-iq301Disttrack_Communication_5bac4381Windows This strike sends a malware sample known as Disttrack_Communication. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.5bac4381c00044d7f4e4cbfd368ba03bb094d0287dc4d654f0fca38559c3d6248ef09bbb 5bac4381c00044d7f4e4cbfd368ba03b 61c1c8fc8b268127751ac565ed4abd6bdab8d2d0f2ff6074291b2d54b0228842 http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-mhn01VindowsLocker_682f91e3Windows This strike sends a malware sample known as VindowsLocker. VindowsLocker is a ransomware which appends the .vindows extension to encrypted files.682f91e3ce769a6865ecd9f2b236e83aa07474a43ac69504e74878e83fe39a6a41bd3d0d 682f91e3ce769a6865ecd9f2b236e83a fd1932cd4301cd69acf7fe79c1c4a4bab6276f0201775f1d7b6d96b7d705dc0d http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-25th-2016-locky-decryptors-cerber-open-source-ransomware-sucks-and-more/
M16-4ye01Petya_baabdf9fMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.baabdf9f58f8cbc482a47f10d95ae4be4051420e93cda31e107d897b457bb82efe8ef256 baabdf9f58f8cbc482a47f10d95ae4be db847340786c8a949c80a78de4fb757dcdaace78717c3b1e59416948d5b508a0 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-zoj01Petya_bc5c7f3bMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.bc5c7f3b583e2df16302825af4c235cc7554438af2f6a323b41755e6ff487510592e6603 bc5c7f3b583e2df16302825af4c235cc 2f8579354b4ed65d292b15e64f91c9722d939587abf8d0cf4f695a4e370d5182 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-tr601Floki_Bot_70f6abfbMixed This strike sends a malware sample known as Floki_Bot. Floki_Bot is a banking trojan based on Zeus source code.70f6abfb433327a7b3c394246cc37ea2d2d0a6c7b63d5032a37b791f1fd07246d3a98093 70f6abfb433327a7b3c394246cc37ea2 3c2c753dbb62920cc00e37a7cab64fe0e16952ff731d39db26573819eb715b67 http://blog.talosintel.com/2016/12/flokibot-collab.html http://securityaffairs.co/wordpress/54182/malware/floki-bot-malware.html
M16-a2q01Petya_0db960b5Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.0db960b5be45e5bd7ce143cef9e3ef0646790d76765ce1a5e01de1d619068670bd145a3b 0db960b5be45e5bd7ce143cef9e3ef06 0e0f72408d58405f9b09cc4f9dd828bd57e285bd3d099de7e36178a95114f070 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-vxw01PrinterInstaller_fa1f7694Windows This strike sends a malware sample known as PrinterInstaller.fa1f769475516b03881602d0824cae12af306369c8499b3403b43b2543bd63a98de06697 fa1f769475516b03881602d0824cae12 ae7327f36a659d01a85d4071a4570458ec03a05a6ce7d2f6d092fb46aff3e739 https://www.sans.org/newsletters/at-risk/xvi/49
M16-hhx01Petya_4759d42bMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.4759d42b58a31d8563d5c3dcc079046717c12489129f016aee605e8813a8436b0482279b 4759d42b58a31d8563d5c3dcc0790467 0aa1bdad5b13decd65bed0514f0778d6ff9ba2337a5b5d4cdef1e84dd0b20b0c https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-l2g01Petya_0aefc4d0Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.0aefc4d0b999557adb154af5f385d40be1013592825622747bec40ab4dae5709e40d8eac 0aefc4d0b999557adb154af5f385d40b 9c20d24705b3186ee6dd68d4291964b259b55c1b990a0e02099927580b4f3141 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-fad01Winsloader_c0177c65Windows This strike sends a malware sample known as Winsloader.c0177c651dd58e4961d2190ff91c6f44a7b4381b1f9161992b358eda9bd58a6b219a13d3 c0177c651dd58e4961d2190ff91c6f44 92da05bae1d9694a1f63b854e86b5b17ef27d5fc2551318e49e17677c7c90042 http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
M16-x1601Disttrack_Wiper_c843046eWindows This strike sends a malware sample known as Disttrack_Wiper. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.c843046e54b755ec63ccb09d0a689674425f02028dcc4e89a07d2892fef9346dac6c140a c843046e54b755ec63ccb09d0a689674 c7fc1f9c2bed748b50a599ee2fa609eb7c9ddaeb9cd16633ba0d10cf66891d8a http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-fsv01Mirai_9bc4b66eLinux This strike sends a malware sample known as Mirai. Mirai or Linux/Mirai ELF is a trojan backdoor which is targeting IoT devices.9bc4b66e68f08dde32e901287e8637fdfeb6531b4509015a3a119f67b290175b284e9864 9bc4b66e68f08dde32e901287e8637fd 2548d997fcc8f32e2aa9605e730af81dc18a03b2108971147f0d305b845eb03f https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/
M16-kmq01Petya_7b53ce64Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.7b53ce64d575f0967130ca6f6dcd6b87a91b2e1fdc418edc43f16f70d9d9282b9443f24c 7b53ce64d575f0967130ca6f6dcd6b87 51db7151ea3e53376234d696ab3c17eaf532a839bb586eac5e58eaa4c89ec4f0 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-b8c01Floki_Bot_a11b982bMixed This strike sends a malware sample known as Floki_Bot. Floki_Bot is a banking trojan based on Zeus source code.a11b982bde341475e28d3a2fa96f982a181fe69fa5f931251771814d2afc7bcd85c6468a a11b982bde341475e28d3a2fa96f982a e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a http://blog.talosintel.com/2016/12/flokibot-collab.html http://securityaffairs.co/wordpress/54182/malware/floki-bot-malware.html
M16-ybw01Disttrack_Dropper_5446f46dWindows This strike sends a malware sample known as Disttrack_Dropper. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.5446f46d89124462ae7aca4fce420423e7c7f41babdb279c099526ece03ede9076edca4e 5446f46d89124462ae7aca4fce420423 394a7ebad5dfc13d6c75945a61063470dc3b68f7a207613b79ef000e1990909b http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-0uw01Telecrypt_14d4bc13Windows This strike sends a malware sample known as Telecrypt. Telecrypt is a ransomware written in Delphi that uses the Telegram instant messaging for communication with the C and C servers. After Telecrypt encrypts the victim's files, it appends the .Xcri extension.14d4bc13a12f8243383756de92529d6d54b8fc5de74856d90cad60da8cc41b98940e6a15 14d4bc13a12f8243383756de92529d6d 63fa775052a5c7258d44a00d9f2b4a9263f96fb7c61778cbb1ba9102fed2082f https://securelist.com/blog/research/76558/the-first-cryptor-to-exploit-telegram/ http://securityaffairs.co/wordpress/53295/malware/telecrypt-ransomware.html
M16-r7z01Floki_Bot_cc38fd59Mixed This strike sends a malware sample known as Floki_Bot. Floki_Bot is a banking trojan based on Zeus source code.cc38fd598cbef1a3816bb64f2990e9b65ac80df4f80d466e616d13e8d35be3fe9da5a45e cc38fd598cbef1a3816bb64f2990e9b6 e0b599f73d0c46a5130396f81daf5ba9f31639589035b49686bf3ef5f164f009 http://blog.talosintel.com/2016/12/flokibot-collab.html http://securityaffairs.co/wordpress/54182/malware/floki-bot-malware.html
M16-owx01Gatak_915abbcdWindows This strike sends a malware sample known as Gatak. Gatak or Stegoloader is a backdoor trojan that has been around since 2011. Its infection mechanism is through websites that advertise licensing keys for pirated software.915abbcd90e3755b99584931be4bbb70ef13519e5577c05a2f49cc922fa6efdce1d58888 915abbcd90e3755b99584931be4bbb70 f4c44b5331c30b62beacae5d343d591584715c2d9d6d65848216b61efd916ec1 http://www.bleepingcomputer.com/news/security/keygen-websites-spreading-gatak-backdoor-trojan/ https://www.symantec.com/connect/blogs/gatak-healthcare-organizations-crosshairs
M16-6u001Petya_8badc9fdMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.8badc9fdc551e84c1a610cb8e8ce02a63923b560b9fc00b36bed4d4cbb308b53b9b40eaf 8badc9fdc551e84c1a610cb8e8ce02a6 b5cf3676e56370d859f2d1f4a38978e7d55605efdcb6b992c9e95fc8e3e0ae87 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-imb01Yahoyah_0043240bWindows This strike sends a malware sample known as Yahoyah.0043240bebaf921674559ed9f05505f1ba71031ec0dccf09fbc48af61a22e5faa6b055a4 0043240bebaf921674559ed9f05505f1 6b6ec318ede71baf79004fe22c46a8d7a500dc6ba6dd40b2641fe9a1c2b3dbd5 http://securityaffairs.co/wordpress/53698/breaking-news/tropic-trooper-campaign.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/
M16-vil01Mirai_24647537Linux This strike sends a malware sample known as Mirai. Mirai or Linux/Mirai ELF is a trojan backdoor which is targeting IoT devices.246475378c5bcd7ed7ece231827af999a37b27abadeccb7395798bfcddc28166ee0de0a6 246475378c5bcd7ed7ece231827af999 97dd9e460f3946eb0b89ae81a0c3890f529ed47f8bd9fd00f161cde2b5903184 https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/
M16-2dz01Petya_234e5a2eMixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.234e5a2e704460060c0b7151b9530e76958764cb5a5748711a6dbecf227a2cd307a7255d 234e5a2e704460060c0b7151b9530e76 68eae10474f79966f74accb7487da30d673d6c5c1040a0ed5f58ae7860814981 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/
M16-6p101Disttrack_EldoS_76c643abWindows This strike sends a malware sample known as Disttrack_EldoS. Disttrack or Shamoon is a malware that's been around since 2012. In November 2016 security experts detected Disttrack in a new wave of attacks against a Saudi company. Disttrack main focus is data disctruction and system damage through a wiper component. Other components of which Disttrack is composed are the dropper and the communications components.76c643ab29d497317085e5db8c7999601292c7dd60214d96a71e7705e519006b9de7968f 76c643ab29d497317085e5db8c799960 5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a http://securityaffairs.co/wordpress/53951/malware/the-shamoon-disk-wiper-malware-returns-in-new-attacks.html http://researchcenter.paloaltonetworks.com/2016/11/unit42-shamoon-2-return-disttrack-wiper/
M16-juu01Petya_66f54129Mixed This strike sends a malware sample known as Petya. Petya is a ransomware that has a new variant named GoldenEye. The new variant has been seen being spread via spam emails.66f54129ab00e04fe4ec1de65119df8654197008baf7e50d9e3e3776bc53e59ca75c43a1 66f54129ab00e04fe4ec1de65119df86 2a00ddfb883b40c9acff6dc35e52063b38663a17cd1f971c12ca675b2e11c774 https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/

Malware Strikes November - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-xnd01EDA2_cb29b854Windows This strike sends a malware sample known as EDA2.cb29b8543e6b26831efe3f12a0d7d53eb4bf3f010b26eb8d9388825a8a42139fcc5f1291 cb29b8543e6b26831efe3f12a0d7d53e 9f1262f505695d95f1d4b70ab978621b11cbaec5d3f09f94e71cc361c4d0c49b http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/
M16-h3g01zScreenLocker_5dec5d69Windows This strike sends a malware sample known as zScreenLocker.5dec5d693786a1991a0d84a8cf484adf73be9d9d525e5dd4192aef1d163f8a606a43511c 5dec5d693786a1991a0d84a8cf484adf 5104bfbaad48854ad4a7675ed8749504f85f199f7b14c84d0e24551372e95b98 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/
M16-qc201Hancitor_88d60c26Mixed This strike sends a malware sample known as Hancitor.88d60c264a9c3426c081a2cb56e3a8796491a819cd6205c3c7bb18e81688144e6b032854 88d60c264a9c3426c081a2cb56e3a879 2e97ef42f24d6d8d53012c42029554061a7ab2537919e234f678c57fd4eccfd6 https://www.sans.org/newsletters/at-risk/xvi/45/newsletters/at-risk/
M16-3dw01JackPot_5624c920Windows This strike sends a malware sample known as JackPot. JackPot is a ransomware that demands 3 bitcoins for the decryption key without providing any contact information.5624c920b1fd3da3a451d564bb7488d32ad7aab4bdb10286646b62bdad87d8ff98ff6f56 5624c920b1fd3da3a451d564bb7488d3 76657d402d22005f20f5876244cf3290bf3dbabaf440141816e37566b4eb2d16 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
M16-fin01Lock93_a9e78050Windows This strike sends a malware sample known as Lock93. Lock93 is a ransomware that encrypts files and appends the extension .lock93. The victim is presented with a lock screen in English or Russian.a9e78050b1240b1e4e667a16a887609858b3799485558418d261ba18e7a0433ea1b84605 a9e78050b1240b1e4e667a16a8876098 5ce0dd4de8de67282276be5713645a5df95cb61736e973d27a9e66c1c18c27e0 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
M16-pbc01CryptoLocker_9e96dc9bWindows This strike sends a malware sample known as CryptoLocker.9e96dc9b004aa217bce55539158d2f7678cc560bbf03f4a16665c7aa08ee776bfbc1fa27 9e96dc9b004aa217bce55539158d2f76 ffda8894570f0efc7532649f337c3f24934acf4f573ca6bcb66dbaf715c624b1
M16-q1401Telecrypt_3e24d064Windows This strike sends a malware sample known as Telecrypt. Telecrypt is a ransomware written in Delphi that uses the Telegram instant messaging for communication with the C and C servers. After Telecrypt encrypts the victim's files, it appends the .Xcri extension.3e24d064025ec20d6a8e8bae1d19ecdbaaf26fd22d5cab24dda2923b7ba6b131772b3a68 3e24d064025ec20d6a8e8bae1d19ecdb 3d7dd597a465d5275ef31d9e4f9dd80ed4de6139a1b3707cb3b0ffa068595567 https://securelist.com/blog/research/76558/the-first-cryptor-to-exploit-telegram/ http://securityaffairs.co/wordpress/53295/malware/telecrypt-ransomware.html
M16-oq001Exotic_99b0bc3fWindows This strike sends a malware sample known as Exotic. Exotic is a ransomware that encrypts all files in several targeted folders, including executables. Different variants of this ransomware were seen and all of them change the background of the infected computer to a Hitler or Jigsaw-like image containing also instructions of how to pay the ransom.99b0bc3fa250830c4be6ea2dcfe7411afb40c43f2051823f3d301d116cef1d2bef13a561 99b0bc3fa250830c4be6ea2dcfe7411a 43553abb16aea0a314576a31dcbde8989df0c9e2e7b891b1fbd3189710314817
M16-qf301Carbanak_7a5fa7a9Mixed This strike sends a malware sample known as Carbanak.7a5fa7a9e9319e0871d2098a02f0bcfa8d7c90a699b4055e9c7db4571588c765c1cf2358 7a5fa7a9e9319e0871d2098a02f0bcfa 90ac49c60b5e0f76e87bd6f0062ea64b875bb571e226133bb681392b2151fb24 https://www.trustwave.com/Resources/SpiderLabs-Blog/New-Carbanak-/-Anunak-Attack-Methodology/ http://securityaffairs.co/wordpress/53486/breaking-news/carbanak.html
M16-h7j01Karma_1cb51c13Windows This strike sends a malware sample known as Karma. Karma is a ransomware that pretends to be a Windows optimization program named Windows-TuneUp. The ransomware appends .karma to all encrypted files.1cb51c130e6f75f11c095b122e008bbc5e222866b81ed28048d56437d6815fee71b8374f 1cb51c130e6f75f11c095b122e008bbc 6545ae2b8811884ad257a7fb25b1eb0cb63cfc66a742fa76fd44bddd05b74fe8 http://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/
M16-7sj01Hancitor_Dropper_b41f2365Mixed This strike sends a malware sample known as Hancitor_Dropper.b41f2365f8a44305bdc0e485100b3a0c03c9537bcba5c8cc1a9ac841605aa312ca01b06c b41f2365f8a44305bdc0e485100b3a0c b506faff00ae557056d387442e9d4d2a53e87c5f9cd59f75db9ba5525ffa0ba3 https://www.sans.org/newsletters/at-risk/xvi/43
M16-jwb01Pramro_51e63633Windows This strike sends a malware sample known as Pramro.51e63633487f9180ec8031980684bf8621ea35d8e9f11c4fd49438c5b70b2755b34decd0 51e63633487f9180ec8031980684bf86 f4ae1a3d610a57547f014215a5d7aaed8572cd36aa77a9567c183f11430a6b55 https://www.sans.org/newsletters/at-risk/xvi/44
M16-yxj01Locky_bee9c1e2Windows This strike sends a malware sample known as Locky. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.bee9c1e2fbcdb341c3f14ca48326b801d6e2b359cbcf4955c56cf784acc3d73a60b49e97 bee9c1e2fbcdb341c3f14ca48326b801 6acc206e741d8104d14d83fac4989e6303c6483c8ffc9eaa2aa722717420dc98
M16-4tm01GDS_3edda4e9Mixed This strike sends a malware sample known as GDS.3edda4e903d939eb94544b9ade771e1a633f26ff38a9d64f6bd86717235f05ade76f9207 3edda4e903d939eb94544b9ade771e1a 4c424fe45453840002ac944d167c45e1f77000485848dec65a46ca53a2b04ba3 https://spamonmove.blogspot.ro/2016/11/email-with-subject-gdsnew-fax-message.html
M16-q8i01TrickBot_80833a25Windows This strike sends a malware sample known as TrickBot. TrickBot is a banking trojan which shares similarities with Dyre banking trojan. It is used by crooks to target customers of Australian banks.80833a25e57130a8e0be9bb5debde7ae02365a770612383ca718635b149bdef90f2885f8 80833a25e57130a8e0be9bb5debde7ae aef4293a36fd3538ff1986a27fec8d7461ec9ced76fb035ae85f53e178109570 http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html http://securityaffairs.co/wordpress/52374/cyber-crime/trickbot-banking-trojan.html
M16-h4f01CryptoWire_41d4ab0dWindows This strike sends a malware sample known as CryptoWire. CryptoWire is an incomplete ransomware based on an educational project.41d4ab0de7f56c1d4b38fc10c25518f94928a320c5bdefb1e8c4c9f25fcd200ce3af0db7 41d4ab0de7f56c1d4b38fc10c25518f9 5684f8b6422ec02116b5ae28480756005e58cd4cfc5701d94fa180ea06de96d6 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
M16-qlu01KillerLocker_a802aae1Windows This strike sends a malware sample known as KillerLocker. KillerLocker is a ransomware that encrypts all files in certain locations and appends the .rip extension to the encrypted files.a802aae121fb19bd185e736ffffcbe4619b4efbe540493f67ebe14cfdfc0803ed1f28c2a a802aae121fb19bd185e736ffffcbe46 9d20ea35dfc09fc4c2e4d4db895977b88a732a34c2e43ff435225717e83bb2a1
M16-56c01FastPoS_7801fd41Windows This strike sends a malware sample known as FastPoS. FastPOS is a PoS malware that was first seen in March 2016. Updated versions of this malware are seen and are expected to be seen mostly before holidays when people do more shopping. FastPOS is usually distributed via compromised websites, VNC access with stolen credentials or brute-force attacks. The new behaviour of this malware is noisier because FastPOS manages to exfiltrate card data faster. This way the attacker has more chances to use the card before the banks suspend it.7801fd41dac01fcb1926ce0a37850a468e7761e123026d9ce6a108e77dd677ee5d6245e4 7801fd41dac01fcb1926ce0a37850a46 11912292f44cf5e093422c50e0b12687a94be19f78565d1735e5ed29a52d39ec http://blog.trendmicro.com/trendlabs-security-intelligence/fastpos-updates-in-time-for-retail-sale-season/ http://securityaffairs.co/wordpress/51992/malware/new-fastpos-pos-malware.html
M16-ftt01Karma_c0650bf3Windows This strike sends a malware sample known as Karma. Karma is a ransomware that pretends to be a Windows optimization program named Windows-TuneUp. The ransomware appends .karma to all encrypted files.c0650bf3bcf21924c481051d2b48720496249f99c35d546e58f044936036e10b96eb2c96 c0650bf3bcf21924c481051d2b487204 cf5fda29f8e1f135aa68620ce7298e930be2cb93888e3f04c9cd0b13f5bc4092 http://www.bleepingcomputer.com/news/security/researcher-finds-the-karma-ransomware-being-distributed-via-pay-per-install-network/
M16-eaf01Hancitor_a215b91fMixed This strike sends a malware sample known as Hancitor.a215b91f7c4562a7be10e6fbe36d7aafd6589833c85c1a91da750a5b7eadefe2bce96001 a215b91f7c4562a7be10e6fbe36d7aaf 4a15565e1a0a5acaab6e987785d44a6a28d31d18f7ee266d4bbf08002aa64eed https://www.sans.org/newsletters/at-risk/xvi/45/newsletters/at-risk/
M16-0iy01Hancitor_Dropper_69b011d2Mixed This strike sends a malware sample known as Hancitor_Dropper.69b011d298e344c693c9866c4f8e73ea0f763e0766cbe1733940ee5e2afba244cc63d367 69b011d298e344c693c9866c4f8e73ea 4b4fd57349e06056088ce758e2ce50dc75837b2f17307574b329208a31145247 https://www.sans.org/newsletters/at-risk/xvi/44
M16-rm001Onyx_b3c647d0Windows This strike sends a malware sample known as Onyx. Onyx is a ransomware that uses the face of a spirit called No-Face from Spirited Away anime movie in the ransom note. Also the ransom note seems to be in Georgian.b3c647d07f9d26562fd14de5586a2d0f820154ed17eef35f953af57c90895fd3af017cf6 b3c647d07f9d26562fd14de5586a2d0f 38075f1fd1723d87ac9895e45b5cb327bea0b45469001d2c730cd358b4860bcd http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-28-2016-locky-angry-duck-and-more/
M16-c4p01Hancitor_aca3daf2Mixed This strike sends a malware sample known as Hancitor.aca3daf2d346dc9f1d877f53cfa93e6ef2a0578564192e15c535b42eef2b6d68b767fdda aca3daf2d346dc9f1d877f53cfa93e6e 14211739584aa0f04ba8845a9b66434529e5e4636f460d34fa84821ebfb142fd https://www.sans.org/newsletters/at-risk/xvi/43
M16-2mb01DummyEncrypter_d6d335f1Windows This strike sends a malware sample known as DummyEncrypter.d6d335f18b318157ad00c4ffa9f327869d590d431f55e85b73bd145c9d59311b5529d5fb d6d335f18b318157ad00c4ffa9f32786 31122e4b777ecbd73bc66d3a76200bf7d807195d40efc5945d74ffc9ae2f7cd6 http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-4th-2016-cerber-paydos-alcatraz-locker-and-more/

Malware Strikes October - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-vsg01Overseer_55f1cb18Android This strike sends an Overseer malware sample. Overseer is an Android spyware.55f1cb18c270bb8c3340da629707842bb7d3b2cc8cb629612f77e513825c10e18ff11ba7 55f1cb18c270bb8c3340da629707842b 4e3eab0534ebbab73cddc1a49f3f29b0aae2c3e32d66ca1fbfd8f3ac4816264a http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-bdn02Overseer_9c33a2abAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.9c33a2ab21238a1070de51b1a45138b607917353689e536bcce42e4bc1231ff74a273e31 9c33a2ab21238a1070de51b1a45138b6 b36e1239f0082d9b4c87e3182e98e122d329f1582aba99e0e60f1516932f9f80 http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-40r01NoobCrypt_41a06109Windows This strike sends a NoobCrypt malware sample. NoobCrypt is a ransomware created by (as the name suggests) a noob. It uses the same encryption key for all victims.41a06109efcb3ec3cb7f2b202e0e8af80c53503e9221676c416cacffc3197bb4dcd4e82d 41a06109efcb3ec3cb7f2b202e0e8af8 974d2a36971b0f05c8a2d5b0daaee93732b78f0edeb4555aadbc1b7736ce995f http://www.bleepingcomputer.com/news/security/noobcrypt-ransomware-dev-shows-noobness-by-using-same-password-for-everyone/
M16-qzi01iSpy_9373eb00Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.9373eb008dd45458d424ce928b8d44752c717cb18d5fe508667caf82ffc01e7a665d76ff 9373eb008dd45458d424ce928b8d4475 a43983442146afc7bf5942bc7f52193b96a6245f2d1231208a9a08c585285b8c https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-peq01Overseer_a72d6858Android This strike sends an Overseer malware sample. Overseer is an Android spyware.a72d6858d555c188801c7c66872721b1c55c93185ecd4c6f67a1cbecfc721f702165c8f0 a72d6858d555c188801c7c66872721b1 3d4ff4b3ea4799b0e6eed81ac0e48fc624e2723e84bebc2d98cd857f5b8e7a21 http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-wdc01Overseer_f649e236Android This strike sends an Overseer malware sample. Overseer is an Android spyware.f649e2362dd29c18229c75c0200ef6337297578462bc15d5da80a2f4bc95b519cb241dd6 f649e2362dd29c18229c75c0200ef633 3e61e69521d0d615a833f3e6cdfa20addcaa5dbeb491bc34b68479fc65e0b6d0 http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-92701Linux.BackDoor.Irc.16_874cb667Linux This strike sends a Linux.BackDoor.Irc.16 malware sample. Linux.BackDoor.Irc.16 is a malware written in Rust programming language and has features of a classic backdoor in which it allows attackers to remotely control the infected systems via IRC protocol. The MD5 hash of this Linux.BackDoor.Irc.874cb6670325cc945a09eaa4dbc7419803c1ca6ec8718aa4d4cb6ba041276df421f4450f 874cb6670325cc945a09eaa4dbc74198 82594fd5477511ab5cf1466f849ab651b93d9ecf72748302b36bfed9add82407 http://securityaffairs.co/wordpress/51126/malware/linux-trojan-irc16.html
M16-9w001Locky_938f8180Mixed This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.938f8180962dee96906afb5ba838dd171587794c2ec4567542215ed351d9ca5601169bfa 938f8180962dee96906afb5ba838dd17 93bea0b85e1869d31876c47d2f97c9e2721b43fcdcce2f7adb7645d6d34519e4 http://blog.dynamoo.com/2016/09/malware-spam-express-parcel-service.html
M16-26c01Overseer_ee2b6f38Android This strike sends an Overseer malware sample. Overseer is an Android spyware.ee2b6f3879df44c62cb3775298f099ba8f7d2dc4d5628c55e135ec3805bad5a73d50e05b ee2b6f3879df44c62cb3775298f099ba bf095f3999a2a3f3f4f73b4522b8d114f0d09bff7a482389bdd79d85faf9b35f http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-x3701Overseer_a30b3d4dAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.a30b3d4d0f7b63fd75d00040e05304d45e2e212d56260520e64738f6e49d9d3af3931ded a30b3d4d0f7b63fd75d00040e05304d4 fe9bf6374da7ee60911dda85322f83420f6a446cf28eef2423a7510a260a5a2e http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-sap01iSpy_08abb6dcWindows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.08abb6dc71fe3076f9f149c849de737a8ec5de1896a422aedec1c973589fbe4686bf9b21 08abb6dc71fe3076f9f149c849de737a 7bacca48d52e0662922fd82305b7cff6a7d915d6056cb640148f3062f2006efc https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-90a01Overseer_4058057cAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.4058057c0afacbedd0511bc621f5dd19b6261f8dbf67ca71de0ca4d09e9cbbc66f82e1e0 4058057c0afacbedd0511bc621f5dd19 77730891c0d861c481ee29b3d93154bb22046b24fc60b1281e85884904bd1f9f http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-ef801iSpy_b99491b5Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.b99491b53faabb559adf42d6156d9dad7cbac910083ac205102c9b0a7c11da5092b49d7f b99491b53faabb559adf42d6156d9dad e6384d52e439d5711b7a65943d4bc772b6c36bf22b9793a9590dab1f33504a19 https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-6o901Mal/Miner-C_32f21ab8Windows This strike sends a Mal/Miner-C malware sample. Mal/Miner-C is a malware that leverages network-attackes storage (NAS) devices as attack vector. It uses FTP servers in order to spread itself.32f21ab8cf9b96e8ba86395a0edc2e4f2a5b3c07e32b3b2b0c1ef33a10685027703440ec 32f21ab8cf9b96e8ba86395a0edc2e4f 20389c7d417ec512e18bb246a693ce37e041390b6cf1cdd5dca0728b709f910d https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/Cryptomining-malware-on-NAS-servers.pdf http://securityaffairs.co/wordpress/51131/malware/malminer-c-mining-malware.html
M16-ile01Mamba_498bdcfbWindows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.498bdcfb93d13fecaf92e96f77063abf263d14f535c264aa254fbee0b66e94a32c156a4c 498bdcfb93d13fecaf92e96f77063abf 1b44a3b1dec865a96e44f2b556f19682fd844ebe3e7b0577bd7e58d307fcba4f http://www.bleepingcomputer.com/news/security/hddcryptor-ransomware-overwrites-your-mbr-using-open-source-tools/ http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/
M16-d7h01Mamba_37c0d7f8Windows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.37c0d7f81f6cb81d50505d9c2d17133b177843629cd1dc4345b03e48574eed12d0551ce6 37c0d7f81f6cb81d50505d9c2d17133b e141f564003773d4fe3ef462458a041a871699fb7dc646632cf00afac4870779 http://www.bleepingcomputer.com/news/security/hddcryptor-ransomware-overwrites-your-mbr-using-open-source-tools/ http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/
M16-pmm01iSpy_3f0b2feaWindows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.3f0b2fead12d62bcd7d8ca3b2673ed7f1de410ce7be2faf8cc087612b4b28d4653d21688 3f0b2fead12d62bcd7d8ca3b2673ed7f 5b79f2a549d72bd45842c44de646abc46ebbec7767025c3ba9d5c32ecd81df5c https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-vr801iSpy_7a9af64aWindows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.7a9af64a04cf9577bfc76865ae190349d47d90d860fc72b4a3c1d84e10852757e2296fe9 7a9af64a04cf9577bfc76865ae190349 550c1acb3c1e6089c155378375698f7c65b9ef897346ecb2b3cad35ba1c32324 https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-aat01Mamba_409d80bbWindows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.409d80bb94645fbc4a1fa61c078068834080bb3a28c2946fd9b72f6b51fe15de74cbb1e1 409d80bb94645fbc4a1fa61c07806883 2ecc525177ed52c74ddaaacd47ad513450e85c01f2616bf179be5b576164bf63 http://www.bleepingcomputer.com/news/security/hddcryptor-ransomware-overwrites-your-mbr-using-open-source-tools/ http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/
M16-ko701Mamba_a5032555Windows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.a50325553a761d73ed765e326a1733a36a5250a24439cb760e91c228b56d991a717e556a a50325553a761d73ed765e326a1733a3 74336da7eb463092a5f1bca3071f96b005f52e6df5826f8b0351e10537ba0459 http://securityaffairs.co/wordpress/51314/malware/mamba-ransomware.html https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=pulse_spock-articles
M16-x0801Mamba_e0358edbWindows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.e0358edb797489ffc585e8f517b30f1c719c3b897826169190ffcaf8ec111e78acd1613e e0358edb797489ffc585e8f517b30f1c 0fa05cbe58b253b09afbb79be27953ddfd36852d0a5fb5010dfb419d7705abb5 http://securityaffairs.co/wordpress/51314/malware/mamba-ransomware.html https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=pulse_spock-articles
M16-p9001Overseer_557ca11fAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.557ca11fb0c47896067b9a9919e04e323ed6aa4b23d3f57d5477d0c0d1bfab58467118d8 557ca11fb0c47896067b9a9919e04e32 b1e286322ef72bfa7fa55754322b4eb609da0bb2491dd833b1e0b19df64bf70c http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-ucc01iSpy_15318584Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.153185846e8fb4edb9e9ec9c3ea73e752433edd5f5e3df7f3313f4b7642f49c9beb2319c 153185846e8fb4edb9e9ec9c3ea73e75 7b0d5150610d832fc9d3ef601be518fd98b6c7bbc381edbcc19c2ce3c635ab1b https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-fc001Locky_9a5c0a99Mixed This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.9a5c0a998b0f6e2a91b1deb2a7b7e51c1e3f153a9283fac8376b6a333b36ab157131e0ea 9a5c0a998b0f6e2a91b1deb2a7b7e51c b8f601fbaca128e30fa04954f12bfba8ac113b22abd305c2a70e44e39e0013c1 http://blog.dynamoo.com/2016/09/malware-spam-express-parcel-service.html
M16-dba01Locky_20768ccdMixed This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.20768ccd2d0c9fc0375258fd4ac7911c43fbc8659740d4102b0306de87e9d0acedc5b28d 20768ccd2d0c9fc0375258fd4ac7911c 2a96d3a5a7c198a6f999a0f925b4697c77bccf2f0cf7736df27d0c3ddcc7d5b5 http://blog.dynamoo.com/2016/09/malware-spam-express-parcel-service.html
M16-qo501iSpy_cb077968Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.cb077968a96f497a994010b55771be2e2e7c08841090eb00935d778b7e60a335f41bc82b cb077968a96f497a994010b55771be2e ea3bcfa8aa901ff6dd7454176d67ad2f68a0412055ef73f80e8850761ff95ebb https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-ho401Stampado_dbf3707aWindows This strike sends a Stampado malware sample. Stampado is a ransomware that targets files that have already been encrypted. After infection, the victims end up paying twice to get their files decrypted.dbf3707a9cd090853a11dda9cfa78ff05af5403d8e003812a34c7b085d878680d7130ad5 dbf3707a9cd090853a11dda9cfa78ff0 78db508226ccacd363fc0f02b3ae326a2bdd0baed3ae51ddf59c3fc0fcf60669 http://www.bleepingcomputer.com/news/security/stampado-ransomware-campaign-decrypted-before-it-started/ http://www.bleepingcomputer.com/news/security/stampado-taking-ransomware-scumbaggery-to-the-next-level/ https://heimdalsecurity.com/blog/security-alert-stampado-ransomware-on-sale/
M16-mkc01Nagini_cd4e331dWindows This strike sends a Nagini malware sample. Nagini is a ransomware that asks for your credit card number instead of asking for bitcoins in order to serve the decryption key.cd4e331d11f8eb70c4f2fd9d665ee6544bb336f390e24763fbb282cc6a1d131521748ea3 cd4e331d11f8eb70c4f2fd9d665ee654 a1b0c47cc5d2ecb8ea634f436764c0b17c8ed59cc144739c77c069970642a102 http://www.bleepingcomputer.com/news/security/the-nagini-ransomware-sics-voldemort-on-your-files/
M16-wke01Overseer_59e152e0Android This strike sends an Overseer malware sample. Overseer is an Android spyware.59e152e0fb998a6ebc2ffeeb1bab1988465be5445f7a606e230e016f75d4b704e7affe07 59e152e0fb998a6ebc2ffeeb1bab1988 92fd9583cc3eaa785fb1763b5a0a5f78ee5e3e79777134012c0f8e1bf41b1793 http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-chf01Stampado_a393b953Windows This strike sends a Stampado malware sample. Stampado is a ransomware that targets files that have already been encrypted. After infection, the victims end up paying twice to get their files decrypted.a393b9536a1caa34914636d3da7378b55aced706d9f6a0bb6a95c8bdf1e123485219a123 a393b9536a1caa34914636d3da7378b5 342933cb4cbb31a2c30ac1733afc318a6e5cd0226160a59197686d635ec71b20 http://www.bleepingcomputer.com/news/security/stampado-ransomware-campaign-decrypted-before-it-started/ http://www.bleepingcomputer.com/news/security/stampado-taking-ransomware-scumbaggery-to-the-next-level/ https://heimdalsecurity.com/blog/security-alert-stampado-ransomware-on-sale/
M16-bgj01Mamba_ac3f6418Windows This strike sends a Mamba malware sample. Mamba is a disk level ransomware that encrypts the full disk using a tool called DiskCryptor. Mamba was found in Septembed 2016 and it is similar to Petya.ac3f641813e3c9308f572c3ca2c90931c63afce8c54362a6d626f660c3a15cec3e723c1c ac3f641813e3c9308f572c3ca2c90931 7706949737a839c7bd42b8a9d4540d636aeb948818fa8026c54459f9b71b60b5 http://www.bleepingcomputer.com/news/security/hddcryptor-ransomware-overwrites-your-mbr-using-open-source-tools/ http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/
M16-5ub01iSpy_51981d91Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.51981d91472c00a78a6358cc2d5ff47f06075bccb33f57fe732a4eda68bb774e7da4828c 51981d91472c00a78a6358cc2d5ff47f 1bd619cb9cd77d000dd59a34eb97194dc0724f98f2ce61d1d40663d7af8bf0b3 https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-vn601LuaBot_8e7637d7Linux This strike sends a LuaBot malware sample. LuaBot is a new ELF botnet malware that was written in Lua programming language an targets Linux systems.8e7637d72e522cb52012c02eb8ddfdbe8f68f088908bd6113ab27c39f18bb4a75886c298 8e7637d72e522cb52012c02eb8ddfdbe 0206efba7fc13700efd59354e9c6ca4d1ffe34f6689bd195798181824d46b83d http://blog.malwaremustdie.org/2016/09/mmd-0057-2016-new-elf-botnet-linuxluabot.html http://securityaffairs.co/wordpress/51155/malware/linux-luabot.html
M16-9xz01Overseer_b0680c5fAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.b0680c5f831259a7c6f63e6e5afbded4f8eac0c983d2c13683a88cd945a0e3f012172587 b0680c5f831259a7c6f63e6e5afbded4 facbd35c5f05442ae1d6d27444e46961f69db16e33dc2cd071d283127ff92ebd http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
M16-ocx01Razy_5c24888dWindows This strike sends a Razy malware sample.5c24888d1c0de3296ac5483a652d333d0988dcf3bc6aa4dbcfa74a59ed97907d419811ae 5c24888d1c0de3296ac5483a652d333d ef8f1a5a76f106309ddb5d596bdf941b4bf9c4ea1cabbedd96ac1a7b7d36516e
M16-mtn01Locky_66dbfa77Mixed This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.66dbfa77a7e19d764e00faa86e5cc57334669616f77404a664304823c86966c8914f6b8b 66dbfa77a7e19d764e00faa86e5cc573 7f2cfe7f92c6ab46158b96165809e6e077c5e08bf5799f02bfddeafa4dac9676 http://blog.dynamoo.com/2016/09/malware-spam-express-parcel-service.html
M16-32z01Locky_653fe2ceMixed This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.653fe2ce76131872de42a3851377d53a2e71542930199501bdddbf1f7bbd709e4e5355f1 653fe2ce76131872de42a3851377d53a 22ad72331096a72cc5265a2397dcf51e5e6e018a4c8aed4f1137590db976e574 https://myonlinesecurity.co.uk/locky-ransomware-changed-now-a-odin-extension/ http://www.bleepingcomputer.com/news/security/locky-ransomware-now-uses-the-odin-extension-for-encrypted-files/
M16-e6m01iSpy_ca66771aWindows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.ca66771aaaf3e6b4be57f09d9cfabcc13e0c8f89e6b5ea8ca115f0dc02864c079c9e2eeb ca66771aaaf3e6b4be57f09d9cfabcc1 670dc4bb1309f53ba7141d11aa805418c94b383e8ffa12cf2d195fb8b9bc87aa https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-vrf01iSpy_c8dabc76Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.c8dabc7680e8b7ed344994eb39599296c565b58532460543993b7708c11dd888db2d48d5 c8dabc7680e8b7ed344994eb39599296 4ce98eb7a0aedb32a5c1e68b73860ded32b27ab3590cdc1848e153c24b9d3c33 https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-58g01iSpy_c17dad76Windows This strike sends an iSpy malware sample. iSpy is a keylogger malware with a modular structure from which an attacker can choose which features to use.c17dad76326700c24daef882e8550be453d04de6159500dd4158bec38cb517dafa5ef2c4 c17dad76326700c24daef882e8550be4 a407adb5ccfb12b7129ab73850ba1f311100b525eb568277f89487b29c871489 https://www.zscaler.com/blogs/research/ispy-keylogger http://securityaffairs.co/wordpress/51513/malware/ispy-commercial-keylogger.html
M16-su401MarsJoke_1f1471b6Windows This strike sends a MarsJoke malware sample. MarsJoke is a ransomware that is spread through emails that contain a link to an executable file. It is similar CTB-Locker.1f1471b671bce68e154665a21b15ced2ec901b94061d27bb90e61360bffca2d409f83cca 1f1471b671bce68e154665a21b15ced2 7e60a0d9e9f6a8ad984439da7b3d7f2e2647b0a14581e642e926d5450fe5c4c6 https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker
M16-mt501Overseer_8d93baebAndroid This strike sends an Overseer malware sample. Overseer is an Android spyware.8d93baeb0426583cd719f43049c1f9918016b89849a188a045c91d0b20189309ff3642e4 8d93baeb0426583cd719f43049c1f991 68897eeed76ad2f365070c955dac19a8f3b09313cb215aa864ef7e229dabb05c http://securityaffairs.co/wordpress/51461/mobile-2/overseer-malware.html https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/

Malware Strikes September - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-km701Hitler_0210d88fWindows This strike sends a Hitler malware sample. Hitler is a ransomware that does not encrypt files, but it simply deletes them.0210d88f1a9c5a5a7eff5c44cf4f7fbc83bff855966cf72a2dd85acae7187caeab556abf 0210d88f1a9c5a5a7eff5c44cf4f7fbc 06c8e0f6fa2616f4fa92c610a1faea23887ac31db8fa78cede49b6b8c80ec22f http://securityaffairs.co/wordpress/50275/malware/hitler-ransomware.html http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/
M16-pgt01Linux_Rex_5bd44a35Linux This strike sends a Linux_Rex malware sample. Linux_Rex is a self-spreading Linux trojan which is able to create a peer-to-peer botnet. It is designed to infect web servers that use certain content management systems.5bd44a35094fe6f7794d895122ddfa6298172e49c3d5d70ffdcefd071f9762c58430a393 5bd44a35094fe6f7794d895122ddfa62 762a4f2bf5ea4ff72fce674da1adf29f0b9357be18de4cd992d79198c56bb514 http://news.drweb.com/news/?i=10157 http://securityaffairs.co/wordpress/50556/malware/linux-rex-1-botnet.html
M16-sll01Gozi_e8f4e46bWindows This strike sends a Gozi malware sample. Gozi malware has been around since 2007 and was recently spotted by researchers. The new campaigns are using dynamic web injection and automatically optimize the selection of mules after profiling the victim.e8f4e46bee432942fb57d487eb5e90e5c71659096cc9071f9a0f2ebb4df5bf856046e145 e8f4e46bee432942fb57d487eb5e90e5 72f19b97e4f836a784176520ff32a83bddcf751b7d19e9e19d954c85ab747b85 https://buguroo.com/wp-content/uploads/2016/08/Gozi_Report_August_2016.pdf http://securityaffairs.co/wordpress/50511/cyber-crime/new-gozi-campaigns.html
M16-s8s01Ranscam_eb50dce0Windows This strike sends a Ranscam malware sample. Ranscam is a ransomware that deletes users’ files, even if the victim chooses to pay. Just as the name implies, Ranscam is just a scam. Once the ransom is paid the user message says that the payment was not verified and the user files remain deleted.eb50dce0b73b5c5c02a0add57efeb24fbfc834c63706f47fda8f702397a9b2fdd971762c eb50dce0b73b5c5c02a0add57efeb24f 763cbd6fb5d35d040ab1783c517c4fca43c81a0d72cc4c873b89c789cc2d6bec http://blog.talosintel.com/2016/07/ransomware-because-opsec-is-hard.html
M16-vwt01Keydnap_8b45e7bdMacOS This strike sends a Keydnap malware sample. Keydnap or OSX/Keydnap is a Mac malware used to steal the content of OS X’s keychain and maintain a permanent backdoor on victims’ PC. It is distributed through the BitTorrent client called Transmission.8b45e7bd51ce76ebd0b58a60375ead6b8ca03122ee73d3e522221832872b9ed0c9869ac4 8b45e7bd51ce76ebd0b58a60375ead6b eb3e5b5350b609b38a2dfcb4ed721d154342a7e65c93921487a2c02cf9d9d8d8 http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ http://securityaffairs.co/wordpress/50844/malware/bittorrent-client-transmission.html
M16-kf501KAOTEAR_913031b8Windows This strike sends a KAOTEAR malware sample. KAOTEAR is a Hidden Tear-based ransomware which uses the filename kaoTalk.exe and includes KakaoTalk icon to disguise its malicious nature.913031b8d460367501a8e84c4143d627f7a78789197db011b55f53b30d533eb4297d03cd 913031b8d460367501a8e84c4143d627 1ad95b74b1e10f41b4ac7d2ee96c74e99f237e1e5717d9e59273a81477d8c9b6 http://blog.trendmicro.com/trendlabs-security-intelligence/new-open-source-ransomwar-based-on-hidden-tear-and-eda2-may-target-businesses/
M16-rrp01RAA_ca1a7270Mixed This strike sends a RAA malware sample. RAA is a ransomware written entirely in JavaScript. This makes it unique to the ransomware families seen so far. There is no need to download any supplementary programs, once it gets executed, it encrypts your data and asks for a ransom.ca1a72705d7f2f648b7bc2083456724d37d5bc6b44997b3b30f4ca32ba56a3b501bef91b ca1a72705d7f2f648b7bc2083456724d 6a4ccd88dd022dec0b5ed38e7f1c7328bde63b4f245091cd1aab3271b0907b87
M16-mrg01CryLocker_429d758dWindows This strike sends a CryLocker malware sample. CryLocker Ransomware is a ransomware that pretends to be from a fake organization called the Central Security Treatment Organization. After it infects a computer it will encrypt a victim's files and then append the .cry extension. CryLocker has been seen being distributed via the Sundown exploit kit.429d758d5e4423dfcde9a0f820806c7cd6a09353a1e4ccd7f5bc0abc401722035fabefa9 429d758d5e4423dfcde9a0f820806c7c 33f66a95e01e2650ea47405031d4ced2ad25db971e65a92319296ccef62b7964 http://www.bleepingcomputer.com/news/security/the-crylocker-ransomware-communicates-using-udp-and-stores-data-on-imgur-com/ http://securityaffairs.co/wordpress/51015/malware/csto-ransomware.html
M16-ua301Globe_993135daWindows This strike sends a Globe malware sample. Globe is a ransomware that encrypts a victim's files and then displays a ransom note. It uses Blowfish encryption algorithm rather the commonly used AES encryption. Instead of a text and html ransom note, the Globe Ransomware uses a HTA, or HTML Application, file to display the ransom note.993135dacbff2607839ee5a76ca06c61c1a9a8cdad293887214605ca0e47f3ddfa4e1a52 993135dacbff2607839ee5a76ca06c61 98aadc95c589e064a542802bbf0ef01ef00595c34d195f1a1e6443909846d2e7 http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/
M16-1a101Ripper_15632224Windows This strike sends a Ripper malware sample. Ripper is an ATM malware that was seen for the first time in August 2016. After instalation, Ripper changes the ATM's software so that an attacker could perform multiple malicious actions, including clear logs and shut down the ATM local network interface.15632224b7e5ca0ccb0a042daf2adc13c9381c5d6f39c54aad5b5ref=1deecab6887af57 15632224b7e5ca0ccb0a042daf2adc13 cc85e8ca86c787a1c031e67242e23f4ef503840739f9cdc7e18a48e4a6773b38 http://securityaffairs.co/wordpress/50763/breaking-news/atm-ripper-malware.html https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
M16-04y01Keydnap_87382052MacOS This strike sends a Keydnap malware sample. Keydnap or OSX/Keydnap is a Mac malware used to steal the content of OS X’s keychain and maintain a permanent backdoor on victims’ PC. It is distributed through the BitTorrent client called Transmission.87382052ac581a7ad22d1d8aa2995921e0ef6a5216748737f5a3c8d08bbdf204d039559e 87382052ac581a7ad22d1d8aa2995921 f1dfebff416421fafb77b89f348bcd2209baed824249c789a2aeae964dcf2f18 http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ http://securityaffairs.co/wordpress/50844/malware/bittorrent-client-transmission.html
M16-ccb01Mirai_6b7b6ee7Linux This strike sends a Mirai malware sample. Mirai or Linux/Mirai ELF is a trojan backdoor which is targeting IoT devices.6b7b6ee71c8338c030997d902a2fa593846b2d1b091704bb5a90a1752cafe5545588caa6 6b7b6ee71c8338c030997d902a2fa593 2238c81031ca78f4df121c94e1fca5368099b6003c30fef83768fef65ce09e9f http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html
M16-pzt01Fantom_7d80230dWindows This strike sends a Fantom malware sample. Fantom is a ransomware that encrypts a victim's machine files while pretending to be Windows Update. It is based on the open-source EDA2 ransomware project.7d80230df68ccba871815d68f016c282e10874c6108a26ceedfc84f50881824462b5b6b6 7d80230df68ccba871815d68f016c282 f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
M16-r8901Remsec_0a0948d8Windows This strike sends a Remsec malware sample. Remsec or ProjectSauron has been active since at least 2011. Its ability to operate undetected for five years is a testament to its creators, who clearly studied other state-sponsored hacking groups in an attempt to replicate their advances and avoid their mistakes. The main purpose of the malware platform was to obtain passwords, cryptographic keys, configuration files, and IP addresses of the key servers related to any encryption software that was in use. Infected groups include government agencies, scientific research centers, military organizations, telecommunication providers, and financial institutions in Russia, Iran, Rwanda, China, Sweden, Belgium, and possibly in Italian-speaking countries.0a0948d871ef5a3006c0ab2997ad330eee9eccad334b3bd8874b7259555a93ccb23f7e59 0a0948d871ef5a3006c0ab2997ad330e ab8181ae5cc205f1d3cae00d8b34011e47b735a553bd5a4f079f03052b74a06d http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets
M16-g1601RAA_c6dc8c1bMixed This strike sends a RAA malware sample. RAA is a ransomware written entirely in JavaScript. This makes it unique to the ransomware families seen so far. There is no need to download any supplementary programs, once it gets executed, it encrypts your data and asks for a ransom.c6dc8c1bc315bc1a4c5a7ab1cedb3377cc7ce3e553ead7a1a5d7202f70e34744c95a13b9 c6dc8c1bc315bc1a4c5a7ab1cedb3377 49f109d5ed56d2bd4ec632a4a9b8055daf70a465b82cf0e76df79a97c61130c5
M16-d1y01Gozi_fdb2a3afWindows This strike sends a Gozi malware sample. Gozi malware has been around since 2007 and was recently spotted by researchers. The new campaigns are using dynamic web injection and automatically optimize the selection of mules after profiling the victim.fdb2a3af3d65480593518ec47c39b3ede4347b18d24a34353c8aa765e12c6ac1cdfa8829 fdb2a3af3d65480593518ec47c39b3ed db62b207f8e3f61ff3f2a99861eaaffbcc60cf39c3ab831b2c4f64e9c4a27f93 https://buguroo.com/wp-content/uploads/2016/08/Gozi_Report_August_2016.pdf http://securityaffairs.co/wordpress/50511/cyber-crime/new-gozi-campaigns.html
M16-v8301Locky_cd7aec63Windows This strike sends a Locky malware sample. Locky is a ransomware for Windows systems which appeared at the beginning of 2016. The malicious code for this particular malware relies on JavaScript attachments to download itself. Like other ransomware, it encrypts local files as well as network shares and renames them to [unique_id][identifier].locky. The victim is requested to pay a ransom to get the files decrypted.cd7aec63ac55e0c33d0c216400bb05b4131fcc404824aa49b959532423ab6b45571d9fb7 cd7aec63ac55e0c33d0c216400bb05b4 ed8965e9834248a177fd0062149410c63c612d68518aff31b35eb58a33b6ce59 http://blog.cyren.com/articles/locky-adds-new-file-format-and-attacks-uk.html
M16-x5g01Ramnit_0784e53bWindows This strike sends a Ramnit malware sample. Ramnit is a banking trojan that's been around since 2010 and has recenly been resuming activity. After infection, it scans files that have interesting keywords, such as 'wallet', 'passwords' or the names of the targeted banks. Ramnit uses malvertising and malware-laden spam for distribution, though it also employed popular exploit kits, such as Angler.0784e53b2f19069ae4101440c93fb3117c2759d35242334a23a0174c967c1c9f68800b39 0784e53b2f19069ae4101440c93fb311 cab9e4021545b0ac0783e5e9a00e8c81bcefec990082896f76278b861029e9d1 http://www.securityweek.com/ramnit-banking-trojan-resumes-activity https://securityintelligence.com/ramnit-rears-its-ugly-head-again-targets-major-uk-banks/
M16-60h01Mirai_884de2b3Linux This strike sends a Mirai malware sample. Mirai or Linux/Mirai ELF is a trojan backdoor which is targeting IoT devices.884de2b3cad23a0d020897b7716db03f666d079273778f344169fdaaca0a5fc61da5e30e 884de2b3cad23a0d020897b7716db03f 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6 http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html
M16-3na01Dridex_005f2670Windows This strike sends a Dridex malware sample. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then.005f267003bf3ef09afebcfdadebd66df88d05e5cca62a332fe4267db100086c7bde6379 005f267003bf3ef09afebcfdadebd66d 707cec6955c39f7e952a2440069b0cfc699e56b92f8b63c2d4713c897ba29095 http://www.bleepingcomputer.com/news/security/down-but-not-out-dridex-begins-targeting-crypto-currency-wallets/ https://blogs.forcepoint.com/security-labs/dridex-shadows-blacklisting-stealth-and-crypto-currency
M16-b0x01Mokes_8c0ba5e0MacOS This strike sends a Mokes malware sample. Mokes is a new family of cross-platform backdoors for desktop environments discovered in 2016. This malware allows hackers to execute arbitrary commands on the victim’s computer, it works on Linux, Windows and also OS X. It enables stealing of various kinds of data from an infected system, including screenshots, Office-Documents (docx, .doc, .xlsx, and .xls files), Keystrokes, and Audio-/Video-Captures.8c0ba5e0351975e8fc0c49fdb6dba4ff1e8568e61b75a68ed7481cf0619f643af76bf889 8c0ba5e0351975e8fc0c49fdb6dba4ff 664e0a048f61a76145b55d1f1a5714606953d69edccec5228017eb546049dc8c http://thehackernews.com/2016/09/cross-platform-malware.html http://securityaffairs.co/wordpress/51060/malware/mokes-backdoor-os-x.html https://securelist.com/blog/research/75990/the-missing-piece-sophisticated-os-x-backdoor-discovered/
M16-q0s01Alma_92f8a916Windows This strike sends an Alma malware sample. Alma is a ransomware that is being delivered through exploit kits. It is one of the few released lately that has a working TOR command and control server and a secure encryption algorithm.92f8a916975363a371354b10070ab3e9d9e6d0503067a00cad5e26c54f4874f9e4476ac9 92f8a916975363a371354b10070ab3e9 11f2c3d0dbc00e65b90ab0b06dadf00a3d3ea4dc2fdbc9f3b4108c8e4e18a2ab https://info.phishlabs.com/blog/alma-ransomware-analysis-of-a-new-ransomware-threat-and-a-decrypter http://www.bleepingcomputer.com/news/security/new-alma-locker-ransomware-being-distributed-via-the-rig-exploit-kit/
M16-gz701Umbreon_bbeb18c0Linux This strike sends a Umbreon malware sample. Umbreon is a rootkit family that targets Linux systems, including systems running both Intel and ARM processors.bbeb18c0c3e038747c78fcab3e0444e3358afd4bd02de3ce1db43970de5e4cb0c38c2848 bbeb18c0c3e038747c78fcab3e0444e3 e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853 http://securityaffairs.co/wordpress/51003/breaking-news/linux-umbreon-rootkit.html http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/
M16-ggx01Dridex_e3258c69Windows This strike sends a Dridex malware sample. Dridex is an online banking malware that steals personal information through HTML injections. It was first spotted at the end of 2014 and its inventors keep improving it periodically since then.e3258c69c7a7f0815f3b654f85aa02f5606236dcce09a75aecb64daddaec7d247900a10d e3258c69c7a7f0815f3b654f85aa02f5 9d50f55479404abcd4faca8afc3b2ba50d0a3846937ca937aff4c458339e2e10 http://www.bleepingcomputer.com/news/security/down-but-not-out-dridex-begins-targeting-crypto-currency-wallets/ https://blogs.forcepoint.com/security-labs/dridex-shadows-blacklisting-stealth-and-crypto-currency
M16-m0v01Ramnit_81e5ab7fWindows This strike sends a Ramnit malware sample. Ramnit is a banking trojan that's been around since 2010 and has recenly been resuming activity. After infection, it scans files that have interesting keywords, such as 'wallet', 'passwords' or the names of the targeted banks. Ramnit uses malvertising and malware-laden spam for distribution, though it also employed popular exploit kits, such as Angler.81e5ab7fcc22193c88be5581f7062a27d3228ecc80a38df383b8e786680461f764f48c83 81e5ab7fcc22193c88be5581f7062a27 08883f8b7238be34df52891e68a44344dc8d3e863a08856b28d15d0f94fe6878 http://www.securityweek.com/ramnit-banking-trojan-resumes-activity https://securityintelligence.com/ramnit-rears-its-ugly-head-again-targets-major-uk-banks/
M16-xr901Vawtrak_e75436d0Windows This strike sends a Vawtrak malware sample. Vawtrak is a banking trojan that's been around since the beginning of 2015 and it keeps evolving.e75436d09b378f20de647ace1acd1d5933cc9d7d641d18adf1019c3f31dc08863a356a92 e75436d09b378f20de647ace1acd1d59 a513fc3dd36d24ea9fd17596607278aa47a03b67a3c09aff72fc2a8b8a9e0636 http://securityaffairs.co/wordpress/50368/malware/vawtrak-banking-trojan.html http://www.threatgeek.com/2016/08/vawtrak-trojan-variant-https-c2.html
M16-o6801Ranscam_8285e29eMixed This strike sends a Ranscam malware sample. Ranscam is a ransomware that deletes users’ files, even if the victim chooses to pay. Just as the name implies, Ranscam is just a scam. Once the ransom is paid the user message says that the payment was not verified and the user files remain deleted.8285e29e5ad5c6efe428dfb3b711dc5bd42128c7780eb4d24ed14b2855818c8d8796ae52 8285e29e5ad5c6efe428dfb3b711dc5b fca8fc0f91c9507f4ef678efbff06386fa10bc8819d74a3cdef03072484bda36 http://blog.talosintel.com/2016/07/ransomware-because-opsec-is-hard.html
M16-i3r01Umbreon_2b1863acLinux This strike sends a Umbreon malware sample. Umbreon is a rootkit family that targets Linux systems, including systems running both Intel and ARM processors.2b1863acdc0068ed5d50590cf792df0517b42374795295f776536b86aa571a721b041c38 2b1863acdc0068ed5d50590cf792df05 991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522 http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/
M16-ru101Umbreon_087dd795Linux This strike sends a Umbreon malware sample. Umbreon is a rootkit family that targets Linux systems, including systems running both Intel and ARM processors.087dd79515d37f7ada78ff5793a42b7b66d246e02492821f7e5bbaeb8156ece44c101bbc 087dd79515d37f7ada78ff5793a42b7b c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480 http://securityaffairs.co/wordpress/51003/breaking-news/linux-umbreon-rootkit.html http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/
M16-o9701CTB_Locker_04c48541Windows This strike sends a CTB_Locker malware sample. CTB_Locker known also as Critroni, is a file-encrypting ransomware infection that was released in the middle of 2014 and targets all versions of Windows including Windows XP, Windows Vista, Windows 7, and Windows 8.04c4854164019af75187d68cb7ce6ce398cac5f648c25c15c648e7a8f9d4920a80b4e2be 04c4854164019af75187d68cb7ce6ce3 5b0a97421eabfd7bf8e10fcc752c1d43e5ac41188ab8a5424959d5b82fa67350 https://twitter.com/darienhuss/status/768170167566082052
M16-3sv01Proxy_PowerShell_9419e7cdWindows This strike sends a Proxy_PowerShell malware sample. Proxy_PowerShell is a new Brazilian banking trojan which leverages on the Microsoft’s PowerShell utility. The malware is delivered via a phishing campaign, the malicious messages appear as sent from a mobile carrier. After infection the malware changes the proxy configuration in Internet Explorer to a malicious proxy server that redirects connections to phishing pages for Brazilian banks.9419e7cd60487532313a43559b195cb06fd9fd9d281ac094ba800ca51b0f1dc4e4496635 9419e7cd60487532313a43559b195cb0 c97d0b8131137aa97cf62b18cbdefaccb7d59394dcd28e6c638624082c9c0fb4 https://securelist.com/blog/virus-watch/75831/brazilian-banking-trojans-meet-powershell/ http://securityaffairs.co/wordpress/50441/cyber-crime/powershell-banking-trojan.html
M16-u1701Cerber_1fb18347Windows This strike sends a Cerber malware sample. Cerber is a ransomware-type malware that infiltrates systems and encrypting various file types. After encrypting files, Cerber ransomware changes the desktop wallpaper with one that provides instructions of what to do and how much to pay in order to get your files decrypted.1fb1834770c3200cac9d09263f19c00c34f7b3c5d730f30cb45922f4c7e66369262040e4 1fb1834770c3200cac9d09263f19c00c 26a42036068b25ae72396c08a4101234d6103037c631c153c8c229eaaa54f963 http://www.bleepingcomputer.com/news/security/cerber-ransomware-switches-to-cerber3-extension-for-encrypted-files/
M16-t1d01Zepto_fc21eb0cWindows This strike sends a Zepto malware sample. Zepto is a new version of Locky ransomware.fc21eb0cd58220bbc88377cc30e283780c54d61d4f9f959e52ad3c38bfe152f9999703b7 fc21eb0cd58220bbc88377cc30e28378 bfe580cf1f33ec1c456385fef84ba01ca40a4e81833a8519b5b9b71e967d6444 http://www.bleepingcomputer.com/news/security/locky-now-using-embedded-rsa-key-instead-of-contacting-command-and-control-servers/ https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files
M16-cm201CRYPTEAR_1441b070Windows This strike sends a CRYPTEAR malware sample. CRYPTEAR or FSociety is an EDA2-based ransomware that draws inspiration from the hacker group in the hit TV series, Mr.Robot.1441b0704b07d6e8f798f6684faf0f79a5f0b838f67e0ca575a3d1b27d4a64dec8fac2fc 1441b0704b07d6e8f798f6684faf0f79 5eba311d64e4daa055d1bc2bca220e8128079238f786a516255268a7cb7af2a1 http://blog.trendmicro.com/trendlabs-security-intelligence/new-open-source-ransomwar-based-on-hidden-tear-and-eda2-may-target-businesses/
M16-pnz01POGOTEAR_3a73d29dWindows This strike sends a POGOTEAR malware sample. POGOTEAR is a ransomware that capitalizes on the success of Pokemon Go. It even employs the filename PokemonGo.exe to lure users into thinking that it is a legitimate file.3a73d29d74e0930a508f368dc87ca333aee02b10a74c2fdd257d161fd8e03b37878a803f 3a73d29d74e0930a508f368dc87ca333 73a7ab4dd80364a090bc41971d6ebe95a4451f9bbd8340dc07af4dc86071999c http://blog.trendmicro.com/trendlabs-security-intelligence/new-open-source-ransomwar-based-on-hidden-tear-and-eda2-may-target-businesses/
M16-2tx01Linux_PnScan_6fb6f955Linux This strike sends a Linux_PnScan malware sample. Linux_PnScan is a known ELF worm that is capable of self-spreading and creating a peer-to-peer botnet. It was first spotted in 2015 but it has mutated to new variants nowadays.6fb6f95546d5bdf4db11655249ee52882d3e2ce680de6c13ab3236429efd4bca3bfaa79d 6fb6f95546d5bdf4db11655249ee5288 5685b086ce12ffede8814e303223a67eca476735dfe4e9e84b751354a5ea0232 http://blog.malwaremustdie.org/2016/08/mmd-0054-2016-pnscan-elf-worm-that.html http://securityaffairs.co/wordpress/50607/malware/linux-pnscan-return.html
M16-35n01RAA_32861f92Mixed This strike sends a RAA malware sample. RAA is a ransomware written entirely in JavaScript. This makes it unique to the ransomware families seen so far. There is no need to download any supplementary programs, once it gets executed, it encrypts your data and asks for a ransom.32861f924c33f173282771b37d311de22492429b9b3d18ebdc53443f49af8ae5804ffb81 32861f924c33f173282771b37d311de2 aaa811fa0223825baf0819aea927682fb8c310d0250e4853b87ab88f5aeae24e

Malware Strikes August - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-o5o01Locky_dropper_d2e4984eMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.ayh, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.MSWord.Agent.aau, ESET-NOD32 as VBA/TrojanDownloader.Agent.ASP, BitDefender as W97M.Downloader.AXJ.d2e4984e6ee44a756abfa59f775cc12a674d9b8dc93e0e75ac4561df6ee388c65e2c56e7 d2e4984e6ee44a756abfa59f775cc12a 5ad06eda999a9f2f28c2057ba40bd2f7b6a7cb2e1915104b2724753649e97de5
M16-jg801Dropper_163bcafaMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.bkn, Symantec as Trojan.Mdropper, ESET-NOD32 as VBA/TrojanDropper.Agent.MP.163bcafa5b24717417828e0f002ada5e02ed76ade541c4bab50172b4a041289f7bca892a 163bcafa5b24717417828e0f002ada5e a94c270cf628545811d23971d0870d542c24bceef85c0d25f35bf4daf248dbbb
M16-1ag01Remsec_234e22d3Windows This strike sends a malware sample detected by McAfee as W32/Remsec-APT!234E22D3B7BB, Symantec as Backdoor.Remsec, Kaspersky as HEUR:Trojan.Multi.Remsec.gen, ESET-NOD32 as a variant of Win32/Cremes.C, BitDefender as Gen:Variant.Remsec.1.234e22d3b7bba6c0891de0a19b79d7ea9214239dea04dec5f33fd62602afde720b71d2d2 234e22d3b7bba6c0891de0a19b79d7ea 30a824155603c2e9d8bfd3adab8660e826d7e0681e28e46d102706a03e23e3a8 http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets https://securelist.com/files/2016/07/The-ProjectSauron-APT_research_KL.pdf
M16-fn101Pramro_0612402aWindows This strike sends a malware sample detected by McAfee as Generic.dx!0612402AD98C, Symantec as Trojan.Pramro, Kaspersky as Backdoor.Win32.Small.ljs, ESET-NOD32 as a variant of Win32/Agent.HLU, BitDefender as Generic.Malware.FYdld.A4EB0AFB.0612402ad98c8c31cd6f2b914a419039169492897a667322c3ffcabf96834244a4477ec8 0612402ad98c8c31cd6f2b914a419039 f9b8f7f285f811ee720cce7bccd98a421a26fb90dd7b022118d4b4e1f340036b https://www.sans.org/newsletters/at-risk/xvi/32#popular
M16-q9p01Remsec_2a8785bfWindows This strike sends a malware sample detected by McAfee as RDN/Generic.dx, Symantec as Backdoor.Remsec, Kaspersky as HEUR:Trojan.Multi.Remsec.gen, ESET-NOD32 as a variant of Win64/Cremes.B, BitDefender as Trojan.GenericKD.3452494.2a8785bf45f4f03c10cd929bb0685c2dd18792a187d7567f3f31908c05a8b8a2647d365f 2a8785bf45f4f03c10cd929bb0685c2d 6c8c93069831a1b60279d2b316fd36bffa0d4c407068dbef81b8e2fe8fd8e8cd http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets
M16-spm01Locky_dropper_0e9fb110Mixed This strike sends a malware sample detected by McAfee as Downloader-FBBI!0E9FB110AFAC, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.MSWord.Agent.aat, ESET-NOD32 as VBA/TrojanDropper.Agent.FS, BitDefender as W97M.Downloader.AXL.0e9fb110afac7a053a751673ba58e5d27144b039db52066d3a564afbf609be57ea9c5851 0e9fb110afac7a053a751673ba58e5d2 46cf36241696d4127b5d32cbde63a672d9a037d9d47bd59ae8346d83424b53c9
M16-zjy01IronGate_957581fbWindows This strike sends a malware sample detected by McAfee as Artemis!957581FB38A4, Symantec as Trojan.Seaduke, Kaspersky as Trojan.Win32.IronGate.c, ESET-NOD32 as MSIL/IronGate.A, BitDefender as Trojan.IronGate.A.957581fb38a4e76e84f60e2bb19b94998fb1cafbb8ca65c1b8236a20079c40fb4ffbaa68 957581fb38a4e76e84f60e2bb19b9499 ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html
M16-omv01Crysis_07e2cfb0Windows This strike sends a malware sample detected by McAfee as Ransomware-FHS!07E2CFB040C1, Symantec as Trojan.Gen, Kaspersky as Trojan-Ransom.Win32.Crusis.f, ESET-NOD32 as a variant of Win32/Filecoder.Crysis.D, BitDefender as Gen:Variant.Razy.37560.07e2cfb040c1dafacf0cc836c0968e623495ad284322490e6697239aaff54d4b16db108a 07e2cfb040c1dafacf0cc836c0968e62 2713037a80b99f8e7a9642a6269f54844ac8b0d8a1059718c4ae2763043a8a9a http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/crysis-to-take-over-teslacrypt http://www.eweek.com/security/malware-crysis-new-strain-combines-multiple-threats-platforms.html http://www.welivesecurity.com/2016/06/07/beyond-teslacrypt-crysis-family-lays-claim-parts-territory/
M16-w4a01Dropper_63f96016Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.bkn, Symantec as Trojan.Mdropper, Kaspersky as Trojan-Dropper.MSWord.Agent.nc, ESET-NOD32 as VBA/TrojanDropper.Agent.MO, BitDefender as W97M.Downloader.EBS.63f960169c42435dc2c14d27940823b44d20d71eff9943e2e15444d60c5857aaad6a0826 63f960169c42435dc2c14d27940823b4 53c7c527a0b32fb5cf6595ed38998c8caa9e58479f9d488db42a9b68a43df256
M16-5mt01Locky_dropper_7f94e43bMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.axr, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.MSWord.Agent.aav, ESET-NOD32 as VBA/TrojanDownloader.Agent.ASQ, BitDefender as W97M.Downloader.AUY.7f94e43bb7dc5dad12840550eee86ede8db1833edb8502325384980dcadb76f688e77286 7f94e43bb7dc5dad12840550eee86ede 566878276748089f6e87b20fd18bfab4018d9e33fae6e28cb87ffb43b1b80582
M16-dc001Remsec_6ca97b89Windows This strike sends a malware sample detected by McAfee as W32/Remsec-APT!6CA97B89AF29, Symantec as Backdoor.Remsec, Kaspersky as HEUR:Trojan.Multi.Remsec.gen, ESET-NOD32 as a variant of Win32/Cremes.C, BitDefender as Gen:Variant.Barys.9635.6ca97b89af29d7eff94a3a60fa7efe0a4778011bae38d7e82042397a057196eea8f2acde 6ca97b89af29d7eff94a3a60fa7efe0a a66bfda3d877a216665ebeb4ee3ba5a96d0094fdfd62bc8fe449b326fefc66bf http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets
M16-q8a01CryptXXX_22288a76Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan.Cryptolocker.AN, Kaspersky as Trojan.Win32.Reconyc.fnov, ESET-NOD32 as Win32/Filecoder.CryptProjectXXX.C.22288a76cfa7348ced6db347b2085f18d7ee6eb9d5390b9afbfc50f958dd95f7bb122c1a 22288a76cfa7348ced6db347b2085f18 923de3ca1ccc9bd8e50a77a43d35392febbe80832841d99857c45208c48b7d40 https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
M16-owp01Pramro_cc9e1075Windows This strike sends a malware sample detected by McAfee as Generic.dx!CC9E1075DB06, Symantec as Trojan.Pramro, Kaspersky as Backdoor.Win32.Small.ljt, ESET-NOD32 as a variant of Win32/Pramro.A, BitDefender as Trojan.Crypt.HO.cc9e1075db0645f1032f8c4b4412deba7af622d5309b8721ab08e6403bcce4820c468199 cc9e1075db0645f1032f8c4b4412deba 8897f94710f3ca65af0e52f6e2b76e6319dd5fb0dd6ad0968f8acc0d25ee783a
M16-ir101SFG_564ac87cWindows This strike sends a malware sample detected by McAfee as Generic.acu, Symantec as Trojan.Furtim, Kaspersky as Backdoor.Win32.Furtim.a, ESET-NOD32 as a variant of Win32/Kryptik.EVLY, BitDefender as Trojan.GenericKD.3179484.564ac87ca4114edd6a84a005092f1285638d549a24bb0a28e462c70880bf3f979f137cc6 564ac87ca4114edd6a84a005092f1285 766e49811c0bb7cce217e72e73a6aa866c15de0ba11d7dda3bd7e9ec33ed6963 https://sentinelone.com/blogs/sfg-furtims-parent/ http://thehackernews.com/2016/07/scada-malware-energy.html
M16-cnh01Chthonic_04f75d12Mixed This strike sends a malware sample detected by Symantec as JS.Downloader, Kaspersky as HEUR:Trojan-Downloader.Script.Generic, BitDefender as JS:Trojan.Script.DJM.04f75d12660b13d972ac4c8cbf143de9c53fca1e1fee6f0be377837f258ae671a7604677 04f75d12660b13d972ac4c8cbf143de9 865d2e9cbf5d88ae8b483f0f5e2397449298651381f66c55b7afd4b750eb4da4 https://www.proofpoint.com/uk/threat-insight/post/threat-actors-using-legitimate-paypal-accounts-to-distribute-chthonic-banking-trojan http://securityaffairs.co/wordpress/49891/cyber-crime/paypal-chthonic-trojan.html

Malware Strikes July - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-2xk01Furtim_5f56c549Windows This strike sends a malware sample detected by McAfee as Artemis!5F56C54983E1, Symantec as Trojan.Gen, Kaspersky as Trojan-Downloader.Win32.Carberp.dl, ESET-NOD32 as Win32/TrojanDownloader.Carberp.BR, BitDefender as Trojan.GenericKD.3180694.5f56c54983e1ea1f8e06c29e796bcf252fb404bdcebc7acbeb598f8a2ddbecf48c60b113 5f56c54983e1ea1f8e06c29e796bcf25 4f39d3e70ed1278d5fa83ed9f148ca92383ec662ac34635f7e56cc42eeaee948 http://blog.ensilo.com/furtim-the-ultra-cautious-malware
M16-7na01Locky_5c12d335Windows This strike sends a malware sample detected by McAfee as RDN/Generic.dx, Symantec as Trojan.Cridex, Kaspersky as Trojan-Dropper.Win32.Injector.pfij, ESET-NOD32 as a variant of Win32/Kryptik.FBPA, BitDefender as Trojan.GenericKD.3378950.5c12d33539a20c2056af58618542ad87ae1c43aae014d1df502086761651d28bd1ea308d 5c12d33539a20c2056af58618542ad87 f7b000420530107cf5c7b82dd5df93345ee8d0e1bb82d73c250be250a2f994e6
M16-fdb01FireEye_APT30_002e2793Windows This strike sends a malware sample detected by McAfee as Generic.dx!002E27938C93, Symantec as W32.Lecna.E, Kaspersky as Backdoor.Win32.Lecna.ae, BitDefender as Gen:Trojan.Heur.cu0arfFp4Vcbh.002e27938c9390a942cf4b4c319f1768b836d5d21c605a019936f5da1b78e03a01846ea6 002e27938c9390a942cf4b4c319f1768 cd2d206d320a343bcc26714130c6c1160102afc41edd256f9fc944b7a3de9c36 https://github.com/fireeye/iocs/blob/master/APT30/eeffc8e8-caee-4fe1-8ace-7a994b5d893f.ioc https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html
M16-agb01TorrentLocker_6f51c87fMixed This strike sends a malware sample detected by McAfee as JS/Nemucod.ho, Symantec as JS.Downloader, Kaspersky as Trojan-Downloader.JS.Nemucod.df, ESET-NOD32 as JS/TrojanDownloader.Nemucod.AAP, BitDefender as Generic.JS.DownloaderX.B2EE2392.6f51c87fd86c43c94ca045484c2cd6e52859463748ed383779a2001ee4f2ad979fdc3355 6f51c87fd86c43c94ca045484c2cd6e5 34c28dfbb14ef83aaaf0036edf449545a94c4849c8ff0e15423a66468a58636e https://blogs.mcafee.com/mcafee-labs/torrentlocker-campaign-exploits-spanish-utility-brand/
M16-5ij01Mircop_50eae30fWindows This strike sends a malware sample detected by McAfee as RDN/Generic.mem, Symantec as Trojan.Cryptolocker.AT, Kaspersky as Trojan-Ransom.Win32.Autoit.lb, ESET-NOD32 as Win32/Filecoder.NGX, BitDefender as Trojan.GenericKD.3338259.50eae30fd5bd7a0fbbaf64892bdda0bc5009b0ab4efb7a69b04086945139c808e6ee15e1 50eae30fd5bd7a0fbbaf64892bdda0bc 8db2b2b1831544cb32ca7458a5820f7e722c3fa0d54ac09e1128e913572bcba6 http://blog.trendmicro.com/trendlabs-security-intelligence/instruction-less-ransomware-mircop-channels-guy-fawkes/
M16-g9z01TorrentLocker_3f536096Mixed This strike sends a malware sample detected by McAfee as JS/Nemucod.ih, Symantec as JS.Downloader, ESET-NOD32 as JS/TrojanDownloader.Nemucod.ACJ.3f536096c1fc207c8df74f346baa7bb11f6398e15568f4aa7a5c7d51174d497d010f830e 3f536096c1fc207c8df74f346baa7bb1 1c6dec93e189d5b985e544c31d68d8334e0842c73464b4a19be86b5f643c15dd https://blogs.mcafee.com/mcafee-labs/torrentlocker-campaign-exploits-spanish-utility-brand/
M16-bdn01TorrentLocker_ec11c3a1Windows This strike sends a malware sample detected by McAfee as Generic.ys, Symantec as Trojan.Cryptolocker.H, Kaspersky as Trojan-Ransom.Win32.Agent.irp, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.NSIS.Androm.M.ec11c3a1be57b62e7fbede4b01b7983686e4d0d1f3e789ebed5f224dfa553c39e6c1243d ec11c3a1be57b62e7fbede4b01b79836 3838e4d078bc3d1c9dcb436d03109c1c6f385ff0d8edf03634e42cc08255636c https://blogs.mcafee.com/mcafee-labs/torrentlocker-campaign-exploits-spanish-utility-brand/
M16-1bj01Satana_d236fcc8Windows This strike sends a malware sample detected by McAfee as RDN/Generic.dx, Symantec as Trojan.Cryptolocker.AH, Kaspersky as Trojan-Ransom.Win32.Satan.g, ESET-NOD32 as a variant of Win32/MBRlock.AO, BitDefender as Generic.Malware.FH.DCA4200F.d236fcc8789f94f085137058311e848b808061052c9efc7c7255ffeb92c77b02bbb8cfee d236fcc8789f94f085137058311e848b ee937717efe9a2e076b9497498b628beb0c84a8476bd288105a59c5aeea01f3d https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/ http://securityaffairs.co/wordpress/49134/malware/satana-malware.html
M16-hf701Satana_46bfd4f1Windows This strike sends a malware sample detected by McAfee as Generic.yx, Symantec as Trojan.Cryptolocker.AU, Kaspersky as Trojan-Ransom.Win32.Satan.f, ESET-NOD32 as Win32/MBRlock.AO, BitDefender as Trojan.Generic.17389935.46bfd4f1d581d7c0121d2b19a005d3df5b063298bbd1670b4d39e1baef67f854b8dcba9d 46bfd4f1d581d7c0121d2b19a005d3df 683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96 https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/ http://securityaffairs.co/wordpress/49134/malware/satana-malware.html
M16-wes01Locky_dropper_2e5a6ebbMixed This strike sends a malware sample detected by McAfee as Downloader-FBGD!85B47905B642, Symantec as W97M.Downloader, Kaspersky as Trojan.VBS.Agent.acd, ESET-NOD32 as VBA/TrojanDownloader.Agent.BJG, BitDefender as W97M.Downloader.DSB.2e5a6ebbbe1bd0c4b1ff1f0835265c45d5c325f5c644966e9804ff877b8444fe49bb7dc8 2e5a6ebbbe1bd0c4b1ff1f0835265c45 abd3847d55c82aa66e1fa94d78612e6a1ad09e62e77fe0dda683688512245502
M16-pln01Godless_844ba4a0Android This strike sends a malware sample detected by McAfee as Artemis!844BA4A0564C, Symantec as Android.Umeng, ESET-NOD32 as a variant of Android/Rootnik.AW, BitDefender as Android.Trojan.Rooter.E.844ba4a0564ca7ff99e5c85caa926ad45d2a08d7c1f665ea3affa7f9607601ffae387e8b 844ba4a0564ca7ff99e5c85caa926ad4 096dea384f82253f7ca670c2ef880059eff98038feb351fb85116849a5b92e84 http://blog.trendmicro.com/trendlabs-security-intelligence/godless-mobile-malware-uses-multiple-exploits-root-devices/
M16-b2z01CryptXXX_bfb8f7f6Windows This strike sends a malware sample detected by McAfee as RDN/Generic.dx, Symantec as Trojan.Cryptolocker.AN, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as a variant of Win32/Kryptik.EUSG, BitDefender as Trojan.Bedep.Gen.1.bfb8f7f6cbe24330a310e5c7cbe99ed4cfb97a66c90bff92b5d72eb9e81b2e9d8013b66d bfb8f7f6cbe24330a310e5c7cbe99ed4 a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05 https://trushieldinc.com/cryptxxx-ransomware/
M16-wj701Locky_5d6f8521Windows This strike sends a malware sample detected by McAfee as PWS-FCGM!5D6F8521E10F, Kaspersky as Trojan.Win32.Agentb.bskq, ESET-NOD32 as Win32/Filecoder.Locky.C, BitDefender as Trojan.GenericKD.3350755.5d6f8521e10f2f95d31813b6e9f261a403c4ae0720cb2b4c06da99dda2755ee4758a3c5d 5d6f8521e10f2f95d31813b6e9f261a4 a575172cce9a9b9e7d521958b26ccedb70d0eeb8e22ec2ca4a643f8fe627c571
M16-bvv01Godless_b98988b4Android This strike sends a malware sample detected by McAfee as Artemis!B98988B42F5E, Symantec as Android.Umeng, ESET-NOD32 as Android/Rootnik.AV.b98988b42f5e3ec92a557a1f31df333d7ebdd80761813da708bad3325b098dac9fa6e4f5 b98988b42f5e3ec92a557a1f31df333d 766a234ca74912dffade44f357fbe5006d01b83a389ea49af1560dbc02387d56 http://documents.trendmicro.com/assets/pdf/goddless-mobile-malware-uses-multiple-exploits-to-root-devices.pdf
M16-9vw01Godless_fb04e52cAndroid This strike sends a malware sample detected by McAfee as Artemis!FB04E52C9C93, Symantec as Android.Umeng, ESET-NOD32 as a variant of Android/Rootnik.AV.fb04e52c9c93e65f980876c767d003dc84c444a742b616bc95c58a85c5c483412e327c50 fb04e52c9c93e65f980876c767d003dc 5b6b6b130b5ffcbe545778f18151b6d2e32657aa41f4efb924f01d569dc50ad9 http://documents.trendmicro.com/assets/pdf/goddless-mobile-malware-uses-multiple-exploits-to-root-devices.pdf
M16-t3401Locky_c0fda128Mixed This strike sends a malware sample detected by McAfee as JS/Nemucod.kv, Kaspersky as Trojan-Downloader.JS.Agent.lfs, BitDefender as JS:Trojan.Downloader.Nemucod.AK.c0fda12880c5d7502c49d8d7010e4501f5cf47fa0435076f3c44758c89d50ab61f8dffd2 c0fda12880c5d7502c49d8d7010e4501 068e08f01e117f66f607a27492a500cc7c3ffa91cac76dcebbe97667394a9cde http://securityaffairs.co/wordpress/49094/malware/zepto-ransomware.html
M16-ilp01TorrentLocker_0aba9cacWindows This strike sends a malware sample detected by McAfee as Generic.vl, Symantec as Trojan.Cryptolocker.H, Kaspersky as Backdoor.Win32.Androm.jvrq, ESET-NOD32 as a variant of Win32/Kryptik.EYXI, BitDefender as Trojan.GenericKD.3274489.0aba9cace182e6b5178e1aac59a9bbedfb6a69f68cc8dc3888cbcd8cf2af96a5cd37a0ef 0aba9cace182e6b5178e1aac59a9bbed 5d21d30471962ebcad66a72ce4847066e008f40fe8c13cc58cfd6e4e6e9ab6c0 https://blogs.mcafee.com/mcafee-labs/torrentlocker-campaign-exploits-spanish-utility-brand/

Malware Strikes June - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-gou01BlackEnergy_75793fd7Windows This strike sends a malware sample detected by McAfee as Downloader-FAR!75793FD7C337, Symantec as Suspicious.MH690.A, Kaspersky as Backdoor.Win32.Kbot.bjd, BitDefender as Trojan.Inject.GF.75793fd7c33746dd4d15bc44e8e342537256a2ab9c6918cf33b208d621d791dbad49d529 75793fd7c33746dd4d15bc44e8e34253 4a1332c5d4117ce699477eea8fa4c8c0d97e59588f87c0f61811a8fe36a4a55e http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-1xw01BlackEnergy_f61a11fbWindows This strike sends a malware sample detected by McAfee as FDoS-BEnergy, Symantec as Backdoor.Lancafdo, Kaspersky as Backdoor.Win32.Kbot.brj, ESET-NOD32 as Win32/Agent.NGC, BitDefender as Trojan.Downloader.JIUP.f61a11fb43f17a34cc6a099c73d0cdcfdae5a2805f79b43d6be24117ef8050c8ec1148be f61a11fb43f17a34cc6a099c73d0cdcf 8aaa4827da8513e0057d4be83629e3ec8687c099ee0021abfce70fd0f59179b5 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-yfp01CryptXXX_2bec8785Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan.Cryptolocker.AN, Kaspersky as Trojan-Ransom.Win32.Bitman.abqw, ESET-NOD32 as Win32/Filecoder.CryptProjectXXX.B, BitDefender as Trojan.Generic.16665947.2bec87853aacf31138a8dcf16cb5598ab5a38fc428034ac68c2424d1b4a52933374fe936 2bec87853aacf31138a8dcf16cb5598a bd97a8672ce7045d24829ffc8be712463242ba182326bee29a569e1e767e48c4 http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
M16-hog01BlackEnergy_77333739Windows This strike sends a malware sample detected by McAfee as Downloader-FAR!773337394227, Symantec as Trojan.Gen, Kaspersky as Trojan-Ransom.Win32.PornoAsset.gbx, BitDefender as Trojan.Inject.GF.7733373942272ef21a57dbeb6f10611225fbd95e90cea72fd16189d8ea76f9afc3c23d7e 7733373942272ef21a57dbeb6f106112 f1b42a20886c4749d64327d3b04cd1cf9b26e3c7f4bd6fe5eeb126bf09281b73 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-bdj01BlackEnergy_88789506Windows This strike sends a malware sample detected by Kaspersky as Backdoor.Win32.Kbot.bhk, BitDefender as Trojan.Inject.GF.887895062c616e28479b34f6703d146916a0c7f1d02520e20fa740b218215540bff4f28c 887895062c616e28479b34f6703d1469 051b0ee64b406e2c0894a820e06483f135108ce2fa940a66b6f468762b5db769 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-udz01CryptXXX_84462434Windows This strike sends a malware sample detected by McAfee as Ransomware-FLK!84462434E357, Symantec as Trojan.Cryptolocker.AN, Kaspersky as Trojan-Ransom.Win32.CryptXXX.ali, ESET-NOD32 as a variant of Win32/Kryptik.EZAI, BitDefender as Trojan.GenericKD.3268405.84462434e35745e732bc3678c4343236a02962660b934c0d5b8df4e7fbb12ac5a68c8df8 84462434e35745e732bc3678c4343236 c87a3e7901defac48f531367d45306b7b2df33752b4a37f3744e029898bd1c1c http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
M16-r2101BlackEnergy_374a13c3Windows This strike sends a malware sample detected by McAfee as FDoS-BEnergy, Symantec as Downloader, Kaspersky as Trojan-Downloader.Win32.Small.fyn, ESET-NOD32 as Win32/Agent.NGC, BitDefender as Trojan.Downloader.Agent.YQY.374a13c378c024813b59b799f0536187ae1587ac21fd6a9cc6630b8689243901e0fd7fa8 374a13c378c024813b59b799f0536187 bc7877f47f0efa34809aa801b617101c9d77cc7adbef5ed6a82cefe3ccca04df http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-78501TorrentLocker_7a7850b6Windows This strike sends a malware sample detected by McAfee as Generic.ys, Symantec as Trojan.Gen.SMH, Kaspersky as Trojan-Ransom.NSIS.Onion.qlz, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.GenericKD.3290845.7a7850b6c9f1b0873160e20ba2ed5fdf6ecd0bca7c8c4d358ef16749d7c2a5a4ee934087 7a7850b6c9f1b0873160e20ba2ed5fdf 7e19c20e3e65acb81359a815c1e79bfc527fd60f742bc339c3f33326de0c9c92 http://securityaffairs.co/wordpress/47834/malware/telia-ransomware-campaign.html
M16-40f01TorrentLocker_14dc5bc2Windows This strike sends a malware sample detected by McAfee as RDN/Generic.bfr, Symantec as Trojan.Cryptolocker.H, Kaspersky as Backdoor.Win32.Androm.jwms, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.GenericKD.3292161.14dc5bc2c7c852ec7b834da667ea2f16158f3489ef1068ea72ea4d67432eb0b7a2e754bc 14dc5bc2c7c852ec7b834da667ea2f16 fc0457fa210f093e2469e788c05cee3f0900a6ca2cdecd0a0552dcec4a7d2781 http://securityaffairs.co/wordpress/47834/malware/telia-ransomware-campaign.html
M16-9i501TreasureHunter_6a9348f5Windows This strike sends a malware sample detected by McAfee as Artemis!6A9348F582B2, Symantec as Trojan.Huntpos, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as Win32/Agent.XAS, BitDefender as Gen:Variant.Zusy.160237.6a9348f582b2e121a5d9bff1e8f0935fe03dbcf2d45cf99fbcd9aef453cdeb3a00c59d4c 6a9348f582b2e121a5d9bff1e8f0935f fe5f50fce2f430432a636ef899919505e9477968d8caff7506e888cffed0b5f8 https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
M16-f2001CryptXXX_e40e0ff4Windows This strike sends a malware sample detected by McAfee as Ransomware-FMW!E40E0FF435A5, Symantec as Trojan.Gen.SMH, Kaspersky as Trojan-Ransom.Win32.CryptXXX.bex, ESET-NOD32 as a variant of Win32/Kryptik.EZJQ, BitDefender as Trojan.GenericKD.3295338.e40e0ff435a5b02caaeeed44b439d2995eee6676a7e50710e5cd3b184279689a6111135f e40e0ff435a5b02caaeeed44b439d299 75a927e636c788b7e54893161a643c258fecbbf47d6e7308d3439091aa3ce534 http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
M16-3az01Pisloader_7b24d17eWindows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Backdoor.Psiload, Kaspersky as Trojan-Ransom.Win32.Blocker.hmdv, ESET-NOD32 as a variant of Win32/Roseam.B, BitDefender as Gen:Variant.Symmi.33154.7b24d17e5f29e27b1c17127839be591a1c581a09963109fc526a71adc5cde8e6c89ce615 7b24d17e5f29e27b1c17127839be591a 6852ba95720af64809995e04f4818517ca1bd650bc42ea86d9adfdb018d6b274 http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
M16-yvn01TorrentLocker_c86a3887Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan.Cryptolocker.H, Kaspersky as Trojan-Ransom.NSIS.Onion.pli, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.GenericKD.3240422.c86a3887813d7c084833973c910b02a410f35960a8b8399dd03a30795976222b84505f65 c86a3887813d7c084833973c910b02a4 a96e010f86d38528ff6039c16a36d75feef2471df9b6b3955a1f4c51d82fbf7d http://securityaffairs.co/wordpress/47834/malware/telia-ransomware-campaign.html
M16-9jq01Pisloader_e8d58aa7Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Backdoor.Psiload, Kaspersky as Trojan-Ransom.Win32.Blocker.ihhd, ESET-NOD32 as a variant of Win32/Roseam.B, BitDefender as Gen:Variant.Symmi.33154.e8d58aa76dd97536ac225949a2767e05c6db4ddc514869a41272abba5e10de70b888476a e8d58aa76dd97536ac225949a2767e05 da3261c332e72e4c1641ca0de439af280e064b224d950817a11922a8078b11f1 http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
M16-y1r01TorrentLocker_e3709335Windows This strike sends a malware sample detected by McAfee as RDN/Generic.com, Symantec as Trojan.Cryptolocker.H, Kaspersky as Backdoor.Win32.Androm.jwny, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.GenericKD.3293355.e370933525dc475dce213ca8177439ff95efcc5a0765f7923e4e9eabcd1ba9b1e55235a3 e370933525dc475dce213ca8177439ff 3bceff32e63db27ef483339e86e328c7506e2f2542b81a25e9206dbd29c67b52 http://securityaffairs.co/wordpress/47834/malware/telia-ransomware-campaign.html
M16-mai01TorrentLocker_49f12a7bWindows This strike sends a malware sample detected by McAfee as RDN/Generic.grp, Symantec as Trojan.Cryptolocker.H, Kaspersky as Trojan.Win32.Agent.ijcx, ESET-NOD32 as Win32/Filecoder.TorrentLocker.A, BitDefender as Trojan.GenericKD.3312322.49f12a7b358c7f7cba005610210418aa3b2a6dc3ad4846bb2e642b8063102ce0bba4c039 49f12a7b358c7f7cba005610210418aa aa2a2d55915d08571e7304b2033ed90bc29f1b162da7e2722d4ffabcd6e3477f http://securityaffairs.co/wordpress/47834/malware/telia-ransomware-campaign.html
M16-kaq01BlackEnergy_e90de0d6Windows This strike sends a malware sample detected by McAfee as PWS-FAPU!E90DE0D6D99B, Symantec as Suspicious.Cloud.2, Kaspersky as Packed.Win32.Krap.ae, ESET-NOD32 as Win32/Rootkit.BlackEnergy.AC, BitDefender as Gen:Variant.Zusy.191357.e90de0d6d99bc0e6e5713102a3f0c157449a9a4a505a9d03c606e957e970cd4bf3c08d6e e90de0d6d99bc0e6e5713102a3f0c157 333d83ceb0828e61dc25223249ef8406928aec56c7a4076ee8e99d8afdea75f3 http://www.theregister.co.uk/2016/03/04/ukraine_blackenergy_confirmation/
M16-h4i01AndroidMarcher_c0596e35Android This strike sends a malware sample detected by McAfee as Artemis!C0596E35BD67, Symantec as Android.Fakebank.B, Kaspersky as HEUR:Trojan-Banker.AndroidOS.Marcher.b, ESET-NOD32 as a variant of Android/Spy.Banker.F, BitDefender as Android.Trojan.Marcher.A.c0596e35bd67ccc05c682e7a9c5befa0ac17225c526ecbfeb2e2f248916ff90193ec477b c0596e35bd67ccc05c682e7a9c5befa0 5bf7648743c0ff2207c5653b12f077f9d6a6a013cbcb3e2e2d5d94605b2ba08e https://info.phishlabs.com/blog/android.trojan.marcher-conclusion
M16-5oy01BlackEnergy_d98f4fc6Windows This strike sends a malware sample detected by McAfee as RDN/Generic BackDoor, Symantec as Backdoor.Lancafdo.A, Kaspersky as Backdoor.Win64.Blakken.p, ESET-NOD32 as a variant of Win64/Rootkit.BlackEnergy.B, BitDefender as Trojan.Win64.BlackEnergy.A.d98f4fc6d8bb506b27d37b89f7ce89d0e40f0d402fdcba6dd7467c1366d040b02a44628c d98f4fc6d8bb506b27d37b89f7ce89d0 1ce0dfe1a6663756a32c69f7494ad082d293d32fe656d7908fb445283ab5fa68 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-z3h01BlackEnergy_9fd279d0Windows This strike sends a malware sample detected by McAfee as W32/Worm-FGB!9FD279D056DC, Symantec as Suspicious.Cloud.7.L, Kaspersky as Trojan.Win32.Menti.gena, ESET-NOD32 as Win32/Rootkit.BlackEnergy.AC, BitDefender as Gen:Heur.Conjar.13.9fd279d056dc819bc47767c9c39db977f4375f1c7ef07c17b1548c0459aeae719c9a4b5a 9fd279d056dc819bc47767c9c39db977 49aee5d89debbc6dfdb37c8a158f986654b8c1663f5ee1a1297cdf1009fb163f http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-nxv01CryptXXX_ac78dfe7Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan.Cryptolocker.AN, Kaspersky as Trojan-PSW.Win32.Tepfer.psxiug, ESET-NOD32 as a variant of Win32/Kryptik.EVXC, BitDefender as Trojan.GenericKD.3185268.ac78dfe7f8d91e0e14d88c4ad371826744e8fb0e8cc5ad230f43c48c20f871b10d26f213 ac78dfe7f8d91e0e14d88c4ad3718267 2ffabf5eaa69f9c50f2e0c1a26dd6ccf45de5f3ee2822e9c9cf275fdebc990a9 http://www.bleepingcomputer.com/virus-removal/cryptxxx-ransomware-help-information
M16-lzk01TreasureHunter_ea6248e4Windows This strike sends a malware sample detected by McAfee as RDN/Generic PWS.y, Symantec as Trojan.Gen, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as Win32/Agent.XAS, BitDefender as Gen:Variant.Zusy.160237.ea6248e4ddd080e60e6140ab0f8562e167bd53130d2ebe851489b607b81ca2d2fb0a20f9 ea6248e4ddd080e60e6140ab0f8562e1 7eca8bf6d17891529c74d8fce85471135a203f312ae09fe3d907355c7dea9f59 https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html
M16-ufc01BlackEnergy_1d4c1ca4Windows This strike sends a malware sample detected by McAfee as Downloader.a!b2z, Kaspersky as Backdoor.Win32.Kbot.bhn, BitDefender as Trojan.Generic.7206996.1d4c1ca48f764a2a6636c0211387012e3727fb219a31c6d0690dfcd408eb3d0bc2dd3ac3 1d4c1ca48f764a2a6636c0211387012e f5066fd62fcb79475d67b100d340e93c9532a0d6ef70c1a48074eac6a22a2650 http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy
M16-9fn01Kazy_c889afc5Windows This strike sends a malware sample detected by McAfee as Downloader-BLO, Kaspersky as Trojan-Spy.Win32.Zbot.cnva, ESET-NOD32 as a variant of Win32/Kryptik.AAUK, BitDefender as Gen:Variant.Kazy.46303.c889afc59efb6e8305c49c0addc1d291698e12dc13bcf3f0a8756b4c39e370010bc606c3 c889afc59efb6e8305c49c0addc1d291 44c69579822384106401e10ea8b55e14154c452558b6636a06fd5e4accb9754b
M16-tg401Raa_535494aaMixed This strike sends a malware sample detected by McAfee as JS/RAA-SEP, Symantec as JS.Racryptor, Kaspersky as Trojan.JS.Agent.dhf, ESET-NOD32 as JS/TrojanDropper.Agent.NCS.535494aa6ce3ccef7346b548da5061a92c0b5637701c83b7b2aeabdf3120a89db1dbaad7 535494aa6ce3ccef7346b548da5061a9 edffa07d667dbd224682639f56eb1b913e4ffeac874999e02c23e86eeb6489d5 https://reaqta.com/2016/06/raa-ransomware-delivering-pony/
M16-fs101BlackEnergy_fd0cbe75Windows This strike sends a malware sample detected by McAfee as New Win32.g3-b, Kaspersky as Backdoor.Win32.Kbot.bjs, BitDefender as Trojan.Inject.GF.fd0cbe75e36a44691a71609894cdf1a5c3f9d159eeb95c8a779f57cd8835bdf791cc6a12 fd0cbe75e36a44691a71609894cdf1a5 56d0ded624bf372a741c38550d520895f5ae4c8ec35e5bab76a0aebd3849652d http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/faq-blackenergy

Malware Strikes May - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-2hh01Locky_e4c51f20Windows This strike sends a malware sample detected by McAfee as Ransomware-FJB!E4C51F20D07F, Symantec as Trojan.Cryptolocker.N, Kaspersky as Trojan-Ransom.Win32.Locky.sc, ESET-NOD32 as a variant of Win32/Kryptik.EVWX, BitDefender as Trojan.GenericKD.3184725.e4c51f20d07fc010a425e392d2acae16723f3fc7e0bc16f8d83fa6401d02a0fc29c128d8 e4c51f20d07fc010a425e392d2acae16 e325dcb905b3adaaf5e33ef15a0c488f948dd90eb8577714c97482a3b7ad74bb https://www.fireeye.com/blog/threat-research/2016/05/locky_gets_clever.html?mkt_tok=eyJpIjoiTlRZNVpHTXhOekV6WWpZeCIsInQiOiJzR25cLzBGUG05VXFyMm5hVmxmM0ZcL0M3V1Ywdm5KeklKQkN3aTZ2S0VJVEtZaGh2eXR3ZkhXZmNubHVtM2g4aWJ2cmZnUEE2dUVsZmJ5cmViOWUyMjIwSGl4MWlzWlk5TFZCanZOOTdsaE1RPSJ9
M16-76501CryptXXX_6692774fWindows This strike sends a malware sample detected by McAfee as Artemis!6692774FF45E, Symantec as Trojan.Cryptolocker.AN, Kaspersky as Trojan-Ransom.Win32.CryptXXX.rm, ESET-NOD32 as Win32/Filecoder.CryptProjectXXX.D, BitDefender as Trojan.GenericKD.3237409.6692774ff45ef1926e3ee2e282842fd28aa2b86ab3e6c1f77a40312c8b0206459310ca60 6692774ff45ef1926e3ee2e282842fd2 233ad49ddbc09dcb3d71068fa8b036d18bee59f7248b0162d65b452fb16ff5b1 https://threatpost.com/major-campaigns-spreading-cryptxxx-ransomware-via-exploit-kits/117738/
M16-63s01CryptXXX_b9effb69Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan Horse, Kaspersky as Trojan-Ransom.Win32.CryptXXX.oa, ESET-NOD32 as Win32/Filecoder.CryptProjectXXX.D, BitDefender as Trojan.GenericKD.3228878.b9effb69654705e87482c0ffd8073ade8b2e622c7dc44702040133d34911ab7d61e7c23f b9effb69654705e87482c0ffd8073ade 70904d641a1d5edc0c75014ef1e7f2f0c9fb2d6b3e814e76c8eb6741a81412bf https://threatpost.com/major-campaigns-spreading-cryptxxx-ransomware-via-exploit-kits/117738/
M16-npp01Pwobot_d4176ba7Windows This strike sends a malware sample detected by McAfee as Artemis!D4176BA7E6B6, Symantec as Trojan.Gen, Kaspersky as Trojan.Win32.Agent.neupwk, ESET-NOD32 as a variant of Win32/TrojanDownloader.Agent.CFT, BitDefender as Gen:Heur.Minggy.1.d4176ba7e6b6c03f5d7e50f4d5f899ce5212d7b34fb4cd9e706746e3a31613e07e6037f8 d4176ba7e6b6c03f5d7e50f4d5f899ce 4f81a41ba4117362c7185c0525367aa349cd09b80cd87f85ff84b33d8a77590e http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/
M16-i1i01Bedep_f9c2ce1fWindows This strike sends a malware sample detected by McAfee as Artemis!F9C2CE1F72BB.f9c2ce1f72bb12a29278a015ae7f0946312aa2daa47e9213d72a1b4a5ad80413f4a0d054 f9c2ce1f72bb12a29278a015ae7f0946 a0fe4139133ddb62e6db8608696ecdaf5ea6ca79b5e049371a93a83cbcc8e780 http://malware.dontneedcoffee.com/2016/04/bedepantiVM.html
M16-ir701Pwobot_b519f240Windows This strike sends a malware sample detected by McAfee as Artemis!B519F24092F5, Symantec as Trojan.Phytob, Kaspersky as Trojan.Win32.Reconyc.cnhp, ESET-NOD32 as Python/CoinBot.A, BitDefender as Dropped:Application.BitcoinMiner.CX.b519f24092f54838118072b326341ee6ac727b31b18d7eae3289448ef6b7c9a5903acf74 b519f24092f54838118072b326341ee6 8420e6fc7d01110af96178a2e65ef9afc1396ea0f7f99f108023d31e45f26bfc http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/
M16-i5201Mischa_8a241cfcWindows This strike sends a malware sample detected by McAfee as RDN/Generic.bfr, Symantec as Trojan.Cryptolocker.AP, Kaspersky as Trojan-Ransom.Win32.Mikhail.a, ESET-NOD32 as Win32/Diskcoder.Petya.C, BitDefender as Trojan.GenericKD.3224407.8a241cfcc23dc740e1fadc7f2df3965e1a5faa5637bec9805039a93d6e199bac26fce413 8a241cfcc23dc740e1fadc7f2df3965e d4b6524315d5de727a8af3e4e73e8b28dab27c62fd0a6a7a891460061c2f3d60
M16-80i01Android_Spy277_Origin_74265855Android This strike sends a malware sample detected by McAfee as Artemis!742658557EBA, Kaspersky as HEUR:Trojan.AndroidOS.Iop.ac, ESET-NOD32 as a variant of Android/Iop.BQ, BitDefender as Android.Riskware.Agent.gXZCL.742658557eba17ca3379d7595fa9c71e5601e6c41060afbd6cbbf49944130023e6c27326 742658557eba17ca3379d7595fa9c71e 8770ee76d359df6bc6923f5433614ea266c3de2cf6eb591245cbeae2d1f639a7 http://www.theregister.co.uk/2016/04/26/android_malware_whack_a_mole/
M16-oup01Android_Spy277_Origin_7761fab4Android This strike sends a malware sample detected by McAfee as Artemis!7761FAB4A7D2, Kaspersky as not-a-virus:HEUR:AdWare.AndroidOS.Gibdy.a, BitDefender as Android.Riskware.Gibdy.A.7761fab4a7d2d7caf4e898a78a91a1d9fe8bfc1060c5c4a75a122ac74e673e08a7b9dd36 7761fab4a7d2d7caf4e898a78a91a1d9 cb1a8c29621f2522f39660dc745171d0f4045389e493e2f9269f3c4b10c9068a http://www.theregister.co.uk/2016/04/26/android_malware_whack_a_mole/
M16-wfe01Android_Spy277_Origin_040718deAndroid This strike sends a malware sample detected by McAfee as Artemis!040718DE0F6F, Kaspersky as HEUR:Trojan.AndroidOS.Iop.ac, ESET-NOD32 as a variant of Android/Iop.BQ, BitDefender as Android.Riskware.Agent.gXZCL.040718de0f6f8b2245d921cd9423d1e098cc075d3481e208d835f592049de19680eed439 040718de0f6f8b2245d921cd9423d1e0 c2eff5251908f82c3a288d4f99119d2674cce91a5556ab23470b7ae2b807f114 http://www.theregister.co.uk/2016/04/26/android_malware_whack_a_mole/
M16-fd601Pwobot_d169d086Windows This strike sends a malware sample detected by McAfee as Artemis!D169D0860FAD, Symantec as Trojan.Gen.2, Kaspersky as Trojan.Win32.Reconyc.cnhp, ESET-NOD32 as Python/CoinBot.A, BitDefender as Trojan.Generic.14478193.d169d0860fad8f55d05ceda43b0394701011bfb64bbee16ba435e646fe667be26db6b022 d169d0860fad8f55d05ceda43b039470 7fb48bfbc57dc082cebb73ce3d99031e7408997a0e94418c588ff9055985c789 http://researchcenter.paloaltonetworks.com/2016/04/unit42-python-based-pwobot-targets-european-organizations/

Malware Strikes April - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-6gf01Swifi_5a59b3faMixed This strike sends a malware sample detected by Symantec as Trojan.Swifi, ESET-NOD32 as SWF/Exploit.CVE-2016-1019.A, BitDefender as Script.SWF.CVE-2016-1019.C359.5a59b3fa1dbb5849cec4cc84d386b5d39d7561f5613114431bf906ede4bc1c40208a9e35 5a59b3fa1dbb5849cec4cc84d386b5d3 7f31af42154cfc3609ca8e7b185a43c9a1d9704e6faf56b2928e32d5190592f0
M16-z7e01Kazy_60178572Windows This strike sends a malware sample detected by McAfee as Artemis!601785724D43, Symantec as Trojan.Gen, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as a variant of Win32/RuKometa.F potentially unwanted, BitDefender as Gen:Variant.Kazy.765774.601785724d43561c77744b2a5fde554c071ed3b395e4f22ea1ba32ce505d7f2ca598d0df 601785724d43561c77744b2a5fde554c 06d690d1e315950df2b6cffa6740fc38acb56d5a8aa622f43abc78fa197df8d5
M16-cq001KTN_Remastered_3b4c243bLinux This strike sends a malware sample detected by Kaspersky as HEUR:Backdoor.Linux.Tsunami.bq, ESET-NOD32 as Linux/Remaiten.C, BitDefender as Trojan.Linux.Kaiten.E.3b4c243b2db7de648d16dfcf00c4032e17dcfdcc39b21ad64864a386070cc633e9965c3d 3b4c243b2db7de648d16dfcf00c4032e 6c02a2bb7000e4cdc3a0bb24a2a4f7af9e0e14ada698034c7aebabb518a1c471 http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html
M16-71701AceDeceiver_030bc44aWindows This strike sends a malware sample detected by McAfee as Artemis!030BC44A3CDD, ESET-NOD32 as a variant of Win32/AceDeceiver.A.030bc44a3cddb7e30941bd8ddb2bebf77814504baa132394fb7105c045e29d3dda1639d5 030bc44a3cddb7e30941bd8ddb2bebf7 6fd5af5dd83d51b3af24659e9f829968f450ad7c94aa37401241fde54e05e0c5 http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
M16-uxu01SteamStealer_55999ffbWindows This strike sends a malware sample detected by McAfee as Artemis!55999FFB3813, Symantec as SAPE.Heur.CA237, Kaspersky as Trojan.MSIL.Agent.ablvf, ESET-NOD32 as a variant of MSIL/Kryptik.EAN, BitDefender as Gen:Variant.Barys.2440.55999ffb381371600608ba04a9a3d0c12257df5c417f5e6533f73f4e5cd72d3b71f1f0a5 55999ffb381371600608ba04a9a3d0c1 76a0c5363ea0e0e5f2e5c71648082883dc10f6f91d88a892bc2059a9de087528 https://otx.alienvault.com/pulse/56cebf934637f20c776e0195/
M16-amy01KTN_Remastered_0f8fef51Linux This strike sends a malware sample detected by Symantec as Linux.Routrem, Kaspersky as HEUR:Backdoor.Linux.Tsunami.bq, ESET-NOD32 as Linux/Remaiten.C, BitDefender as Gen:Variant.Backdoor.Linux.Tsunami.1.0f8fef517b504f4a9a5f4dcee5ea22760e5b982c8d55b78582da733d31e8b652c9da9f6e 0f8fef517b504f4a9a5f4dcee5ea2276 1ab6804203d543d006d1acb9c7eb4c23874b16077142db8bf046bc5a5db879b3 http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html
M16-11z01Samsam_a14ea969Windows This strike sends a malware sample detected by McAfee as Ransomware-SAMAS!A14EA969014B, Symantec as Trojan.Ranscrypt.AE!g1, Kaspersky as Trojan-Ransom.MSIL.Samas.f, ESET-NOD32 as MSIL/Filecoder.AR, BitDefender as Gen:Variant.Kazy.782539.a14ea969014b1145382ffcd508d10156ff6aa732320d21697024994944cf66f7c553c9cd a14ea969014b1145382ffcd508d10156 0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac http://blog.talosintel.com/2016/03/samsam-ransomware.html
M16-1ht01OlimpicVision_eb6313b8Windows This strike sends a malware sample detected by McAfee as Artemis!EB6313B8992A, Symantec as Infostealer.Limitail, Kaspersky as Trojan-Ransom.Win32.Blocker.iacq, ESET-NOD32 as a variant of MSIL/Injector.NNW, BitDefender as Trojan.GenericKD.2989359.eb6313b8992afb97ca7a4d12b8cf36c9f71a4a8624551c0a4b3e8e94afb6b84e3ee3259e eb6313b8992afb97ca7a4d12b8cf36c9 520069fd2690229a73f7e1d8949f5735e3263e4de4a1661d3f1dcef343731599 http://securityaffairs.co/wordpress/45445/cyber-crime/olympic-vision-bec.html
M16-h6f01Petya_f636b347Windows This strike sends a malware sample detected by McAfee as Ransom-Petya, Symantec as Trojan.Cryptolocker.AJ, Kaspersky as Trojan-Ransom.Win32.Petr.c, ESET-NOD32 as Win32/Diskcoder.Petya.A, BitDefender as Trojan.GenericKD.3119555.f636b3471c9fda3686735223dbb0b2bd755f2652638f87ab517c608a363c4aefb9dd6a5a f636b3471c9fda3686735223dbb0b2bd e99eccfc1473800ea6e2e730e733c213f18e817c0c6501209f4ee40408f94951 http://betanews.com/2016/03/25/petya-ransomware/
M16-vrb01Petya_a2d6887dWindows This strike sends a malware sample detected by McAfee as Ransom-Petya, Symantec as Trojan.Cryptolocker.AJ, Kaspersky as Trojan-Ransom.Win32.Petr.b, ESET-NOD32 as a variant of Win32/Diskcoder.Petya.A, BitDefender as Trojan.Ransom.Petya.A.a2d6887d8a7b09b86a917a5c61674ab4b0c5fab5d69afcc7fd013fd7aef20660bf0077c2 a2d6887d8a7b09b86a917a5c61674ab4 b521767f67630b74e2272ee953295ef56c8b6428da75afa5bbfb05b72b34c69d http://betanews.com/2016/03/25/petya-ransomware/
M16-qv301Powersniff_7b90942bMixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!7B90942B853C, Symantec as W97M.Downloader, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV, BitDefender as W97M.Downloader.BAE.7b90942b853c1e39814c40accc6d4ccc5690f3a0dbf44c24e8a37bf108af931501882440 7b90942b853c1e39814c40accc6d4ccc f204c10af7cdcc0b57e77b2e521b4b0ac04667ccffce478cb4c3b8b8f18e32a2 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-oj901Clicker_5ccdea9aWindows This strike sends a malware sample detected by McAfee as Artemis!5CCDEA9AF7E4, Symantec as Downloader, Kaspersky as Trojan-Clicker.Win32.VB.itvv, ESET-NOD32 as a variant of Win32/TrojanClicker.VB.OGK, BitDefender as Trojan.Generic.14918637.5ccdea9af7e428a54debcee1f7cc905698ad3f1625116ca78b2bcb714e314303c742d43e 5ccdea9af7e428a54debcee1f7cc9056 31bb983d21c5e49c6b60d5d07828d01d45261c07d9e873377a30e5de6d8cd170
M16-h1m01AceDeceiver_16966a19Windows This strike sends a malware sample detected by McAfee as Artemis!16966A195479, Kaspersky as HEUR:Trojan-Dropper.Win32.AceDeceiver.gen.16966a1954790d385a31d06ed911a2a137ba68300c437f70849c4a265a865a401cc3767b 16966a1954790d385a31d06ed911a2a1 cb31c570a74fd6d1b2b75d6ff79d41f98ab9e8babb5babeacf79ae57bc0259be http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
M16-epv01Powersniff_12dadc25Mixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!12DADC259572, Symantec as W97M.Downloader, Kaspersky as Trojan.MSWord.Agent.cs.12dadc25957270ac3717a9b8afc268b6d9382f4562ab67f65279407f482369366bb10079 12dadc25957270ac3717a9b8afc268b6 1e746ba37c56f7f2422e6e01aa6fde6f019214a1e12475fe54ee5c2cf1b9f083 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-klb01CVE-2016-0034_17411b63Mixed This strike sends a malware sample detected by McAfee as RDN/Generic Exploit, ESET-NOD32 as a variant of Win32/Exploit.CVE-2013-0074.GV, BitDefender as Trojan.GenericKD.3132236.17411b6384e5099174e0863d1a6c2ba08efac5acd7dd993f52353d3db05c361d3440bb98 17411b6384e5099174e0863d1a6c2ba0 acb74c05a1b0f97cc1a45661ea72a67a080b77f8eb9849ca440037a077461f6b
M16-e9j01Powersniff_881fcbf7Mixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!881FCBF71E02, Symantec as W97M.Downloader, Kaspersky as Trojan.MSWord.Agent.cs, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV, BitDefender as W97M.Downloader.BAB.881fcbf71e02d46f90b5e359ac93ca8fba65f229bf9f7ec3cb8cd9dbb8416ae22df518b0 881fcbf71e02d46f90b5e359ac93ca8f a8663becc17e34f85d828f53029ab110f92f635c3dfd94132e5ac87e2f0cdfc3 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-obc01AceDeceiver_e777707bMixed This strike sends a malware sample detected by ESET-NOD32 as iOS/AceDeceiver.A.e777707b967cd2c4a312064397a5ef5c93da7b5307964190095ec16f8389246a58503530 e777707b967cd2c4a312064397a5ef5c 006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5 http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
M16-4vq01Petya_af2379ccWindows This strike sends a malware sample detected by McAfee as Ransom-Petya, Symantec as Trojan.Cryptolocker.AJ, Kaspersky as Trojan-Ransom.Win32.Petr.a, ESET-NOD32 as Win32/Diskcoder.Petya.A, BitDefender as Trojan.Ransom.Petya.C.af2379cc4d607a45ac44d62135fb701539b6d40906c7f7f080e6befa93324dddadcbd9fa af2379cc4d607a45ac44d62135fb7015 26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739 http://betanews.com/2016/03/25/petya-ransomware/
M16-tcv01CVE-2015-8446_b5920eefMixed This strike sends a malware sample detected by McAfee as Exploit-SWF, Symantec as Trojan.Swifi, ESET-NOD32 as SWF/Exploit.ExKit.AQ.b5920eef8a3e193e0fc492c603a30aaf48b7185a5534731726f4618c8f655471ba13be64 b5920eef8a3e193e0fc492c603a30aaf e1dda87eeedf3a71c2d89284b051d65d05b1f4041129b59c276fcc1262a25601
M16-vvr01Powersniff_54e5be14Mixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!54E5BE141A38, Symantec as W97M.Downloader, Kaspersky as Trojan.MSWord.Agent.cs, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV, BitDefender as W97M.Downloader.BCF.54e5be141a385f40505c99212bcb361e1ff3f591e07b2bfc51b3a51b07bc9ed41b11459e 54e5be141a385f40505c99212bcb361e 340f82a198aa510159989058f3f62861de74135666c50060491144b7b3ec5a6f http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-ah101KTN_Remastered_8cc02b90Linux This strike sends a malware sample detected by Symantec as Linux.Routrem, Kaspersky as HEUR:Backdoor.Linux.Tsunami.bq, ESET-NOD32 as Linux/Remaiten.B, BitDefender as Trojan.Linux.Kaiten.D.8cc02b906eb6a5e3021f7ca2f9883f3cb9d8b993943872a19a1d4838570d7dcc9f374c20 8cc02b906eb6a5e3021f7ca2f9883f3c 5a374c131b3e682e56c29605b1344d3369cd3a33239fe48765501fa2e62cbd89 http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html
M16-uwp01Powersniff_727ea9ceMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azu, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bhp, BitDefender as Trojan.Doc.Downloader.KD.727ea9ce8cb583c450a3771cd0fabd237f7f97a72fdb58289d8a432195f0c9697fd7ab3f 727ea9ce8cb583c450a3771cd0fabd23 5d215ef3affe320efe4f5034513697675de40ba8878ca82e80b07ad1b8d61ed8 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-jy001Kazy_b9d517e5Windows This strike sends a malware sample detected by McAfee as Vawtrak-FAZ!B9D517E51D56, Symantec as Infostealer.Corebot, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as Win32/Agent.RCJ, BitDefender as Gen:Variant.Kazy.761930.b9d517e51d56cb48d5eb3d0700ac242a284f921be452954e3cfe7103f107f489c97399fc b9d517e51d56cb48d5eb3d0700ac242a 05af66ad1c029408923bb132ce3682bcc0261f18f34bd8169dfb4d3ec53ee3f2
M16-3cp01KTN_Remastered_b374ae58Linux This strike sends a malware sample detected by Kaspersky as HEUR:Backdoor.Linux.Tsunami.bq, ESET-NOD32 as Linux/Remaiten.C, BitDefender as Trojan.Linux.Kaiten.E.b374ae58ef5d62beea5a4147fa7aff2a35b00e2243157171be6a7d7bc9b32f98805dcd35 b374ae58ef5d62beea5a4147fa7aff2a e68747b8a627f52b9133b5247430d3d858de753dddc0181cbf4fd3f0c7f6a8a0 http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html
M16-y5f01Samsam_e26c6a20Windows This strike sends a malware sample detected by McAfee as Ransomware-SAMAS!E26C6A20139F, Symantec as Trojan.Ranscrypt.AE!g1, Kaspersky as Trojan-Ransom.MSIL.Samas.k, ESET-NOD32 as a variant of MSIL/Filecoder.Samas.A, BitDefender as Gen:Variant.MSILPerseus.19245.e26c6a20139f7a45e94ce0b16e62bd03c6d7c27070a3838e2b6ac7e97e996b0fe6560fe2 e26c6a20139f7a45e94ce0b16e62bd03 89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805 http://blog.talosintel.com/2016/03/samsam-ransomware.html
M16-huk01PowerWare_4564d49eMixed This strike sends a malware sample detected by McAfee as Generic.yf, Symantec as Trojan.Ransomcrypt.J, ESET-NOD32 as PowerShell/Filecoder.F.4564d49eda7a048f301b1f87f9da3c628a26892a7949c6a29d9d620c2ffd4c58921d6736 4564d49eda7a048f301b1f87f9da3c62 02beca974ecc4f871d8d42462ef305ae595fb6906ad764e6e5b6effe5ff05f29 http://securityaffairs.co/wordpress/45707/malware/powerware-ransomware.html
M16-gk601Powersniff_62967bf5Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.bap, Symantec as Downloader, Kaspersky as Trojan-Downloader.MSWord.Agent.abt, BitDefender as W97M.Agent.U.62967bf585eef49f065bac233b506b361ded5a01f4585d7b7c1a3f4739587b0bd57ec579 62967bf585eef49f065bac233b506b36 247511ab6d7d3820b9d345bb899a7827ce62c9dd27c538c75a73f5beba6c6018 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-6sa01Samsam_3e2642aaWindows This strike sends a malware sample detected by McAfee as Ransomware-SAMAS, Symantec as Trojan.Ranscrypt.AE!g1, Kaspersky as HEUR:Trojan.MSIL.Tpyn.gen, ESET-NOD32 as a variant of MSIL/Filecoder.Samas.A, BitDefender as Gen:Variant.MSILPerseus.19245.3e2642aa59753ecbe82514daf2ea4e88ac82585db4e6c30cc66d94b5a4aa94f7ab52acf0 3e2642aa59753ecbe82514daf2ea4e88 979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868 http://blog.talosintel.com/2016/03/samsam-ransomware.html
M16-bvh01Powersniff_9e85fee4Mixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!9E85FEE4DD9F, Symantec as W97M.Downloader, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV, BitDefender as W97M.Downloader.BHY.9e85fee4dd9fbc26878f5c43aee23b0e853beb83895202312e5befe4c0c783fe923f1059 9e85fee4dd9fbc26878f5c43aee23b0e 7e22ea4e06b8fd6698d224ce04b3ef5f00838543cb96fb234e4a8c84bb5fa7b3 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-vnp01Powersniff_c52ec3abMixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!C52EC3ABA54A, Symantec as W97M.Downloader, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV.c52ec3aba54aaf48e144035e83d99938ab41e6c634c601d22183d2bd8a88fa0456a42a30 c52ec3aba54aaf48e144035e83d99938 30cd5d32bc3c046cfc584cb8521f5589c4d86a4241d1a9ae6c8e9172aa58ac73 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-qq101Powersniff_21252241Mixed This strike sends a malware sample detected by McAfee as Downloader-FBCJ!212522417B4C, Symantec as W97M.Downloader, ESET-NOD32 as VBA/TrojanDownloader.Agent.AVV, BitDefender as W97M.Downloader.BAA.212522417b4c4009708c08dd0f62f15c1b277e4104d3a7b865b5ce2a756ea89b61e8f0f0 212522417b4c4009708c08dd0f62f15c 0661c68e6c247cd6f638dbcac7914c826a5feee1013e456af2f1f6fd642f4147 http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
M16-1ee01KTN_Remastered_94455cecLinux This strike sends a malware sample detected by Symantec as Linux.Routrem, Kaspersky as Trojan-Downloader.Linux.Tsunami.a, ESET-NOD32 as Linux/Remaiten.A.94455cec19984b0781faf09947324a69c552edd72495514765f6a8f26aee8a6da2a57992 94455cec19984b0781faf09947324a69 4faef5d04b203d57d169fbbcf4a148576242877399298a97fe6bb7de38b70561 http://securityaffairs.co/wordpress/45820/iot/linux-remaiten-iot-botnet.html

Malware Strikes March - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-j9501W97MAdnel_938edc1fMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY, BitDefender as w97M.Downloader.AYT.938edc1fbe831172b7d51343e2127a01cc3229181a58b332aa841682572583fac295e280 938edc1fbe831172b7d51343e2127a01 d1f2356a98d8c0f9665cb753f9feb01b3425cea40e90bcbf17db4b2de58a3863 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-8fp01Locky_b06d9dd1Windows This strike sends a malware sample detected by McAfee as Ransomware-Locky!B06D9DD17C69, Symantec as Trojan.Cryptolocker.AF, Kaspersky as Trojan-Ransom.Win32.Locky.d, ESET-NOD32 as Win32/Filecoder.Locky.A, BitDefender as Trojan.GenericKD.3048400.b06d9dd17c69ed2ae75d9e40b2631b42b606aaa402bfe4a15ef80165e964d384f25564e4 b06d9dd17c69ed2ae75d9e40b2631b42 bc98c8b22461a2c2631b2feec399208fdc4ecd1cd2229066c2f385caa958daa3 http://securityaffairs.co/wordpress/45273/cyber-crime/locky-ransomware-spam-campaign.html
M16-dur01KeRanger_1d6297e2MacOS This strike sends a malware sample detected by McAfee as OSX/Ransom.KeRanger.b, Symantec as OSX.Keranger, Kaspersky as HEUR:Trojan-Ransom.OSX.KeRanger.a, ESET-NOD32 as OSX/Filecoder.KeRanger.A, BitDefender as Trojan.MAC.KeRangerRansom.A.1d6297e2427f1d00a5b355d6d50809cb5f8ae46ae82e346000f366c3eabdafbec76e99e9 1d6297e2427f1d00a5b355d6d50809cb d1ac55a4e610380f0ab239fcc1c5f5a42722e8ee1554cba8074bbae4a5f6dbe1 http://thehackernews.com/2016/03/mac-os-x-ransomware.html
M16-5ez01Golem_9b18b273Android This strike sends a malware sample detected by McAfee as Artemis!C23DD69DB4C9, ESET-NOD32 as a variant of Win32/FlyStudio potentially unwanted.9b18b273c88ba3df440dee693acc33adc1230cba8a20afc532a50e1e1d8619ff3995b868 9b18b273c88ba3df440dee693acc33ad b060afb80e686f497a36d3218b78f082d4e320068fe6af641eca1300972b964a http://www.infosecurity-magazine.com/news/golem-android-trojan-mobile-apps/
M16-c6901Retefe_ef26c649Windows This strike sends a malware sample detected by McAfee as Ransomware-Locky!EF26C6494B6F, Symantec as Infostealer.Alina, Kaspersky as Trojan.Win32.Agent.ihps, ESET-NOD32 as Win32/Alinaos.H, BitDefender as Gen:Variant.Retefe.16.ef26c6494b6f58fb7a01292c1b60d840812a94e2efee245da285d4c85e2b69904ef25a9f ef26c6494b6f58fb7a01292c1b60d840 bd47e3c5e325cd53154912202656fc74fc52c3d2abe83556e7c4ba7b968abe8b http://countuponsecurity.com/2016/02/29/retefe-banking-trojan/
M16-yyn01Cerber_75260026Windows This strike sends a malware sample detected by McAfee as RDN/Generic.bfr, Symantec as Suspicious.Cloud.9, Kaspersky as Trojan.Win32.SelfDel.buhu, ESET-NOD32 as Win32/Filecoder.Cerber.A, BitDefender as Trojan.GenericKD.3083818.75260026df0ea858b7e6b281184ba183c897c4f374bb2d940a99dd90990e083e61e208c3 75260026df0ea858b7e6b281184ba183 bcdf7a4f4e0eefd55ec0a814b382559c815106cb7820c93e7bb8a8e216e8c78d https://blog.malwarebytes.org/intelligence/2016/03/cerber-ransomware-new-but-mature/
M16-00l01PonyStealer_b7d75c37Windows This strike sends a malware sample detected by McAfee as Fareit-FBK!B7D75C379F75, Symantec as Downloader.Ponik, Kaspersky as Trojan-PSW.Win32.Tepfer.gen, ESET-NOD32 as a variant of Win32/PSW.Agent.NTM, BitDefender as Gen:Variant.Graftor.Elzob.7674.b7d75c379f7566079bd17751828dbeb19910f6598d0846122be22687348943aad7dec435 b7d75c379f7566079bd17751828dbeb1 87a37c3f180452fbd05fec668587c33921e2a6d4ce74676e9ae5cd3483b77777 http://resources.infosecinstitute.com/a-case-study-of-information-stealers-part-i/#article
M16-0wl01W97MAdnel_8c27afe0Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY.8c27afe0de658a2f46232c4af0d18f3bc3e5495d952a5b48e5226e5e4607833b82c799ac 8c27afe0de658a2f46232c4af0d18f3b 11da643b0a40fe9f6d71f8c096be5f18472eb4dab69123465b7937227c0b5a8d http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-jn201Triada_b78d7413Android This strike sends a malware sample detected by McAfee as Artemis!B78D7413F333, Kaspersky as HEUR:Trojan-Dropper.AndroidOS.Gorpo.b, ESET-NOD32 as a variant of Android/Agent.RL, BitDefender as Android.Trojan.Triada.Z.b78d7413f33386fe243b97eae358bd7f70623b14e89ce84825fed4340bf8b793735e9782 b78d7413f33386fe243b97eae358bd7f e2327f8b9ec15a6b115f689c291c8cffeff65b040fffc5d82b2784c6ed18abd6 http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky
M16-lus01W97MAdnel_d7446579Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY.d7446579c41f78d8cf520dfeea17840a5b01ec3025aabaa6b4eb116e7ebafaf33fdfb5bd d7446579c41f78d8cf520dfeea17840a fa803369648084e6cef6f55b537cadf1f394f1a3519a4e17a1b149b80c475bee http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-ie401W97MAdnel_07bc4a94Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as HEUR:Trojan-Downloader.Script.Generic, ESET-NOD32 as VBA/TrojanDropper.Agent.FY, BitDefender as w97M.Downloader.AYT.07bc4a941ec01e15ce67604f90ada1e32d5426605bce35872cd9d2026e07b5d8d90d9ed7 07bc4a941ec01e15ce67604f90ada1e3 8dc40958ddcebe5fd8a167625b56810209c972c3152ec31c618bb445bcb95f09 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-5qa01W97MAdnel_a1a65d7fMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azh, Symantec as W97M.Downloader, Kaspersky as Trojan.MSWord.Agent.cq, ESET-NOD32 as VBA/TrojanDownloader.Agent.AUO, BitDefender as w97M.Downloader.AYQ.a1a65d7f21eabd585c89dd7ee5b5527d0bd222bc25691660dc6cd1dd89a2d5ca4e7678ca a1a65d7f21eabd585c89dd7ee5b5527d 1303bf3b98ce888f0944785f83b7ce54438b385246ec7cd5b5ad512f6fc9fbac http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-4tn01FighterPOS_dec45e9cWindows This strike sends a malware sample detected by Symantec as Infostealer.Fightpos, BitDefender as Trojan.GenericKD.2298316.dec45e9ccfc7229e666a7de8b90990306dff70d44766a9f536431f690335d9eef10354c0 dec45e9ccfc7229e666a7de8b9099030 95b0cdf25bb8ce942f1493ccb69e84322bfb5e2b8196a117c577bf77bc4840fd http://securityaffairs.co/wordpress/44886/cyber-crime/fighterpos-pos-malware.html
M16-osh01LinuxEkom_c9e0e5e2Linux This strike sends a malware sample detected by McAfee as Linux/Mokes, Symantec as Linux.Mokes, Kaspersky as Backdoor.Linux.Mokes.a, ESET-NOD32 as Linux/Mokes.A, BitDefender as Backdoor.Linux.Agent.X.c9e0e5e2aeaecb232120e8573e97a6b83790284950a986bc28c76b5534bfe9cea1dd78b0 c9e0e5e2aeaecb232120e8573e97a6b8 d7d1257a8a7dc21eb82715b70c6f4177f515963aec4bd1bdecdf1cd164fcd5ef http://www.technewsworld.com/story/83020.html
M16-khe01Ransom_3f11c832Windows This strike sends a malware sample detected by McAfee as RDN/Ransom, Symantec as Trojan.Randsom.A, Kaspersky as Trojan-Ransom.Win32.Cryptodef.yom, ESET-NOD32 as a variant of Win32/Kryptik.DWDZ, BitDefender as Trojan.Ransom.AKU.3f11c83279dc94462ee5eb7759d2b8adbc1019503e7857ff61f850f1f923e9cc6ef9f58a 3f11c83279dc94462ee5eb7759d2b8ad 885704e0c2640f7e9535571cdbe3875e6b98bf240dc2ea54564b66a4055e3adb
M16-ebw01W97MAdnel_85d679c6Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY.85d679c698199c75df4de812b138d7ef1caa7f1901c82bf16446eae5739fd24114f02676 85d679c698199c75df4de812b138d7ef 7ddd0ffbb16da85c3faca94256dd54799e46839dffbb5a4704dacbdd0be18b09 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-dys01Fysbis_364ff454Linux This strike sends a malware sample detected by McAfee as Linux/Fysbis, Symantec as Backdoor.Trojan, Kaspersky as Backdoor.Linux.Fysbis.a, ESET-NOD32 as Linux/Fysbis.A, BitDefender as Backdoor.Linux.Fysbis.A.364ff454dcf00420cff13a57bcb784679444d2b29c6401bc7c2d14f071b11ec9014ae040 364ff454dcf00420cff13a57bcb78467 8bca0031f3b691421cb15f9c6e71ce193355d2d8cf2b190438b6962761d0c6bb http://securityaffairs.co/wordpress/44551/hacking/pawn-storm-linux-fysbis-trojan.html
M16-opc01Triada_d2a2b82fAndroid This strike sends a malware sample detected by McAfee as Artemis!872ED96CE683, Kaspersky as not-a-virus:HEUR:AdWare.AndroidOS.Drosel.e, ESET-NOD32 as a variant of Android/Secapk.F potentially unsafe, BitDefender as Android.Trojan.Triada.Z.d2a2b82fcafb3c1fd30c56396465ad1b3e9f812cbd1ed5616921ca4e63081f5351603cae d2a2b82fcafb3c1fd30c56396465ad1b b2a721e461f784b0e5a217b3b871cab780dd0b4a2c4cc0c51b3846969a9eafd8 http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky
M16-sd101KeRanger_24a8f01cMacOS This strike sends a malware sample detected by McAfee as OSX/Ransom.KeRanger.b, Symantec as OSX.Keranger, Kaspersky as HEUR:Trojan-Ransom.OSX.KeRanger.a, ESET-NOD32 as OSX/Filecoder.KeRanger.A, BitDefender as Trojan.MAC.KeRangerRansom.A.24a8f01cfdc4228b4fc9bb87fedf6eb7e2f6d5912565ad3a2c9b3393cf7aff0110738f5c 24a8f01cfdc4228b4fc9bb87fedf6eb7 d7d765b1ddd235a57a2d13bd065f293a7469594c7e13ea7700e55501206a09b5 http://thehackernews.com/2016/03/mac-os-x-ransomware.html
M16-mk301W97MAdnel_9261f7b4Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY, BitDefender as Trojan.Agent.BRIB.9261f7b4f1f977b84e8fb51173b02b60e28f5eefa54e3cebc7182b21ec59cf3a295d1224 9261f7b4f1f977b84e8fb51173b02b60 d86e0598c08d86fdcadea52b5da4d2ee8531c801884b83108bdaca42eaeb60b3 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-j4001XML_W2KM_DLOADER_77739ab6Windows This strike sends a malware sample detected by McAfee as W97M/Downloader.aeh, Symantec as Downloader, Kaspersky as Trojan-Downloader.MSWord.Agent.fh, ESET-NOD32 as W97M/TrojanDownloader.Agent.NES, BitDefender as W97M.Downloader.HS.77739ab6c20e9dfbeffa3e2e6960e1567fd78e9a3a47f12386acd0d04f76000ef72442d1 77739ab6c20e9dfbeffa3e2e6960e156 583c668dce73021aae44daab0788fc8ae5fecefab0989ab45ee60bba00465943 https://isc.sans.edu/forums/diary/XML+A+New+Vector+For+An+Old+Trick/19423/
M16-fdj01DOTdo_46ac4aa6Windows This strike sends a malware sample detected by McAfee as Artemis!46AC4AA695EC, Symantec as Trojan.Gen.2, Kaspersky as not-a-virus:AdWare.MSIL.Agent.fq, BitDefender as Dropped:Adware.Generic.1043327.46ac4aa695ec244aeb3b2994dce0a9c0168a52e33909047bd5d5f3e4937fe0694b775613 46ac4aa695ec244aeb3b2994dce0a9c0 5e7b2143fe1571dad1d3af1dbd87e380336ccd14fc83238e445563fbd91bfd3e https://blog.malwarebytes.org/intelligence/2016/03/adware-pup-dotdo-fastinternet-blocks-security-related-domains/
M16-0mv01Triada_ebca0906Android This strike sends a malware sample detected by McAfee as Artemis!EBCA0906E7FA, Kaspersky as Backdoor.AndroidOS.Triada.san, ESET-NOD32 as a variant of Android/Agent.PI.ebca0906e7fa7a9c89b0ce748eda56512bc87579267d1c43b908c01a4687e6d24445d6f3 ebca0906e7fa7a9c89b0ce748eda5651 ca7eb78abc0b25384ace77dcf644888ef7f0f26c1e35931c0d880608a34cd420 http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky
M16-95p01Parite_8a48fa5aWindows This strike sends a malware sample detected by McAfee as W32/Pate.b, Symantec as W32.Pinfi.B, Kaspersky as Virus.Win32.Parite.b, ESET-NOD32 as Win32/Parite.B, BitDefender as Win32.Parite.B.8a48fa5a5233d362ffb1e0a0eb4690110b4beea0bb2c84224daebc718d2e344311ce0136 8a48fa5a5233d362ffb1e0a0eb469011 5f4282c87da3b875dd2a27eaa76753d112be137845aa1480e4bc122763ae6d6e https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Virus%3AWin32%2FParite.B
M16-mz201W97MAdnel_e722cde5Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azh, Symantec as W97M.Downloader, Kaspersky as Trojan.MSWord.Agent.cq, ESET-NOD32 as VBA/TrojanDownloader.Agent.AUO, BitDefender as w97M.Downloader.AYQ.e722cde5555e1a74cf6bd83358d79b48ae03c9eafdb3fe39cdbb923323a9377ab664e5d0 e722cde5555e1a74cf6bd83358d79b48 d5d7809511c342dc0070da96145f2b6f685c36176715718870443e62f6966902 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-04t01DOTdo_b8c773ebWindows This strike sends a malware sample detected by McAfee as Artemis!B8C773EB87A0, Symantec as Trojan.Gen, Kaspersky as not-a-virus:AdWare.NSIS.Agent.fy, ESET-NOD32 as Win32/Adware.Dotdo.A, BitDefender as Adware.Agent.PVB.b8c773eb87a0e41fc08ac983d38eaae0fe8b5cd09d1afc366b4f9b898ac3be8e58cfc52d b8c773eb87a0e41fc08ac983d38eaae0 8e993979934e0d2150a75186ec3512a241d66ed70d78204fa25b891d7656d9b1 https://blog.malwarebytes.org/intelligence/2016/03/adware-pup-dotdo-fastinternet-blocks-security-related-domains/
M16-erg01Retefe_d6988e27Windows This strike sends a malware sample detected by McAfee as Artemis!D6988E271277, Symantec as Trojan.Zbot, Kaspersky as Trojan-PSW.Win32.Tepfer.rqgy, ESET-NOD32 as a variant of Win32/Injector.AQMO, BitDefender as Gen:Variant.Retefe.16.d6988e2712772a9df93e7344d05c23a048f57c49926e49b38702ccd44edbcd2a3fa70552 d6988e2712772a9df93e7344d05c23a0 1732ed24c05018031b26609d8f83d0f6a1a5d30146b3ec17043f8013434fd6d4 http://countuponsecurity.com/2016/02/29/retefe-banking-trojan/
M16-jgk01W97MAdnel_654941efMixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Symantec as W97M.Downloader, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY.654941efd3cef663a262365ff3eb5c6247f73f57195d466d823a20abfa041574c88c47dd 654941efd3cef663a262365ff3eb5c62 4383d803daecc6550ea9ddb0b9fb361d8672003356869d0af482f94926cfbf3f http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-90e01W97MAdnel_4e020ab7Mixed This strike sends a malware sample detected by McAfee as W97M/Downloader.azc, Kaspersky as Trojan-Downloader.VBS.Agent.bgx, ESET-NOD32 as VBA/TrojanDropper.Agent.FY.4e020ab7b72707c4391d3070ee1c668be322f7736021128c612308d77dc01ccb9c757496 4e020ab7b72707c4391d3070ee1c668b 131f5616b684a31f44071e3a86a48a715dd8f8301f332dc88eff552b8f9af9a1 http://blog.cyren.com/articles/new-tricks-of-macro-malware.html
M16-vyg01Triada_ae45cbd2Android This strike sends a malware sample detected by Kaspersky as HEUR:Trojan.AndroidOS.Triada.b, ESET-NOD32 as a variant of Android/Triada.C, BitDefender as Android.Trojan.Triada.P.ae45cbd2d15291f2768c40e7681074d7f7eb2e1a22c2c24ffc03f7c8eeeb06d4bb5f60fd ae45cbd2d15291f2768c40e7681074d7 3a58ad806c33a652528adf02ce400ec502fd57b5df943a4808ee06927adae611 http://www.securityweek.com/triada-trojan-most-advanced-mobile-malware-yet-kaspersky

Malware Strikes February - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-sa101Mazar_6ffdf6c2Mixed This strike sends a malware sample detected by McAfee as Artemis!6FFDF6C299DA, Symantec as Android.Bankosy, Kaspersky as HEUR:Trojan-Banker.AndroidOS.Acecard.b, ESET-NOD32 as a variant of Android/Torec.C, BitDefender as Android.Trojan.SLocker.A.6ffdf6c299da248d6cc90019244804cd1cd604df6659fef63abb8adfbcaf618cfba8d10e 6ffdf6c299da248d6cc90019244804cd ac256d630594fd4335a8351b6a476af86abef72c0342df4f47f4ae0f382543ba
M16-gj401Teslacrypt_3e7dfd73Mixed This strike sends a malware sample detected by McAfee as GenericR-FGY!3E7DFD731BA3, Kaspersky as Trojan.Win32.Yakes.nqut, ESET-NOD32 as Win32/Filecoder.EM, BitDefender as Trojan.Downloader.JSMJ.3e7dfd731ba3543dbd1ef4342ef07082be9428793d698bb7f88502f230716019ad3fe321 3e7dfd731ba3543dbd1ef4342ef07082 e4b17cdda8ebec29dfc4e1a1f4658b2c0d552152ea5993bbfe398693945837ee
M16-x4r01Locky_b39091b1Mixed This strike sends a malware sample detected by McAfee as RDN/Generic.tfr, Symantec as Trojan.Cryptolocker.AF, Kaspersky as Trojan-Ransom.Win32.Locky.ai, ESET-NOD32 as a variant of Win32/Kryptik.EOGW, BitDefender as Trojan.GenericKD.3050521.b39091b1ae870525b7c26e4c8b4658af0929bff19771c253ea7f8f3f7d6f1e98804e2845 b39091b1ae870525b7c26e4c8b4658af 7d69f3934be22a9bdcf0e20059d6c0a851218abe9aa07b83795c54e696be6142
M16-64k01Adwind_1a0d7059Mixed This strike sends a malware sample detected by McAfee as Adwind.c!jar, Symantec as Backdoor.Adwind!g1, Kaspersky as Trojan.Java.Adwind.bj, ESET-NOD32 as a variant of Generik.GUCQPAZ.1a0d705973ba43f23ea157328c4e4417d51b8a70a518c722a198919bfc0114ad1325412e 1a0d705973ba43f23ea157328c4e4417 5c781d74dab06c30e8212a9e6f2c0ae0e78e72495b7eb4d0a1119374d66be3a4
M16-k1n01Dridex_e26b9c7aMixed This strike sends a malware sample detected by McAfee as RDN/Generic.bfr, Symantec as Suspicious.Cloud.7.L, Kaspersky as Backdoor.Win32.Cridex.ay, ESET-NOD32 as a variant of Win32/Injector.CQVR, BitDefender as Gen:Variant.Zusy.178413.e26b9c7ace5a59ad3882ae13fba0cbf5b824e3d3d3ef535b075ff0fbae02d2aedc7f2355 e26b9c7ace5a59ad3882ae13fba0cbf5 d15d1bf6982959840298a4f11f1c1433a2a370140e9ff41dd8ed82a060e4b38d
M16-6j001Locky_b866d30dMixed This strike sends a malware sample detected by McAfee as Artemis!B866D30D3FBB, Kaspersky as Trojan.Win32.Reconyc.ffje, ESET-NOD32 as a variant of Win32/Kryptik.DKHB, BitDefender as Trojan.GenericKD.3046471.b866d30d3fbbb037926570bd02241f27e69d0d3ff8862348dce16210dcc0511494e306fd b866d30d3fbbb037926570bd02241f27 f56655bfbd1be9eab245dc283b7c71991881a845f3caf8fb930f7baabae51059
M16-ib801Poweliks_ea533a18Mixed This strike sends a malware sample detected by McAfee as GenericR-EHJ!EA533A189816, Symantec as Trojan.Poweliks, Kaspersky as Trojan.Win32.Yakes.lkzj, ESET-NOD32 as a variant of Win32/Kryptik.DTRW, BitDefender as Gen:Variant.Kazy.763737.ea533a189816c06d8360755b3e93e325def2e16a8a842d66a9fb3bf94d517d78e4ae7d9c ea533a189816c06d8360755b3e93e325 9527697e0d0601a69ea48be3ce33b7158dc74a5dc79338f137d39cea436a5844
M16-1ae01Kasidet_ff995fadMixed This strike sends a malware sample detected by McAfee as RDN/Generic BackDoor, Symantec as Trojan.Kasidet, Kaspersky as Backdoor.Win32.Kasidet.bol, ESET-NOD32 as a variant of Win32/Kasidet.AB, BitDefender as Gen:Variant.Zusy.161815.ff995fad9a4cd212c6b101a8ed679392ab05d883d35614f13aa7b1cc16ba66522478e833 ff995fad9a4cd212c6b101a8ed679392 1c48588f3828266a6ebbd09c84ab5c92ece9bceaf75076e9bb3d9bb6dd1f8062
M16-2jp01Kovter_9c4b110aMixed This strike sends a malware sample detected by McAfee as Ransom-Tescrypt!9C4B110A046D, Symantec as Trojan.Gen, Kaspersky as HEUR:Trojan.Win32.Generic, ESET-NOD32 as Win32/Kovter.D, BitDefender as Gen:Variant.Kazy.786430.9c4b110a046dab5c6c23a37af072901e8253b00dd86de51a3e4d8519e96d21f741508fc0 9c4b110a046dab5c6c23a37af072901e 32c86bde93ff6129963a565879dfd2ac261d67759cc3e77f570c8a8f20e10c7e
M16-hm401Poweliks_ccbe720fMixed This strike sends a malware sample detected by Kaspersky as Trojan.Win32.Inject.verp, ESET-NOD32 as Win32/Kovter.C, BitDefender as Trojan.Poweliks.Y.ccbe720fba8f65a8c02136eb7a2bd87fde077e913d45bc05327a2f7e56aaa180949fe37b ccbe720fba8f65a8c02136eb7a2bd87f a38787d406d7dd28f9d590658a9e3c4fa92dba32e6afba07859477272454281b
M16-mfk01KillDisk_8377ba98Mixed This strike sends a malware sample detected by McAfee as Artemis!8377BA980752, Symantec as Trojan.Gen, BitDefender as Backdoor.Generic.589843.8377ba980752dfe947fcd2540af589004e124a88fba4766015750ecefc75ce8e2de92752 8377ba980752dfe947fcd2540af58900 8241ccf3d9ba5ba009b5ddd6a6ffaf759c45291978ec629f50d5b19e291984be
M16-zka01Andromeda_2d2ae1c8Mixed This strike sends a malware sample detected by McAfee as RDN/Generic.dx, Symantec as Backdoor.Trojan, Kaspersky as Backdoor.Win32.Androm.jdlq, ESET-NOD32 as Win32/TrojanDownloader.Wauchos.BD, BitDefender as Gen:Variant.Razy.15438.2d2ae1c8d3859315d6fa66c6891d5a8f1a2e64b24f37964dfe7326468ceb5832af6443d4 2d2ae1c8d3859315d6fa66c6891d5a8f f51e75146be46bcf338d35e6184a2e557719e29b184886b2e561eafa3fd46158
M16-lod01BlackEnergy_bcaf0572Mixed This strike sends a malware sample detected by McAfee as FDoS-BEnergy, Kaspersky as DoS.Win32.BlackEnergy.a, ESET-NOD32 as Win32/Agent.NGC, BitDefender as Virtool.DDos.A.bcaf057246793086e9911dd2b7762e437023d07c7292c339cb0a45b8efb195dbd0b5a676 bcaf057246793086e9911dd2b7762e43 61bea31d3587359636bc2d4c889740075df6d617e9f62df2e811707238f8856c
M16-brq01DMA_Locker_4190df2aMixed This strike sends a malware sample detected by McAfee as RDN/Generic.grp, Symantec as Trojan.Ransomcrypt.AA, Kaspersky as Trojan-Ransom.Win32.Blocker.iamg, ESET-NOD32 as a variant of Win32/Filecoder.DMALocker.B, BitDefender as Gen:Variant.Zusy.176978.4190df2af81ece296c465e245fc0caea2928889b268f8dfde9db94d54de39e217c4cc337 4190df2af81ece296c465e245fc0caea 8abca2cf6e2672ca406b5bdb150b14c345866281b670ae1389cc5cbeac55c8e6
M16-8xt01Kovter_cb0cedf9Mixed This strike sends a malware sample detected by McAfee as Trojan-FHUE!CB0CEDF962A2, Symantec as SAPE.Heur.A8317, Kaspersky as Trojan.Win32.Kovter.ddu, ESET-NOD32 as Win32/Kovter.D, BitDefender as Gen:Variant.Symmi.60460.cb0cedf962a23eb570bee0aade034bd533f10cc6a50bcd262404235fb03807e58a20a398 cb0cedf962a23eb570bee0aade034bd5 a8d774efb293a9d85852b3d675b2947d8c55f4332d524a2b2d644f6538a3dcbd
M16-pvz01Teslacrypt3_1680835aMixed This strike sends a malware sample detected by Symantec as Suspicious.Cloud.2, Kaspersky as UDS:DangerousObject.Multi.Generic.1680835ab6998271127b9d172cf1c6916bd73edbb89d5689fa4f721b6817fa7525daa17e 1680835ab6998271127b9d172cf1c691 324bededd0b4af8af283d345f3f5b48b6f85dc43754015322c5b2f91769f94b8

Malware Strikes January - 2016

Back to top
Strike ID Malware Platform Info MD5 External References
M16-frx01Artemis!B32EC9C68BACMixed This strike sends a malware sample detected by McAfee as 'Artemis!B32EC9C68BAC', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.b32ec9c68bac0612c8f6dcd3ad67b284453ae0c57868a9d6d766eea05927c41b3ac78ec6 b32ec9c68bac0612c8f6dcd3ad67b284 ce6141345075a84645f03a79ed53a3f9b624d9e5d0130e81fc5c11e53e7cf279
M16-52e01Artemis!ED7BDAB1E522Mixed This strike sends a malware sample detected by McAfee as 'Artemis!ED7BDAB1E522', Kaspersky as 'not-a-virus:Downloader.Win32.LMN.agz', Symantec as 'Trojan.Gen.2', BitDefender as 'Trojan.GenericKD.2203820'.ed7bdab1e52286f23be10043d88e3fd8cce28a0d6da2bdf2c8e6f3f170411e6c3a4ed620 ed7bdab1e52286f23be10043d88e3fd8 37718e94bde4f4ca15199ca4b3fa32bfab95d8972ac580e2ab7d10544790664a
M16-1rp01Artemis!1B0D3A6C6B46Mixed This strike sends a malware sample detected by McAfee as 'Artemis!1B0D3A6C6B46', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Adware.Graftor.173198'.1b0d3a6c6b46fad1448030433b01e4740a2131e6287aeeeb5c73f702442ffb5a84766c60 1b0d3a6c6b46fad1448030433b01e474 28c858bc544ec1368060a2ed6bc44eb4877e33c480fb917cfd6bba21912908b6
M16-4wb01APPL/Downloader.Gen-3949b234Mixed This strike sends a APPL/Downloader.Gen malware sample.3949b23410c05cf6d3824bc12654824155dfbae30d8d276e7188988453b91dc5096edf75 3949b23410c05cf6d3824bc126548241 a55a36c920529c36dda9e8c8602b7defaeb5d18b46d018493a28d025254ecc48
M16-7k801Artemis!580EAB24EB79Mixed This strike sends a malware sample detected by McAfee as 'Artemis!580EAB24EB79', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Graftor.175228'.580eab24eb79c5b5a2f1991e1f0999f517c3558efaa21d285bfd7a0262cfcc90b344ab7e 580eab24eb79c5b5a2f1991e1f0999f5 039d89eb25f4ba10072670615bf0dbe58455bdb399f67749b5af182995f68645
M16-qnq01WS.Reputation.1-da6f24b5Mixed This strike sends a malware sample detected by Symantec as 'WS.Reputation.1'.da6f24b529a2f4a2020f83432b491643a1b6d149851b599466b87a38128b6a1175c96792 da6f24b529a2f4a2020f83432b491643 f1dd9e4abac85e5161d51cf5808d79459d0142ea08487824c444f8382bd1b436
M16-nj501Artemis!CC842504CBB0Mixed This strike sends a malware sample detected by McAfee as 'Artemis!CC842504CBB0', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'Trojan.Gen.2', BitDefender as 'Adware.Agent.PHZ'.cc842504cbb09596cde7b3a0a8ca0e42329925c747911048f46077d77b3198af5a44ee94 cc842504cbb09596cde7b3a0a8ca0e42 82bd4a079a80ca40fb10647c98158d10e92aba0e42daea9659e9ee532ae36983
M16-b4101Artemis!6C302CD83FAFMixed This strike sends a malware sample detected by McAfee as 'Artemis!6C302CD83FAF', BitDefender as 'Gen:Variant.Mikey.10582'.6c302cd83faf21741cdcb507bae1c44b1bd3566809f809f08105a3379da18aa90d629d0c 6c302cd83faf21741cdcb507bae1c44b b15b79425324beec242196b7c7bea3d0c7c75da767804d814f126ef8327b630d
M16-4yf01WS.Reputation.1-c12f86e3Mixed This strike sends a malware sample detected by Symantec as 'WS.Reputation.1'.c12f86e35af39133d1f8d6deb10948da07e90a50b6df47930d12b5a7cb311b924f558695 c12f86e35af39133d1f8d6deb10948da 6f33febef2b8209d68704a83288cade1ae3ffb68d1f7dc9aef6a921567852ce5
M16-l4001Artemis!553A78A91A0BMixed This strike sends a malware sample detected by McAfee as 'Artemis!553A78A91A0B'.553a78a91a0b2a8d0caf76a5778abd610cec54e8d08513e0ba159993080525b83b079e9c 553a78a91a0b2a8d0caf76a5778abd61 98a46cc308e6521afe693422a8f2119a41cb6a8dee179407c6ff90d07beb48ba
M16-y7o01SearchProtect-154d7f4dMixed This strike sends a malware sample detected by Kaspersky as 'not-a-virus:WebToolbar.Win32.Agent.azm', Symantec as 'SearchProtect', BitDefender as 'Trojan.Generic.11798784'.154d7f4d7122d195a7c558746357e3fa8eeea0baff588ce7767c1aeb585c3cec2c91a2c1 154d7f4d7122d195a7c558746357e3fa 98271dae8c29723f0977911113b23c9e23210124aa4dab46e2de41b4616a8104
M16-0oz01Artemis!4F62D0493D5CMixed This strike sends a malware sample detected by McAfee as 'Artemis!4F62D0493D5C', Kaspersky as 'not-a-virus:AdWare.Win32.Agent.hchs', BitDefender as 'Trojan.GenericKD.2229691'.4f62d0493d5c17a8c6c00f4a110a22af05789dc83a1dacfe710fd2234555d412baba532a 4f62d0493d5c17a8c6c00f4a110a22af 407f48d296b5160e7b57c8e3a058712f2fa60baae65ecb66bcc1cd3765f8d7a2
M16-48d01GenericR-DAL!ABB8DC4F946EMixed This strike sends a malware sample detected by McAfee as 'GenericR-DAL!ABB8DC4F946E', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.abb8dc4f946eb4333443c411dcb0e28bbc93f454bc3b42ee448a9bc18ec6de646a5d5591 abb8dc4f946eb4333443c411dcb0e28b fed4e8355cd331015c46c65f3f4af7b25031bf958e1b6dfea3db7bc9e8642218
M16-lhi01Artemis!9C597D9C5355Mixed This strike sends a malware sample detected by McAfee as 'Artemis!9C597D9C5355', Kaspersky as 'not-a-virus:RiskTool.Win32.SProtector.ds', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Adware.Zusy.122341'.9c597d9c5355d4c895093337b32cbd402a2c4f2b60657124a53d1b30adc79757024e2617 9c597d9c5355d4c895093337b32cbd40 c249f18d3d27f11f79e8a2f09a5432443b1e4555e5a56a902a123a7e0daea114
M16-mqg01Artemis!20BF346D6007Mixed This strike sends a malware sample detected by McAfee as 'Artemis!20BF346D6007', Symantec as 'WS.Reputation.1'.20bf346d6007c86506252e9415c8f1da159d05dbfe4e617d56c8e649d8b38a4c4e268129 20bf346d6007c86506252e9415c8f1da 7a5ccd8e556c6d6d95a0ddf2e3025f7da3af353fb05d8cdee952f3d5a6dcaed0
M16-zyi01Artemis!EF00CFB09764Mixed This strike sends a malware sample detected by McAfee as 'Artemis!EF00CFB09764', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.ef00cfb097642fdfa484f92c3c33bc52ca1aaea5722e77eaafd23c854f8cfb729e717271 ef00cfb097642fdfa484f92c3c33bc52 19b87d465fe9e5b63f2821017e348b86c9548a5712361c618898326697b18556
M16-v9i01Trojan.Win32.DownLoader11.dbxkeo-37211e8aMixed This strike sends a Trojan.Win32.DownLoader11.dbxkeo malware sample.37211e8a679bcf2d02b45e8de8594cb10ccf16e82d1c53e2a795599137953bab65a6d9dd 37211e8a679bcf2d02b45e8de8594cb1 97876e837f35295885c18b24924fd637f6ff0dec89c3e74ed5991c33342cb531
M16-9bk01RDN/GenericMixed This strike sends a malware sample detected by McAfee as 'RDN/Generic PUP.x!c2s', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.ef0eabbe01a2bcad5c3167766d10d6dfc420491112684bc8abe13d14a7e38fd0663ed095 ef0eabbe01a2bcad5c3167766d10d6df f69b4f74a9c50c7915020f0bb921ce0cf21ddeb07cdca3c14fc2728389caff99
M16-1a401Artemis!CFAA262C06AEMixed This strike sends a malware sample detected by McAfee as 'Artemis!CFAA262C06AE', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.cfaa262c06ae032ce9e6f6cb66d3224258ae1195163e48064e9eaaa142e3f95276ae5f52 cfaa262c06ae032ce9e6f6cb66d32242 dee8fff19c4144f02973a04cb0e2afd6932fe6523b97634827ee6318a8f52b1c
M16-6if01Artemis!92E4D00F680CMixed This strike sends a malware sample detected by McAfee as 'Artemis!92E4D00F680C', Microsoft as 'VirTool:Win32/DelfInject.gen!AN', Kaspersky as 'HEUR:Trojan.Win32.Generic', Symantec as 'Trojan.Gen.2', BitDefender as 'Trojan.GenericKD.2255017'.92e4d00f680c1a95fa5a6701e65d6eb76daf1ac61b76c8d944d169e236238ffc2c6cbc81 92e4d00f680c1a95fa5a6701e65d6eb7 cc63050dc5081bee34b956a0c102cffe7389acef5a471cabc6eb2edf5f4a3793
M16-sev01Trojan.GenericKD.2234736-32dd6d01Mixed This strike sends a malware sample detected by Kaspersky as 'UDS:DangerousObject.Multi.Generic', BitDefender as 'Trojan.GenericKD.2234736'.32dd6d01bc43e48f46a4631008d9b3564cd21a0e76308732ae0dcb35c12389dc7b09f3ae 32dd6d01bc43e48f46a4631008d9b356 c6ea6dac3654d63fb29efbadef0150023eb941749d8a87969260d040885f8301
M16-vo701TR/VB.Downloader.Gen-955594d1Mixed This strike sends a TR/VB.Downloader.Gen malware sample.955594d1c1639347e310c6ca5c3f68af68bd944ee4f5da3d4371512c786315a9c191d1c3 955594d1c1639347e310c6ca5c3f68af 697c85a164662f78fabb58822d8200fb5cbe6e467451831fc8c556bbc12222ca
M16-8l301Artemis!E4802C385B1AMixed This strike sends a malware sample detected by McAfee as 'Artemis!E4802C385B1A', Kaspersky as 'UDS:DangerousObject.Multi.Generic'.e4802c385b1abe8e90a9e333642586a887e5e8b97c7faa9e224510961afe8a432ef79549 e4802c385b1abe8e90a9e333642586a8 00b9e931438f7523093fb837dbbdb97d328b1b7a3685a1adac48f30139f1f755
M16-mqm01Trojan.GenericKD.2228680-837af136Mixed This strike sends a malware sample detected by BitDefender as 'Trojan.GenericKD.2228680'.837af136347ea2f459be64bcd0529bb7091aa457eb848a4e7b9e975b1bd384774562caab 837af136347ea2f459be64bcd0529bb7 634e0f2a3e841b9955bc33f41896b6687acbf98c55e7fbff9fb1f8078030c5c5
M16-qa301Artemis!BBD4A6D878FFMixed This strike sends a malware sample detected by McAfee as 'Artemis!BBD4A6D878FF', Symantec as 'WS.Reputation.1'.bbd4a6d878ff7dc72b38301ef505ebb987128c07ac2756c575d3ad553a34b2c48098427c bbd4a6d878ff7dc72b38301ef505ebb9 1a28d0b4c065c906e1c02a442c16012248e4e150d85afe77f6f0b5c603fccd83
M16-zr301Artemis!882DFB055980Mixed This strike sends a malware sample detected by McAfee as 'Artemis!882DFB055980', Kaspersky as 'HEUR:Trojan.Win32.Generic', Symantec as 'WS.Reputation.1', BitDefender as 'DeepScan:Generic.Malware.FPPkg.0E494808'.882dfb05598011069f16ea40a33cd98260a95538d91c38507016b48b020b72ff1a36b940 882dfb05598011069f16ea40a33cd982 63447e86cf2cbb40a579a11cb5b95c5b818da7defe435c125c7f288abea6c54e
M16-t0s01Win32/LiMo.C-92d5a151Mixed This strike sends a Win32/LiMo.C malware sample.92d5a15129b3dfd86d3501ebfa68298a4dab043bed36c817f0c7674040ee126aa65cebd8 92d5a15129b3dfd86d3501ebfa68298a 48b4a93e2be9dfd49053620aecda53c74b231734ca36346acb4f677c00fc9c6b
M16-fvc01RDN/Generic.bfr!ic-4bd11726Mixed This strike sends a malware sample detected by McAfee as 'RDN/Generic.bfr!ic', Kaspersky as 'Trojan-Downloader.Win32.VB.bkvr', Symantec as 'Trojan.Gen.2', BitDefender as 'Trojan.Generic.11581636'.4bd11726c4ff69e07f9f00647a800b0bef3de832d68756341f30d94e8886f12a7343c841 4bd11726c4ff69e07f9f00647a800b0b 44bcaa837feadbd9996271a68331cdd48aa073473585351477b364de6c27ec8f
M16-fa801Gen:Variant.Kazy.577802-edf866dbMixed This strike sends a malware sample detected by BitDefender as 'Gen:Variant.Kazy.577802'.edf866dbcb7bc1dc2c916e69a5ce35968d8a8711e349dc8829a3cba1a117f532e2009958 edf866dbcb7bc1dc2c916e69a5ce3596 bc0eec67a9ce118a5acf0e2383ee6f5856588a746854639660a9d4abc37f6595
M16-0l501Win32/Somoto.G-0d8d8daeMixed This strike sends a Win32/Somoto.G malware sample detected by Kaspersky as 'not-a-virus:Downloader.Win32.Somato.g'.0d8d8daebaebbc90d736cace705312709edee8dfd0c91cc7820de5865c2a745bc1c01f6a 0d8d8daebaebbc90d736cace70531270 7761d55511a80fcbc92efd7df92498e7a30be5d6a6da262f0355d67aed9573cf
M16-doz01ModPOSMixed This strike sends a ModPOS malware sample.aba833d11679dfebc95060bd3c5578530f08db28d255f79e571f7f095fca6d84d9845a28 aba833d11679dfebc95060bd3c557853 665f18abdac30d264f2789877902d1aeb6765abd713f028529f65ad500dfb1fe
M16-qvg01RDN/Generic.dx!dkd-f8201ee2Mixed This strike sends a malware sample detected by McAfee as 'RDN/Generic.dx!dkd', Symantec as 'SoftwareVersionUpdater', BitDefender as 'Gen:Variant.Graftor.179369'.f8201ee2d4de6ed0e75098ebfbee537c9124ef5b0961d51bd82d2a8be2b286aa78ee3732 f8201ee2d4de6ed0e75098ebfbee537c 564436fdcfa2553ceeccdb41c8d0bfd734a25aafe3d6fe8e333e87647193ee57
M16-uvh01Artemis!E73294936D5BMixed This strike sends a malware sample detected by McAfee as 'Artemis!E73294936D5B', Symantec as 'Trojan.Dropper', BitDefender as 'Gen:Variant.Adware.Symmi.8856'.e73294936d5be31f1e9fc214f88429151a51cdbd2da2f3961abb02c52daa74b78215651b e73294936d5be31f1e9fc214f8842915 d44c73cdb1f63a3bb8859d2a57eff098477e2e09dec8620b9ffdfd44fe425f18
M16-swy01RiskWare.Yantai.A-aeddaa34Mixed This strike sends a RiskWare.Yantai.A malware sample.aeddaa34776994aebace5150e57d62340a98a41ed9f90f88ad108d01136a48bc8fc4fac8 aeddaa34776994aebace5150e57d6234 d29572523564d63483b59b047efafcc91129e6ecc569d3ae7ba6eee167c74026
M16-8vp01APPL/DownloadAdmin.P-549fb2baMixed This strike sends a APPL/DownloadAdmin.P malware sample.549fb2bad20d66a9091eadfc86401b769bf6fecd3b54e2d528c5bec1b68ede919b9b89f9 549fb2bad20d66a9091eadfc86401b76 a01dce16cfd79b1a14cd0d916ff413626e940cca1e14839d163a096a97803cf2
M16-my001Win32/Kryptik.DCAH-64cda632Mixed This strike sends a Win32/Kryptik.DCAH malware sample detected by Kaspersky as 'UDS:DangerousObject.Multi.Generic'.64cda632778ad3402deaf4ae0b1cf34efa8d015995b14a98250f653a239f45f560a9552b 64cda632778ad3402deaf4ae0b1cf34e cadfe2d04eca1413ed970b3dca6ff4d0311e20a8188e12b2f3cf020a56cf3cc4
M16-tst01HEUR-Trojan-Downloader.Win32.Generic-f4ffa10aMixed This strike sends a HEUR-Trojan-Downloader.Win32.Generic malware sample detected by Kaspersky as 'HEUR:Trojan-Downloader.Win32.Generic'.f4ffa10a9b669bcd1da270465f93427828ad7cfd437d2fb18b1c30c6995b7c0001d08f1f f4ffa10a9b669bcd1da270465f934278 3ff2c6f5b31499e13dc3f647db633284e3fdd615bfcc9cfaa01584de0debe495
M16-f0n01DriverUpdate-SlimwareUtil-d089d756Mixed This strike sends a DriverUpdate-SlimwareUtil malware sample.d089d7563355cd8f707ed21da50bf5a3978291f332e103fdf34a4d493295927b10ce5c0a d089d7563355cd8f707ed21da50bf5a3 20465e83654a300eeebe5c729af1e9abfbe0f053c602b67e4911a5ee90fb5b94
M16-tch01Artemis!88E8D9F07BF1Mixed This strike sends a malware sample detected by McAfee as 'Artemis!88E8D9F07BF1', Kaspersky as 'not-a-virus:Downloader.Win32.AdLoad.qvda', Symantec as 'Trojan.Gen.2', BitDefender as 'Trojan.GenericKD.2233703'.88e8d9f07bf143535da1f0d1bfaaaa5b957ee64a90bf7dd9ba58b7b67aa613061623c4ef 88e8d9f07bf143535da1f0d1bfaaaa5b 1b3b8caf3536c74c471221d09adb8b78c41b6669e270b991ffbdd687fd86a9e6
M16-5n801WS.Reputation.1-a37122e4Mixed This strike sends a malware sample detected by Symantec as 'WS.Reputation.1'.a37122e4c7f4737a3b1d8ea9324e9185a8d29d724d40811320ece3c6c24865b262a90bd9 a37122e4c7f4737a3b1d8ea9324e9185 a9c91c4f22d70fa6229e2b225a0a8f418c93977f1a4cfcb89fc4ac5b52a02bf7
M16-fv701Trojan-Downloader.MSIL.Agent.jdx-d92dbd45Mixed This strike sends a malware sample detected by Kaspersky as 'Trojan-Downloader.MSIL.Agent.jdx', BitDefender as 'Trojan.GenericKD.2234128'.d92dbd45b4591ef148ee20b732ad631f3bbe250239f489a8bae3a33127600d5217709adc d92dbd45b4591ef148ee20b732ad631f e97076c7df4255362f0561637e2bae000abce38ea9467fd0d455a6f59c40b8d0
M16-z3201RovnixMixed This strike sends a Rovnix malware sample.f9445c48073f5e8c12722806cb8dd810abf0b25bb221fddb43737471deec5da888e74be1 f9445c48073f5e8c12722806cb8dd810 be453a9a32da5f4eb1ff483b57010e59e920eeb89457fd23dd18b8b988d22865
M16-mf301RDN/GenericMixed This strike sends a malware sample detected by McAfee as 'RDN/Generic Downloader.x!mp', Kaspersky as 'not-a-virus:Downloader.NSIS.OutBrowse.bm', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Application.Bundler.Outbrowse.1'.f0ab8a96ca19fc515bc20f7b64c41b23bb3857c9eed012b370115a5054743aa6440f0a62 f0ab8a96ca19fc515bc20f7b64c41b23 50053828fb3e13a7f606c3c4b3983542c034903a4102971e1d618a22ae0c61e6
M16-iqc01Win32/DriverBoss.B-342b5354Mixed This strike sends a Win32/DriverBoss.B malware sample.342b5354c7c733365d906bf69130acb940c7b2ff9b5de9dc99cad7631024ab79ff8b9351 342b5354c7c733365d906bf69130acb9 920441970fac20a3142d12661369cd767fe0598355ec48d9dd7171954a424df5
M16-3u801BackDoor-NJRat!DE61A14918A3Mixed This strike sends a malware sample detected by McAfee as 'BackDoor-NJRat!DE61A14918A3', Microsoft as 'Backdoor:MSIL/Bladabindi.AJ', Kaspersky as 'HEUR:Trojan.Win32.Generic', Symantec as 'Backdoor.Ratenjay', BitDefender as 'Gen:Variant.Barys.7801'.de61a14918a34876efe6c7085bcd8b7cf574a712a0e3ccd559768ed815e9391868ca6dd5 de61a14918a34876efe6c7085bcd8b7c 71face0bad8e3a607c0b5a2f41b26f436eba505408aedfbf48d2dec32238c0c9
M16-7o701GenericR-DEV!D01E9B5294F0Mixed This strike sends a malware sample detected by McAfee as 'GenericR-DEV!D01E9B5294F0', Kaspersky as 'Trojan-Banker.Win32.Bancos.xdg', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Symmi.41604'.d01e9b5294f09bbf5d7e941c967960e89aa3d71a8988f4b1228b0832e766f628f32e3c29 d01e9b5294f09bbf5d7e941c967960e8 1213a4f2dbbf0525a7810646b227824742d85b83073cdc60c9fd6c597a39b9b6
M16-myx01Artemis!0D6150E97F30Mixed This strike sends a malware sample detected by McAfee as 'Artemis!0D6150E97F30', Kaspersky as 'not-a-virus:RiskTool.Win32.SProtector.ds', Symantec as 'Trojan.Gen.2', BitDefender as 'Gen:Variant.Adware.Zusy.122341'.0d6150e97f30a64c539f072c9260707a73c6358b000a485f88424172f033c4f2864b37a3 0d6150e97f30a64c539f072c9260707a 0978490dd2619c131bbd85abc0113456575dc135f88a8e7f960c7d6885fc71af
M16-m5p01GenericR-DAL!B405389CE9E5Mixed This strike sends a malware sample detected by McAfee as 'GenericR-DAL!B405389CE9E5', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'WS.Reputation.1', BitDefender as 'Adware.Agent.PHZ'.b405389ce9e5a12c2e2d1d4f1f5c0a0817b5ae9069f9ed754d0482bd85f2496d673d27d8 b405389ce9e5a12c2e2d1d4f1f5c0a08 26cf4c5a071525bda19dcd8ade300a4ed920cf4b094397806e902870dd6b2c35
M16-3ca01Win32/Injector.Autoit.ADH-bca57cddMixed This strike sends a malware Win32/Injector.Autoit.ADH sample.bca57cdd4f65a9c514a71401203fd4a0dabd54d391ebc4accf6bd0b3eed2598ebbd7e624 bca57cdd4f65a9c514a71401203fd4a0 c9166012582edc480ddf8854c27e79f1b584b769d3a3cbf8da3af1350d3a08c2
M16-yh601Trojan.Win32.Generic.cthmqk-70fcdd17Mixed This strike sends a Trojan.Win32.Generic.cthmqk malware sample.70fcdd17548842ad12870e0f2bd0f354763b34f6075df36317c1783c8fa7ac76d34f0771 70fcdd17548842ad12870e0f2bd0f354 6f3b431872e2c1ae5bd79a5ab5f03bae97e1fba7e912e161ace4b9260a7b3f8b
M16-c6x01Artemis!B71EBF3CEFFBMixed This strike sends a malware sample detected by McAfee as 'Artemis!B71EBF3CEFFB', Kaspersky as 'not-a-virus:AdWare.Win32.Amonetize.aaju', Symantec as 'PUA.Gen.2', BitDefender as 'Adware.Agent.PHZ'.b71ebf3ceffb2cfc70e12c4ebc5aacb0ad9bdb37f80cac6fa555dddbb6c8b633111e8ae1 b71ebf3ceffb2cfc70e12c4ebc5aacb0 a9e23f911ea613a3c16a0078afb7979fbcbc7b6340972d80010f2a1131554ca0
M16-9r701Downloadadmin-693ffcf4Mixed This strike sends a Downloadadmin malware sample.693ffcf4ec6e9df5a8a3748ef162a37db82baa74c9ef269e4dc721df658230cd9ee54107 693ffcf4ec6e9df5a8a3748ef162a37d 7e52b09e269b8983ac3ca171f355a676c9d7026f9544d097bdf5f17c1a05f940