{"id":108,"date":"2022-03-20T10:30:38","date_gmt":"2022-03-20T06:30:38","guid":{"rendered":"https:\/\/demo.dedote.com\/cyberdisti\/?p=108"},"modified":"2022-06-03T16:42:22","modified_gmt":"2022-06-03T12:42:22","slug":"top-malware","status":"publish","type":"post","link":"https:\/\/demo.dedote.com\/cyberdisti\/2022\/03\/20\/top-malware\/","title":{"rendered":"Top Malware(s)"},"content":{"rendered":"

Threat Hunting Journal May 2022 Edition<\/span><\/h1>\n

Top Malware(s) Detections: 1st of May \u2013 27th of May<\/span><\/strong><\/p>\n

Heimdal\u2122 returns with the May edition of our threat hunting journal. As you might have expected, king trojan reigns unhindered with over 16,000 positive detections. There are a couple of newcomers, some of which may give our uncrowned monarch a run for his money. Stick around for more information and goodies. Enjoy!<\/p>\n

Top Malware(s) Detections: 1st of May \u2013 27th<\/sup>\u00a0of May<\/h2>\n

Throughout May, Heimdal\u2122\u2019s SOC team has detected 16 trojan variants, with a grand total of 16,738 positive detections \u2013 a 55.19% drop compared to April, when the historical high of 25,976 positive detections was recorded. Concerning distribution, we have 11 new newcomers and 20 backsliders. TR\/Rozena\/jrrvz raked the highest number of positive IDs (i.e., 2675), followed closely by TR\/CoinMiner.uwtyu with 2316 positive IDs, and EXP\/MS04-028.JPEG.A with 2280 hits. Here\u2019s the full list of May detections.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Malware Name<\/th>\nPositive Detections<\/th>\n<\/tr>\n<\/thead>\n
TR\/Rozena.jrrvz<\/td>\n2675<\/td>\n<\/tr>\n
TR\/CoinMiner.uwtyu<\/td>\n2316<\/td>\n<\/tr>\n
EXP\/MS04-028.JPEG.A<\/td>\n2280<\/td>\n<\/tr>\n
TR\/Rozena.rfuus<\/td>\n1635<\/td>\n<\/tr>\n
TR\/Trash.Gen<\/td>\n1600<\/td>\n<\/tr>\n
TR\/Patched.Gen<\/td>\n1439<\/td>\n<\/tr>\n
TR\/AD.GoCloudnet.kabtg<\/td>\n1398<\/td>\n<\/tr>\n
EXP\/CVE-2010-2568.A<\/td>\n969<\/td>\n<\/tr>\n
TR\/Downloader.Gen<\/td>\n958<\/td>\n<\/tr>\n
TR\/CoinMiner.wmstw<\/td>\n919<\/td>\n<\/tr>\n
TR\/PSInject.G1<\/td>\n916<\/td>\n<\/tr>\n
VBS\/Dldr.Agent.VPET<\/td>\n801<\/td>\n<\/tr>\n
W32\/Run.Ramnit.C<\/td>\n778<\/td>\n<\/tr>\n
TR\/Dropper.Gen<\/td>\n754<\/td>\n<\/tr>\n
ACAD\/Bursted.AN<\/td>\n698<\/td>\n<\/tr>\n
TR\/Crypt.XPACK.Gen<\/td>\n667<\/td>\n<\/tr>\n
TR\/AD.Swotter.lckuu<\/td>\n512<\/td>\n<\/tr>\n
W32\/Floxif.hdc<\/td>\n437<\/td>\n<\/tr>\n
ADWARE\/ANDR.Boomp.FJAM.Gen<\/td>\n383<\/td>\n<\/tr>\n
ACAD\/Burste.K<\/td>\n308<\/td>\n<\/tr>\n
TR\/Crypt.XPACK.Gen2<\/td>\n295<\/td>\n<\/tr>\n
TR\/Dropper.Gen5<\/td>\n269<\/td>\n<\/tr>\n
W32\/Chir.B<\/td>\n265<\/td>\n<\/tr>\n
WORM\/Brontok.C<\/td>\n224<\/td>\n<\/tr>\n
W32\/Sality.Y<\/td>\n214<\/td>\n<\/tr>\n
ADWARE\/JsPopunder.G<\/td>\n199<\/td>\n<\/tr>\n
W32\/Parite<\/td>\n199<\/td>\n<\/tr>\n
TR\/AD.Swotter.fgqir<\/td>\n195<\/td>\n<\/tr>\n
TR\/Dropper.tfflr<\/td>\n190<\/td>\n<\/tr>\n
EXP\/PyShellCode.G<\/td>\n182<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Top 10 Malware Detailed<\/strong><\/h2>\n

Let\u2019s get around to covering those new detections.<\/p>\n

TR\/Trash.Gen<\/h3>\n

TR\/Trash.Gen is trojan-type malware that\u2019s usually contracted by visiting unsecured pornographic websites. Trash.Gen can install backdoors, ramp up CPU usage, and install adware.<\/p>\n

TR\/PSInject.G1<\/h3>\n

PSInject.G1 is PowerShell scrip-carrying trojan that accesses multiple comdlets such are new-object, out-null, test-path, where-object, write-output, and write-verbose.<\/p>\n

VBS\/Dldr.Agent.VPET<\/h3>\n

Dldr.Agent.VPET is a trojan downloader. It\u2019s used to inject and execute malicious VBS scripts on the victim\u2019s machine.<\/p>\n

TR\/AD.Swotter.lckuu<\/h3>\n

An adware-carrying trojan is used to collect host and network data from the infected machine.<\/p>\n

ACAD\/Burste.K<\/h3>\n

A \u2018trojanized\u2019 virus that affects ACAD .lsp files. Upon infection, the virus waits for user input in order to load the files.<\/p>\n

TR\/Dropper.Gen5<\/h3>\n

A trojan dropper used to install backdoors, deliver additional malware components or to eavesdrop on the victim.<\/p>\n

WORM\/Brontok.C<\/h3>\n

The .C variant of the Brontok worm. This malware\u2019s distributed via email. Once inside the machine, it will create a new Windows Registry entry, disable regedit.exe, and modify several Windows Explorer settings.<\/p>\n

W32\/Sality.Y<\/h3>\n

The .Y variant of the Sality virus is used to install backdoors or connect the victim\u2019s computer to a botnet.<\/p>\n

ADWARE\/JsPopunder.G<\/h3>\n

An adware-type malware. Can display malicious popups or ads on the affected machine.<\/p>\n

Additional Cybersecurity Tips and Parting Thoughts<\/strong><\/h2>\n

This concludes the May edition of Heimdal\u2122 Security\u2019s threat hunting journal. Before I go, I\u2019m gonna share with you a couple of tips on how you can jog up your security.<\/p>\n