Malware 2020-  2026()  2025()  2024()  2023()  2022()  OTHER()  2020()  2019()  2018()  2017()  2016()  2015()  2014()  2013()  2012()  2011()  2010()  2009()  2008()

DATE

NAME

INFO

CATEGORY

SUBCATE

28.12.20

Win32/Filecoder.Avaddon.C Win32/Filecoder.Avaddon.C is a trojan that encrypts files on fixed, removable and network drives. MALWARE  

16.12.20

Backdoor.MSIL.SUNBURST.A This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. MALWARE  

16.12.20

Trojan.MSIL.SUPERNOVA.A This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. MALWARE  

28.10.20

Win32/TrojanProxy.Emotet.A

The trojan serves as a proxy server. The trojan can modify network traffic.

MALWARE  

24.10.20

Win32/TrojanProxy.Emotet.B

The trojan serves as a proxy server. The trojan can modify network traffic.

MALWARE  

15.10.20

Backdoor.MSIL.BLADABINDI.THA

Cybercriminals used this malware bundled with legitimate installation copies of the VPN software known as Windscribe.

MALWARE  

16.8.20

Win32/Rozena.XM

Win32/Rozena.XM is a trojan which tries to download other malware from the Internet.

MALWARE  

7.8.20

Win32/Filecoder.WastedLocker.A

Win32/Filecoder.WastedLocker.A is a trojan that encrypts files on local drives.

MALWARE  

16.7.20

IoT.Linux.MIRAI.VWISI

This new Mirai variant exploits CVE-2020-10173, a vulnerability in Comtrend VR-3033 routers.

MALWARE  

16.7.20

Backdoor.Win32.DEVILSHADOW.
THEAABO

Cybercriminals take advantage of the popularity of the Zoom messaging app. This backdoor is found in a fake Zoom installer.

MALWAREs  

6.7.20

Win32/Spy.Buhtrap.AB

The trojan serves as a backdoor. It can be controlled remotely.

MALWARE  

6.7.20

Win32/Spy.Buhtrap.AP

Win32/Spy.Buhtrap.AP is a trojan that installs Win32/Spy.Buhtrap.AB malware.

MALWARE  

23.4.20

Trojan.Win32.MOOZ.THCCABO

This AutoIt-compiled malware downloads a coinminer in affected systems. This malware is distributed by cybercriminals by bundling it with a legitimate installer of the Zoom communication app.

MALWARE  

23.4.20

Win32/Filecoder.Maze.A

Win32/Filecoder.Maze.A is a trojan that encrypts files on fixed, removable and network drives.

MALWARE  

29.3.20

Trojan.PS1.POWLOAD.JKP

This POWLOAD variant is seen distributed via spam. The spam campaign is in Italian and lures users to click by using COVID-19 in its subject.

MALWARE  

6.3.20

Win32/Filecoder.Phobos.C

Win32/Filecoder.Phobos.C is a trojan that encrypts files on fixed, removable and network drives. 

MALWARE  

15.1.20

Backdoor.Win64.ANCHOR.A

This is the Trend Micro detection for the backdoor installed by the PowerTrick post-exploitation toolkit believed to be developed by creators of Trickbot.

MALWARE  

15.1.20

Backdoor.SH.SHELLBOT.AA

This backdoor comes bundled with a Monero miner, both spread by a botnet.

MALWARE  

15.1.20

Backdoor.MSIL.REMCOS.AOJ

This malware was seen delivered via malicious spam spoofing the brand DHL as the sender. It came as an .

MALWARE  

15.1.20

Coinminer.Linux.KERBERDS.A

This new version of KERBERDS, a known crypto-mining malware that uses an ld.so.

MALWARE  

15.1.20

Trojan.SH.KERBERDS.A

This new version of KERBERDS, a cryptomining malware that uses an ld.so.

MALWARE  

15.1.20

Trojan.JS.NODSTER.A

This malware is part of the fileless botnet Novter that is delivered via the KovCoreG malvertising campaign.

MALWAREs  

15.1.20

Trojan.JS.KOVCOREG.A

This malware is part of the fileless botnet Novter distributed by the KovCoreG malvertising campaign.

MALWARE  

15.1.20

Rootkit.Linux.SKIDMAP.A

This rootkit is used by Skidmap - a Linux malware - to hide its cryptocurrency-mining abilities.

MALWARE  

15.1.20

Coinminer.Win64.MALXMR.TIAOODBZ

This miner figured in the fileless GhostMiner that uses WMI Objects. GhostMiner is known to kill competing other miner payloads.

MALWARE  

15.1.20

Backdoor.Linux.BASHLITE.SMJC2

This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T.

MALWARE  

15.1.20

ELF_SETAG.SM

This malware is part of an attack chain that involves searching for exposed or publicly accessible Elasticsearch databases/servers.

MALWARE  

15.1.20

Backdoor.Perl.SHELLBOT.D

This backdoor is downloaded and installed in systems via malicious URL. It is installed with a miner.

MALWARE  

15.1.20

Backdoor.Linux.MIRAI.VWIQT

IoT malware uses two different encryption routines for its strings and modified the magic number of UPX.

MALWARE  

15.1.20

Ransom.MSIL.FREEZING.A

This ransomware is one of the few ransomware families that is loaded and executed under the legitimate PowerShell executable.

MALWARE  

15.1.20

Backdoor.Perl.SHELLBOT.AB

This backdoor comes bundled with a Monero miner, both spread by a botnet. The techniques employed are reminiscent of the Outlaw hacking group that Trend Micro reported in November 2018.

MALWARE  

15.1.20

Worm.Win32.BLASQUI.A

This malware is part of the newly discovered BLACKSQUID malware family that targets web servers, network drives, and removable drives using multiple web server exploits and dictionary attacks.

MALWARE  

15.1.20

Backdoor.Linux.MIRAI.VWIPT

This new Mirai variant uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks.

MALWARE  

15.1.20

Ransom.Win32.DHARMA.THDAAAI

This Dharma variant uses a new technique: using software installation as a distraction to help hide malicious activities.

MALWAREs  

15.1.20

Trojan.Linux.KERBERDS.A

This malware is responsible for dropping the cryptocurrency miner Coinminer.Linux.

MALWARE  

15.1.20

Backdoor.Win32.CARBANAK.A

This malware is part of the leaked source code of Carbanak, as reported by FireEye in April 2019.

MALWARE  

15.1.20

BKDR_GATAKA.A

This malware has the capability of downloading and installing plugins from a remote server. This feature allows the malware to be more flexible in its attacks.

MALWARE  

15.1.20

JAVA_EXPLOIT.RG

This malware is involved in the Blackhole Exploit Kit (BHEK) attacks in January 2013. It takes advantage of a zero-day vulnerability (CVE-2013-0422) in Java in order to drop ransomware.

MALWARE  

15.1.20

TROJ_FAKEMS.CA

This malware is involved with a spam attack during January 2013.

MALWARE  

15.1.20

TROJ_OLEXP.B

This malware was involved in the Red October campaign, a series of attacks targeting diplomatic and government agencies.

MALWARE  

15.1.20

TROJ_OLEXP.J

This malware was involved in the Red October campaign, a series of attacks targeting diplomatic and government agencies.

MALWARE  

15.1.20

JAVA_DLOADER.NTW

This malware claims to be an update installer for Java. Once installed, it downloads malicious files onto the affected system and executes them, causing routines to be exhibited.

MALWARE  

15.1.20

HTML_FEZTAG.A

The malware tags the affected users' friends in Facebook and posts a message with a malicious link.

MALWARE  

15.1.20

WORM_BUBLIK.GX

This malware spams messages to users using Skype in order to propagate. The spammed messages contain links that lead to an automatic download of the malware itself.

MALWARE  

15.1.20

WORM_PHORPIEX.JZ

This malware spams messages to users using Skype in order to propagate. The spammed messages contain links that lead to an automatic download of the malware itself.

MALWARE  

15.1.20

TSPY_KEYLOG.LNK

This is a keylogger found inside a spammed email message that purports to come from the Cabinet Office Information Systems Office.

MALWAREs  

15.1.20

ELF_SSHDOOR.A

This malware targets systems running on Linux. It allows remote access of affected systems through the use of SSH (Secure Shell Protocol) and steals system login credentials.

MALWARE  

15.1.20

BKDR_CARBERP.MEO

This backdoor is a new variant of the malware family CARBERP.

MALWARE  

15.1.20

BKDR_CARBERP.XF

This backdoor is a new variant of the malware family CARBERP.

MALWARE  

15.1.20

BKDR_KULUOZ.PFG

This malware disguises as delivery receipts for well-known postal and delivery services firms and airlines.

MALWARE  

15.1.20

JAVA_EXPLOYT.NTW

This malware is related to the Whitehole Exploit Kit attacks during February 2012.

MALWARE  

15.1.20

ANDROIDOS_USBATTACK.HRX

This malware is a cross-platform threat, affecting both Android and Windows.

MALWARE  

15.1.20

TROJ_MDROP.REF

This malware takes advantage of zero-day vulnerabilities in Adobe Flash Player to drop malicious files.

MALWARE  

15.1.20

JAVA_PRUTRATS.A

This is a backdoor builder written in Java. It has been seen as a free download in underground forums.

MALWARE  

15.1.20

OSX_PINTSIZED.ENV

This malware was involved in a zero-day Java vulnerability exploit attack in January 2013.

MALWARE  

15.1.20

JAVA_EXPLOIT.CVE

This malware exploits vulnerabilities related to CVE-2013-0431.

MALWARE  

15.1.20

BKDR_RARSTONE.A

The malware uses similar techniques as those of PlugX, like process injection and use of blob file.

MALWARE  

15.1.20

TROJ_PIDIEF.EOT

This is a specially crafted PDF which takes advantage of a recent vulnerability in Adobe (CVE-2013-0641) to drop MiniDuke malware.

MALWAREs  

15.1.20

BKDR_MDMBOT.A

This backdoor is downloaded before through a previous zero-day Java exploit, now tagged as CVE-2013-1493.

MALWARE  

15.1.20

TSPY_MNIA.SMUS10

This malware is signed with a legitimate digital certificate, which tricks users into thinking that it is a legitimate file.

MALWARE  

15.1.20

JAVA_EXPLOIT.XE

This malware takes advantage of a zero-day Java vulnerability. Once it successfully exploited the vulnerability, it downloads and execute an McRAT backdoor.

MALWARE  

15.1.20

BKDR_GODIN.A

This malware is involved in certain targeted attacks that took place on March 2013. It drops and opens non-malicious document files to hide its backdoor routines.

MALWARE  

15.1.20

TSPY_TEPFER.UYG

This spyware is distributed through ATO tax spam.To get a one-glance comprehensive view of the behavior of this Spyware, refer to the Threat Diagram shown below.

MALWARE  

15.1.20

TROJ_KILLMBR.DS

This malware is involved in the Master Boot Record (MBR) wiper outbreak that targeted users in South Korea during March of 2013.

MALWARE  

15.1.20

TROJ_KILLMBR.SM

This malware is involved in the Master Boot Record (MBR) wiper outbreak that targeted users in South Korea during March of 2013.

MALWARE  

15.1.20

TROJ_DLDR.HB

This malware is involved in the cyber attacks that targeted specific users in South Korea during March of 2013.

MALWARE  

15.1.20

BKDR_VERNOT.A

This malware connects to Evernote to receive and perform commands from remote malicious users.

MALWARE  

15.1.20

TSPY_MINOCDO.A

This malware intercepts network traffic accessing Facebook and redirects it to a fraudulent page that will lead users in entering their credit card information.

MALWARE  

15.1.20

WORM_KELIHOS.NB

This malware is involved in a malicious spam campaign leveraging the April 2013 Boston Marathon Bombing.

MALWARE  

15.1.20

JAVA_EXPLOIT.BB

This malware is involved in a malicious spam campaign leveraging the April 2013 Boston Marathon Bombing.

MALWAREs  

15.1.20

BKDR_CRIDEX.CHX

This backdoor is served via a spammed message that leads to a Blackhole Exploit Kit.

MALWARE  

15.1.20

BKDR_VERNOT.B

This malware connects to a blogging service to receive and perform commands from remote malicious users.

MALWARE  

15.1.20

TROJ_NAIKON.A

This malware is the final payload of a targeted attack campaign leveraging the April 2013 Boston Marathon Bombing.

MALWARE  

15.1.20

BKDR_LIFTOH.DLF

This malware uses multi-protocol instant-messaging applications in order to propagate itself.

MALWARE  

15.1.20

BKDR_POISON.MEA

This backdoor was downloaded by a malicious script hosted on a compromised website of the US Department of Labor.

MALWARE  

15.1.20

JS_EXPLOIT.MEA

This malicious script was inserted onto a legitimate website of the US Department of Labor and downloads a Poison Ivy backdoor.

MALWARE  

15.1.20

WORM_LUDER.USR

This malware was involved in an attack targeting Banco de Brasil users during May 2013. It came bundled as a plugin for a customized banking browser.

MALWARE  

15.1.20

TROJ_PIDIEF.SMXY

This malware was involved in a malicious spam attack targeting Walmart customers on May 2013.

MALWARE  

15.1.20

WORM_PIZZER.SM

This malware propagates by creating copies of itself in password-protected archives.

MALWARE  

15.1.20

TSPY_DELPBANK.EB

Spammers take advantage of the news regarding the supposedly merging of Skype, Hotmail, and MSN to lure users into downloading this malware.

MALWARE  

15.1.20

ELF_MANUST.A

This is involved in an exploit attack targeting a critical vulnerability of Ruby on Rails.

MALWARE  

15.1.20

PERL_EXPLOYT.PLK

This is the detection for exploit codes that takes advantage of a vulnerability in the hosting control panel Plesk.

MALWAREs  

15.1.20

BKDR_POISON.BTA

This malware uses DLL preloading, a technique more known to be utilized by PlugX.

MALWARE  

15.1.20

ANDROIDOS_ONECLICKFRAUD.A

This Android malware leads users to a fake adult dating website.

MALWARE  

15.1.20

ANDROIDOS_OBAD.A

This Android malware installs itself as an administrator and uses a vulnerability found in Android.

MALWARE  

15.1.20

TROJ_DIDKR.A

This malware is related to the security incident that affected certain government and news websites in South Korea.

MALWARE  

15.1.20

TSPY_ONLINEG.OMU

This malware was found to be hosted on certain compromised South Korean websites.

MALWARE  

15.1.20

TSPY_BANKER.VIX

This spyware is related to the bogus project dubbed as flashplayerwindows.When executed, it connects to Google Code to download other files.

MALWARE  

15.1.20

TSPY_FAREIT.AFM

This FARFEIT variant is the final payload of a Blackhole Exploit Kit related spam run.

MALWARE  

15.1.20

TROJ_FEBUSER.A

This malware is related to the malicious link spammed via Facebook that allegedly points to a video recording of a young woman committing suicide on camera.

MALWARE  

15.1.20

JAVA_EXPLOYT.RO

This malware is related to the Blackhole Exploit kit spam campaign on July 2013.

MALWARE  

15.1.20

JS_OBFUSC.BEB

This malware is related to a spammed message that leverages the news on “Royal Baby."

MALWARE  

15.1.20

JAVA_EXPLOIT.ZC

This is a malicious applet that downloads and executes a file infector detected as PE_EXPIRO.JX-O.

MALWARE  

15.1.20

PE_EXPIRO.JX-O

This file infector arrives via malicious Java applet.

MALWAREs  

15.1.20

TSPY_FAREIT.ACU

This malware guises as an Opera update. Cybercriminals behind this threat stole an outdated Opera digital certificate, which they used to sign this malware.

MALWARE  

15.1.20

TROJ_DIDKR.C

It drops a distributed denial of service (DDoS) component that targets primary and secondary DNS name servers of record for multiple South Korean government sites.

MALWARE  

15.1.20

TSPY_ZBOT.ADD

This ZBOT variant was used in a spam run which takes advantage of the UK Tax Return deadline.

MALWARE  

15.1.20

TSPY_ZBOT.VZA

This ZBOT variant was used in a spam run which takes advantage of the UK Tax Return deadline.

MALWARE  

15.1.20

TSPY_ZBOT.THX

This is the Trend Micro detection for KINS Trojan, dubbed as the next ZeuS by media reports. Similar to ZeuS/ZBOT, it downloads configuration file and steals online banking credentials.

MALWARE  

15.1.20

BKDR_FIDOBOT.A

This backdoor is used by cybercriminals to brute-force many WordPress blogs via logging into administrator pages.

MALWARE  

15.1.20

BKDR_SYKIPOT.AG

This backdoor is related to the Sykipot campaign that targets the United States civil aviation sector.

MALWARE  

15.1.20

BKDR_SISPROC.A

This backdoor is the detection for malicious attachments in email messages that spoof the 2013 G20 Summit in Russia.

MALWARE  

15.1.20

BKDR_MEVADE.A

This malware is associated with the reported increase in the number of Tor users. It has the capability to execute commands and download adware on to the infected system.

MALWARE  

15.1.20

ANDROIDOS_OPFAKE.CTD

This is the malware associated with the fake WhatsApp notification.

MALWARE  

15.1.20

BKDR_BLYPT.A

This backdoor is a variant of the malware family BLYPT. It uses binary large objects (BLOB) to store information in the affected system's registry.

MALWARE  

15.1.20

BKDR_BLYPT.B

This backdoor is a variant of the malware family BLYPT. It uses binary large objects (BLOB) to store information in the affected system's registry.

MALWAREs  

15.1.20

TROJ_CRILOCK.AE

This malware is one of the latest ransomware variants known as cryptolockers.

MALWARE  

15.1.20

BKDR_SHOTODOR.A

This malware makes use of “garbage” strings, which in actual hides the malicious code.

MALWARE  

15.1.20

TROJ_UPATRE.VNA

This malware is involved in the CryptoLocker ransomware malicious spam campaign spotted on October 2013.

MALWARE  

15.1.20

BKDR_LIFTOH.AD

This malware is involved in a ZBOT spam campaign that targeted British users.

MALWARE  

15.1.20

TROJ_CRILOCK.NS

This CryptoLocker is downloaded by a ZeuS/ZBOT variant detected as TSPY_ZBOT.VNA.

MALWARE  

15.1.20

TROJ_ACTIFF.A

This malware is involved in the targeted attacks that took advantage of an unpatched Microsoft Office vulnerability, namely CVE-2013-3906, on November 2013.

MALWARE  

15.1.20

TROJ_ACTIFF.B

This malware is involved in the targeted attacks that took advantage of an unpatched Microsoft Office vulnerability, namely CVE-2013-3906, on November 2013.

MALWARE  

15.1.20

BKDR_EVILOGE.SM

This malware was used in the EvilGrab campaign, which targets victims in Japan and China.

MALWARE  

15.1.20

TROJ_PIDIEF.GUD

This malware exploits a Windows XP/Server 2003 zero-day vulnerability.

MALWARE  

15.1.20

BKDR_TAVDIG.GUD

This malware is the final payload of an attack that utilized a zero-day vulnerability in Windows XP/Server 2003.

MALWARE  

15.1.20

WORM_CRILOCK.A

This is a Cryptolocker variant that has propagation routines, enabling it to easily spread to other systems.

MALWARE  

15.1.20

TSPY64_ZBOT.AANP

This malware is part of the 64-bit ZBOT samples that have been spotted to target 64-bit systems during January 2014.

MALWARE  

15.1.20

TSPY_ZBOT.AAMV

This malware is part of the 64-bit ZBOT samples that have been spotted to target 64-bit systems during January 2014.

MALWARE  

15.1.20

TSPY_ZBOT.SMIG

This ZBOT variant drops a configuration file that contains a list of its targeted banks and other financial sites.

MALWARE  

15.1.20

TSPY_EUPUDS.A

This malware uses an AutoIT packer, a scripting language leveraged by cybercriminals.

MALWARE  

15.1.20

TSPY_CHISBURG.A

This malware uses an AutoIT packer, a scripting language leveraged by cybercriminals.

MALWARE  

15.1.20

TSPY_BANKER.GB

This BANKER variant is downloaded on the system by TROJ_BANLOAD.GB, a malware that targets Banco de Brasil users.

MALWAREs  

15.1.20

TROJ_BANLOAD.GB

This BANLOAD variant checks for the presence of G-buster Plugin, a plugin that prevents malicious code from running during a banking session, on the system.

MALWARE  

15.1.20

TROJ_GATAK.FCK

This malware was found in January 2014 to be distributed as a key generator. Instead of generating keys, it downloads malware onto the affected system.

MALWARE  

15.1.20

HTML_BLOCKER.K

This malware is related to the fake Flash player scams that targeted users in Turkey. It is used to send the Facebook messages with the link to the video.

MALWARE