IASNOVA
Just remember the names !
WannaCry is a ransomware cryptoworm that uses the EternalBlue exploit to spread via SMB. Version 1.0 has a “killswitch” domain, which stops the encryption process.
Emotet is a modular infostealer that downloads or drops banking trojans. It can be delivered through either malicious download links or attachments, such as PDF or macro-enabled Word documents. Emotet also incorporates spreader modules in order to propagate throughout a network. In October 2018, Emotet updated its Outlook scraper module to exfiltrate email content.
Kovter is a fileless click fraud malware and a downloader that evades detection by hiding in registry keys. Reporting indicates that Kovter can have backdoor capabilities and uses hooks within certain APIs for persistence.
CoinMiner is a cryptocurrency miner that uses Windows Management Instrumentation (WMI) and EternalBlue to spread across a network. CoinMiner uses the WMI Standard Event Consumer scripting to execute scripts for persistence.
Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale distributed denial of service (DDoS) attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.
NanoCore is a Remote Access Trojan (RAT) spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.
Smoke Loader is distributed via malicious spam campaigns and is used to download additional pieces of malware post initial infection. After deployment Smoke Loader deletes the original executable in order to avoid detection. Additionally, the malware evades detection through the changing of its executable timestamp to avoid surfacing within recently modified files.
Ursnif, and its variant Dreambot, are banking trojans known for weaponizing documents. Ursnif recently upgraded its web injection attacks to include TLS callbacks in order to obfuscate against anti-malware software. Ursnif collects victim information from login pages and web forms.
Dridex is a malware banking variant that uses malicious macros in Microsoft Office with either malicious embedded links or attachments. Dridex is disseminated via malspam campaigns.
IcedID is a modular banking Trojan targeting banks, payment card providers, and payroll websites. IcedID utilizes the same distribution infrastructure as Emotet. The malware can monitor a victim’s online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks. It propagates across a network by infecting terminal servers.
Pushdo is a botnet that has been active since 2007 and operates as a service for malware and spam distribution. Pushdo is known to distribute the Cutwail spambot. The malware uses encrypted communication channels and domain generation algorithms to send instructions to its zombie hosts.
