Trend Micro - Newest Malware Advisorieshttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/rss/malwareCopyright (c) 1989-2020 Trend Micro Incorporated, All Rights Reservedhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.spoosh.thgagbchttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.spoosh.thgagbcRansom.Win32.SPOOSH.THGAGBC<p>Threat type: Ransomware</p><p> Aliases: Generic.Ransom.DCRTR.7E80656D (BITDEFENDER)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It connects to certain websites to send and receive information.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Thu, 27 Jul 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/androidos_spynote.gclxhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/androidos_spynote.gclxAndroidOS_SpyNote.GCLX<p>Threat type: Backdoor</p><p> Aliases: </p><p> Platforms: Android</p><p> Overall Risk Rating: High</p><p> Damage Potential: Low</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br></p> Tue, 13 Jun 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.noko.thdabbchttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.noko.thdabbcRansom.Win32.NOKO.THDABBC<p>Threat type: Ransomware</p><p> Aliases: Ransom:Win32/Nokonoko.PB!MTB (MICROSOFT); Win32:Nokoyawa-A [Trj] (AVAST)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Mon, 05 Jun 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.noko.ypdfahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.noko.ypdfaRansom.Win32.NOKO.YPDFA<p>Threat type: Ransomware</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Mon, 05 Jun 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.egogen.thebbbchttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.egogen.thebbbcRansom.MSIL.EGOGEN.THEBBBC<p>Threat type: Ransomware</p><p> Aliases: Trojan:MSIL/XWormRAT.A!MTB (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It adds certain registry entries to disable the Task Manager. This action prevents users from terminating the malware process, which can usually be done via the Task Manager.</p><p>It terminates itself if it detects it is being run in a virtual environment.</p><p>It encrypts files with specific file extensions. It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Mon, 05 Jun 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.ps1.lockbit.aahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.ps1.lockbit.aaRansom.PS1.LOCKBIT.AA<p>Threat type: Ransomware</p><p> Aliases: Trojan:Win32/Leonem (MICROSOFT); Win32/Filecoder.Lockbit.M trojan (NOD32)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Thu, 11 May 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.eodhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.eodRansom.Win32.LOCKBIT.EOD<p>Threat type: Ransomware</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Thu, 11 May 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.cryptolock.ehttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.cryptolock.eRansom.Win32.CRYPTOLOCK.E<p>Threat type: Ransomware</p><p> Aliases: Trojan-Ransom.FileCrypter (IKARUS)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It terminates itself if it detects it is being run in a virtual environment.</p></p> Wed, 26 Apr 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.w97m.emotet.smihttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.w97m.emotet.smiTrojan.W97M.EMOTET.SMI<p>Threat type: Trojan</p><p> Aliases: HEUR:Trojan.Script.Generic (KASPERSKY); TrojanDownloader:O97M/Emotet.S!MTB (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This is a generic detection for all cases and instances of Emotet.</p><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 25 Apr 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.conti.aahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.conti.aaRansom.Win64.CONTI.AA<p>Threat type: Ransomware</p><p> Aliases: Gen:Variant.Lazy.326686 (BITDEFENDER)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note.</p></p> Tue, 25 Apr 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.rtmcommand.thkbfbdhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.rtmcommand.thkbfbdRansom.Win32.RTMCOMMAND.THKBFBD<p>Threat type: Ransomware</p><p> Aliases: Ransom:Win32/RTMLocker.AA!MTB</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This ransomware encrypts all drives except the CD-ROM.</p><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note.</p></p> Tue, 25 Apr 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.donotrun.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.donotrun.aRansom.Win64.DONOTRUN.A<p>Threat type: Ransomware</p><p> Aliases: Python/Filecoder.EK trojan, Python/Filecoder.EK trojan (NAI)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This ransomware locks the user out of their devices by locking the screen.</p><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note.</p></p> Tue, 25 Apr 2023 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.yxcgdhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.yxcgdRansom.Win32.LOCKBIT.YXCGD<p>Threat type: Ransomware</p><p> Aliases: Trojan-Ransom.BlackMatter(IKARUS), Ransom:Win32/Lockbit.STB(MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Mon, 04 Jul 2022 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm.win32.hermwiz.yeccahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm.win32.hermwiz.yeccaWorm.Win32.HERMWIZ.YECCA<p>Threat type: Worm</p><p> Aliases: DoS:Win32/FoxBlade.A!dha (MICROSOFT); Win32/Agent.OJC worm (NOD32)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: High</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 01 Mar 2022 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.killmbr.yeccahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.killmbr.yeccaTrojan.Win32.KILLMBR.YECCA<p>Threat type: Trojan</p><p> Aliases: Win32/KillMBR.NHQ trojan (NOD32)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 01 Mar 2022 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.whispergate.yxcaxhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.whispergate.yxcaxTrojan.Win32.WHISPERGATE.YXCAX<p>Threat type: Trojan</p><p> Aliases: DoS:Win32/WhisperGate.M (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes then deletes itself afterward.</p></p> Mon, 24 Jan 2022 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.msil.whispergate.yxcaqhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.msil.whispergate.yxcaqTrojan.MSIL.WHISPERGATE.YXCAQ<p>Threat type: Trojan</p><p> Aliases: DoS:Win32/WhisperGate.I!dha (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 18 Jan 2022 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.w97m.cve202140444.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.w97m.cve202140444.aTrojan.W97M.CVE202140444.A<p>Threat type: Trojan</p><p> Aliases: HEUR:Exploit.MSOffice.Agent.gen (KASPERSKY)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It takes advantage of certain vulnerabilities.</p></p> Thu, 09 Sep 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.yebgwhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.lockbit.yebgwRansom.Win32.LOCKBIT.YEBGW<p>Threat type: Ransomware</p><p> Aliases: Ransom:Win32/Lockbit.AA!MTB (MICROSOFT); W32/Lockbit.C2F8!tr.ransom (FORTINET)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Mon, 16 Aug 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.chaos.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.chaos.aRansom.MSIL.CHAOS.A<p>Threat type: Ransomware</p><p> Aliases: HEUR:Trojan.MSIL.Fsysna.gen (Kaspersky);</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It encrypts files found in specific folders.</p></p> Mon, 09 Aug 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.blackmatter.thgocbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.blackmatter.thgocbaRansom.Win32.BLACKMATTER.THGOCBA<p>Threat type: Ransomware</p><p> Aliases: Trojan-Ransom.BlackMatter (IKARUS)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Wed, 04 Aug 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.sodinokibi.yabgchttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.sodinokibi.yabgcRansom.Win32.SODINOKIBI.YABGC<p>Threat type: Ransomware</p><p> Aliases: N/A</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Sat, 03 Jul 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.cve20190808.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.cve20190808.aTrojan.Win32.CVE20190808.A<p>Threat type: Trojan</p><p> Aliases: Win32:CVE-2019-0808-K [Expl] (AVAST)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It takes advantage of certain vulnerabilities.</p></p> Thu, 01 Jul 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.cve20188120.ehttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.cve20188120.eTrojan.Win32.CVE20188120.E<p>Threat type: Trojan</p><p> Aliases: Exploit:Win32/CVE-2018-8120.A (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It takes advantage of certain vulnerabilities.</p></p> Thu, 01 Jul 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.x97m.pandasteal.thdabbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.x97m.pandasteal.thdabbaTrojan.X97M.PANDASTEAL.THDABBA<p>Threat type: Trojan</p><p> Aliases: HEUR:Trojan-Downloader.MSOffice.Agent.gen (KASPERSKY)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This is the Trend Micro detection for macros that drop the cryptocurrency wallet stealer known as Panda stealer. </p><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Wed, 28 Apr 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.msil.redlinestealer.yxbdnhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.msil.redlinestealer.yxbdnTrojanSpy.MSIL.REDLINESTEALER.YXBDN<p>Threat type: Trojan Spy</p><p> Aliases: a variant of MSIL/Kryptik.AAHN trojan(NOD32); PWS-FCXD!F291EAD13EAD(NAI)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.</p></p> Fri, 09 Apr 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.msil.redlinestealer.yxbdmhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.msil.redlinestealer.yxbdmTrojanSpy.MSIL.REDLINESTEALER.YXBDM<p>Threat type: Trojan Spy</p><p> Aliases: MSIL/Kryptik.AAHQ!tr(FORTINET); Trj/GdSda.A(PANDA)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.</p></p> Fri, 09 Apr 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.astrolocker.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.astrolocker.aRansom.Win32.ASTROLOCKER.A<p>Threat type: Ransomware</p><p> Aliases: BScope.TrojanRansom.Encoder (VBA32)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes then deletes itself afterward.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Wed, 31 Mar 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.astrolocker.thcbdbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.astrolocker.thcbdbaRansom.Win64.ASTROLOCKER.THCBDBA<p>Threat type: Ransomware</p><p> Aliases: Win64/Filecoder.CI trojan (Nod32), Trojan-Ransom.FileCrypter (Ikarus)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes then deletes itself afterward.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Wed, 31 Mar 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.dearcry.thcabbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.dearcry.thcabbaRansom.Win32.DEARCRY.THCABBA<p>Threat type: Ransomware</p><p> Aliases: Ransom:Win32/DoejoCrypt.A (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Mon, 15 Mar 2021 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win64.hafnium.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win64.hafnium.aTrojan.Win64.HAFNIUM.A<p>Threat type: Trojan</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Thu, 11 Mar 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.ps1.boxter.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.ps1.boxter.aTrojan.PS1.BOXTER.A<p>Threat type: Trojan</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Wed, 10 Mar 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.macos.slisp.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.macos.slisp.aTrojan.MacOS.SLISP.A<p>Threat type: Trojan</p><p> Aliases: Trojan.OSX.SilverSparrow (IKARUS)</p><p> Platforms: OSX</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>This Trojan may be unknowingly downloaded by a user while visiting malicious websites.</p></p> Tue, 23 Feb 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.povlsom.thbaobahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.povlsom.thbaobaRansom.MSIL.POVLSOM.THBAOBA<p>Threat type: Ransomware</p><p> Aliases: Ransom:MSIL/Filecoder.EY!MTB (MICROSOFT), Trojan-Ransom.FileCrypter (IKARUS)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Sat, 06 Feb 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.thanos.thabgbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.thanos.thabgbaRansom.MSIL.THANOS.THABGBA<p>Threat type: Ransomware</p><p> Aliases: Trojan-Ransom.Thanos (Ikarus), HEUR:Trojan-Ransom.MSIL.Encoder.gen (Kaspersky)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.</p><p>It creates certain registry entries to disable applications related to security.</p><p>It encrypts files with specific file extensions. It drops files as ransom note.</p></p> Wed, 03 Feb 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/pua.win64.prochack.achttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/pua.win64.prochack.acPUA.Win64.ProcHack.AC<p>Threat type: Potentially Unwanted Application</p><p> Aliases: HEUR:RiskTool.Win32.ProcHack.gen (KASPERSKY)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Low</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Wed, 27 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win64.combacker.yaba-ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win64.combacker.yaba-aTrojan.Win64.COMBACKER.YABA-A<p>Threat type: Trojan</p><p> Aliases: Trojan.Win64.Agent (IKARUS), Trojan:Win64/Comebacker.A!dha (MICROSOFT)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 26 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.babuk.yeba-thaaebahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.babuk.yeba-thaaebaRansom.Win32.BABUK.YEBA-THAAEBA<p>Threat type: Ransomware</p><p> Aliases: Ransom:Win32/BabukLocker.MK!MTB (MICROSOFT); Trojan-Ransom.FileCrypter (IKARUS)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 26 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.maoloa.thaahbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.maoloa.thaahbaRansom.Win32.MAOLOA.THAAHBA<p>Threat type: Ransomware</p><p> Aliases: HEUR:Backdoor.Win32.Remcos.gen(KASPERSKY); W32/Remcos!tr.bdr(FORTINET)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It drops files as ransom note. It avoids encrypting files with the following file extensions.</p></p> Wed, 20 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.cobralocker.aahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.cobralocker.aaRansom.MSIL.COBRALOCKER.AA<p>Threat type: Ransomware</p><p> Aliases: Trojan-Ransom.FileCrypter (IKARUS), W32/Encoder.AFA!tr (FORTINET)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware may be dropped by other malware.</p></p> Mon, 11 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.inf.hiddentear.thaogbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.inf.hiddentear.thaogbaTrojan.INF.HIDDENTEAR.THAOGBA<p>Threat type: Trojan</p><p> Aliases: INF/Agent.J trojan (NOD32)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Low</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It automatically executes files when a user opens a drive.</p></p> Fri, 08 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.babuk.thaodbahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.babuk.thaodbaRansom.Win32.BABUK.THAODBA<p>Threat type: Ransomware</p><p> Aliases: Trojan.Win32.Udochka.kb (KASPERSKY); Trojan-Ransom.FileCrypter (IKARUS)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Tue, 05 Jan 2021 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.msil.supernova.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.msil.supernova.aTrojan.MSIL.SUPERNOVA.A<p>Threat type: Trojan</p><p> Aliases: MSIL/Agent.5676!tr (FORTINET)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be hosted on a website and run when a user accesses the said website.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system.</p></p> Mon, 14 Dec 2020 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.sunburst.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.sunburst.aBackdoor.MSIL.SUNBURST.A<p>Threat type: Backdoor</p><p> Aliases: Trojan:MSIL/Solorigate.B!dha (Microsoft); Trj/Solorigate.A (Panda)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system.</p></p> Mon, 14 Dec 2020 07:00:00 -0800https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.bladabindi.thahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.msil.bladabindi.thaBackdoor.MSIL.BLADABINDI.THA<p>Threat type: Backdoor</p><p> Aliases: Backdoor:MSIL/Bladabindi.SBR!MSR (Microsoft), MSIL:Bladabindi-JK [Trj](AVAST)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>Cybercriminals used this malware bundled with legitimate installation copies of the VPN software known as Windscribe. Note that these copies are hosted from fraudulent sources.</p><p>This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system.</p><p>It gathers certain information on the affected computer. It logs a user's keystrokes to steal information.</p></p> Mon, 21 Sep 2020 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/iot.linux.mirai.vwisihttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/iot.linux.mirai.vwisiIoT.Linux.MIRAI.VWISI<p>Threat type: Backdoor</p><p> Aliases: </p><p> Platforms: Unix</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This new Mirai variant exploits CVE-2020-10173, a vulnerability in Comtrend VR-3033 routers. Similar to earlier variants, this Mirai variant uses telnet and SSH brute-forcing techniques to attack vulnerable devices.</p><p>This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Wed, 08 Jul 2020 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.win32.devilshadow.theaabohttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.win32.devilshadow.theaaboBackdoor.Win32.DEVILSHADOW.THEAABO<p>Threat type: Backdoor</p><p> Aliases: Trojan.Win32.Scar.sydj (KASPERSKY)</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: High</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: High</p><p> Overview: <br><p>Cybercriminals take advantage of the popularity of the Zoom messaging app. This backdoor is found in a fake Zoom installer. This is probably hosted on malicious or suspicious sites.</p><p>This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to send and receive information.</p></p> Thu, 21 May 2020 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.js.managex.ahttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.js.managex.aTrojan.JS.MANAGEX.A<p>Threat type: Trojan</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Low</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This MANAGEX variant is a modular adware that is able to gather important information as a browser extension.</p><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p><p>It connects to certain websites to send and receive information. However, as of this writing, the said sites are inaccessible.</p></p> Thu, 16 Apr 2020 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.mooz.thccabohttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.mooz.thccaboTrojan.Win32.MOOZ.THCCABO<p>Threat type: Trojan</p><p> Aliases: </p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Medium</p><p> Overview: <br><p>This AutoIt-compiled malware downloads a coinminer in affected systems. This malware is distributed by cybercriminals by bundling it with a legitimate installer of the Zoom communication app. </p><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Fri, 03 Apr 2020 07:00:00 -0700https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.ps1.powload.jkphttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.ps1.powload.jkpTrojan.PS1.POWLOAD.JKP<p>Threat type: Trojan</p><p> Aliases: N/A</p><p> Platforms: Windows</p><p> Overall Risk Rating: Low</p><p> Damage Potential: Medium</p><p> Distribution Potential: Low</p><p> Reported Infection: Low</p><p> Information Exposure: Low</p><p> Overview: <br><p>This POWLOAD variant is seen distributed via spam. The spam campaign is in Italian and lures users to click by using COVID-19 in its subject.</p><p>This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.</p></p> Mon, 16 Mar 2020 07:00:00 -0700