Major Malware Threat Intelligence Report for Bangladesh Context
Total Page:16
File Type:pdf, Size:1020Kb
Major Malware Threat Intelligence Report For Bangladesh Context Report Period: Jan - Sep, 2020 Published: October, 2020 Table of Contents About this Report .............................................................................................................................. 1 General Definition ............................................................................................................................. 2 Malware: AZORult ............................................................................................................................. 6 Malware: KPOT Stealer .................................................................................................................... 26 Malware: Oski Stealer...................................................................................................................... 31 Malware: FormBookFormgrabber.................................................................................................... 34 Malware: Loki PWS .......................................................................................................................... 38 Malware:Nexus Stealer.................................................................................................................... 44 Malware: TrickBot ........................................................................................................................... 46 Malware: Kinsing ............................................................................................................................. 50 Malware: Outlaw hacking group cryptocurrency miners .................................................................. 52 Advanced Persistent Threat (APT): Lazarus ...................................................................................... 54 a. Manuscrypt ........................................................................................................................ 54 b. CuriousLoadert .................................................................................................................. 60 c. SvcRAT ................................................................................................................................ 61 d. RATv3.ps ............................................................................................................................. 62 e. Linux.Dacls ......................................................................................................................... 63 f. MAC.Dacls .......................................................................................................................... 64 g. Win32.Dacls........................................................................................................................ 64 h. VHD Ransomware .............................................................................................................. 65 i. PowerRatankba .................................................................................................................. 66 j. PowerTask .......................................................................................................................... 68 k. HOPLIGHT .......................................................................................................................... 69 l. BISTROMATH ..................................................................................................................... 70 m. SLICKSHOES ................................................................................................................... 70 n. CROWDEDFLOUNDER ....................................................................................................... 71 o. HOTCROISSANT................................................................................................................. 72 p. ARTFULPIE .......................................................................................................................... 73 q. BUFFETLINE ........................................................................................................................ 74 r. KEYMARBLE ........................................................................................................................ 75 s. Dtrack ................................................................................................................................. 76 t. Dtrack.Stealer ..................................................................................................................... 78 u. BADCALL ............................................................................................................................ 79 v. Electricfish .......................................................................................................................... 80 w. RATv3.ps ............................................................................................................................. 81 x. Rising Sun .......................................................................................................................... 82 y. KillDisk ................................................................................................................................ 83 z. PowerSpritz ........................................................................................................................ 83 aa. Joanap ............................................................................................................................ 84 bb. Brambul .......................................................................................................................... 86 cc. BrowserPasswordDump................................................................................................. 87 dd. HARDRAIN...................................................................................................................... 87 ee. Gh0st............................................................................................................................... 88 ff. WannaCry ........................................................................................................................... 92 gg. DoublePulsar .................................................................................................................. 97 hh. Volgmer .......................................................................................................................... 98 ii. FASTCash .......................................................................................................................... 103 jj. Duuzer .............................................................................................................................. 104 kk. Destover ....................................................................................................................... 105 ll. Koredos ............................................................................................................................ 109 mm. KorDllBot ...................................................................................................................... 110 Advanced Persistent Threat (APT): Silence ..................................................................................... 113 a. Silence Backdoor ............................................................................................................. 113 b. Silence.ProxyBot .............................................................................................................. 114 c. APT.Silence.EDA.ps1 ........................................................................................................ 115 d. Truebot (Silence’s loader) ............................................................................................... 116 e. FlawedAmmyy.................................................................................................................. 119 f. Ammyy Admin ................................................................................................................. 122 g. Atmosphere ..................................................................................................................... 123 h. Smoke Bot ........................................................................................................................ 123 i. Silence’s ATM malware.................................................................................................... 127 j. Silence.SurveillanceModule ............................................................................................ 127 k. Perl IRC DDoS bot ........................................................................................................... 128 l. Kikothac ............................................................................................................................ 128 Advanced Persistent Threat (APT): OceanLotus ............................................................................. 130 a. Cobalt Strike..................................................................................................................... 130 b. METALJACK ...................................................................................................................... 135 c. KerrDown ......................................................................................................................... 135 d. OceanLotus.Denis ............................................................................................................ 137 e.