Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.
- Dromedan – This malware, which targets mainly Windows platforms, is capable of information disclosure. In addition, it downloads threats on to the compromised computer.
- Sisron - Sisron was part of a financial fraud and identity theft botnet. It was taken down by Microsoft in the anti-botnet operation B106. This malware is capable of collecting user information, found on the infected machine and send it back to the attacker, download other malware in addition to Key-logging.
- Madmax – This malware has a large scale of obfuscation and it was tracked and found to have compromised nodes in sixteen countries around the world. This data will be added to the already existing feed for domains that we have in the system and a new IPs feed will be added.
- Pizd – a malware family found by Crowdstrike, has over 1000 variants. Each one of them has a different target email address embedded in it, so probably each one of them is created for specific campaign.
- Sphinx – also named Zeus Sphinx, is a modular banking Trojan, and was seen targeting Target, PayPal, and banks in the U.K., financial entities in Colombia and Brazil and banks in U.s and Canada. This data will be added to the “Zeus” Targets in the system.
- G01 - is a Java exploit kit, which delivers its payload via a multistage attack, specifically it was seen exploiting 2 java vulnerabilities one after the other in order to ensure persistence.
On top of adding expert targets for each family, ThreatSTOP will add these sources to the target – “Botnet DGAs Tier 1 - Domains" containing known active domains generated by various malware families for C&C communication.
The IP information for these new malware families will be added to “TS Curated – Botnets Tier 2 – IPs” target as well.
We will also be adding the lists related to different malware to the various existing targets as follows:
· Madmax is added to the " Madmax – Domains"
· Proslikefan is added to the " Proslikefan – Domains"
· Sphinx is added to the “TS Curated – Banking Threats” targets and to " ZeuS " targets.
· G01 to "TS Curated - Drive-by Attacks".
We highly recommend enabling the TS Curated targets in your IP Defense or DNS Defense solutions in order to protect you from these threats.