<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>Several new malware families have made recent appearances on the Bambenek Consulting feeds and are now tracked also by ThreatSTOP. These malware families are different in action and in their targets.</p> <!--more--> <ul> <li><strong>Dromedan</strong> – This malware, which targets mainly Windows platforms, is capable of information disclosure. In addition, it downloads threats on to the compromised computer.</li> <li><strong>Sisron</strong> - Sisron was part of a financial fraud and identity theft botnet. It was taken down by Microsoft in the anti-botnet operation B106. This malware is capable of collecting user information, found on the infected machine and send it back to the attacker, download other malware in addition to Key-logging.</li> <li><strong>Madmax</strong> – This malware has a large scale of obfuscation and it was tracked and found to have compromised nodes in sixteen countries around the world. This data will be added to the already existing feed for domains that we have in the system and a new IPs feed will be added.</li> <li><strong>Pizd – </strong>a malware family found by Crowdstrike, has over 1000 variants. Each one of them has a different target email address embedded in it, so probably each one of them is created for specific campaign.</li> <li><strong>Proslikefan</strong> JavaScript worm that spreads through mapped network shares, removable drives, and file-sharing applications. This data will be added to the already existing target for domains that we have in the system and a new IPs target will be added.</li> <li><strong>Sphinx</strong> – also named Zeus Sphinx, is a modular banking Trojan, and was seen targeting Target, PayPal, and banks in the U.K., financial entities in Colombia and Brazil and banks in U.s and Canada. This data will be added to the “<strong>Zeus</strong>” Targets in the system.</li> <li><strong style="color: #545454; font-size: 12.1612px;">G01</strong><span style="color: #545454; font-size: 12.1612px;"> - is a Java exploit kit, which delivers its payload via a multistage attack, specifically it was seen exploiting 2 java vulnerabilities one after the other in order to ensure persistence.</span></li> </ul> <p><span style="font-size: 12.1612px;">On top of adding expert targets for each family, ThreatSTOP will add these sources to the target – “</span><strong style="font-size: 12.1612px;">Botnet DGAs Tier 1 - Domains"</strong><span style="font-size: 12.1612px;"> containing known active domains generated by various malware families for C&amp;C communication.</span></p> <p>The IP information for these new malware families will be added to “<strong>TS Curated – Botnets Tier 2 – IPs</strong>” target as well.</p> <p>We will also be adding the lists related to different malware to the various existing targets as follows:</p> <p>· <strong>Madmax</strong> is added to the " <strong>Madmax – Domains</strong>"</p> <p>· <strong>Proslikefan </strong>is added to the <strong>"</strong> <strong>Proslikefan – Domains</strong>"</p> <p>· <strong>Sphinx</strong> is added to the “<strong>TS Curated – Banking Threats</strong>” targets and to " <strong>ZeuS</strong> " targets.</p> <p>· <strong>G01</strong> to "<strong>TS Curated - Drive-by Attacks</strong>".</p> <p>We highly recommend enabling the TS Curated targets in your IP Defense or DNS Defense solutions in order to protect you from these threats.</p> <p>If you have ThreatSTOP account, instructions to add targets to IP Defense policies are available on the ThreatSTOP Documentation Hub. Or, contact our <a href="mailto:support@threatstop.com" rel="noopener">support </a>team.</p> <p style="text-align: center; font-weight: bold;">&nbsp;</p> <p style="text-align: center; font-weight: bold;"><em>Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?</em></p> <p style="text-align: center;">&nbsp; &nbsp; &nbsp; &nbsp;</p></span>
