Current State of CoronaVirus related threats
This blog entry contains a constantly updated list of CoronaVirus related threats covered by the SonicWall Capture Labs Threats Research team:
Android CoronaVirus Ransomware comes bundled with decryption code (March 23, 2020)
- IOCs:
- d1d417235616e4a05096319bb4875f57
- GAV Signatures :
- AndroidOS.Decrypt.RSM
- AndroidOS.CoronaTracker.RSM
- GAV Signature:
- Async.RAT
CoronaVirus Ransomware (March 19,2020)
- IOCs:
- 3299f07bc0711b3587fe8a1c6bf3ee6bcbc14cb775f64b28a61d72ebcb8968d3
- GAV Signatures :
- CoronaVirus.RSM
- CoronaVirus.RSM_2
Coronavirus, 8-layer, covid-19, azorult.rk (Mar 16, 2020)
- IOCs:
- 987fb7b6c5df647ab92525f083e1dc0f
- GAV Signatures :
- GAV: Azorult.RK (Trojan)
- IOCs:
- 599db33d534d1e98ea63dd2ce30100a7
- GAV Signatures :
- AndroidOS.CoronaVirus.Spy (Trojan)
The Covid-19 hoax scareware (Mar 13,2020)
- GAV Signatures :
- Scareware.CoVid_A (Trojan)
CoronaVirus themed Android RAT on the prowl (Feb 26, 2020)
- IOCs:
- b8328a55e1c340c1b4c7ca622ad79649
- ba6f86b43c9d0a34cfaac67f933146d6
- GAV Signatures :
- AndroidOS.CoronaVirus.Spy (Trojan)
Threat actors are misusing CoronaVirus scare to spread malicious executable (Feb 5,2020)
- IOCs:
- 4d30ea0082881d85ff865140b284ec3f
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
