Threat Hunting Journal February 2022 – End of the Month Roundup

We once again return with yet another narrative about malware strains, detection, and (clever) ways to protect your company’s assets against said threats. Last month’s threat journal mostly pivoted on trojans. So, it comes as no surprise that February’s threat hunting top is forefronted by the trojan king– over 10,000 positive detections, meaning a 64.2% decrease since December. That’s the good news; the bad news is that king trojan also brought along some reinforcement. Stick around to find out all about February’s most detected malware.

Top Malware(s) Detection: 1st of February – 28th of February

Throughout February, Heimdal™ has identified 7 trojan strains, totaling several 10,351 positive detections. As stated in the intro, despite the trojan’s prevalence, the number of positive IDs has significantly dropped compared to the last two scanning intervals (28,000 for December vs. 13,751 for January vs. 10,351 for February). What we’re witnessing is a steady percentile drop in trojan activity (51% for the December-January interval and 25% for the January-February interval).

Distribution-wise, we seem to have one of Kevlin Henney’s songs on our hands – “Old is the New New”. Our team has signaled 21 malware(s), 12 of them being recurrent (e.g., ACAD/Bursted.AN EXP/CVE-2010-2568.A, TR/Downloader.Gen, TR/Patched.Gen,

Read More: https://heimdalsecurity.com/blog/threat-hunting-journal-february-2022/