Threat Hunting Journal – March 2022 E.O.M Edition

The early spring edition of Heimdal™ Security’s threat hunting journal brings new contenders, old contenders, and more telemetry. No major improvements since last month, with the Trojan King still refusing to give up its belt – over 33,000 positive detections, spread across 17 different strains. Stay tuned for more numbers, stats, and “goodies”.

Top Malware(s) Detection: 1st of March – 28th of March

Throughout March, Heimdal™ Security’s SOC team has detected 17 different trojan strains, totaling 33,301 positive detections, a 219% increase since February, and an all-time record (i.e., 28,000 for December vs. 13,751 for January vs. 10,351 for February). Raking close to 9,000 hits (i.e., positive detections) is the TR/AD.GoCloudnet.kabtg trojan, first detected in late December 2021. Next on the list we have TR/Rozena.jrrvz with 5,000+ positive detections, followed by VBS/Ramnit.abcd with 4k+ positive IDs, and the Rozena .rfuus variant with 3,800+  detections.

Though most of the malware on this list are “repeat offenders”, we do have a couple of newcomers. To name a few, we have TR/Dropper.tfflr with 3,770 positive detections, LNK/Runner.VPEJ with 2,886 positive IDs, and TR/CoinMiner.uwtyu with 2,049 detections. Below, you’ll find the complete list of March detections as well as a rundown of this month’s

Read More: