Threat Hunting Journal May 2022 Edition

Heimdal™ returns with the May edition of our threat hunting journal. As you might have expected, king trojan reigns unhindered with over 16,000 positive detections. There are a couple of newcomers, some of which may give our uncrowned monarch a run for his money. Stick around for more information and goodies. Enjoy!

Top Malware(s) Detections: 1st of May – 27th of May

Throughout May, Heimdal™’s SOC team has detected 16 trojan variants, with a grand total of 16,738 positive detections – a 55.19% drop compared to April, when the historical high of 25,976 positive detections was recorded. Concerning distribution, we have 11 new newcomers and 20 backsliders. TR/Rozena/jrrvz raked the highest number of positive IDs (i.e., 2675), followed closely by TR/CoinMiner.uwtyu with 2316 positive IDs, and EXP/MS04-028.JPEG.A with 2280 hits. Here’s the full list of May detections.

Malware NamePositive Detections TR/Rozena.jrrvz2675 TR/CoinMiner.uwtyu2316 EXP/MS04-028.JPEG.A2280 TR/Rozena.rfuus1635 TR/Trash.Gen1600 TR/Patched.Gen1439 TR/AD.GoCloudnet.kabtg1398 EXP/CVE-2010-2568.A969 TR/Downloader.Gen958 TR/CoinMiner.wmstw919 TR/PSInject.G1916 VBS/Dldr.Agent.VPET801 W32/Run.Ramnit.C778 TR/Dropper.Gen754 ACAD/Bursted.AN698 TR/Crypt.XPACK.Gen667 TR/AD.Swotter.lckuu512 W32/Floxif.hdc437

Read More: https://heimdalsecurity.com/blog/threat-hunting-journal-may-2022/