Nadradený pojem:
Susedné pojmy:
TTE Analysis: Nemucod
Description
In 2016, Nemucod was the most frequently detected malware among the top 20 families shown in Figure 24.
Adversaries use this downloader malware to distribute ransomware and
other threats, such as backdoor Trojans that facilitate click fraud.
Some variants of Nemucod also serve as engines for delivering the
Nemucod malware payload.
One reason Nemucod malware was so prevalent in 2016, according to our threat researchers, is that its authors frequently evolved this threat. Cisco identified more than 15 file extension and MIME combinations associated with the Nemucod family that were used to deliver malware through the web. Many more combinations were used to deliver the threat to users through email (Figure 28).
Several file extension and MIME combinations (web and email) were designed to point users to malicious .zip files or archives. Adversaries also reused many combinations during the months we observed.
As Figure 29 shows, many Nemucod hashes are less than 2 days old when they are detected. In September and October 2016, almost every binary related to the Nemucod family that was blocked was less than a day old.
One reason Nemucod malware was so prevalent in 2016, according to our threat researchers, is that its authors frequently evolved this threat. Cisco identified more than 15 file extension and MIME combinations associated with the Nemucod family that were used to deliver malware through the web. Many more combinations were used to deliver the threat to users through email (Figure 28).
Several file extension and MIME combinations (web and email) were designed to point users to malicious .zip files or archives. Adversaries also reused many combinations during the months we observed.
As Figure 29 shows, many Nemucod hashes are less than 2 days old when they are detected. In September and October 2016, almost every binary related to the Nemucod family that was blocked was less than a day old.
Importance
High