Current State of CoronaVirus related threats

This blog entry contains a constantly updated list of CoronaVirus related threats covered by the SonicWall Capture Labs Threats Research team:

Android CoronaVirus Ransomware comes bundled with decryption code (March 23, 2020)

• IOCs:
  • d1d417235616e4a05096319bb4875f57
• GAV Signatures :
  • AndroidOS.Decrypt.RSM
  • AndroidOS.CoronaTracker.RSM

Found another Remote Access Trojan pretending to be Documentation on Covid19 Response and Preparedness (March 20,2020)

• GAV Signature:
  • Async.RAT

CoronaVirus Ransomware (March 19,2020)

• IOCs:
  • 3299f07bc0711b3587fe8a1c6bf3ee6bcbc14cb775f64b28a61d72ebcb8968d3
• GAV Signatures :
  • CoronaVirus.RSM
  • CoronaVirus.RSM_2

Coronavirus, 8-layer, covid-19, azorult.rk (Mar 16, 2020)

• IOCs:
  • 987fb7b6c5df647ab92525f083e1dc0f
• GAV Signatures :
  • GAV: Azorult.RK (Trojan)

Misinformaiton related to CoronaVirus is being used to further propagate malicious android RAT (Mar 14, 2020)

• IOCs:
  • 599db33d534d1e98ea63dd2ce30100a7
• GAV Signatures :
  • AndroidOS.CoronaVirus.Spy (Trojan)

The Covid-19 hoax scareware (Mar 13,2020)

• GAV Signatures :
  • Scareware.CoVid_A (Trojan)

CoronaVirus themed Android RAT on the prowl (Feb 26, 2020)

• IOCs:
  • b8328a55e1c340c1b4c7ca622ad79649
  • ba6f86b43c9d0a34cfaac67f933146d6
• GAV Signatures :
  • AndroidOS.CoronaVirus.Spy (Trojan)

Threat actors are misusing CoronaVirus scare to spread malicious executable (Feb 5,2020)

• IOCs:
  • 4d30ea0082881d85ff865140b284ec3f