In 2019, the cybersecurity community detected Emotet, Trickbot, and Lazarus as the most common threats. Linux threats with connections to Mirai were also prevalent. The Intezer Analyze community played a crucial role in detecting and responding to these cyber threats throughout the year. Binary code reuse was a common theme across all malware families, making it easier to identify new variants or threats by indexing the malware code.
Emotet: Emotet, a banking trojan, is known for stealing valuable information from victims. It spreads through malspam campaigns and constantly changes its evasion techniques to avoid detection. Emotet can download additional malware onto infected machines, as seen in a recent attack on a local government in Florida.
Trickbot: Another banking trojan, Trickbot works in conjunction with Emotet in many cases. It is modular, adding new capabilities such as credential harvesting and network reconnaissance. Despite its perceived differences between variants, Trickbot samples are quite similar when analyzed based on code reuse.
Lazarus: Lazarus, a nation-state sponsored threat actor with ties to North Korea, utilizes various malware tools in its operations. The group has been involved in numerous cyber attacks globally, including the Sony breach and the WannaCry ransomware attack. Code connections between Lazarus and other malware samples were identified by the Intezer Analyze community.
Linux Malware: While Emotet, Trickbot, and Lazarus are typically associated with Windows platforms, 2019 saw a rise in Linux threats. Mirai, an open-source malware targeting Linux users, dominated the Linux threat ecosystem. The code connections between Mirai and other Linux malware samples were detected by the community, showcasing the prevalence of code reuse on the platform.
To stay ahead of malware threats like Emotet, Trickbot, and Lazarus, sign up for the free Intezer Analyze community edition at analyze.intezer.com. Start the new year with an advanced tool for detecting and classifying malware, and get results within seconds.