Glossary

Advanced Threat Detection ATD refers broadly to a variety of evolving security techniques employed by malware analysts to detect identify and respond to advanced and persistent malware threats

Context aware malware refers to any malware which uses time event or environment based triggers to avoid detection and or deliver a potentially malicious payload onto a victim system

Cryptolocker is a ransomware family that targeted windows systems and encrypted files on a victim s system before demanding a ransom in exchange for restored access

The process of detecting sandbox artifacts is an evasion technique employed by certain malware families This evasion technique involves an attempt by malware to determine the presence of a sandbox by searching for identifiable artifacts such as common VM vendor names on files

Digital Forensics sometimes referred to as digital forensics science refers to the field of modern forensics science that deals specifically with the recovery and investigation of digital materials related to acts of alleged or established cybercrimes

The term dynamic analysis represents one of the two major malware analysis methods used by security experts to analyze potentially harmful malware The first method basic static analysis methodically examines the contents of files and programs from the inside out for signs of potentially malicious intent looking specifically for known

Email Threat Detection is a set of detection practices that functions to protect email infrastructure from potentially harmful targeted malware attacks These practices should represent the last link in a comprehensive email security apparatus which should also include other more rudimentary anti spam and anti virus scanning tools for best

Emotet is a malware family that was first identified by cybersecurity specialists in 2014 In its earliest iterations it functioned primarily as a banking trojan that attempted to steal financial credentials by intercepting a target system s network traffic

An emulation is created when an emulator device hardware or program software allows for one system the host to mimic the functions of a separate system the guest An emulation environment is most frequently used to allow a host system to run software programs peripherals or other devices designed for

Formbook is a family of data stealing and form grabbing malware often described as Malware as a service MaaS Since early 2016 malware authors have offered Formbook variants via online hacking forums frequently with surprisingly mundane subscription pricing models that closely mirror those of legitimate software tools

A Golden Image is a pre configured virtual machine VM template that can be applied to servers disk drives or desktops It may also be referred to as a clone image or master image and they are commonly used by system administrators to develop consistent system environments

GuLoader is what is known as a Trojan and is used by cybercriminals to download and execute secondary malware payloads

Hooking is a computer programming term that refers to a collection of techniques employed to change how applications or operating systems behave Hooking involves the interception of function calls system events or messages and the code snippets that perform these interceptions are called hooks

Intelligent Monitoring is a dynamic malware analysis method that employs an agentless approach with its monitoring capabilities embedded completely in the hypervisor i e outside of the virtual machine where the malware sample is detonated

Malware analysis is the process of determining the origin purpose and functionality of malware samples and is generally divided into static and dynamic analysis varieties

A keylogger sometimes known as a keystroke logger refers to either a hardware device or a software program that records or logs keystrokes registered on a keyboard However more advanced keyloggers can also record web page visits take screenshots and harvest other data

Malware as a Service MaaS is a cybersecurity term referring to malware that is offered by Malware authors and leased to a criminal customer base generally on a subscription model It may best be understood in comparison to its legitimate equivalent software as a service SaaS such as commonly used

Whereas spam emails are simple unsolicited emails malspam or malicious spam are spam emails that contain malicious payloads usually in the form of infected documents or malicious URLs that redirect unknowing users to websites hosting malware

Malvertising or malicious advertising is a method used by cybercriminals to distribute malware through seemingly legitimate online advertisements

Malware a shorthand for malicious software refers to any software designed to specifically harm or exploit a computer network server or client

Malware Analysis is a study or process of determining the origin purpose functionality and potential impact of a malware specimen

Malware Detection refers to a collection of techniques used to detect potentially harmful malware samples These techniques are best employed as part of a robust defense system that works to detect malware samples before they have a chance to infect a victim s system

A Malware sandbox is a cybersecurity term referring to a specially prepared monitoring environment that mimics an end user operating environment

Masslogger is a highly obfuscated spyware stealer malware family that the VMRay Labs Team has been tracking since 2020 Masslogger typically arrives as a seemingly benign email attachment and follows an extremely complicated multi stage infection process that makes it particularly difficult to detect Once a system is fully infected

Pafish Paranoid Fish is an open source tool used to detect the presence of analysis environments including debuggers virtual machines and sandboxes

Qbot also known as Qakbot Quakbot and Pinkslipbot is a banking Trojan and stealer malware that has been in circulation for over a decade

Ransomware as Service RaaS describes a business model developed by malware authors that provides cybercriminal affiliates the ability to purchase access to ransomware tools and infrastructure to execute ransomware attacks

Ragnarlocker is a ransomware family first observed in the wild in December 2019 Part of what sets Ragnarlocker attacks apart from many other ransomware operations is the high level of reconnaissance and pre planning customarily observed in a fully orchestrated attack

Ransomware is malware that infects computers and displays messages threatening to either prevent a victim from accessing data or in some cases threatens to publish a victim s data publicly

A Remote Access Trojan RAT is a type of malware that allows for remote unauthorized surveillance complete access and administrative control of an infected system

The term rootkit is a portmanteau of root referring to the administrative account on Unix and Linux systems and a kit or collection of software tools that provide administrator level access

The term Sandbox Detection refers to a variety of evasion techniques that malware uses to determine whether or not it is being identified and executed within a sandbox

ETD scans weblinks in emails immediately and not just when they are clicked

Trickbot was discovered by researchers in 2016 and at that time was a relatively straightforward banking Trojan It mainly attempted to steal sensitive data including usernames and passwords bank account information and sometimes cryptocurrency

A Trojan is malware designed to disguise itself as a legitimate file or program This type of malware gets its name from the mythic Greek legend of a wooden horse presented as a gift to the besieged city of Troy

Ursnif also known as Gozi is a banking Trojan that generally collects system activity records keystroke data and keeps track of network and internet browser activity

WastedLocker is a ransomware orchestrated by the cybercriminal organization known as Evil Corp previously associated with other malware families including Dridex and BitPaymer

A Zero Day threat sometimes called a zero hour threat is malware that hasn t been encountered before and consequently doesn t match the signatures of any known malware families