File Reputation
| DETECTION/POLICY/RULES | PATTERN BRANCH/VERSION | RELEASE DATE |
|---|---|---|
| Backdoor.Win32.COBEACON.OSLJAE | 16.311.00 | 2020-10-27 |
| Backdoor.Win64.C0BALT.AG | 16.533.00 | 2021-02-12 |
| Backdoor.Win64.C0BALT.AH | 16.561.00 | 2021-02-26 |
| Backdoor.Win64.C0BEACON.SMA | 16.263.00 | 2020-10-03 |
| Backdoor.Win64.COBALT.YABBL | 16.617.00 | 2021-03-26 |
| Backdoor.Win64.COBALT.YABBS | 16.617.00 | 2021-03-26 |
| Ransom.Win32.CONTI.E | 16.109.00 | 2020-07-18 |
| Ransom.Win32.CONTI.l | 16.275.00 | 2020-10-09 |
| Ransom.Win32.CONTI.YAAI-A | 16.241.00 | 2020-09-22 |
| Ransom.Win32.CONTI.YABAZ | 16.617.00 | 2021-03-26 |
| Ransom.Win32.CONTI.YXAGQ | 16.617.00 | 2021-03-26 |
| Ransom.Win32.CONTl.D | 16.103.00 | 2020-07-15 |
| Ransom.Win32.CONTlJ | 16.333.00 | 2020-11-06 |
| Ransom.Win64.CONTI.A | 16.537.00 | 2021-02-14 |
| Trojan. PSI.BAZALOADER.YXAK-A | 16.323.00 | 2020-11-02 |
| Trojan.BAT.COBALSTART.A | 16.561.00 | 2021-02-26 |
| Trojan.BAT.COBALSTART.YABBM | 16.617.00 | 2021-03-26 |
| Trojan.BAT.COBALSTART.YABBS | 16.617.00 | 2021-03-26 |
| Trojan.BAT.COBEACON.YABBL | 16.617.00 | 2021-03-26 |
| Trojan.BAT.CONTlSTART.YABBM | 16.617.00 | 2021-03-26 |
| Trojan.BAT.KILLAV.WLDS | 16.653.00 | 2021-04-13 |
| Trojan.BAT.KlLLAV.YABBS | 16.617.00 | 2021-03-26 |
| Trojan.BATCONTlSTART.YABBM | 16.617.00 | 2021-03-26 |
| Trojan.PS1.COBALT.YABBS | 16.617.00 | 2021-03-26 |
| Trojan.Win32.BAZALOADER.YXAK-A | 16.323.00 | 2020-11-02 |
| Trojan.Win64.BAZARLOADER.YABBM | 16.617.00 | 2021-03-26 |
| Trojan.XML.KlLLAV.YABBS | 16.617.00 | 2021-03-26 |
| Trojan.XMLKILLAV.AA | 16.549.00 | 2021-02-20 |
| Worm.BAT.COBALT.YABBS | 16.617.00 | 2021-03-26 |
| Worm.BAT.KlLLAV.YABBS | 16.617.00 | 2021-03-26 |
Predictive Machine Learning
| DETECTION | PATTERN BRANCH/VERSION |
|---|---|
| TROJ.Win32.TRX.XXPE50FFF042 | In-the-Cloud |
| TROJ.Win32.TRX.XXPE50FFF041 | In-the-Cloud |
Behavior Monitoring
| PATTERN BRANCH/VERSION | RELEASE DATE |
|---|---|
| FLS.IBT.4851T | Behavior Monitoring OPR 2.187 |
| RAN4056T | Behavior Monitoring OPR 1.907 |
Web Reputation
| URL | CATEGORY | BLOCKING DATE |
|---|---|---|
| URL Protection | Malware Accomplice, Disease Vector, Ransomware | In-the-Cloud |
| PATTERN VERSION | RELEASE DATE |
|---|---|
| Email Protection | Anti-Spam Pattern 6040 |
Solution Map - What should customers do?
To update Trend Micro products, refer to the corresponding Online Help Center guides.
Recommendation
Make sure to always use the latest pattern available to detect the old and new variants of Nefilim ransomware.
- Please refer to the KB article on Recommendations on how to best protect your network using Trend Micro products.
- You may also check the article on Submitting suspicious or undetected virus for file analysis to Technical Support.
- For support assistance, please contact Trend Micro Technical Support.
Threat Report
- Threat Encyclopedia: Ransom.Win32.CONTl.D
- Threat Encyclopedia: Ransom.Win32.CONTl.E
- Threat Encyclopedia: Ransom.Win32.CONTl.l
- Threat Encyclopedia: Ransom.Win32.CONTl.J
- Threat Encyclopedia: Ransom.Win32.CONTl.YAAl-A
- Threat Encyclopedia: Backdoor.Win32.BAZAR.AB
- Threat Encyclopedia: Backdoor.Win64.BAZAR.A
- Threat Encyclopedia: Trojan.PS1.BAZALOADER.YXAK-A
- Threat Encyclopedia: Trojan.Win32.BAZALOADER.YXAK-A
- Threat Encyclopedia: Trojan.Win64.BAZALOADER.YXAK-A