Attention: We have transitioned to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access. While the app may appear unverified, you can confirm its legitimacy by verifying the App ID provided.
17 entries found.
Win32/Oficla
Win32/Oficla is a familiy of trojans that attempts to inject code into running processes in order to download and execute arbitrary files. In the wild, we have observed variants of this family downloading and installing several different malware families, including Win32/FakeScanti and Win32/Cutwail.
Alert level:
severe
TrojanDropper:Win32/Oficla.A
TrojanDropper:Win32/Oficla.A is a detection for a trojan that installs and executes Trojan:Win32/Oficla.E. This Win32/Oflicla variant attempts to download TrojanDownloader:Win32/FakeScanti from a remote Web site.
Alert level:
severe
Trojan:Win32/Oficla.G
Trojan:Win32/Oficla.G is a trojan that installs and runs Trojan:Win32/Oficla.E. Trojan:Win32/Oficla.E may download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.
Alert level:
severe
Trojan:Win32/Oficla.H!dll
Trojan:Win32/Oficla.H!dll is a trojan that attempts to inject code into a running process to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.
Alert level:
severe
Trojan:Win32/Oficla.H
Trojan:Win32/Oficla.H is a trojan that attempts to inject code into a running process to download a rogue security program, such as TrojanDownloader:Win32/FakeScanti.
Alert level:
severe
VirTool:Win32/Injector.gen!AQ
VirTool:Win32/Injector.gen!AQ is detection for a protection mechanism used by certain malware to avoid detection.
Alert level:
severe
TrojanDropper:Win32/Oficla.H
TrojanDropper:Win32/Oficla.H is a detection for a trojan that installs and executes Trojan:Win32/Oficla.M. This Win32/Oflicla variant attempts to connect with a remote host and download a configuration data file that instructs the trojan to retrieve other malware from additional download locations.
Alert level:
severe
TrojanDropper:Win32/Oficla.G
TrojanDropper:Win32/Oficla.G is a detection for a trojan that installs and executes Trojan:Win32/Oficla.M. This Win32/Oflicla variant attempts to connect with a remote host and download a configuration data file that instructs the trojan to retrieve other malware from additional download locations.
Alert level:
severe
TrojanDropper:Win32/Oficla.D
TrojanDropper:Win32/Oficla.D is a detection for a trojan that installs and executes Trojan:Win32/Oficla.M. This Win32/Oflicla variant attempts to connect with a remote host and download a configuration data file that instructs the trojan to retrieve other malware from additional download locations.
Alert level:
severe
TrojanDropper:Win32/Oficla.J
TrojanDropper:Win32/Oficla.J is a detection for a trojan that installs and executes Trojan:Win32/Oficla.M, a trojan that attempts to inject code into a running process to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti.
Alert level:
severe
Trojan:Win32/Oficla.V
Trojan:Win32/Oficla.V is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected machine.
Alert level:
severe
TrojanDropper:Win32/Oficla.V
TrojanDropper:Win32/Oficla.V is a detection for malware that drops and loads payload components of Win32/Oficla.
Alert level:
severe
Trojan:Win32/Oficla.AC
Trojan:Win32/Oficla.AC is a trojan that attempts to contact a remote server to download and execute arbitrary files. In the wild, it has been observed downloading TrojanDropper:Win32/Bamital.C, which in turn infects the compromised system with Virus:Win32/Bamital.C.
Alert level:
severe
Trojan:Win32/Oficla.AH
Trojan:Win32/Oficla.AH is a trojan that searches for certain strings that suggests a user accesses certain online financial institutions and attempts to communicates this with a remote server. The trojan may also attempts to download arbitrary files.
Alert level:
severe
Trojan:Win32/Oficla.K
Trojan:Win32/Oficla.K is a trojan that attempts to inject code into a running process to download a rogue security program, such as TrojanDownloader:Win32/FakeScanti.
Alert level:
severe
Trojan:Win32/Oficla
Alert level:
severe
TrojanDropper:Win32/Oficla
Alert level:
severe