Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
9 entries found.
Worm:Win32/Synigh.A
Worm:Win32/Synigh.A is a worm that spreads to other computers across a network. It also has a backdoor component that is capable of connecting to an IRC server and executing commands from a remote attacker.
Alert level:
severe
Worm:Win32/Synigh.B
Worm:Win32/Synigh.B is a worm that spreads to other computers across a network. It also has a backdoor component that is capable of connecting to an IRC server and executing commands from a remote attacker. It may be dropped in the system by TrojanDropper:Win32/Synigh.B.
Alert level:
severe
TrojanDropper:Win32/Synigh.B
This trojan drops a file detected as Worm:Win32/Synigh.B in the system.
Alert level:
severe
VirTool:WinNT/Rootkitdrv.GH
VirTool:WinNT/Rootkitdrv.GH is a kernel-mode rootkit trojan installed and run by Worm:Win32/Synigh.A. This trojan also hides components of the same backdoor.
Alert level:
severe
Backdoor:WinNT/IRCbot.gen!A
Backdoor:WinNT/IRCbot.gen!A is a generic detection for a component that may be utilized by other malware in order to provide stealth, thus hiding the malware's presence from the affected user. In the wild, we have observed WinNT/IRCbot being utilized by Worm:Win32/Synigh for this purpose.
Alert level:
severe
Backdoor:Win32/IRCbot.gen!O
Backdoor:Win32/IRCbot.gen!O is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Alert level:
severe
Backdoor:Win32/IRCbot.gen!U
Backdoor:Win32/IRCbot.gen!U is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Alert level:
severe
WinNT/IRCbot
WinNT/IRCbot is a generic detection for a component that may be utilized by other malware in order to provide stealth, thus hiding the malware's presence from the affected user. In the wild, we have observed WinNT/IRCbot being utilized by Worm:Win32/Synigh for this purpose.
Alert level:
high
Backdoor:Win32/IRCbot.gen!V
Backdoor:Win32/IRCbot.gen!V is a generic detection for a trojan that allows unauthorized access and control of an affected machine by a remote attacker using IRC. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from an attacker. This particular detection may trigger on variants of several different IRC bot families, including Win32/Pushbot and Win32/Synigh.
Alert level:
severe