This week njRAT has moved back to the top of the list in terms of the most reported malware on TruSTAR. While Emotet has remained highly active it has switched from delivering IcedID to target in the U.S. to delivering Trickbot, which has moved up into the Top 5 malware category for the first time since we began tracking these trends on the platform. The change has been noted by Brad Duncan at @malware_traffic as well.
Where commodity malware is concerned, DarkComet and Nanocore remain among the most commonly seen with their positions unchanged from our last look. IOCs for the top three malware can be found on TruSTAR here.
New to the scene is KeyPass and B0r0nt0K ransomware. KeyPass does not target a specific file extension but instead seeks to encrypt nearly everything on the drive which could potentially cause greater damage than just lost access to files. IOCs can be found on TruSTAR here.
Being aware of B0r0nt0K ransomware is important not so much because of prevalence (it's just now ramping up), but because it demands 20 Bitcoin (~$75,000 current value) from victims. The latter is using phishing and other social engineering attack vectors and does not yet have much in the way defense of by AVs. The Internet Patrol has more info on what little is known at present.