on March 1, 2018

Threat Exchange Network blog: February 2018

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.

Deciphering Confucius’ Cyberespionage Operations

In today’s online chat and dating scene, romance scams are not uncommon, with catfishing and cybercriminals toying with their victims’ emotions and cashing in. It’s quite odd (and probably underreported), however, to see it used as a vector for cyberespionage.

[74 IOCs]

 

Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most, is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind: jackpotting.

[6 IOCs]

 

IoT Malware Evolves to Harvest Bots by Exploiting a Zero-day Home Router Vulnerability

In early December 2017, 360 Netlab discovered a new malware family which they named Satori. Satori is a derivative of Mirai and exploits two vulnerabilities: CVE-2014-8361 a code execution vulnerability in the miniigd SOAP service in Realtek SDK, and CVE 2017-17215 a newly discovered vulnerability in Huawei’s HG532e home gateway patched in early December 2017.

[41 IOCs]

 

MedusaHTTP DDoS Slithers Back into the Spotlight

NetScout writes about MedusaHTTP, an HTTP-based DDoS botnet written in .NET, that surfaced in early 2017. MedusaHTTP is based on MedusaIRC which leveraged IRC for its command and control communications instead of HTTP.

[16 IOCs]

 

Our community is growing daily – become a member for free, earn recognition for your contributions to the Network.


Community Trial Demo