Threat Exchange Network blog: January 2019

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.

OVERRULED: containing a potentially destructive adversary

It has been reported that APT33 is probably behind a series of intrusions in the engineering sector, which may be related to recent destructive attacks. The actor is leveraging publicly available tools in the early phases of the intrusion, before transitioning to custom implants in later stage activity. [31 IOCs]  Learn more >

Android Wallpaper apps detected running ad fraud scheme

Fifteen malicious wallpaper apps have been found in Google Play Store committing click ad fraud. These apps have been collectively downloaded over 222,000 times, with Italy, Taiwan, the US, Germany and Indonesia most affected. Google has confirmed that it has removed the apps. [18 IOCs] Learn more >

Dissecting the Danabot payload targeting Italy

In the last weeks, a new variant of the infamous botnet called Danabot hit Italy. One of these recent variants leveraged ‘Fattura’-themed phishing emails, where the payload was dropped abusing a macro-enabled word document able to download the malicious DLL payload. [27 IOCs] Learn more >

Roma225 campaign

A recent espionage malware implant weaponized to target the Italian automotive sector was recently uncovered. It was spread through phishing mail impersonating a senior partner at a Brazilian law firm. Malicious emails intercepted during teh CSDC operations contains a PowerPoint add-in document armed with an auto-open VBA macro code. [11 IOCs] Learn more >

Our community is growing daily – become a member for free and contribute to the network.


Demo Free Trial Community