on

Threat Exchange Network blog: July 2019

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crimeservers.

Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
A malspam campaign has been detected distributing the Sodinokibi ransomware emails. They have been designed to look like official BSI messages. The email contains a malicious PDF attachment that downloads an HTA file. When opened it uses a Living off the Land tactic to evade detection and download the ransomware.[826 IOCs] Learn more >

Tracking the infamous IoT malware Mirai
There has been a sharp uptick in Mirai activity with a spike starting in November 2018, doubling between Q118 and Q119. There are currently more than 60 variants of the malware with potential to impact cloud servers and compromise critical information. [122 IOCs] Learn more >

Monokle: the mobile surveillance tooling of the Special Technology Center
A highly targeted mobile malware threat using a set of custom Android surveillance tools has been discovered by researchers. The tools are believed to have links to Russian threat actors. Monokle is unique in that it uses existing methods in novel ways to be extraordinarily effective at data exfiltration, even without root access. [78 IOCs] Learn more >

Formbook back hitting UK in fake order emails
This strain is a .exe file inside a zip which pretends to be an Excel spreadsheet. Formbook creates dozens of .ini files and screenshots containing stolen user information. [53 IOCs] Learn more >

Maze ransomware
Maze ransomware, aka ChaCha ransomware, has been discovered being distributed by the Fallout exploit kit. After encryption, it creates a a ransom note named “DECRYPT-FILES.html” in each encrypted folder. The bottom of the ransomnote is a base64 string containing a private decryption key and some computer information. [30 IOCs] Learn more >

Our community is growing daily – become a member for free and contribute to the network.

Demo Free Trial Community Newsletter