Vawtrak is a serious threat for the finance sector and is a major banking Trojan.

Vawtrak is a serious threat to the financial sector and is predicted to be the next major banking Trojan. Blueliv’s investigation into Vawtrak v2 reveals new information to piece together a more complete view of the Vawtrak banking Trojan and the cybercriminal groups behind it.

The report enables CISOs, researchers, security experts and incident response teams to enhance their understanding of Vawtrak and the ways in which it’s distributed and executed, in order to keep up with the evolution of cybercrime targeting financial services. It also provides real infection data and Indicators of Compromise (IOCs) that readers can input into their existing security solutions to enhance their protection.

Organizations need to integrate IOCs into existing internal security solutions
Gain technical insight into the unusual network topology behind Vawtrak and how these complexities enable them to maintain botnet infections
Organizations must raise awareness of the most common malware distribution methods and educate end-users on how to identify phishing and social engineering techniques

Investigation reveals that 2.5m credentials have been exfiltrated by the botnet to date
85,000 botnet infections detected
Approximately 82% infections worldwide target the US
Top five countries targeted: US, Canada, UK, India, France
Over 4000 IOCs identified: 2100 URLS, 200 malware samples, 1800 domains/IPs

Network insights into Vawtrak v2

Binary Insights of Vawtrak v2 Banking Trojan

Download Report

Join our Community

The Blueliv Threat Exchange Network forms part of a wider cyber threat ecosystem centered around a strong, collaborative community, and we want you to be a part of it. Come and join the fight against cybercrime.

Join the Fight

Cookies Policy

Cookies are small data files that many internet sites automatically download to a user’s computer, phone or tablet’s hard disk. They are basically used in helping web sites to register, store or recognize certain information on the browsing activity of a user. Among other uses, Cookies allow to recognize that a user that has visited a website previously and to simplify the logging on process for registered user. This Website uses cookies so that we can better service your return to the Site (further details on the exact cookies and their purposes are set out below) and obtain information about your browsing experience in order to improve the products and services offered.

A User does not have the obligation to accept Cookies and may voluntarily opt-out, but without accepting them the User may experience reduced Site functionality. If the User should wish to reject the cookies it should read the information contained in User’s browser software to see how to turn-off the automatic download feature. For more information about cookies, including how to set the internet browser to reject cookies, User is invited to access the following website: www.allaboutcookies.org.

BLUELIV is currently using the following Cookies in accordance with the instructions and information specified herein:

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Cookie	Duration	Description
__atuvc	1 year 1 month	This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
__atuvs	30 minutes	This cookie is set by Addthis to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Cookie	Duration	Description
_gaexp	1 month 6 days 14 hours	This cookie is used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
___utmvc		This cookie is used for the function of Google Analytics. The cookie store the visitor-level custom variable data.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
uvc	1 year 1 month	The cookie is set by addthis.com to determine the usage of Addthis.com service.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
loc	1 year 1 month	This cookie is set by Addthis. This is a geolocation cookie to understand where the users sharing the information are located.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Others

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

Cookie	Duration	Description
_calendly_session	21 days	No description
_gaexp_rc		No description
_gat_UA-39375751-1	1 minute	No description
_hjAbsoluteSessionInProgress	30 minutes	No description
_hjIncludedInPageviewSample	2 minutes	No description
_hjTLDTest	session	No description
_opt_expid		No description
85f788b9925aa1e2aa70b1b30c07a586	session	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 8 months 10 days 14 hours	No description
incap_ses_1319_828263	session	No description
incap_ses_1364_828263	session	No description
incap_ses_454_828263	session	No description
incap_ses_456_828263	session	No description
incap_ses_458_828263	session	No description
incap_ses_8218_828263	session	No description
incap_ses_868_828263	session	No description
incap_ses_869_828263	session	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
visid_incap_828263	1 year	No description