Network insights into Vawtrak v2. Banking Trojan Report

Vawtrak is a serious threat to the financial sector and is predicted to be the next major banking Trojan. Blueliv’s investigation into Vawtrak v2 reveals new information to piece together a more complete view of the Vawtrak banking Trojan and the cybercriminal groups behind it.

The report enables CISOs, researchers, security experts and incident response teams to enhance their understanding of Vawtrak and the ways in which it’s distributed and executed, in order to keep up with the evolution of cybercrime targeting financial services. It also provides real infection data and Indicators of Compromise (IOCs) that readers can input into their existing security solutions to enhance their protection.

Organizations need to integrate IOCs into existing internal security solutions
Gain technical insight into the unusual network topology behind Vawtrak and how these complexities enable them to maintain botnet infections
Organizations must raise awareness of the most common malware distribution methods and educate end-users on how to identify phishing and social engineering techniques

Investigation reveals that 2.5m credentials have been exfiltrated by the botnet to date
85,000 botnet infections detected
Approximately 82% infections worldwide target the US
Top five countries targeted: US, Canada, UK, India, France
Over 4000 IOCs identified: 2100 URLS, 200 malware samples, 1800 domains/IPs

Network insights into Vawtrak v2

Binary Insights of Vawtrak v2 Banking Trojan

Download Report

Join our Community

The Blueliv Threat Exchange Network forms part of a wider cyber threat ecosystem centered around a strong, collaborative community, and we want you to be a part of it. Come and join the fight against cybercrime.

Join the Fight

Chasing cybercrime