Chasing cybercrime

Network insights into Vawtrak v2

Network insights into Vawtrak v2

Vawtrak is a serious threat for the finance sector and is a major banking Trojan.


Vawtrak is a serious threat to the financial sector and is predicted to be the next major banking Trojan. Blueliv’s investigation into Vawtrak v2 reveals new information to piece together a more complete view of the Vawtrak banking Trojan and the cybercriminal groups behind it.

The report enables CISOs, researchers, security experts and incident response teams to enhance their understanding of Vawtrak and the ways in which it’s distributed and executed, in order to keep up with the evolution of cybercrime targeting financial services. It also provides real infection data and Indicators of Compromise (IOCs) that readers can input into their existing security solutions to enhance their protection.

  • Organizations need to integrate IOCs into existing internal security solutions
  • Gain technical insight into the unusual network topology behind Vawtrak and how these complexities enable them to maintain botnet infections
  • Organizations must raise awareness of the most common malware distribution methods and educate end-users on how to identify phishing and social engineering techniques
  • Investigation reveals that 2.5m credentials have been exfiltrated by the botnet to date
  • 85,000 botnet infections detected
  • Approximately 82% infections worldwide target the US
  • Top five countries targeted: US, Canada, UK, India, France
  • Over 4000 IOCs identified: 2100 URLS, 200 malware samples, 1800 domains/IPs

Network insights into Vawtrak v2

Binary Insights of Vawtrak v2 Banking Trojan

Join our Community

The Blueliv Threat Exchange Network forms part of a wider cyber threat ecosystem centered around a strong, collaborative community, and we want you to be a part of it. Come and join the fight against cybercrime.

Join the Fight