Threat Exchange Network blog: September 2018

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.

Xbash combines botnet, ransomware, coinmining in worm targeting Linux and Windows

A new malware family targeting Linux and Windows has been detected, linked to Iron Group.  Xbash has both ransomware and coinmining capabilities, in addition to being self-propagating  (similar to WannaCry or NotPetya). It spreads by attacking weak passwords and unpatched vulnerabilities, and is data-destructive. In fact, there is no functionality that would enable restoration after a ransom is paid. [45 IOCs]
Learn more >

Kodi add-ons cryptomining 

Kodi is a media player which has functionalities that can only be added through add-ons. A cryptomining malware was found in the XcMBC repository, which has spread across the ecosystem through routine updates by unsuspecting owners of other third-party add-on repositories and ready-made Kodi builds. [39 IOCs]
Learn more >

DanaBot targets Europe

Modular banking trojan DanaBot was first discovered in malicious email campaigns targeting users in Australia. Written in Delphi, its multi-stage and -component architecture continues to be actively developed. It was recently detected in a campaign targeting Poland, which is still ongoing. [38 IOCs]
Learn more >

Cogeco Peer 1 the latest in a line of compromised cloud hosting services

Cogeco Peer 1 has been found to serve phishing attacks and other malware in the wild as far back as February 2018. One of the domains hosted by this service provider, called ‘flexsel[.]ca’ is distributing a malicious document that installs a crypto-wallet stealer on victims’ machines, amongst other issues. [32 IOCs]
Learn more >

Partnerstroka scam operation features latest browser locker

Despite actions by security vendors, tech support scams continue to be one of the top consumer cyberthreats this year. One particular scam campaign has been relying on malvertising to redirect users to browser lockers (browlocks) pages. [24 IOCs]
Learn more >

Our community is growing daily – become a member for free and contribute to the network.

Discover more about Blueliv

Learn how Blueliv can help your organization manage cyber risk.

Read now
Demo Free Trial MSSP