Threat Exchange Network blog: August 2019

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crimeservers.

TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmy
One of the most active cybercriminal groups expands its attack circle to include Turkey, Serbia, Romania, Korea and Canada amongst others. They are now using .ISO image attachments as well as a .NET downloader. [203 IOCs] Learn more >

In the Balkans businesses are under fire from a double-barreled weapon
BalkanDoor and BalkanRAT are two malicious tools with a similar purpose – a backdoor and a Remote Access Trojan that allow the attacker to remotely control the compromised computer via graphical interface or via command line. Malicious email is the typical injection tool. [140 IOCs] Learn more >

An advertising dropper in Google Play
Popular mobile app CamScanner has been infected by malware whose main task has been the download and launch of its payload from malicious servers. The problem has been detected thanks to the negative reviews of active users. Cooperation is the key in the fight against the cybercrime. [41 IOCs] Learn more >

Hackers Use Fake NordVPN Website to Deliver Banking Trojan
A group that used to hijack websites and infect them with malware has switched their tactics. On the past month they cloned several websites including NordVPN and used valid SSL certificates to deliver banking Trojans and infostealers. [30 IOCs] Learn more >

Varenyky: French spambot
This inoffensive name of Ukrainian dumplings uncovers a spambot malware targeting Orange S.A. users (French ISP). It steals the users´ passwords and spy victims´ screen when they are watching pornographic content online. [26 IOCs] Learn more >

Our community is growing daily – become a member for free and contribute to the network.

Meanwhile, check the links below to see some of our latest technical blog posts:

Old tricks still work: anti-VM / anti-sandbox tricks in targeted malware

An analysis of a spam distribution botnet: the inner workings of Onliner Spambot

Read our free cyber security and cyber threat reports

Read now
Demo Free Trial MSSP