Threat Exchange Network blog: January 2018

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.

Skygofree: Following in the footsteps of HackingTeam

At the beginning of October 2017, Kaspersky discovered new Android spyware with several features previously unseen in the wild. In the course of further research, they found a number of related samples that point to a long-term development process.

[54 IOCs]

Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA

Few cybercrime groups have gained as much notoriety – both for their actions and for their mystique – as the Lazarus group, claims TrendMicro. Since they first emerged back in 2007 with a series of cyber espionage attacks against the South Korean government, these threat actors have successfully managed to pull off some of the most notable and devastating targeted attacks – such as the widely-reported 2014 Sony hack and the 2016 attack on a Bangladeshi bank – in recent history.

[17 IOCs]

Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in Recent Campaign

FireEye researchers recently observed threat actors leveraging relatively new vulnerabilities in Microsoft Office to spread Zyklon HTTP malware. Zyklon has been observed in the wild since early 2016 and provides myriad sophisticated capabilities.

[16 IOCs]

Korea In The Crosshairs

North Korean hackers have conducted at least six different massive malware campaigns during 2017, most of them against targets in South Korea. Security researchers from Cisco’s Talos group who have monitored the situation for 12 months have identified a North Korean threat actor tracked by the experts as Group 123 that conducted numerous malware attacks against entities in the South.

[41 IOCs]

Our community is growing daily – become a member for free, earn recognition for your contributions to the Network.

Read our free cyber security and cyber threat reports

Read now
Demo Free Trial MSSP