Threat Exchange Network blog: June 2018

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feeds for free by exporting these IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.

My Little FormBook

A new campaign involving the FormBook malware has been observed using four different malicious documents in a single phishing email. According to Cisco Talos, FormBook is an inexpensive stealer available as ‘malware-as-a-service,’ meaning the attacker can customize the malware based on their parameters before purchase. The malware is able to record keystrokes, steal passwords (stored locally and in web forms) and take screenshots. [71 IOCs]

Italy rocked by new Ursnif Banking Trojan variant served by Necurs

From 6th June, a new variant of Ursnif hit Italian companies. This banking trojan was the most active malware code in the financial sector in 2016 and has continued its activity since. Previously targeting users in Japan, North America, Europe and Australia, its evasion techniques improved and it spread worldwide. According to a new report, it is able to steal users’ credentials, credentials for local webmail, cloud storage, cryptocurrency exchange platforms and e-commerce sites. [24 IOCs]

MalHide analysis

An analysis of a new malware sample – MalHide – discovered that it implements a new attack path, using the compromised system as email relay in order to hide the attacker networks. The email attachment presents some macro functions, while many junk functions have been injected into the VBA side to make life harder for reverse engineers. [11 IOCs]

GZipDE encrypted downloader serving Metasploit

A new malicious document targeting a Middle Eastern news network emerged at the end of May, ostensibly because of an article published about the next Shanghai Cooperation Organization Summit. According to the research, it is the first step of a multistage infection in which several servers are involved, with the final goal of installing a Metasploit backdoor. [7 IOCs]

Our community is growing daily – become a member for free, earn recognition for your contributions to the Network.

Read our free cyber security and cyber threat reports

Read now
Demo Free Trial MSSP