The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.
Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crime servers.
Ursnif reloaded: tracing the latest trojan campaigns
Ursnif malware can be traced back to 2007 with ZeuS and SpyEye, and maintains strong infection capabilities. Its most recent campaign uses a malicious email with a Word document attached, and appears to have an Italian-speaking audience in its sights. [65 IOCs] Learn more >
Telegram clones being used to steal information from Iranian victims
Since Telegram is banned in Iran, users have been resorting to apps which copy its functionality. Some of these contain malware allowing criminals to steal information or control the infected device. [57 IOCs] Learn more >
TrickBot malspam campaign targeting US recipients
A new malspam campaign targeting the US has been discovered, carrying files which downloads macros and installs TrickBot. The emails use fake invoices to deliver their payload. [27 IOCs] Learn more >
The Rotexy mobile trojan – banker and ransomware
This trojan targets smartphones, and was first discovered in 2014. The most recent version bundles functionalities of some of the most popular malware, including accessing and blocking SMS, phishing banking information, or blocking like ransomware. Interestingly, it is pretty simple to disable – it receives instructions from the C&C via text, but doesn’t check the source, meaning that the victim can simply send messages from another phone to deactivate it. [23 IOCs] Learn more >
Is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create your own intelligence feed for free by exporting these IOCs via our API and numerous SIEM plugins.