Threat Exchange Network blog: October 2019

The Blueliv Threat Exchange Network is a global community of thousands of cybersecurity experts, IT professionals and academics. Each month members publish the latest news, threat data, IOCs and more in order to improve resilience and accelerate incident response. Members can create their own intelligence feed for free by exporting IOCs via our API and numerous SIEM plugins.

The fight against cybercrime is a collaborative effort. Here you’ll find some of the top posts from our Threat Exchange Network over the past month.

Join for free today – in addition to fresh intelligence, members also have access to our automated elastic sandbox and real-time cyberthreat map, including details on active crimeservers.

Hunting Raccoon: The New Masked Bandit On The Block
The growing trend of the commoditization of malware – the MaaS (Malware-as-a-Service) model – is represented by Raccoon, an information stealer appeared this year. Its targets are, among other data, credit card information, cryptocurrency wallets, browser data and email credentials.
[232 IOCs] Learn more >

Masad Clipper and Stealer – Windows spyware exfiltrating data via Telegram
An unusual spyware written using Autoit scripts has been detected this month. It uses Telegram to exfiltrate stolen information dubbed Masad Clipper and Stealer. This malware steals browser data, which might contain usernames, passwords and credit card information.
[146 IOCs] Learn more >

Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
Low threat detection rates and a false sense of security have made mobile users an easy target. Mobile phones today offer access to user location, contacts, email, texts and instant messaging, as well as encrypted communication applications and business files. Mobile devices also often bridge the gap between a target’s professional and personal lives. State-sponsored Advanced Persistent Threat (APT) groups exploit the mobile. dimension for espionage campaigns with impunity.
[111 IOCs] Learn more >

TA505 Distributes New SDBbot Remote Access Trojan with Get2 Downloader
In September and October TA505 has been very active, launching several different campaigns containing malspam, attacking new targets and changing some of their procedures. All campaigns attempted to deliver and install Get2, a new downloader. In the latest campaign, the malware dropped is a new RAT written in C++ (just like GET2).
[59 IOCs] Learn more >

SectorD01 developing custom tools to attack Kuwait
Skabota, Diezen, Gon, Eye, Hisoka and Netero are tools used by the threat actor SectorD01, first detected in 2016. All are general purpose with several functions from scanning and dropping other malware to credential bruteforcing and taking over active directory structures.
[45 IOCs] Learn more >

Our community is growing daily – become a member for free and contribute to the network.

Read our free cyber security and cyber threat reports

Read now
Demo Free Trial MSSP