Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Get the latest Threat Report Q3 2018 here.

Posts by Threat Research:

Evil Clippy Bypasses Most Malware Detection Tools
Posted on: May 07, 2019

What Is It? Evil Clippy is available for Windows, macOS and Linux operating systems and uses techniques to modify office documents directly, at the file level, in order to make it much more difficult for security products to detect the malicious macro. A recent article on BleepingComputer.com describes a tool created by security researchers from… Read more »

Sodinokibi Ransomware Targets Oracle Weblogic Vulnerability
Posted on: May 01, 2019

What Is It? The corporate cyber security equivalent of the old real estate adage location, location, location, is patch, patch, patch. For some time now attackers have been actively exploiting vulnerabilities quickly after they are disclosed publicly, or in the case of actual zero-day vulnerabilities, prior to disclosure. For many organizations, timely patching is made… Read more »

Beapy Cryptominer Targets Corporate Networks
Posted on: April 26, 2019

What Is It? Symantec first detected the Beapy cryptominer malware in January 2019. Since then, it has seen increasing activity since March with 98% of infections found in corporate networks. Approximately 80% of infections were detected in China, with the remainder being made up in Japan, South Korea, Hong Kong, Taiwan, Philippines, Vietnam and Bangladesh.… Read more »

Emotet Makes Good Websites Go Bad – Uniden Edition
Posted on: April 16, 2019

What Is It? Legitimate websites are prized by malicious actors as distribution sites for their malware. The primary reason is that a link to a legitimate website is more likely to be clicked on by potential victims. The more well known the organization, the more likely its website or entire domain is whitelisted and less… Read more »

GlitchPOS and DMSniff Join Point-of-Sale Malware Category
Posted on: March 18, 2019

What Is It? Researchers at Cisco TALOS and Flashpoint recently reported their findings into two pieces of Point-of-Sale (POS) trojan malware, known respectively as GlitchPOS and DMSniff. GlitchPOS malware, as detailed by Cisco TALOS, is being marketed by the author similarly to legitimate software. The author has provided screenshots of the control panel, where the… Read more »

Danabot Trojan Evades IDS/IPS Detection
Posted on: February 13, 2019

What Is It? As previously discussed in a threat report in October 2018, the Danabot trojan has been under active development since it was first observed in May 2018. This development has continued as researchers at ESET noted a new version in December 2018 that added email address harvesting and spam sending functions. The most recent version, discussed in… Read more »

Ursnif Trojan Campaign Uses Steganography and Mario
Posted on: February 12, 2019

What Is It? A new Ursnif campaign discovered by researchers at Bromium, and later reported by media, utilizes a Microsoft Excel file containing a malicious macro, Powershell and an image of the Nintendo character Mario. There are a few noteworthy aspects of this attack, beginning with the Mario image. The image was not downloaded to be… Read more »

Dunihi RAT Tricks Legacy Anti-Virus
Posted on: February 01, 2019

What is Dunihi RAT? It has been well known that signature-based anti-virus (AV) solutions have significant shortcomings, especially when attempting to detect new advanced persistent threats (APTs). However, many people might assume that legacy AV is still capable of detecting basic attacks that utilize relatively old code. This is not necessarily the case, as in… Read more »

Anatova Ransomware Built for Speed
Posted on: January 23, 2019

What Is It? Researchers at McAfee have detailed their discovery of a new piece of ransomware they named Anatova. What makes Anatova different is the apparent level of skill of the authors and the code’s modular design. The authors clearly placed a value on the level of effort they expended as the cybercurrency ransom is… Read more »

Emotet Authors Refresh Attacks After Orthodox Christmas
Posted on: January 16, 2019

What Is It? A report from researchers at Cisco TALOS describes the detection of recent Emotet trojan campaign. Currently, Emotet is one of the most prolific of trojans with a history of being continuously updated by its authors. Initially released as a banking trojan, Emotet is often deployed as an initial malware infection, downloading various payloads,… Read more »