Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Get the latest Threat Report Q3 2018 here.

Posts by Threat Research:

Rising Sun Backdoor Malware Launches With Operation Sharpshooter 
Posted on: December 13, 2018

What Is It? Researchers at McAfee have released a report into a new Advanced Persistent Threat (APT) campaign they have named Operation Sharpshooter, which uses a cyber espionage payload they named Rising Sun. The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection,… Read more »

Black Friday Phishing Dos and Don’ts
Posted on: November 21, 2018

The day after Thanksgiving in the U.S. is one its biggest shopping days as retailers do their best to attract customers to their online and offline stores. Shoppers, looking for the best bargains, know that swift action can often get them the rarest of deals. Of course, malware attackers know this and, thus, create Black… Read more »

DarkGate Malware Avoids Endpoint AV Detection
Posted on: November 19, 2018

What Is It? Researchers at enSilo have released a blog post describing a new malware campaign, named DarkGate. DarkGate is capable of stealing crypto wallets, enabling remote control of the infected system, performing key logging and installing ransomware and cryptocurrency miners. The campaign is affecting users mainly in France and Spain. It is spread by… Read more »

Ursnif Delivered Using Microsoft Word Online Video Function
Posted on: November 16, 2018

What Is It? Trend Micro’s team posted a blog describing a weaponized version of the PoC being used to propagate Ursnif, an information stealing trojan. This is less than three weeks after the research team at Cymulate detailed a proof of concept (PoC) they had discovered in order to misuse the online video functionality of… Read more »

Jaff Ransomware Causes Havoc
Posted on: October 30, 2018

What Is It? Jaff ransomware was first released into the wild on May 11, 2017, just a day before the initial WannaCry attack. Due to the significantly greater scope and impact of WannaCry, Jaff has been somewhat overshadowed in terms of coverage. It was spread via malicious spam emails sent by the Necurs botnet. The… Read more »

Oceansalt Attacks Infrastructure, Finance, Universities and Telecommunications
Posted on: October 22, 2018

What Is It? Researchers at McAfee have released a report detailing the analysis of APT (Advanced Persistent Threat) activity they have named Operation Oceansalt, which has so far consisted of five campaigns. The first three were directed at South Korean universities and public infrastructure, the fourth at several Canadian and U.S. industries including finance, telecommunications… Read more »

BlackEnergy APT Group Becomes GreyEnergy
Posted on: October 18, 2018

What Is It? Researchers at ESET have released a report into activity they have been tracking by an APT (Advanced Persistent Threat) group they have named GreyEnergy. Their research has linked GreyEnergy to previous activities of one of the most dangerous APT groups, whose potential threat is particularly targeted at the Ukraine and the energy… Read more »

Flash Updater Adds Cryptocurrency Miner
Posted on: October 15, 2018

What Is It? Adobe has set the official end of life date for its frequently exploited Flash software at the end of 2020. This date cannot come soon enough. Despite a significant reduction in its use, Flash continues to be regularly exploited by attackers. In the most recent case, as detailed by researchers from Palo… Read more »

Malware 101: How Malware Avoids Static Detection Techniques
Posted on: October 10, 2018

In order to successfully execute their malware on endpoints, attackers need to design their code to evade two categories: static detection (when the code is at rest) and behavioral detection (when the code is executing). As a security professional, understanding how an attacker utilizes a combination of evasion techniques can provide insight into how you… Read more »

Danabot Banking Malware Targets U.S. Organizations
Posted on: October 05, 2018

What Is It? The Danabot banking trojan was first seen by researchers in May 2018, targeting customers of Australian financial institutions. Since that time, other campaigns have been aimed at European banking customers in Poland, Italy, Germany, Austria and Ukraine. A recent report by the researchers at Proofpoint describes a campaign directed at customers of… Read more »