Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Get the latest Threat Report Q3 2018 here.

Posts by Threat Research:

Danabot Trojan Evades IDS/IPS Detection
Posted on: February 13, 2019

What Is It? As previously discussed in a threat report in October 2018, the Danabot trojan has been under active development since it was first observed in May 2018. This development has continued as researchers at ESET noted a new version in December 2018 that added email address harvesting and spam sending functions. The most recent version, discussed in… Read more »

Ursnif Trojan Campaign Uses Steganography and Mario
Posted on: February 12, 2019

What Is It? A new Ursnif campaign discovered by researchers at Bromium, and later reported by media, utilizes a Microsoft Excel file containing a malicious macro, Powershell and an image of the Nintendo character Mario. There are a few noteworthy aspects of this attack, beginning with the Mario image. The image was not downloaded to be… Read more »

Dunihi RAT Tricks Legacy Anti-Virus
Posted on: February 01, 2019

What Is It? It has been well known that signature-based anti-virus (AV) solutions have significant shortcomings, especially when attempting to detect new advanced persistent threats (APTs). However, many people might assume that legacy AV is still capable of detecting basic attacks that utilize relatively old code. This is not necessarily the case, as in the… Read more »

Anatova Ransomware Built for Speed
Posted on: January 23, 2019

What Is It? Researchers at McAfee have detailed their discovery of a new piece of ransomware they named Anatova. What makes Anatova different is the apparent level of skill of the authors and the code’s modular design. The authors clearly placed a value on the level of effort they expended as the cybercurrency ransom is… Read more »

Emotet Authors Refresh Attacks After Orthodox Christmas
Posted on: January 16, 2019

What Is It? A report from researchers at Cisco TALOS describes the detection of recent Emotet trojan campaign. Currently, Emotet is one of the most prolific of trojans with a history of being continuously updated by its authors. Initially released as a banking trojan, Emotet is often deployed as an initial malware infection, downloading various payloads,… Read more »

Vidar Malware Packs a Trojan and Ransomware Punch
Posted on: January 09, 2019

Researchers at Malwarebytes have reported on a new malware campaign that uses a new variant of Arkei malware, which they’ve named Vidar. The campaign, which they tracked for several weeks, begins with malicious advertising (malvertising) and results in the installation of information stealing malware, which then installs GandCrab ransomware. The information stealing malware most commonly… Read more »

Rising Sun Backdoor Malware Launches With Operation Sharpshooter 
Posted on: December 13, 2018

What Is It? Researchers at McAfee have released a report into a new Advanced Persistent Threat (APT) campaign they have named Operation Sharpshooter, which uses a cyber espionage payload they named Rising Sun. The Rising Sun backdoor uses the RC4 cipher to encrypt its configuration data and communications. As with most backdoors, on initial infection,… Read more »

Black Friday Phishing Dos and Don’ts
Posted on: November 21, 2018

The day after Thanksgiving in the U.S. is one its biggest shopping days as retailers do their best to attract customers to their online and offline stores. Shoppers, looking for the best bargains, know that swift action can often get them the rarest of deals. Of course, malware attackers know this and, thus, create Black… Read more »

DarkGate Malware Avoids Endpoint AV Detection
Posted on: November 19, 2018

What Is It? Researchers at enSilo have released a blog post describing a new malware campaign, named DarkGate. DarkGate is capable of stealing crypto wallets, enabling remote control of the infected system, performing key logging and installing ransomware and cryptocurrency miners. The campaign is affecting users mainly in France and Spain. It is spread by… Read more »

Ursnif Delivered Using Microsoft Word Online Video Function
Posted on: November 16, 2018

What Is It? Trend Micro’s team posted a blog describing a weaponized version of the PoC being used to propagate Ursnif, an information stealing trojan. This is less than three weeks after the research team at Cymulate detailed a proof of concept (PoC) they had discovered in order to misuse the online video functionality of… Read more »