Rewterz Threat Alert – Gootloader – Active IOCs

June 17, 2021

Rewterz Threat Advisory – CVE-2021-31521 – Trend Micro InterScan Web Security Virtual Appliance Vulnerability

June 18, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

June 18, 2021

Severity

Medium

Analysis Summary

LokiBot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed
to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes)

Impact

Information theft
Exposure of sensitive data
Credential Theft

Indicators of Compromise

MD5

6525fe8c07697708e40d80d68c074149
df12b462dd4b39e28c6101c4ae3a0c9d
e50669d67367951aeb58d3aaff69125c
69c74a2c621623c9045c9f68d3cea779
a56883a8c35dcf0ba1ab8263afa220e4
540c23460b99463e5cb0f19431fcddd2

SHA-256

efc96f6bcd9710fdf3107aab5e3beb2c34728af77fccfbe1af951a1bd3cd9fd8
5f01ed3d8a634dbabb0d691cae1a2458324f50c16a7a2aedc5b234657a15291d
24a14c2f62d03e35d29e3d0ccc262ee68f88534266f0a252938e5bc544ff9bfb
a73bae0022c8d7e7a0daf987bc193355748c960d3eba65059072687e8743c552
ddfe356d1cfd8416dd86f291ef9b9429c22e70e612d61291df67062cc5b39a8f
2d8f2418755792d092562805716017f3a4a4da1b83b5d20f3194a63a40e1ca72
af59ad1a7b64c538841da1e3caecc7fdcba60c91ab9e563bca7213d23893edf8
d324d33233edf16f00bb4c9a06a14eee0ef15f8d90a3b9f62213e0ea9054312d
e24371de28bc3b74f7bb0c93d8f9b58b04fcf66654c4e5280b8407fc5df8261a
dd601f6ff52b9b86a7e2f8d1c5035d84953b07b84847e528d1efd9662492ee81
d05137187ad1369e08988ebedf21dbe0eb3b17de4dc580d933a0a3a996ce0f8d
719daac4d480053d0d987e36471d320a3a8cb04d3eabbdd4e1971d9f0cab3b22

SHA-1

66194367e00e0c49975ac1a7b0f9229a46037c99
e3a7f066ccdcb142c67e5f8370ace3b5c4db7672
3d754fcb9b66143664df7a12fc709471a29e4c39
fda926f20eb42a5e0701c236f055c67d8f44c672
1aa05dd9a33aca544fd3b705a421ee930c2e33e4
82a861a72bcff67a8410fb501adfa26d31711077

Remediation

Block all threat indicators at your respective controls
Search for IOCs in your environment

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us