March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 7, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 7, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 7, 2021Rewterz Threat Alert – Trickbot Malware- Active IOCs
July 7, 2021
Severity
High
Analysis Summary
Active WhatsApp spam campaign has been detected where there are multiple spam group chat invitations are being sent to different users. This is an active campaign specifically targeted towards users to lure them into different chat groups and rob them off from sensitive data and information. Threat actors are using these spam chat groups to get access to user’s device and their information. This can lead to device takeover as well specially for the people who are active on WhatsApp web.
Impact
- Information theft
- Device takeover
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//vcswhatsappsex60[.]duckdns[.]org/
- http[:]//whatsapp[.]zwebsite0819[.]cf/
- http[:]//vcswhatsappsex62[.]duckdns[.]org/
- http[:]//vcswhatsappsex63[.]duckdns[.]org/
- http[:]//vcswhatsappsex64[.]duckdns[.]org/
- http[:]//joingroupwhatsapp50[.]duckdns[.]org/
- http[:]//vcswhatsappsex65[.]duckdns[.]org/
- http[:]//grupwhatsappnotnot[.]site-lspm[.]tk/
- http[:]//vcswhatsappsex66[.]duckdns[.]org/
- http[:]//joingroupwhatsapp51[.]duckdns[.]org/
- http[:]//vcswhatsappsex67[.]duckdns[.]org/
- http[:]//notnotwhatsapp[.]site-lspm[.]cf/
- http[:]//whatsappgroupinvittejoingroup[.]duckdns[.]org/
- http[:]//vcswhatsappsex71[.]duckdns[.]org/
- http[:]//vcswhatsappsex72[.]duckdns[.]org/
- http[:]//vcswhatsappsex73[.]duckdns[.]org/
- http[:]//vcswhatsappsex74[.]duckdns[.]org/
- http[:]//vcswhatsappsex75[.]duckdns[.]org/
- http[:]//groupwhatsappinvitejoinnow[.]duckdns[.]org/
- http[:]//vcswhatsappsex76[.]duckdns[.]org/
- http[:]//joingrupp-whatsappdewasa-new2021[.]zzux[.]com/
- http[:]//vcswhatsappsex77[.]duckdns[.]org/
- http[:]//chatwhatsapp[.]site-lspm[.]gq/
- http[:]//join-grupwhatsappvirall[.]ga/
- http[:]//vcswhatsappsex78[.]duckdns[.]org/
- http[:]//whatsapp-grup13[.]qwebsite0819[.]ml/
- http[:]//vcswhatsappsex79[.]duckdns[.]org/
- http[:]//groupwhatsappinvitejoinnowgroup[.]duckdns[.]org/
- http[:]//vcswhatsappsex80[.]duckdns[.]org
- http[:]//whatsapp-grup13[.]duckdns[.]org/
- http[:]//vcswhatsappsex82[.]duckdns[.]org/
- http[:]//vcswhatsappsex83[.]duckdns[.]org/
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.