February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 23, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 23, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 23, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 23, 2022
Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- 614ff505dc58f051050d703e886a9f9b
SHA-256
- 5d3b73f33169ea63cb2c9f119ac1b16c205c3518f56d47baf3e55b0761a18dc6
SHA-1
- 68682a95e4d65bcc00e71b1182a7faaabfe686e8
Remediation
- Search for IOCs in your environment.
- Block all threat indications at their respective controls.