Rewterz Threat Alert – Threat Indicators – Malspam: Loki Bot Malware - Rewterz

Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings

February 28, 2019

Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators

February 28, 2019

Rewterz Threat Alert – Threat Indicators – Malspam: Loki Bot Malware

Severity: Medium

Analysis Summary

Another malspam campaign is observed dropping lokibot malware through phishing campaign. Threat indicators are provided.

Indicators of Compromise

Email Address

awt[@]awtkorea[.]com

marketing[@]afriquesuiteshotel[.]pw

Malware Hash (MD5/SHA1/SH256)

d3af2a21b826279f39a50ff4efb6f45534135a7d
755861ac1c47cb6caa816e98991984f9956ab4e5
5480aabb36b3fa657c4ffe518916cb9d7ec1625b2ca2ab22bc9dc1daab137024
8370ce17f0fe4a598d22563a9bdbc915be1dd41ba9ce94020fafcdfa4c362ee5
adb316d5aa07820d0d21a24ba6535738
d991887f2ddbbfd98d1a7bccf5b7f112

Remediation

Block the threat indicators at their respective controls
Always be suspicious of unsolicited email
Never click/ download any attachments sent from unrecognized senders