Rewterz

Rewterz Threat Advisory – CVE-2020-3991 – VMware Horizon Client for Windows

October 16, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-16947 – Microsoft Outlook Remote Code Execution Vulnerability

October 16, 2020

Rewterz Threat Alert – LokiBot Malware – IOC’s

Severity

Medium

Analysis Summary

LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Androidand Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is designed to target users. LokiBot gathers saved logins/passwords (mostly in web browsers) and continually tracks users’ activity (for instance, recording keystrokes). Recorded information is immediately saved on a remote server controlled by LokiBot’s developers.

Impact

  • Credential theft 
  • Information theft 
  • Exposure of sensitive data

Indicators of Compromise

URL

  • http[:]//www[.]amhercom-mx[.]com/kgtdeitobregvdgetyhskofwuendkfptktnbujgmfikpltduf/Afvzirn
  • http[:]//104[.]223[.]170[.]13/mruncity/Panel/five/fre[.]php
  • http[:]//www[.]amhercom-mx[.]com/ofwuendkfptktnbujgmfkgtdeitobregvdgetyhsk/fuTYHfjjojk[.]exe
  • http[:]//weeshoppi[.]com/wp-includes/ID3/z/806032[.]jpg
  • http[:]//weeshoppi[.]com/wp-includes/ID3/z/51037[.]jpg
  • http[:]//18[.]185[.]184[.]17/G6/5260231[.]jpg
  • http[:]//195[.]69[.]140[.]147/[.]op/cr[.]php/jGY5ppdUi8XBs
  • http[:]//eddyholdingshuttle[.]co[.]za/images/img/jui/commericial[.]exe

Remediation

  • Block all threat indicators at your respective controls. 
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.