March 11, 2025

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Advisory – Adobe Flash Player Zero-Day vulnerability CVE-2018-15982 exploited in APT Attacks

January 4, 2019

Rewterz Threat Advisory – CVE-2018-19725 & CVE-2018-16011 Adobe Reader / Acrobat Multiple Vulnerabilities

January 4, 2019

Rewterz Threat Alert – Malspam campaign dropping LokiBot Malware

January 4, 2019

SEVERITY: Medium

CATEGORY: Informative Updates

ANALYSIS SUMMARY

Another Malspam campaign has been discovered dropping the Loki Bot malware. Just like the LokiBot campaign in December, this one also initiates from malicious emails. However, the Indicators of Compromise retrieved from this campaign are diﬀerent from the previous campaign.

Indicators of Compromise

URLs

hxxp://admin.snzadm[.]ru/js/?cliente=

hxxp://213[.]183[.]51[.]235/lawd/panel/fre.php

Email Address

info[@]email[.]18325

adib[@]impactspur[.]com

Malware Hash

6c1f2700eda668b3e912c3a6ac0bdcec
6e7716f1f1dd4caac37aa6f8274b413f48bdb6f2
a9879832b75061e7cfc6ed363fa7055c3931bfe9c7fd84257d5d62e936e87b9a
20eb496e1487e739567d294570c3654f
e11305455b3a2a03c322cb24ﬀ679917daed8793
f450d6a4eadea4b11e29d493c399ed3cf247a04444afec84a89572a7f41bf14a
ccdc5204c92640beb9735bb38adbfa85
52c5adfb146f873a72cbe52011ba57465021d16f
e032a06a791dcf2971cbed8ce4f8c7d8ce1e844f0468343ed6b503de4438ee5c

Remediation

Please block the threat indicators at their respective controls.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Adobe Flash Player Zero-Day vulnerability CVE-2018-15982 exploited in APT Attacks

Rewterz Threat Advisory – CVE-2018-19725 & CVE-2018-16011 Adobe Reader / Acrobat Multiple Vulnerabilities