March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Threat Actor Claims to Sell Database of Mossad and Israeli Ministry of Foreign Affairs
April 17, 2024North Korean APT Kimsuky Aka Black Banshee – Active IOCs
April 17, 2024Threat Actor Claims to Sell Database of Mossad and Israeli Ministry of Foreign Affairs
April 17, 2024North Korean APT Kimsuky Aka Black Banshee – Active IOCs
April 17, 2024
Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- 2a4a3291479ab3c056533198f88d7a2c
- 742b63d93401a9af88183725ee503df3
- 678b937e3e7e02e6b27158a8ecc573ab
- 3d56d9ae070f55c37fb785f7091c97d4
- 8864b52d242037414b7c4a230c390ab8
- abcbfb3d531d8efece1fbe4a775ddc42
SHA-256
- 6f3336aba5c3090b559dcdeb912fb17adcbdc8faa76c2f01379e3bc890b8c74e
- 5ffa345944786c7b505a3b1b3392560b1b987529c49e11893642c8be816aa313
- 64b47fde027cfd04023331dcd19612933dc9b9d77731b487844c129d0d354b20
- 9513ea80cc5dabab23c0069ed1b8caaff8d2d10ae9e842bda19a69eb5140a497
- d405284f75cde4b8c45e3d5c3b41c7bbd6db2c75788cb6d0b1deec5ea60559a4
- 8eb0fdf0ff3b38ae84311b29effb0030a3b9a38430f7b8ee7918d2eb1301b12e
SHA-1
- eb46327c7c987aa2676690e74bacd0190b3e855a
- ecfb96a3f57aee691a1c80a750518f39a8cbc474
- e01f386b972ff55da1edb53ccda0bfd56e637477
- 73fec7c52fdc153d11b27f3635e321165dbf23a6
- 47680d0f0d286097f7cdda37947aaaacd7226ee3
- 6bd0e9ba6e9cb5940a746a798aa382d1ac4ad781
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution. Never trust or open links and attachments received from unknown sources/senders.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software on time and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.