Multiple WordPress Plugins Vulnerabilities
July 8, 2024PatchWork APT Threat Actor Group – Active IOCs
July 9, 2024Multiple WordPress Plugins Vulnerabilities
July 8, 2024PatchWork APT Threat Actor Group – Active IOCs
July 9, 2024Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- e5a6e7bbc815a510e258bc8c3c28a8e8
- e9b1be2e63fc218bd1207838612575ca
- 92a71af74ad52bd6968c86a1197df7d5
- d513d4e9e8d5d3c5cce1d9b9772d9ff6
- 1d2c968c22903392601d409cfe0af1af
- 33bc360990c66beea144ae48d17504a6
SHA-256
- 8a28668302df8fea6ea0361fd4823410aea2dcd86934736e977b356ab9052a62
- 9bc70a2e37123deefafa303ca59ea0dd304b17e2f0288b3b6730104da0e0f6f1
- c8ef778ff1e9493aecd06b7be81c033356d288235494e6ae5d67bd0cc6789195
- 32b3f3b17100cf0c711e1e2267fc9ec4f71b0214b3013fe4d5fe2617dea779dd
- 4f9289ac6c38a0b6d80173c6b645e6d70d415a8291017f89c852b2468175bde8
- 49274bd66a4d53ca004a0a58c15496292a323f229b9712e5f3994af5c307bc0a
SHA1
- 1aec295b216472b8daeaed42794955a85ec9f9db
- 9bdea32b60dbd1166072774d75a3019417690b1c
- da3afefc08de0fa9b4b6c2742c927d6703fdae0c
- 3b6cfeb30beb56c964c32353502ab0d9aaed1903
- b4e871ca1b111a12f09db58484e5a90255e6f104
- 7dfb4c70ef7d73c8618ce8799d414ba3c3fe9684
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution. Never trust or open links and attachments received from unknown sources/senders.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software on time and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions on time. Using multi-layered protection is necessary to secure vulnerable assets.