Rewterz Threat Alert – Threat Indicators – Malspam: Loki Bot Malware

Thursday, February 28, 2019

Severity: Medium

Analysis Summary

Another malspam campaign is observed dropping lokibot malware through phishing campaign. Threat indicators are provided.

Indicators of Compromise

Email Address

  • awt[@]awtkorea[.]com
  • marketing[@]afriquesuiteshotel[.]pw

Malware Hash (MD5/SHA1/SH256)

  • d3af2a21b826279f39a50ff4efb6f45534135a7d
  • 755861ac1c47cb6caa816e98991984f9956ab4e5
  • 5480aabb36b3fa657c4ffe518916cb9d7ec1625b2ca2ab22bc9dc1daab137024
  • 8370ce17f0fe4a598d22563a9bdbc915be1dd41ba9ce94020fafcdfa4c362ee5
  • adb316d5aa07820d0d21a24ba6535738
  • d991887f2ddbbfd98d1a7bccf5b7f112

Remediation

  • Block the threat indicators at their respective controls
  • Always be suspicious of unsolicited email
  • Never click/ download any attachments sent from unrecognized senders

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 23, February 2020 Rewterz Threat Advisory – CVE-2019-16028 – Cisco Firepower Management Center
  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 14, February 2020 Rewterz Threat Alert – Emotet Malware Hacks Nearby Wi-Fi Networks to Infect New Victims
  • 13, February 2020 Rewterz Threat Advisory – CVE-2020-3119 – Cisco NX-OS Software Cisco Discovery Protocol Remote Code Execution

Copyright © Rewterz. All rights reserved.