Rewterz Threat Alert – DJVU Ransomware – Active IOCs
March 22, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 22, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
March 22, 2022Rewterz Threat Alert – Lokibot Malware – Active IOCs
March 22, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Sensitive Information Theft
- Crediential Thedt
- Keystroke Logging
Indicators of Compromise
MD5
- 4785739f9cee574126bf2670d4d2634c
SHA-256
- ff4600a54c91d98cb80080a1fe42e23519b47ddc44faf820f1b806f5d03c8482
SHA-1
- 65a3fb18f4da3c7b9279f2e1139b48f16ff9cd64
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.