Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 2, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
June 2, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 2, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
June 2, 2022Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- 25b7eb5e54db16da5dfa22dec7d50446
SHA-256
- 9a6f5aba281f3f736d9259da7935f2805d0089e025a3ca40cfee43a6fbaff1bc
SHA-1
- da66fea3855ba6b64c1912a25452b56a4af8c8c8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.