Rewterz Threat Alert – LockBit Ransomware targeting Network – Active IOCs
June 3, 2021Rewterz Threat Advisory – CVE-2021-1528 – Cisco SD-WAN Software Privilege Escalation Vulnerability
June 3, 2021Rewterz Threat Alert – LockBit Ransomware targeting Network – Active IOCs
June 3, 2021Rewterz Threat Advisory – CVE-2021-1528 – Cisco SD-WAN Software Privilege Escalation Vulnerability
June 3, 2021Severity
High
Analysis Summary
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit card numbers, crypto wallet accounts, and more. The malware is still in its developing phase but packs a punch with its capabilities. Oski C2’s dashboard revealed that Oski’s theft tactics involve extracting credentials using man-in-the-browser (MitB) attacks by hooking the browser processes using DLL injection, It also extracts credentials from the registry, passwords from the browser SQLite database, and stored session cookies of all stripes, including crypto-wallet cookies from Bitcoin Core, Ethereum, Monero, Litecoin, and others.
Impact
- Credential theft
- Credit card numbers
- Cryptyowallet
Indicators of Compromise
MD5
- 908a27cef9ec879e1433bef774dd4b84
- d06e8007f29254aa4401d33f3785d986
SHA-256
- 3d30b260b743257a6e1f6b9940dcc2c7c10e2028ed27435aa106033891ca9a76
- 719a0a8a92681402aca6e74dafff883d7d8125a4555de562e09aba325f224253
- 1468169d6e456af6c7141b9fc2136cfc9cbdd45ae69ad9c5434a48b8b1e36f54
- 74a4c90b44c56630cef55f461b176b8200b5c86fd31b4fde52602a4c725f47fa
SHA1
- d65d19a9ea93d219cbbd05990139ac514c6b8929
- ce52152e4ed64e5ef4f9c34d9b62056bf0dd5afb
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.