Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 18, 2022Rewterz Threat Advisory – Multiple IBM Vulnerabilities
February 21, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
February 18, 2022Rewterz Threat Advisory – Multiple IBM Vulnerabilities
February 21, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.
Impact
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
Filename
- PROPSYS[.]dll
- D99036C9-71BC-4D23-A1BF-43EF44C1F28A[.]cab
- WinSCard[.]dll
MD5
- 63623bcf68ef6a52846869bbc1206bef
- fb9af8b0764458bf266c25a0d691272c
- 1ffdacea353f9350036f928a8e03d0fb
- 70f6e312bce2be0c9554f45bada84f92
SHA-256
2e8c395df7a08be30ef0569c1d809b8dc8e62bd6f0700019d1289f6b2ef5e6b8
f297959b0a6f02e441387bd00e47a3cc0f4f80d0e44bbade463abc5ff804bddd
f0ab3520db1f16e5d46c0a0a5462c30779cf9949b4c95c4252987b52c4540fc7
440cc0e14dd3ba3924a69bbb4c3a1724e5685f57b852abe00634cd7c93594b3c
SHA-1
- 621e912c8d4d7fd60176590b9f727f63bd2eb224
- c0960abd13bbb204406d8ce48a68baa99621f401
- fb8b2ee0eaecaf37a40ff09a57d07e9e7dc467f6
- d3c9c17a68143e9890b120bdb6f4bfa8684195f9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.