Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 28, 2021Rewterz Threat Alert – New Malware Crackonosh Making Rounds – IOCs
June 28, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 28, 2021Rewterz Threat Alert – New Malware Crackonosh Making Rounds – IOCs
June 28, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information theft
- Credential Theft
Indicators of Compromise
Filename
- Ammended Procurement Policy[.]xls
MD5
- 17957e81bd1f730d5451e160e07bde06
- 86182b2731343fdb1b6f843741b02dc0
- 685e5c904e726c18d1c2dfc8bbb86343
- 9407a3f116d93ff51a2cec8b580b6e30
SHA-256
- 547ae301524ceb7e8bfdecb36af694a6cbd3026dcc53756b351a782eae718ba9
- 7bfc2a2a1178c35559dedc03decfb4b3372f6b52f7df2667dbaa307b7d0d492b
- 0639eae0996df85b097e32dd6dc983643438e54679b12f24ed6df66e2ef90217
- a59195a5a87b6d6e4275e01a2360003bf55bcc72772e92b07f22e59aaa7b3cad
SHA-1
- 1e1e3f1a34f7c0c44580deeab10568046bcd9a4e
- d24f0321a555ec0e97fad3a22dce24de56cbdcbb
- 7a769357eb223c64f6d1b5197d1106eeb2c9578f
- 3b286974757eeb9e372a3addcea717450e7d7564
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.