March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Vulnerability
July 8, 2020
Rewterz Threat Alert – TA505 APT Group – Latest IOCs
July 8, 2020
Rewterz Threat Advisory – CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Vulnerability
July 8, 2020
Rewterz Threat Alert – TA505 APT Group – Latest IOCs
July 8, 2020
Severity
High
Analysis Summary
LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is designed to target users. LokiBot gathers saved logins/passwords (mostly in web browsers) and continually tracks users’ activity (for instance, recording keystrokes). Recorded information is immediately saved on a remote server controlled by LokiBot’s developers.
Impact
- Exposure of sensitive information
- Credential theft
Indicators of Compromise
URL
- http[:]//www[.]rightkeyslogs[.]xyz/num/five/fre[.]php
- http[:]//bsystem[.]com[.]pl/[.]el/need/work/Panel/five/fre[.]php
- http[:]//crogtrt[.]com/IG/2000[.]exe
- http[:]//crogtrt[.]com/IG/el[.]jpg
- http[:]//boeschboddenspies[.]com/bobby2file/five/fre[.]php
- http[:]//rostovafile[.]ga/Colba4/fre[.]php
- http[:]//rostovafile[.]ga/Colba2/fre[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.