March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Donot APT Group – IOCs

August 2, 2021

Rewterz Threat Alert – Quasar RAT – IOCs

August 2, 2021

Rewterz Threat Alert – LokiBot – Active IOCs

August 2, 2021

Severity

Medium

Analysis Summary

LokiBot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes).

Impact

Information theft
Exposure of sensitive data
Credential theft

Indicators of Compromise

MD5

88a549eec9e45a421fbfea42c271df52
dfe2f4599db2e3dfa96ec5c75660b722
4c25706e23ee6fb16f494c6363604b1f
af67d388bc9b56768f6fbc6570199522
adcebea3c1e02a053126c92c3c4f9f0f
2800e222d62797d265ef99d5af8fbad9
b8b8f8d19a603555ddd886a77c751211
ac9caba87912b3afa6fda7d83903345c
88a549eec9e45a421fbfea42c271df52
dfe2f4599db2e3dfa96ec5c75660b722

SHA-256

a0baff0515a6ff0a42b19248dd7823063a25118963fc396c25f5e5cd6af3d59e
b1425881919f1d4352d71183f264da766eff03354e81db8ffa558642a6626fbc
afe6510974f5df4297d20315f7c22da1040e6e13efff31409e347a3de287c964
8f25cb3d4a246d9fb877cf7005f0bffad488bc3212554784254c8e5a041358fc
793ec68716fd4f63cdc8b181bdef2303be200c2759dbe576225ecc4dcd57e904
2a353f0d923436ae574742baf332300fc01d3128191d120a0947bbabfe75334e
d24e0e7d0b1ff4aabceb241fe7d7143daea5bdd1502e236e89850405f8285943
73d8664e30c26c6309beb2564a1d93475cea52f08667be59253259cdbf695cc7
a0baff0515a6ff0a42b19248dd7823063a25118963fc396c25f5e5cd6af3d59e
b1425881919f1d4352d71183f264da766eff03354e81db8ffa558642a6626fbc

SHA-1

edf493140ccaba2ec6f340de3d3f1ab2d6c1651f
9b9ffcc91533df1b6eec06a9c857027e78c625d8
959eac523ea052851a1f90e12ab5152bb662c988
2145192455abd41d99349033d4f4c0eaf045616a
447f27ad8d9cc5fbeaef6e2abed3b37f399bda80
6fd7d91848b2a278839f409aa3171c2258ad5bfb
ef4b62baeddf1b45b3032aae2b03772dc6688562
f6b687c22c7c33f4319cab2ca8963ccb2e31c1bc
edf493140ccaba2ec6f340de3d3f1ab2d6c1651f
9b9ffcc91533df1b6eec06a9c857027e78c625d8

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Donot APT Group – IOCs

Rewterz Threat Alert – Quasar RAT – IOCs