March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Nanocore Rat – Active IOCs

July 6, 2021

Rewterz Threat Alert – Fin7 APT Group Targeting Financial Sector – IOCs

July 6, 2021

Rewterz Threat Alert – Lokibot Malware – Active IOCs

July 6, 2021

Severity

Medium

Analysis Summary

Loki Bot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes).

Impact

Information theft
Exposure of sensitive data
Credential theft

Indicators of Compromise

MD5

994fc10adb2dbf2d185364bb505fb47b
5fd2a441e091ab4923481bb23fb0932b
fcd5743fc2d11a32b8a3df140f2adf89
b3b31607125c7ed7f051cd29fc47872d
500beb496cc1217fef58a7809f3204fa
f3c9b8930cfb79f50a35e98607755ecd

SHA-256

494ac0275d68f3a9274b66b98166f163e61ab1d72a740a0822d2b209b3adbd15
2e212f21f7c0ecf0dc4dbba2916fb802de978780955fa68c936cb5059e3470bf
f8c19b09ac1db986888e605edf365c2900b8e88112cde564ecf8fa9e279c2d7f
697f78276f8701de3591f1f126e9fddf5190fd7ed0099445f0cc933f59a82a9a
631fb1da56ae2f35d174ab2a11bb248c6d49d08012c8111eeba6fc7fc5d4d183
c9588e390742b854efede8b9448b51c94ec539b990ce59b28c07ab4a76f8dbf

SHA-1

baab71f4b9580de8c17a920bb447525999aed9fe
8e951c649f7308227c8b2853d6bb70ce16b2f695
2bf54338e706a1036163b5f69e461299522e2d41
43d8a0f57907ce09ba1dcf79faa8e6a1d38eaea5
5cfae99893fcb5cbcfcc161cbfb6c4ccb778c842
456404254d8b06da70a34683efb0139d14ef7ce6

URL

http[:]//185[.]110[.]190[.]5/gugufdre[.]php/Ao4q4V7qpaAhk
http[:]//inhanoi[.]net[.]vn/[.]gdd/more/more/modified/acccess/fre[.]php
http[:]//elojomiradordelapaz[.]com[.]ar/NOMBRE/five/fre[.]php
https[:]//inhanoi[.]net[.]vn/[.]gdd/more/more/modified/acccess/fre[.]php

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Rewterz Threat Alert – Fin7 APT Group Targeting Financial Sector – IOCs