Rewterz Threat Alert – SNAKE Ransomware – Fresh IOCs
July 29, 2021Rewterz Threat Advisory –Multiple IBM Security Vulnerabilities
July 29, 2021Rewterz Threat Alert – SNAKE Ransomware – Fresh IOCs
July 29, 2021Rewterz Threat Advisory –Multiple IBM Security Vulnerabilities
July 29, 2021Severity
Medium
Analysis Summary
Loki Bot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes).
Impact
- Information theft
- Exposure of sensitive data
- Credential theft
Indicators of Compromise
MD5
- 2902877e609d74de1bbdc56c23aabcb1
- 0392453270a71b5a7a29b8c8d415978f
- 0dea076f7b121e0b0ed9cf2c05060e74
SHA-256
- 8a80b6705686eaae47aba889cdf519403bb009f0e2c74432b1afad406a12522f
- f70bb08ecbd6548a7a3a52a0a2a151e87af472b185dd1adaa718a87a340e777b
- 328b4c94e2260a80f7656227a4f1c186876800647ad8205353acb6ab922ccc46
SHA-1
- f07665cce2f3ac96345aa0d00a0562572eb8e496
- 37869819f38607bb0f2a30f05573dfed03136d62
- 5ffe503bfc5be88d250893b6c1c1947102c6e114
URL
- http[:]//newblessings[.]gq/BN1/fre[.]php
- https[:]//sureflt[.]com/imt/fre[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.