Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 1, 2021Rewterz Threat Alert – STRRAT Malware – Active IOCs
October 1, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
October 1, 2021Rewterz Threat Alert – STRRAT Malware – Active IOCs
October 1, 2021Severity
High
Analysis Summary
LokiBot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed
to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes)
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
- 18e6b6c1a6f3f7aaa2be58edaa8c1121
- b740953620843d019cb1d037c75cd303
SHA-256
- 137db6baaee41625a255900d2e76eb3c42575398bf06b92e2a0ef50a40305cc1
- a07487a2bdd1f4888e04e88234235f08eeecdf5f421e8f2e84170d291595418e
SHA-1
- 367aa158cb5dd614f8d4b3cac196bad329ee1073
- 10d4d6f6d28c68c7d43a58ea604d3f915d19b604
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.