March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Karakurt Extortion Group – Active IOCs

June 15, 2022

Rewterz Threat Alert – HawkEye Infostealer – Active IOCs

June 16, 2022

Rewterz Threat Alert – LokiBot Malware – Active IOCs

June 16, 2022

Severity

Medium

Analysis Summary

In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).

Impact

Information Theft
Exposure of Sensitive Data
Credential Theft

Indicators of Compromise

MD5

e0fde438fddd96cf736353fef8050c19
3295eef6a6a1c2514a3afa32c06db1ae
321ef6ee39fe0e7cf1613d0c5bf56334
8ce8662c394960474ff4544d56db39c9
1b5f0137078ecffd9a9caf721788d37a
2a4b901d94030390bf80d5e8ff42d2fb
e9b57a6d73c7c96e395c1954d1a6e88e
321ef6ee39fe0e7cf1613d0c5bf56334

SHA-256

04d8f49a1e499c607e5f1efe61dc023f4346c1072a3992b7ea61604a34975608
037cab2280079b66f10d3f9bd13ceeed92fd28c805fdcd600b7079c1f766fc45
587079ea4735c6cdce8bfd41fbc17e4e99fbc1e99f76da91bfd6d42f51bd1b7a
f0d9b3a08cb9a48a36b46fe7bd4b914b78d61e3dda083742855abae93128ff7c
3f623ee994542897870d05135ddfa19b62ac50a7f35185ad1ecf823a6c61d049
cd2b3a445788fa65a63cd9665d689f112b1e61e55a63cb2e97ba37bf00b2d3db
1cb440b31b6a4c44b5710c47ea5c075a281d909a752ac777890d999c28be54a4
587079ea4735c6cdce8bfd41fbc17e4e99fbc1e99f76da91bfd6d42f51bd1b7a

SHA-1

ff51b2dc73db3c1ef499333745cb150251776873
0f54aecceabff9089163090c946a5260bb1bf317
ef9a56c86d131eca5db03e53a058134e4f2487fa
1181e820d50f2a29cd38de2a8dddcac8853e8ca1
e26a7b9c5cbd212e2f5853e4f6636dbe10e7e489
fec1326c16d41232bbe76994ec985e506e4d44cf
211c2b7f0ed34a83d50fb22a631bd5faffc5ca96
ef9a56c86d131eca5db03e53a058134e4f2487f

URL

http[:]//107[.]172[.]76[.]201/198/vbc[.]exe

Remediation

Search for IOCs in your environment.
Block all threat indications at their respective controls.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Karakurt Extortion Group – Active IOCs

Rewterz Threat Alert – HawkEye Infostealer – Active IOCs