Rewterz Threat Alert – Orcus RAT – Active IOCs
November 22, 2022Rewterz Threat Alert – APT MustangPanda – Active IOCs
November 23, 2022Rewterz Threat Alert – Orcus RAT – Active IOCs
November 22, 2022Rewterz Threat Alert – APT MustangPanda – Active IOCs
November 23, 2022Severity
Medium
Analysis Summary
In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).
Impact
- Information Theft
- Exposure of Sensitive Data
- Credential Theft
Indicators of Compromise
MD5
937673627c3ed969b4f50bb88c6f4edd
38f349d412ece268c3163710b0b860e8
ba15a7bc2849e5115cad1397c42d819a
SHA-256
05d5b7b0b909b0921c90487f5e91cda6dfa9390432616d892bf7aed24f24104a
bbf78f254ad97ff0967e58b1b691998401d292e813cb397721ca526266786e7f
8abcb72b5f7d20b160034cbc6ae854e55d52c2dc68c0b7334a60b71ebd884177
SHA-1
14be52571bfdb5d6f0998d7f7a9978fed5fcd200
e8aa6113d9cac567baa86022c9312ad6c19685e2
43174b5d15ddbd45562fabf4f4a694385ab9f86e
Remediation
- Search for IOCs in your environment.
- Block the threat indications at their respective controls.