Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL
September 13, 2019Rewterz Threat Alert – Ordinypt Malware Hitting Germany in New Spam Campaign
September 16, 2019Rewterz Threat Alert – Hidden Cobra uses Malware Variants – ELECTRICFISH & BADCALL
September 13, 2019Rewterz Threat Alert – Ordinypt Malware Hitting Germany in New Spam Campaign
September 16, 2019Severity
Medium
Analysis Summary
New campaigns have been discovered distributing the Lokibot malware. Successful infection could lead to exposure of sensitive information or credential theft.
Indicators of Compromise are given below.
Impact
- Exposure of sensitive information
- Credential theft
Indicators of Compromise
URLs
- masterworkhanger[.]com
- mbfgq[.]ml
- kilangsprcoket[.]tk
- ottappalam[.]com
- senseint[.]info
- zjvvymy[.]com
- svmarketingindia[.]com
Malware Hash (MD5/SHA1/SH256)
- 4cafc9c21777f45e71b99eed2e8c32d0
- 59a6634dac5784e9c70b60dc883de450
- 02a98d152a3268aac6768c54f0c02c62
- 4bcddae7e86cd55de4aae6085888e279
- 7843a4b9aadf3f08c436135f34af49ba
- c1b4c14fe03324c8ab0a722385989939
- 13ad7ddf933dffaa712fc64ef2b74468
- b460d3be0d27957121a432e8009e7de5
- 38e11aebd5e95bf82b9d627d66269377
- 0ef2e343f5232c17f791fe2f2730012d00b7f40bc82282efbfa77962f12748be
- c4da40afbc3430b9b49ef3924db02430bb2ad09dc4618a14c84872facccd9988
- bd2b49d360f37c693e142c00f68ae5a7b54be7d956345d6e1ff50df93e3af657
- 384ed052079e47c7a55733c0637e9b8d63f6ad3bdcf089bbd43d11cab9a48d30
- 5a04e8f645ee5136495045390d636e069d96d8633a9e57b31a26646885cf645c
- 1c6d5012ee66e75ea497002c2fcbf4dfabe3bc4a8a69c7db4b1b0f544559754a
- b8358a9c3b3e135d18b79ff70c02b3f5440fe95caf7daf3a3e0c80905f49a28d
- 2658fd6b1d51aed64ce60125665fe6cc882b4c128011ed1e0453c0f96f8badd9
- 94b7ac08562f1099d6ae6a3179b9c145e3e434f2927011ec8edbac8271ca3b98
- 259659de016261568c4842b8b414d66807143093
- 9da5971927381e592f9bf56389a9b6c86cf08990
- a71016d0e5e03c6203e1532f339285544ddb1787
- bc4e9c32a84b0d46f9ecd94ffdf7abb2ec77e019
- 7c5d10de145763e287d0cfc825eb53a0d4790dd8
- 78a3cc5eec2643d2805a5aeef35a56f2458c654d
- fe934f2dd47639d9ba07d81d8250c38cc0d88073
- 79d01f3aa542903cfaa676e5e3ab4b988c766425
- 82a427b4039d1755a82b9eef6cbf71f366817ed0
Remediation
- Block the threat indicators at their respective controls.
- Do not execute files without scanning.
- Do not download email attachments coming from untrusted sources.