Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 16, 2021Rewterz Threat Alert – Andariel Group Evolves to Target South Korea With Ransomware
June 16, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 16, 2021Rewterz Threat Alert – Andariel Group Evolves to Target South Korea With Ransomware
June 16, 2021Severity
High
Analysis Summary
The Iranian cyber criminal group MuddyWater has resurfaced. The group primarily has targeted Middle Eastern, European and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to
infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
MD5
- d5481dbfad620a9787adab7d1d7c07cc
- e8f9f7ef97a826cc6a1d546ce217861b
SHA-256
- c13cb1c9277324534075f807a3fcd24d0d3c024197c7437bf65db78f6a987f7a
- 48e75909520f1a19a8a2cfc34ed5938c69750af7966f40bdf3a2d340a0ca98ad
SHA1
- 488cdd9b4b3660c69b879f7e49ada535a9361af3
- eff770536d164c2891cda402b2139e6e22ef7dd5
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.