Rewterz Threat Advisory – CVE-2021-22119 – VMware Tanzu Spring Security Vulnerability
June 30, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 30, 2021Rewterz Threat Advisory – CVE-2021-22119 – VMware Tanzu Spring Security Vulnerability
June 30, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 30, 2021Severity
Medium
Analysis Summary
Snake is a modular .NET keylogger and credential stealer first spotted in late November 2020. Since then, new campaigns spreading this malware have been seen almost daily. Snake’s name was derived from strings found in its log files and string obfuscation code. Using the malware’s builder, a threat actor can select and configure desired features then generate new payloads. For this reason, the capabilities of samples found in the wild can vary. Analyzing Snake reveals that it is a comprehensive keylogger and data stealer.
Impact
- Credential Theft
Indicators of Compromise
Domain Name
- dyndns[.]org
- freegeoip[.]app
IP
- 89[.]187[.]165[.]47
- 89[.]208[.]29[.]133
- 185[.]220[.]101[.]5
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.