November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
February 28, 2019Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators
February 28, 2019Rewterz Threat Advisory – CVE-2019-1674 – New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
February 28, 2019Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators
February 28, 2019
Severity: Medium
Analysis Summary
Another malspam campaign is observed dropping lokibot malware through phishing campaign. Threat indicators are provided.
Indicators of Compromise
Email Address
- awt[@]awtkorea[.]com
- marketing[@]afriquesuiteshotel[.]pw
Malware Hash (MD5/SHA1/SH256)
- d3af2a21b826279f39a50ff4efb6f45534135a7d
- 755861ac1c47cb6caa816e98991984f9956ab4e5
- 5480aabb36b3fa657c4ffe518916cb9d7ec1625b2ca2ab22bc9dc1daab137024
- 8370ce17f0fe4a598d22563a9bdbc915be1dd41ba9ce94020fafcdfa4c362ee5
- adb316d5aa07820d0d21a24ba6535738
- d991887f2ddbbfd98d1a7bccf5b7f112
Remediation
- Block the threat indicators at their respective controls
- Always be suspicious of unsolicited email
- Never click/ download any attachments sent from unrecognized senders