• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Trickbot Banking Trojan Delivered via Malspam – IoCs
April 6, 2020
Maze Ransomware Targets State-owned oil Company of Algeria
April 6, 2020

Rewterz Threat Alert – Phishing Campaign Uses COVID-19 to Spread LokiBot

April 6, 2020

Severity

Medium

Analysis Summary

Threat actors are once again using official images and trademarks of WHO as a lure to entice victims to open an attached message that contains the malware. The emails pretends to be the offer details about misinformation concerning the COVID-19 pandemic. This particular campaign has targeted several parts of Asia and in U.S, Turkey, Portugal, Germany and Austria as well. It is quiet obvious that the threat actors are making the most of the situation on Covid-19 and isn’t letting anyone settle down amid the chaos and keeping a close eye on the activities happening around the world regarding the Covid-19 disease. The world has been paying attention to the details specified by the WHO and implementing the guidelines provided by the WHO for the necessary action in their countries which the threat actors are using as a lure victims to open malicious attachments.

Spear-Phishing Campaign Uses COVID-19 to Spread LokiBot

Impact

  • Information theft
  • Exposure of sensitive information

Indicators of Compromise

File name

HEALTH ORGANIZATION CDC_DOC.zip.arj

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.