X-Industry

lokibot (3)

Summary

Wapack Labs observed malicious email trending on CTAC which detected an uptick in Darwish Trading Company (DTC) spoofing.  Hackers pretend to be from this Qatari company as it has a wide range of business activities to include servicing the oil and gas sector.  During 29 March 2019 – 3 April 2019, these samples were seen delivering Lokibot and PonyLoader malware.

Details…

Summary

Hackers are using “SWIFT monetary transfer” themed files to lure users into opening them.  These files have been identified malicious.  Wapack Labs studied a sample group of SWIFT-themed malicious files during a 30 days period in February-March 2019.  Nearly half are classified as Lokibot, and 12 percent were detected exploiting CVE-2017-11882 "Microsoft Office Memory Corruption Vulnerability."  Most of the samples were submitted from either Ukraine, the Czech…