X-Industry

lokibot (2)

11 Malware Actors Targeting YOU

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats. The list comprises malware that has evolved over the past ten years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools.

The agencies listed the top malware strains of 2022:

Agent Tesla (information stealer)
AZORult (information stealer)
Formbook (information stealer)
Ursnif (banking Tro

HHH Marine And Logistics Spoofed to Deliver Lokibot Malware

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg. Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot. Wapack Labs detected communications of these samples to known and new Lokibot C2s:

kbfvzoboss[.]bid/alien/fre.php
carlos-tevez[.]gq/raphael/fre.php
uenajrkja[.]ml/ch

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use Red Sky Alliance.

Please check your browser settings or contact your system administrator.

Note: this page contains paid content.