lokibot (2)

10756525283?profile=RESIZE_400xThe US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) have picked 11 malware families as their top threats.    The list comprises malware that has evolved over the past ten years as banking trojans, remote access trojans, information stealers, and ransomware delivery tools.

The agencies listed the top malware strains of 2022:

  • Agent Tesla (information stealer)
  • AZORult (information stealer)
  • Formbook (information stealer)
  • Ursnif (banking Tro

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg.  Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

2539548681?profile=RESIZE_710x

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot.  Wapack Labs detected communications of these samples to known and new Lokibot C2s:

  • kbfvzoboss[.]bid/alien/fre.php
  • carlos-tevez[.]gq/raphael/fre.php
  • uenajrkja[.]ml/ch