← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Campaign Exploiting Microsoft Office Vulnerabilities to Drops LokiBot
WHITE Superpro 2023-07-15 Modified: 2023-08-14
26
IOCs
MEDIUM VOLUME
FortiGuard Labs recently conducted an investigation into a series of malicious Microsoft Office documents that were found to exploit known vulnerabilities, specifically CVE-2021-40444 and CVE-2022-30190.
lokibotfortiguard labs threat researchfortigatefortimailforticlientfortiedrantivirusfortiguard webc2 serverfortiguard ipreputationserviceteam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LokiBot
Indicators of Compromise (26)
All domain CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
domain pcwizard.net 2023-07-15
CVE CVE-2021-40444 2023-07-15
CVE CVE-2022-30190 2023-07-15
FileHash-MD5 59ed8fb12afa93b7e89a6d5282a617f0 MD5 of 2e3e5642106ffbde1596a2335eda84e1c48de0bf4a5872f94ae5ee4f7bffda39 2023-07-15
FileHash-MD5 7788af5a8c3b75f2ed179ec0a4baa162 MD5 of 80f4803c1ae286005a64ad790ae2d9f7e8294c6e436b7c686bd91257efbaa1e5 2023-07-15
FileHash-MD5 8da89ac6a3f661cfd17e4aca84b27f05 MD5 of 4a23054c2241e20aec97c9b0937a37f63c30e321be01398977e13228fa980f29 2023-07-15
FileHash-MD5 94af133b5c0464a45a56af69d7e2efa5 MD5 of da18e6dcefe5e3dac076517ac2ba3fd449b6a768d9ce120fe5fc8d6050e09c55 2023-07-15
FileHash-MD5 b0ca4a594554108648e560f33da3b0c4 MD5 of 21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539 2023-07-15
FileHash-MD5 f32476c68b1155f770f087e60e0cdb08 MD5 of 23982d2d2501cfe1eb931aa83a4d8dfe922bce06e9c327a9936a54a2c6d409ae 2023-07-15
FileHash-SHA1 39da93025ca7cdf352c455c0a1b99055ad0dd14a SHA1 of 21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539 2023-07-15
FileHash-SHA1 5ab2b06e5c32c58cb02ad5b5681900bdd5ecc604 SHA1 of 80f4803c1ae286005a64ad790ae2d9f7e8294c6e436b7c686bd91257efbaa1e5 2023-07-15
FileHash-SHA1 6d45f39afc3c1b26964aa3ceaa4c397e200bf4ed SHA1 of da18e6dcefe5e3dac076517ac2ba3fd449b6a768d9ce120fe5fc8d6050e09c55 2023-07-15
FileHash-SHA1 71e1610f2c2d84760d3fb90060cfcca7c307534b SHA1 of 4a23054c2241e20aec97c9b0937a37f63c30e321be01398977e13228fa980f29 2023-07-15
FileHash-SHA1 bed1fe37a52df48de8e343c75fd7acba3f8a0396 SHA1 of 2e3e5642106ffbde1596a2335eda84e1c48de0bf4a5872f94ae5ee4f7bffda39 2023-07-15
FileHash-SHA1 d26279dcbf48b9a3a0ac58874e16468251bfb6e0 SHA1 of 23982d2d2501cfe1eb931aa83a4d8dfe922bce06e9c327a9936a54a2c6d409ae 2023-07-15
FileHash-SHA256 17d95ec93678b0a73e984354f55312dda9e6ae4b57a54e6d57eb59bcbbe3c382 2023-07-15
FileHash-SHA256 21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539 2023-07-15
FileHash-SHA256 23982d2d2501cfe1eb931aa83a4d8dfe922bce06e9c327a9936a54a2c6d409ae 2023-07-15
FileHash-SHA256 2e3e5642106ffbde1596a2335eda84e1c48de0bf4a5872f94ae5ee4f7bffda39 2023-07-15
FileHash-SHA256 4a23054c2241e20aec97c9b0937a37f63c30e321be01398977e13228fa980f29 2023-07-15
FileHash-SHA256 80f4803c1ae286005a64ad790ae2d9f7e8294c6e436b7c686bd91257efbaa1e5 2023-07-15
FileHash-SHA256 9eaf7231579ab0cb65794043affb10ae8e4ad8f79ec108b5302da2f363b77c93 2023-07-15
FileHash-SHA256 da18e6dcefe5e3dac076517ac2ba3fd449b6a768d9ce120fe5fc8d6050e09c55 2023-07-15
URL http://95.164.23.2/swe/h/pin.xn--php-9o0a 2023-07-15
domain ckav.ru 2023-07-15
domain vertebromed.md 2023-07-15
References (1)
↗ https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros