← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malware Campaign Exploiting Microsoft Office Vulnerabilities to Drops LokiBot
WHITE Superpro 2023-07-15 Modified: 2023-08-14
26
IOCs
MEDIUM VOLUME
FortiGuard Labs recently conducted an investigation into a series of malicious Microsoft Office documents that were found to exploit known vulnerabilities, specifically CVE-2021-40444 and CVE-2022-30190.
lokibotfortiguard labs threat researchfortigatefortimailforticlientfortiedrantivirusfortiguard webc2 serverfortiguard ipreputationserviceteam
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
LokiBot
Indicators of Compromise (6 / 26 total)
All domain CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 59ed8fb12afa93b7e89a6d5282a617f0 MD5 of 2e3e5642106ffbde1596a2335eda84e1c48de0bf4a5872f94ae5ee4f7bffda39 2023-07-15
FileHash-MD5 7788af5a8c3b75f2ed179ec0a4baa162 MD5 of 80f4803c1ae286005a64ad790ae2d9f7e8294c6e436b7c686bd91257efbaa1e5 2023-07-15
FileHash-MD5 8da89ac6a3f661cfd17e4aca84b27f05 MD5 of 4a23054c2241e20aec97c9b0937a37f63c30e321be01398977e13228fa980f29 2023-07-15
FileHash-MD5 94af133b5c0464a45a56af69d7e2efa5 MD5 of da18e6dcefe5e3dac076517ac2ba3fd449b6a768d9ce120fe5fc8d6050e09c55 2023-07-15
FileHash-MD5 b0ca4a594554108648e560f33da3b0c4 MD5 of 21675edce1fdabfee96407ac2683bcad0064c3117ef14a4333e564be6adf0539 2023-07-15
FileHash-MD5 f32476c68b1155f770f087e60e0cdb08 MD5 of 23982d2d2501cfe1eb931aa83a4d8dfe922bce06e9c327a9936a54a2c6d409ae 2023-07-15
References (1)
↗ https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros