← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
December 23rd, 2025 - CryptoGen Cyber Threat Intelligence Advisory #8802 - Arcane Werewolf Adopts Loki 2.1 Malware in Targeted Espionage Attacks
The cyber espionage group Arcane Werewolf is deploying the upgraded Loki 2.1 malware in targeted attacks against organizations using phishing based delivery methods. The new version improves stealth by executing malicious code in memory, making detection more challenging. It is designed to maximize damage while avoiding detection systems.
Indicators of Compromise (27)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 0fb8c76db4554c7454b8fbc02067e757 | MD5 of 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 | 2025-12-22 | |
| FileHash-MD5 | 0fc962b63b625b7dc3d89c1784ccd2ae | MD5 of e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd | 2025-12-22 | |
| FileHash-MD5 | 3f98636c3c5748befc153d2dc53b8a41 | MD5 of 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 | 2025-12-22 | |
| FileHash-MD5 | 4bba14d3ae096c8d399537fc4f1c1b31 | MD5 of 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 | 2025-12-22 | |
| FileHash-MD5 | 6ad480ec54b7c36d69a498f1404270a1 | MD5 of e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b | 2025-12-22 | |
| FileHash-SHA1 | 02877c294882267553ef7592e54dce8370ac0b4b | SHA1 of 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 | 2025-12-22 | |
| FileHash-SHA1 | 058701bc59a237bdb2cdde7b72d5068cd2636479 | SHA1 of e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b | 2025-12-22 | |
| FileHash-SHA1 | 5f7a75fda15751dc0635bc9d8c3b67f26d96864c | SHA1 of 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 | 2025-12-22 | |
| FileHash-SHA1 | 9d24b27569ff49dc99210bb5d2137b081fa9a447 | SHA1 of e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd | 2025-12-22 | |
| FileHash-SHA1 | e1d8f255c183bc42e2b0d94db2c6223c38cc9c03 | SHA1 of 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 | 2025-12-22 | |
| FileHash-SHA256 | 0f728de0881dc37e79d3e065a331b21f6acadb7d129db2a5bfc27551bba3892e | — | 2025-12-22 | |
| FileHash-SHA256 | 551c0455a608edd88ecd6946c93ed2ac9a68a48148630975a17905205629f617 | — | 2025-12-22 | |
| FileHash-SHA256 | 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 | — | 2025-12-22 | |
| FileHash-SHA256 | 67751c565593ad4557e73a521b2da96431937296f9dba7d03839e9496031fcbb | — | 2025-12-22 | |
| FileHash-SHA256 | 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 | — | 2025-12-22 | |
| FileHash-SHA256 | 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 | — | 2025-12-22 | |
| FileHash-SHA256 | be317297dae16dd7b90ddd972b40aca810ff52f6a01a06c96d2dc4bbdd08231d | — | 2025-12-22 | |
| FileHash-SHA256 | c0de8f8292721192cabe33ac51f2b26468bb2ca70f1e49cfb4647ff70bb14d23 | — | 2025-12-22 | |
| FileHash-SHA256 | e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b | — | 2025-12-22 | |
| FileHash-SHA256 | e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd | — | 2025-12-22 | |
| FileHash-SHA256 | f73fe375cddea8a869edad7dd33b3783090113ff0dd0ab3b4e275006be40cadc | — | 2025-12-22 | |
| FileHash-SHA256 | fcd63239e4065414ba23d1546e18248653f6d937276520f16cf9a29308f65439 | — | 2025-12-22 | |
| domain | electropriborzavod.ru | — | 2025-12-22 | |
| hostname | cdn.electropriborzavod.ru | — | 2025-12-22 | |
| hostname | cloud.electropriborzavod.ru | — | 2025-12-22 | |
| URL | https://cdn.electropriborzavod.ru/index?data=[base64_enc_data] | — | 2025-12-22 | |
| URL | https://cloud.electropriborzavod.ru/files/d8287185e4ae695a | — | 2025-12-22 |