← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Arcane Werewolf revamps its arsenal with Loki 2.1 implant
WHITE celestre 2025-12-30 Modified: 2025-12-30
42
IOCs
MEDIUM VOLUME
In October and November 2025, BI.ZONE Threat Intelligence observed malicious activity by Arcane Werewolf (Mythic Likho) targeting Russian manufacturing enterprises. Retrospective analysis suggests that the threat actor most likely used phishing emails as the initial access vector, consistent with its previous campaigns. The messages were irrecoverable but presumably contained links to a malicious archive hosted on the attackers’ C2 server. The links directed victims to a spoofed website imitating a Russian manufacturing company.
lokihttpsnetwork
Indicators of Compromise (42)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0fb8c76db4554c7454b8fbc02067e757 MD5 of 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 2025-12-30
FileHash-MD5 0fc962b63b625b7dc3d89c1784ccd2ae MD5 of e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd 2025-12-30
FileHash-MD5 16c12540cd3f8a3c4ee5015adf5f1553 MD5 of be317297dae16dd7b90ddd972b40aca810ff52f6a01a06c96d2dc4bbdd08231d 2025-12-30
FileHash-MD5 3f98636c3c5748befc153d2dc53b8a41 MD5 of 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 2025-12-30
FileHash-MD5 4bba14d3ae096c8d399537fc4f1c1b31 MD5 of 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 2025-12-30
FileHash-MD5 66e761ec46b24b0775e2b808b40cf85d MD5 of 67751c565593ad4557e73a521b2da96431937296f9dba7d03839e9496031fcbb 2025-12-30
FileHash-MD5 6a876409dc4fda848e14aba5ddb24e08 MD5 of f73fe375cddea8a869edad7dd33b3783090113ff0dd0ab3b4e275006be40cadc 2025-12-30
FileHash-MD5 6ad480ec54b7c36d69a498f1404270a1 MD5 of e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b 2025-12-30
FileHash-MD5 70b9ee1b84bd2f144655dddb7ea72241 MD5 of 0f728de0881dc37e79d3e065a331b21f6acadb7d129db2a5bfc27551bba3892e 2025-12-30
FileHash-MD5 861461cfdca462b5e6d9da5a610e08a2 MD5 of c0de8f8292721192cabe33ac51f2b26468bb2ca70f1e49cfb4647ff70bb14d23 2025-12-30
FileHash-MD5 a15ce1fdf7bc7cc50cb124dba296d3af MD5 of 551c0455a608edd88ecd6946c93ed2ac9a68a48148630975a17905205629f617 2025-12-30
FileHash-SHA1 02877c294882267553ef7592e54dce8370ac0b4b SHA1 of 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 2025-12-30
FileHash-SHA1 058701bc59a237bdb2cdde7b72d5068cd2636479 SHA1 of e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b 2025-12-30
FileHash-SHA1 46a875aa0ee1cd7e2de8c1839aea74267db67375 SHA1 of 67751c565593ad4557e73a521b2da96431937296f9dba7d03839e9496031fcbb 2025-12-30
FileHash-SHA1 4bb141452a23c76eb536b6e53e4e044fbb8610c6 SHA1 of f73fe375cddea8a869edad7dd33b3783090113ff0dd0ab3b4e275006be40cadc 2025-12-30
FileHash-SHA1 5f7a75fda15751dc0635bc9d8c3b67f26d96864c SHA1 of 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 2025-12-30
FileHash-SHA1 78515e600b5fe889bc2cf88f4d207d7ef977045f SHA1 of be317297dae16dd7b90ddd972b40aca810ff52f6a01a06c96d2dc4bbdd08231d 2025-12-30
FileHash-SHA1 8ee24f2fd7db05020ff7bbbd77d80b52a3e7c4b9 SHA1 of 0f728de0881dc37e79d3e065a331b21f6acadb7d129db2a5bfc27551bba3892e 2025-12-30
FileHash-SHA1 94dc229e014f5f1cba17d6681a97b345b6a467b1 SHA1 of c0de8f8292721192cabe33ac51f2b26468bb2ca70f1e49cfb4647ff70bb14d23 2025-12-30
FileHash-SHA1 9d24b27569ff49dc99210bb5d2137b081fa9a447 SHA1 of e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd 2025-12-30
FileHash-SHA1 b89d8df51199187728d7262f811a53518f950505 SHA1 of 551c0455a608edd88ecd6946c93ed2ac9a68a48148630975a17905205629f617 2025-12-30
FileHash-SHA1 e1d8f255c183bc42e2b0d94db2c6223c38cc9c03 SHA1 of 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 2025-12-30
FileHash-SHA256 0f728de0881dc37e79d3e065a331b21f6acadb7d129db2a5bfc27551bba3892e 2025-12-30
FileHash-SHA256 551c0455a608edd88ecd6946c93ed2ac9a68a48148630975a17905205629f617 2025-12-30
FileHash-SHA256 5f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8 2025-12-30
FileHash-SHA256 67751c565593ad4557e73a521b2da96431937296f9dba7d03839e9496031fcbb 2025-12-30
FileHash-SHA256 6ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03 2025-12-30
FileHash-SHA256 7fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631 2025-12-30
FileHash-SHA256 be317297dae16dd7b90ddd972b40aca810ff52f6a01a06c96d2dc4bbdd08231d 2025-12-30
FileHash-SHA256 c0de8f8292721192cabe33ac51f2b26468bb2ca70f1e49cfb4647ff70bb14d23 2025-12-30
FileHash-SHA256 e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b 2025-12-30
FileHash-SHA256 e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd 2025-12-30
FileHash-SHA256 f0cc251a2eb4a73aa20a8a90223600c9053a12ee94a1698ccbb9d189758ff4cb 2025-12-30
FileHash-SHA256 f73fe375cddea8a869edad7dd33b3783090113ff0dd0ab3b4e275006be40cadc 2025-12-30
FileHash-SHA256 fcd63239e4065414ba23d1546e18248653f6d937276520f16cf9a29308f65439 2025-12-30
URL https://cdn.electropriborzavod.ru/index?data=[base64_enc_data] 2025-12-30
URL https://cloud.electropriborzavod.ru/files/d8287185e4ae695a 2025-12-30
URL https://static.my 2025-12-30
domain electropriborzavod.ru 2025-12-30
domain static.my 2025-12-30
hostname cdn.electropriborzavod.ru 2025-12-30
hostname cloud.electropriborzavod.ru 2025-12-30
References (1)
↗ https://bi.zone/eng/expertise/blog/arcane-werewolf-vernulsya-s-obnovlennym-implantom-loki/