IOC Radar
TLP:WHITE19 IOCs

Arcane Werewolf revamps its arsenal with Loki 2.1 implant

BI
BI.ZONE
Published December 17, 2025Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREhttps://192.168.1.1/m…https://cloud.electro…electropriborzavod.ruCAPABILITYHavocMythicVICTIMunknown
Adversary
Infrastructure(6)
Capability(2)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise19

TypeIndicatorConfidenceScoreFirst Seen
SHA256e90f7f8594333e0a955a1daccbf5e9030ea86fa3c5c39f58b69d313304020fdd
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA2566ccd834fdbba07cf071e3c6de703fbc7f9de10584df127ced27537db2e1a5a03
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2565f1d3992e426f47b572af12160f3cc7ac6c90634b17fd6a087eb1644a60a71f8
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA256f0cc251a2eb4a73aa20a8a90223600c9053a12ee94a1698ccbb9d189758ff4cb
file-hashintel-blogloader
Medium
53
Jun 2, 26
URLhttps://192.168.1.1/m2.png
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256fcd63239e4065414ba23d1546e18248653f6d937276520f16cf9a29308f65439
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA256551c0455a608edd88ecd6946c93ed2ac9a68a48148630975a17905205629f617
file-hashintel-blogloader
Medium
53
Jun 2, 26
URLhttps://cloud.electropriborzavod.ru/files/d8287185e4ae695a.
aptc2espionage
High
58
Jun 2, 26
SHA256be317297dae16dd7b90ddd972b40aca810ff52f6a01a06c96d2dc4bbdd08231d
file-hashintel-blogloader
Medium
53
Jun 2, 26
Domainelectropriborzavod.ru
aptc2espionage
High
58
Jun 2, 26
URLhttps://cdn.electropriborzavod.ru/index?data=encoded_base64_enc_data
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA25667751c565593ad4557e73a521b2da96431937296f9dba7d03839e9496031fcbb
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA2567fbb29f8724fddfb32b29543e046cf4aceab8f10e5120150f58d7a119162c631
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA256e45a1fca84ea0de58f88fe8930b0309f9d736b7384a12f01b7843a9f6469d64b
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA256c0de8f8292721192cabe33ac51f2b26468bb2ca70f1e49cfb4647ff70bb14d23
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256f73fe375cddea8a869edad7dd33b3783090113ff0dd0ab3b4e275006be40cadc
file-hashintel-blogloader
Medium
53
Jun 2, 26
URLhttps://cloud.electropriborzavod.ru/files/d8287185e4ae695a
aptc2espionage
High
58
Jun 2, 26
SHA2560f728de0881dc37e79d3e065a331b21f6acadb7d129db2a5bfc27551bba3892e
file-hashintel-blogloader
Medium
53
Jun 2, 26
URLhttps://cdn.electropriborzavod.ru/index?data=base64_enc_data
intel-blogmalwarenetwork
High
58
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph19 total IOCs
SHA256URLDomain
SHA25613URL5Domain1Malware2REPORTArcane Werewolf revamps itHavocMythic
scroll to zoom · drag to pan · click IOC to open