LokiBot – Page 4 – WindowsTechs.com

Lokibot via multiple embedded OLE objects in fake invoice rtf word docs

Posted on January 14, 2019 by Myonlinesecurity

A slightly different Lokibot campaign this morning. The email is nothing special with a typical subject of CONFIRM OVERDUE INVOICE coming from various email addresses including what is likely to be either a compromised or fraudulently set up email a… Continue reading Lokibot via multiple embedded OLE objects in fake invoice rtf word docs→

Lokibot via Fake DHL quotation using .ace attachments

Posted on January 8, 2019 by Myonlinesecurity

With Christmas over we are starting to see an increase in malware campaigns. It is not up to the usual level yet because the Russian Gangs are still on their Xmas breaks, but the rest of the scumbags are trying to make up for it. Some like this one are… Continue reading Lokibot via Fake DHL quotation using .ace attachments→

Lokibot continues to hit UK using XLS file attachments

Posted on December 18, 2018 by Myonlinesecurity

We are seeing a slight change in the Lokibot campaign deliveries today. We always see a lot of Lokibot hitting the UK. We don’t bother to post about most of them,just tweet about them to other researchers, because the subjects & emails are so gener… Continue reading Lokibot continues to hit UK using XLS file attachments→

Fake UNILEVER PURCHASE ORDER #091223 for acknowledgement delivers Lokibot

Posted on December 8, 2018 by Myonlinesecurity

We are still seeing a lot of Lokibot hitting the UK. We don’t bother to post about most of them, because the subjects & emails are so generic that there normally is nothing particularly identifiable about them. However overnight we received a… Continue reading Fake UNILEVER PURCHASE ORDER #091223 for acknowledgement delivers Lokibot→

Lokibot campaigns continue with some changes to C2 urls

Posted on December 7, 2018 by Myonlinesecurity

Seeing some changes to Lokibot with this malware delivery campaign overnight. I don’t know if it is a complete change to the C2 url naming convention or whether it is only this particular actor using a different C2 url naming convention. Genera… Continue reading Lokibot campaigns continue with some changes to C2 urls→

ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends

Posted on October 24, 2018 by Tara Seals

After a two-quarter lull in the action, malware activity resurged in the third quarter of the year, especially on the business front. Continue reading ThreatList: Ransomware, EKs and Trojans lead the Way in Q3 Malware Trends→

Lokibot via fake enquiry CVE-2017-8570 malware campaign error

Posted on October 16, 2018 by Myonlinesecurity

An email with the subject of “Re: Inquiry” pretending to come from AL SRAIYA HOLDING GROUP, a large consulting group in Qatar but actually coming from “purchase manager <jairus_miguel@bsdnetwork.com.br>” with a malic… Continue reading Lokibot via fake enquiry CVE-2017-8570 malware campaign error→

ThreatList: Credential Theft Spikes by Triple Digits in U.S.

Posted on October 11, 2018 by Tara Seals

Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging. Continue reading ThreatList: Credential Theft Spikes by Triple Digits in U.S.→

Lokibot campaign 17 September 2018

Posted on September 17, 2018 by Myonlinesecurity

We are starting this Monday Morning with a Lokibot campaign being delivered via malicious word docs, actually RTF files using CVE-2017-11882 Microsoft equation editor exploits. I am seeing various email subjects. I have received 2 of each version so … Continue reading Lokibot campaign 17 September 2018→

More Lokibot malspam hitting UK today

Posted on August 28, 2018 by Myonlinesecurity

The second in today’s Lokibot campaigns hitting UK is more normal than the earlier one. However it still has a few stings and misdirections to try to confuse you. An email pretending to be a delivery notification with the subject of Re: SM-192C6… Continue reading More Lokibot malspam hitting UK today→