2017-09-20 - LOKI BOT MALSPAM - SUBJECT: RFQ: FROM: FORTUNE SCIENCES CO., LTD

ASSOCIATED FILES:

  • 2017-09-20-Loki-bot-malspam-traffic.pcap   (398,387 bytes)
  • 2017-09-20-Loki-bot-malspam-0809-UTC.eml   (53,254 bytes)
  • LPO#20092017.xls   (36,820 bytes)
  • voke.exe   (483,328 bytes)

 

EMAIL


Shown above:  Screenshot from the email seen on 2017-09-20.

 

EMAIL HEADER INFORMATION:

 


Shown above:  Malicious Excel spreadsheet attached to the email.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED TRAFFIC:

 

MALWARE

EXCEL SPREADSHEET ATTACHED TO THE EMAIL:

FOLLOW-UP MALWARE (LOKI BOT):

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.