2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC

ASSOCIATED FILES:

  • 2020-01-16-Lokibot-infection-traffic.pcap   (41,496 bytes)
  • 2020-01-16-Lokibot-EXE-file.bin   (488,448 bytes)
  • 2020-01-16-Lokibot-infection-IOCs.txt   (963 bytes)
  • 2020-01-16-RAR-archive-attached-to-Lokibot-malspam.bin   (195,964 bytes)
  • 2020-01-16-Windows-registry-entry-for-Lokibot.txt   (1,084 bytes)
  • 2020-01-16-malspam-pushing-Lokibot.eml   (278,082 bytes)

NOTES:

 

IMAGES


Shown above:  Screenshot of the malspam.

 


Shown above:  Attached RAR archive and extracted Windows executable file for Lokibot.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  TCP stream from callback traffic caused by Lokibot.

 

Click here to return to the main page.