2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC

ASSOCIATED FILES:

• 2020-01-16-Lokibot-infection-traffic.pcap.zip   12 kB (12,148 bytes)

• 2020-01-16-Lokibot-infection-traffic.pcap   (41,496 bytes)

• 2020-01-16-Lokibot-malspam-malware-and-IOCs.zip   606 kB (605,692 bytes)

• 2020-01-16-Lokibot-EXE-file.bin   (488,448 bytes)
• 2020-01-16-Lokibot-infection-IOCs.txt   (963 bytes)
• 2020-01-16-RAR-archive-attached-to-Lokibot-malspam.bin   (195,964 bytes)
• 2020-01-16-Windows-registry-entry-for-Lokibot.txt   (1,084 bytes)
• 2020-01-16-malspam-pushing-Lokibot.eml   (278,082 bytes)

NOTES:

• Zip archives are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Screenshot of the malspam.

 

Shown above:  Attached RAR archive and extracted Windows executable file for Lokibot.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  TCP stream from callback traffic caused by Lokibot.

 

Click here to return to the main page.