2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC
ASSOCIATED FILES:
- 2020-01-16-Lokibot-infection-traffic.pcap.zip 12 kB (12,148 bytes)
- 2020-01-16-Lokibot-infection-traffic.pcap (41,496 bytes)
- 2020-01-16-Lokibot-malspam-malware-and-IOCs.zip 606 kB (605,692 bytes)
- 2020-01-16-Lokibot-EXE-file.bin (488,448 bytes)
- 2020-01-16-Lokibot-infection-IOCs.txt (963 bytes)
- 2020-01-16-RAR-archive-attached-to-Lokibot-malspam.bin (195,964 bytes)
- 2020-01-16-Windows-registry-entry-for-Lokibot.txt (1,084 bytes)
- 2020-01-16-malspam-pushing-Lokibot.eml (278,082 bytes)
NOTES:
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Screenshot of the malspam.
Shown above: Attached RAR archive and extracted Windows executable file for Lokibot.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: TCP stream from callback traffic caused by Lokibot.
Click here to return to the main page.