Kaspersky · @Kaspersky
27 followers · 33 posts · Server noc.social

Our new report uncovers intricate infection tactics of malware strains Emotet, LokiBot, and DarkGate.
Emotet spreads through malicious OneNote files, while LokiBot stays active, stealing credentials from browsers & more. Beware of the new loader, DarkGate!
More details ➡️ kas.pr/4zrn

#trojan #onenote #darkgate #lokibot #emotet #malware #cybersecurity

Last updated 1 year ago

Kaspersky · @Kaspersky
17 followers · 48 posts · Server ioc.exchange

Our new report uncovers intricate infection tactics of malware strains Emotet, LokiBot, and DarkGate.
Emotet spreads through malicious OneNote files, while LokiBot stays active, stealing credentials from browsers & more. Beware of the new loader, DarkGate!
More details ➡️ kas.pr/4zrn

#cybersecurity #malware #emotet #lokibot #darkgate #onenote #trojan

Last updated 1 year ago

Aida Akl · @AAKL
353 followers · 757 posts · Server noc.social

Today in our section on "uncoventional delivery": archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. , or

You can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: twitter.com/angealbertini/stat

As an example we dug up a sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common tick, e.g. .pdf.exe

IoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.php

PO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6

SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c

#malware #arj #agenttesla #formbook #GuLoader #lokibot #doubleextension #infosec #cybersecurity #blueteam

Last updated 2 years ago


-> PO 23-085.docx 13e634ba7f184f19b2b5db44dc5ffdda
->http://212.87.204[.]200/5021/vbc.exe
9bc4bdba6f7246afc51513d0bbcb038b
C2: http://208.67.105[.]148/okuma/five/fre.php

#lokibot

Last updated 2 years ago


Re_ Outstanding payment against invoice (WRONG ACCOUNT DETAILS).eml -> Swift 788954.rar
9506443c1f4d3cbc922a26439771618d
C2: kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
sempersim[.]su

#lokibot

Last updated 2 years ago

Parliamo di news! · @parliamodinews
16 followers · 87685 posts · Server masthead.social
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

A Deep Dive into Lokibot Infection Chain - By Irshad Muhammad, with contributions from Holger Unterbrink.

News summary
Lokibot is one of the ... feedproxy.google.com/~r/feedbu

#lokibot #malwareanalysis #reverseengineering

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

Threat Roundup for November 13 to November 20 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 ... feedproxy.google.com/~r/feedbu

#ursnif #kuluoz #ruskill #netwire #lokibot #trickbot #tinybanker #ponystealer

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online

Threat Roundup for July 31 to August 7 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 ... feedproxy.google.com/~r/feedbu

#talos #qakbot #malware #lokibot #hawkeye #gh0strat #darkcomet #ciscotalos #threatroundup #vulnerabilities

Last updated 4 years ago

ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online