Our new report uncovers intricate infection tactics of malware strains Emotet, LokiBot, and DarkGate.
Emotet spreads through malicious OneNote files, while LokiBot stays active, stealing credentials from browsers & more. Beware of the new loader, DarkGate!
More details ➡️ https://kas.pr/4zrn
#cybersecurity #malware #Emotet #Lokibot #DarkGate #OneNote #trojan
#trojan #onenote #darkgate #lokibot #emotet #malware #cybersecurity
Our new report uncovers intricate infection tactics of malware strains Emotet, LokiBot, and DarkGate.
Emotet spreads through malicious OneNote files, while LokiBot stays active, stealing credentials from browsers & more. Beware of the new loader, DarkGate!
More details ➡️ https://kas.pr/4zrn
#cybersecurity #malware #Emotet #Lokibot #DarkGate #OneNote #trojan
#cybersecurity #malware #emotet #lokibot #darkgate #onenote #trojan
#LokiBot #malware infecting PCs via #Microsoft Word — protect yourself now #cybersecurity #infosec https://www.laptopmag.com/news/lokibot-malware-infecting-pcs-via-microsoft-word-protect-yourself-now
#infosec #cybersecurity #microsoft #malware #lokibot
Today in our section on "uncoventional #Malware delivery": #ARJ archives! 📦
ARJ (Archived by Robert Jung) has been around since the MS-DOS days and is occasionally used to deliver e.g. #AgentTesla, #Formbook or #Guloader
You can recognize ARJ archives by their Magic: 60 EA
Extraction can be handled with 7zip for example.
For more information on the file format check out Ange Albertini's excellent graphic representation: https://twitter.com/angealbertini/status/1619006171360395264
As an example we dug up a #Lokibot sample from last year where the delivery chain looked like this: ARJ --> RAR --> EXE
To fool the victims into opening the next file they used the common #doubleExtension tick, e.g. .pdf.exe
IoC for those playing along at home:
162.0.223[.]13
kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
➡️/alien/fre.php
PO_Payment for invoice[...].eml.arj
d0c8824d1e19ca1af0b88a477fa4cad6
SHIPPING_DL-PL-EXPRESS_EXPORT.PDF.exe
88bdf4f8fe035276da984c370e4cda2c
#malware #arj #agenttesla #formbook #GuLoader #lokibot #doubleextension #infosec #cybersecurity #blueteam
#lokibot
-> PO 23-085.docx 13e634ba7f184f19b2b5db44dc5ffdda
->http://212.87.204[.]200/5021/vbc.exe
9bc4bdba6f7246afc51513d0bbcb038b
C2: http://208.67.105[.]148/okuma/five/fre.php
#lokibot
Re_ Outstanding payment against invoice (WRONG ACCOUNT DETAILS).eml -> Swift 788954.rar
9506443c1f4d3cbc922a26439771618d
C2: kbfvzoboss[.]bid
alphastand[.]trade
alphastand[.]win
alphastand[.]top
sempersim[.]su
Five Eyes: ecco i malware in uso nel mondo - Matrice Digitale #AgentTesla #AZORult #cybersecurity #evidenza #Formbook #GootLoader #LokiBot #malware #MOUSEISLAND #NanoCore #Qakbot #Ransomware #Remcos #trickbot #Ursnif #8agosto https://parliamodi.news/article/aHR0cHM6Ly93d3cubWF0cmljZWRpZ2l0YWxlLml0L2luY2hpZXN0ZS9maXZlLWV5ZXMtZWNjby1pLW1hbHdhcmUtaW4tdXNvLW5lbC1tb25kby8=
#8agosto #ursnif #trickbot #Remcos #ransomware #qakbot #NanoCore #MOUSEISLAND #malware #lokibot #GootLoader #FormBook #evidenza #cybersecurity #AZORult #AgentTesla
Threat Roundup for April 23 to April 30 - Today, Talos is publishing a glimpse into the most prevalent threats we've observe... http://feedproxy.google.com/~r/feedburner/Talos/~3/eQBIuhn2P4Y/threat-roundup-0423-0430.html #vulnerabilities #copperstealer #threatroundup #ciscotalos #zeroaccess #darkcomet #features #lokibot #malware #netwire #securex #dridex #remcos #njrat #talos #iocs #razy
#razy #iocs #talos #njrat #remcos #dridex #securex #netwire #malware #lokibot #features #darkcomet #zeroaccess #ciscotalos #threatroundup #copperstealer #vulnerabilities
A Deep Dive into Lokibot Infection Chain - By Irshad Muhammad, with contributions from Holger Unterbrink.
News summary
Lokibot is one of the ... http://feedproxy.google.com/~r/feedburner/Talos/~3/s8jizKCc91o/a-deep-dive-into-lokibot-infection-chain.html #reverseengineering #malwareanalysis #lokibot
#lokibot #malwareanalysis #reverseengineering
Threat Roundup for December 11 to December 18 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Dec. 11 ... http://feedproxy.google.com/~r/feedburner/Talos/~3/tSQqOPOkcsg/threat-roundup-1211-1218.html #vulnerabilities #threatroundup #ciscotalos #tinybanker #darkcomet #phorpiex #tovkater #gamarue #lokibot #malware #cerber #dridex #talos #razy
#razy #talos #dridex #cerber #malware #lokibot #gamarue #tovkater #phorpiex #darkcomet #tinybanker #ciscotalos #threatroundup #vulnerabilities
Threat Roundup for November 13 to November 20 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 13 ... http://feedproxy.google.com/~r/feedburner/Talos/~3/bAxCtkzamIU/threat-roundup-1113-1120.html #ponystealer #tinybanker #trickbot #lokibot #netwire #ruskill #kuluoz #ursnif
#ursnif #kuluoz #ruskill #netwire #lokibot #trickbot #tinybanker #ponystealer
Threat Roundup for October 23 to October 30 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 23 ... http://feedproxy.google.com/~r/feedburner/Talos/~3/mKvMlbu1KJk/threat-roundup-1023-1030.html #vulnerabilities #threatroundup #ciscotalos #darkcomet #gamarue #lokibot #malware #netwire #cerber #dridex #emotet #ramnit #talos #busy
#busy #talos #ramnit #emotet #dridex #cerber #netwire #malware #lokibot #gamarue #darkcomet #ciscotalos #threatroundup #vulnerabilities
Threat Roundup for October 16 to October 23 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 16 ... http://feedproxy.google.com/~r/feedburner/Talos/~3/XjLwxbPVHdc/threat-roundup-1016-1023.html #vulnerabilities #threatroundup #ponystealer #ciscotalos #lokibot #malware #aspxor #dridex #emotet #tofsee #zegost #talos #razy
#razy #talos #zegost #tofsee #emotet #dridex #aspxor #malware #lokibot #ciscotalos #ponystealer #threatroundup #vulnerabilities
CISA: LokiBot Stealer Storms Into a Resurgence - The trojan has seen a big spike in activity since August, the Feds are warning. https://threatpost.com/cisa-lokibot-stealer-resurgence/159495/ #cve-2017-11882 #activityspike #spearphishing #steganography #info-stealer #cisawarning #government #commodity #malware #android #lokibot #windows #trojan
#trojan #windows #lokibot #android #malware #commodity #government #cisawarning #info #steganography #spearphishing #activityspike #cve
Threat Roundup for August 7 to August 14 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 7 a... http://feedproxy.google.com/~r/feedburner/Talos/~3/nY9y2mzdso8/threat-roundup-0807-0814.html #vulnerabilities #threatroundup #ciscotalos #zeroaccess #hawkeye #lokibot #malware #emotet #talos #razy #zusy
#zusy #razy #talos #emotet #malware #lokibot #hawkeye #zeroaccess #ciscotalos #threatroundup #vulnerabilities
Threat Roundup for July 31 to August 7 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 31 ... http://feedproxy.google.com/~r/feedburner/Talos/~3/3kri4x5s10U/tru-0731-0807.html #vulnerabilities #threatroundup #ciscotalos #darkcomet #gh0strat #hawkeye #lokibot #malware #qakbot #talos
#talos #qakbot #malware #lokibot #hawkeye #gh0strat #darkcomet #ciscotalos #threatroundup #vulnerabilities
Threat Roundup for July 10 to July 17 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 ... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/5xwSFuaOkq0/threat-roundup-0710-0717.html #vulnerabilities #threatroundup #ciscotalos #tinybanker #lokibot #malware #netwire #dridex #emotet #remcos #talos
#talos #remcos #emotet #dridex #netwire #malware #lokibot #tinybanker #ciscotalos #threatroundup #vulnerabilities
Threat Roundup for July 3 to July 10 - Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 3 a... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/T2HIMzzdrZc/threat-roundup-0703-0710.html #vulnerabilities #threatroundup #ciscotalos #generickdz #lokibot #malware #netwire #dridex #emotet #fareit #njrat #talos #razy
#razy #talos #njrat #fareit #emotet #dridex #netwire #malware #lokibot #generickdz #ciscotalos #threatroundup #vulnerabilities
RATicate Group Hits Industrial Firms With Revolving Payloads - A new threat group uses NSIS as an installer to target industrial companies with revolving payload... more: https://threatpost.com/raticate-group-industrial-firms-revolving-payloads/155775/ #malwarecampaign #nsisinstaller #agenttesla #formbook #nsisfile #raticate #malware #betabot #lokibot #netwire #payload #sophos #hacks #nsis
#nsis #hacks #sophos #payload #netwire #lokibot #betabot #malware #raticate #nsisfile #formbook #agenttesla #nsisinstaller #malwarecampaign