March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Valak Malware and the Connection to Gozi Loader
June 11, 2020Rewterz Threat Advisory – CVE-2020-12021 – ICS: OSIsoft PI Web API 2019
June 12, 2020Rewterz Threat Alert – Valak Malware and the Connection to Gozi Loader
June 11, 2020Rewterz Threat Advisory – CVE-2020-12021 – ICS: OSIsoft PI Web API 2019
June 12, 2020
Severity
Medium
Analysis Summary
LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is designed to target users. LokiBot gathers saved logins/passwords (mostly in web browsers) and continually tracks users’ activity (for instance, recording keystrokes). Recorded information is immediately saved on a remote server controlled by LokiBot’s developers.
Impact
- Exposure of sensitive information
- Credential theft
Indicators of Compromise
URL
- http[:]//irangoodshop[.]com/biaa/fre[.]php
- http[:]//admindepartment[.]ir/kenlaw/five/fre[.]php
- http[:]//admaris[.]ir/kenlawx/kenlawx[.]exe
- http[:]//admindepartment[.]ir/majicmanx/majicmanx[.]exe
Remediation
- Block the threat indicators at their respective controls
- Always be suspicious of unsolicited email.
- Never click/ download any attachments sent from unrecognized senders.