March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Active QNAP NAS Exploitation
September 1, 2020Rewterz Threat Advisory – Update: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities
September 1, 2020Rewterz Threat Alert – Active QNAP NAS Exploitation
September 1, 2020Rewterz Threat Advisory – Update: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities
September 1, 2020
Severity
High
Analysis Summary
LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Androidand Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), andmalicious websites. It is designed to target users. LokiBot gathers saved logins/passwords (mostly in web browsers) and continually tracks users’ activity (for instance, recording keystrokes). Recorded information is immediately saved on a remote server controlled by LokiBot’s developers.
Impact
- Credential theft
- Information theft
- Exposure of sensitive data
Indicators of Compromise
URL
- http[:]//joovy[.]ga/ibiki/gate[.]php
- http[:]//greenstdykegheedahatakankeadeshnaa27gqc[.]duckdns[.]org/office360/regasm[.]exe
- https[:]//s3[.]rokket[.]space/t_bU3cLG[.]txt
- http[:]//103[.]125[.]191[.]78/receipt/invoice_85258[.]doc
- http[:]//mecharnise[.]ir/urg/fre[.]php
- http[:]//www[.]onlygodem[.]com/urg[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.