2018-06-08 LokiBot Malspam
For something different today, found some DHL inspired LokiBot malspam in the email filters. LokiBot is considered an information stealer as it looks through the system for any credentials that it can grab. As Brad mentioned in an older SANS ISC blog entry, the emails that LokiBot uses vary and does not seem to follow any kind of pattern. The pattern is noticeable when you look at the infection (this will be discussed later). In the meantime, if you are wanting to read a great detailed article/breakdown on LokiBot, check out this paper from Rob Pantazopoulos via the SANS Reading…