ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool LokiBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: LokiBot

NamesLokiBot
Loki
LokiPWS
ForeIT
CategoryMalware
TypeBanking trojan, Backdoor, Keylogger, Info stealer, Credential stealer, Loader
Description(Accenture) Loki Bot is a resident loader, and password and cryptocurrency wallet stealer. Loki Bot captures passwords from browsers, as well as e-mail, FTP, SSH and poker clients.
Information<https://www.accenture.com/_acnmedia/pdf-107/accenture-security-cyber.pdf>
<https://www.threatfabric.com/blogs/lokibot_the_first_hybrid_android_malware.html>
<https://isc.sans.edu/diary/24372>
<https://github.com/R3MRUM/loki-parse>
<http://www.malware-traffic-analysis.net/2017/06/12/index.html>
<https://www.lastline.com/blog/password-stealing-malware-loki-bot/>
<https://blog.fortinet.com/2017/05/17/new-loki-variant-being-spread-via-pdf-file>
<http://blog.fernandodominguez.me/lokis-antis-analysis/>
<https://phishme.com/loki-bot-malware/>
<https://researchcenter.paloaltonetworks.com/2018/08/unit42-gorgon-group-slithering-nation-state-cybercrime/>
<https://r3mrum.wordpress.com/2017/05/07/loki-bot-atrifacts/>
<https://securelist.com/loki-bot-stealing-corporate-passwords/87595/>
<https://cysinfo.com/nefarious-macro-malware-drops-loki-bot-across-gcc-countries/>
<https://github.com/d00rt/hijacked_lokibot_version/blob/master/doc/LokiBot_hijacked_2018.pdf>
<https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850>
<https://us-cert.cisa.gov/ncas/alerts/aa20-266a>
<https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/apk.lokibot>
<https://malpedia.caad.fkie.fraunhofer.de/details/apk.loki>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:LokiBot>

Last change to this tool card: 06 January 2021

Download this tool card in JSON format

Previous: LoJax
Next: LONGRUN

All groups using tool LokiBot

ChangedNameCountryObserved

APT groups

 Gorgon GroupPakistan2017-Jul 2020 
 Patchwork, Dropping ElephantIndia2013-Mar 2018 
 RATicate[Unknown]2019 
 Sweed[Unknown]2017-2019 

4 groups listed (4 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key