New Campaign Sees LokiBot Delivered Via Multiple Methods

Trend Micro -

New Campaign Sees LokiBot Delivered Via Multiple Methods

We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older .

We recently detected an aggressive malware distribution campaign delivering LokiBot via multiple techniques, including the exploitation of older vulnerabilities. This blog entry describes and provides an example of one the methods used in the campaign, as well as a short analysis of the . We found that one of the command-and-control (C&C) servers had enabled directory browsing, allowing to retrieve updated samples.

Figure 1. C&C server with directory browsing enabled

Although none of these techniques are particularly new, we want to build awareness about this campaign and encourage users to patch their systems as soon as possible if they are potentially affected.

Analysis of the Adobe PDF malware delivery mechanism

Some of the delivery methods we found included:

PDF: Using Open Action Object DOCX: Using the

Read More: https://www.trendmicro.com/en_us/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html