{"id":5061,"date":"2020-04-09T13:11:10","date_gmt":"2020-04-09T20:11:10","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5061"},"modified":"2024-04-26T13:21:29","modified_gmt":"2024-04-26T20:21:29","slug":"lokibot-rides-fear-of-coronavirus","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/","title":{"rendered":"LokiBot Rides Fear of Coronavirus"},"content":{"rendered":"<p>Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19). From 3 to 6 March, we observed two malicious spam (malspam) email campaigns distributing LokiBot under the guise of providing information on Coronavirus\u2019 impact on supply chains.<\/p>\n<p>LokiBot has become a popular information stealer that collects credentials and security tokens from infected machines. Its code was leaked soon after it was first seen in 2015, which made it easy to modify and sell.<\/p>\n<p>To find out more detailed information about this emerging threat please download our report here: <a href=\"https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence--62\">https:\/\/insights.infoblox.com\/threat-intelligence-reports\/threat-intelligence&#8211;62<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19). From 3 to 6 March, we observed two malicious spam (malspam) email [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":3148,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[15,40],"class_list":{"0":"post-5061","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-security","9":"tag-threat-intelligence","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>LokiBot Rides Fear of Coronavirus<\/title>\n<meta name=\"description\" content=\"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LokiBot Rides Fear of Coronavirus\" \/>\n<meta property=\"og:description\" content=\"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-09T20:11:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:21:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"LokiBot Rides Fear of Coronavirus\",\"datePublished\":\"2020-04-09T20:11:10+00:00\",\"dateModified\":\"2024-04-26T20:21:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/\"},\"wordCount\":130,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"keywords\":[\"Security\",\"Threat Intelligence\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/\",\"name\":\"LokiBot Rides Fear of Coronavirus\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"datePublished\":\"2020-04-09T20:11:10+00:00\",\"dateModified\":\"2024-04-26T20:21:29+00:00\",\"description\":\"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/DNS-threat-index.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/lokibot-rides-fear-of-coronavirus\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"LokiBot Rides Fear of Coronavirus\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"LokiBot Rides Fear of Coronavirus","description":"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/","og_locale":"en_US","og_type":"article","og_title":"LokiBot Rides Fear of Coronavirus","og_description":"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/","og_site_name":"Infoblox Blog","article_published_time":"2020-04-09T20:11:10+00:00","article_modified_time":"2024-04-26T20:21:29+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"LokiBot Rides Fear of Coronavirus","datePublished":"2020-04-09T20:11:10+00:00","dateModified":"2024-04-26T20:21:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/"},"wordCount":130,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","keywords":["Security","Threat Intelligence"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/","name":"LokiBot Rides Fear of Coronavirus","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","datePublished":"2020-04-09T20:11:10+00:00","dateModified":"2024-04-26T20:21:29+00:00","description":"Coronavirus has become one of the malicious deceptions of choice this month. During the first week of March, LokiBot infostealer joined the list of malware being distributed by threat actor(s) taking advantage of the fear and interest in the spread of Coronavirus (COVID-19).","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-threat-index.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/lokibot-rides-fear-of-coronavirus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"LokiBot Rides Fear of Coronavirus"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5061"}],"version-history":[{"count":3,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5061\/revisions"}],"predecessor-version":[{"id":5072,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5061\/revisions\/5072"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/3148"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}