Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

Loki Malware Information

    • 更新於:
    • 30 Dec 2019
    • 產品/版本:
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Worry-Free Business Security Standard/Advanced 9.5
    • Hosted Email Security 2.0
    • Hosted Email Security 3.0
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security 10.0
    • Deep Security 10.1
    • ScanMail for Exchange 10.2
    • ScanMail for Exchange 11.0
    • ScanMail for Lotus Domino 5.0 AIX
    • ScanMail for Lotus Domino 5.0 Windows
    • ScanMail for Lotus Domino 5.0 zLinux
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • InterScan Messaging Security Virtual Appliance 9.1
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • Trend Micro Email Security 1.0
    • ScanMail for Exchange 14.0
    • ScanMail for Exchange 12.5
    • ScanMail for Exchange 12.0
    • 作業系統:
    • N/A N/A
概要

Loki is an info-stealer malware that was first detected on February 2016. This malware first targeted Android systems and its capabilities include stealing credentials, disabling notifications, intercepting communications and data ex filtration.

Loki also exhibited ransomware behavior on October 2017 and was sold on underground hacking forums. On August 2018 up to present, Loki has targeted corporate mailboxes via phishing and spam emails. The phishing emails include a file attachment with .iso extension which downloads and executes the Trojan malware that steals passwords from browsers, mail, File Transfer Protocol (FTP) clients, messaging applications and cryptocurrency wallets..

Capabilities

  • Information Theft
  • Exploits
  • Disabling usage capability

Infection Routine

infection routine

File Reputation

Detection/Policy/RulesPattern/Branch/VersionRelease Date
TrojanSpy.Win32.LOKI.TIOIBODR
TrojanSpy.Win32.LOKI.SMDD.hp
TrojanSpy.Win32.LOKI.THCOEAI
TrojanSpy.Win32.LOKI.THBBFAI
TrojanSpy.Win32.LOKI.THCBAAI
TrojanSpy.Win32.LOKI.SM.hp
Trojan.W97M.LOKI.AMK
TrojanSpy.Win32.LOKI.TIOIBODS
TrojanSpy.Win32.LOKI.TIOIBODN
TrojanSpy.Win32.LOKI.THBOFAI
TrojanSpy.Win32.LOKI.TIOIBOCV
TrojanSpy.Win32.LOKI.TIOIBOCQ
TrojanSpy.Win32.LOKI.THOABEAI
TrojanSpy.Win32.LOKI.THOAAAAI
TrojanSpy.Win32.LOKI.TIOIBOCQ
Trojan.Win32.LOKI.UHBADFW







Ent OPR 14.929.03







April 9, 2019

Predictive Machine Learning

DetectionPattern Branch/Version
TROJ.Win32.TRX.XXPE50F13007R2D6E
Troj.Win32.TRX.XXPE50F13007
Ransom.Win32.TRX.XXPE50F13007
TROJ.Win32.TRX.XXPE50F13006R2D6E

N/A

Behavior Monitoring

Pattern Branch/VersionRelease Date
AEGIS TMTD OPR 1689August 11, 2017
AEGIS TMTD OPR 1839October 30, 2018

Web Reputation

URLCategoryBlocking Date
hxxp://megaklik.top/otika/otika.exeMalware Accomplice, Disease VectorApril 2, 2019
hxxp://cj.3rwm.pk/cj.exeMalware Accomplice, Disease VectorApril 2, 2019
hxxp://megaklik.top/nwamanew/nwamanew.exeMalware Accomplice, Disease VectorMarch 22, 2019
hxxp://cgi.fleetia.eu/202597.gifDisease VectorApril 8, 2019
hxxp://cgi.fleetia.eu/out-1961441859.htaDisease VectorApril 8, 2019
hxxp://bozarkaya.com/zuniga/zuniga.exeMalware Accomplice, Disease VectorApril 2, 2019
hxxp://uzocoms.eu/nwama/five/fre.phpC&C ServerMarch 7, 2019
hxxp://cubaworts.gq/700/index.phpDisease VectorApril 8, 2019
hxxp://cgi.fleetia.eu/1309778.pngDisease VectorApril 8, 2019
hxxp://jacksonbrown.5gbfree.com/mnco.exeDisease VectorApril 8, 2019
hxxp://overenvy.5gbfree.com:80/dj.exeMalware Accomplice, Disease VectorApril 8, 2019

Anti Spam

Pattern Branch/VersionRelease Date
AS 4538.006
April 8, 2019
詳情
Public

Solution Map - What should customers do?

Trend Micro SolutionMajor ProductLatest VersionVirus PatternAnti-Spam PatternNetwork PatternBehavior MonitoringPredictive Machine LearningWeb Reputation





Endpoint Security
ApexOne2019



Update pattern via web console



Not Applicable
Update pattern via web console



Enable Behavior Monitoring and update pattern via web console




Enable Predictive Machine Learning




Enable Web Reputation Service and update pattern via web console
OfficeScanXG (12.0)


Not Applicable

Worry-Free Business Security
Standard (10.0)
Advanced (10.0)Update pattern via web console
Hybrid Cloud SecurityDeep Security12.0Update pattern via web consoleNot ApplicableUpdate pattern via web consoleEnable Behavior Monitoring and update pattern via web consoleEnable Predictive Machine LearningEnable Web Reputation Service and update pattern via web console





Email and Gateway Security
Deep Discovery Email Inspector3.5




Update pattern via web console





Update pattern via web console
Update pattern via web console




Not Applicable





Not Applicable




Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security9.1


Not Applicable
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5Update pattern via web consoleNot ApplicableUpdate pattern via web consoleNot ApplicableNot ApplicableEnable Web Reputation Service and update pattern via web console

Recommendation

Threat Report

Blogs

Premium
Internal
Partner
評價:
分類:
Remove a Malware / Virus; SPEC
解決方案ID:
1117830
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!


本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.