Credential Theft
- NirSoft ChromePass
- NirSoft WebBrowserPassView
Loki is tracked by ransomware.live as a ransomware operation.
Profile source: Ransomware.live opens in a new tabLoki
Loki is tracked by ransomware.live as a ransomware operation. Public ransomware-specific technical reporting remains limited, so this profile excludes unrelated backdoor and credential-stealer families that also use the Loki name.
Ransomware.live
Reporting
The threat actor group known as Arcane Werewolf, also tracked as Mythic Likho, has refreshed its attack capabilities by deploying a new version of its custom malware called Loki 2.1.
Так, например, один из экземпляров Merlin, попавших к нам в обработку, — с хэш-суммой 6B16D1C2D6D749C8B0E7671E9B347791 и командным центром mail.gkrzn[.]ru — загружал в систему жертвы образец Loki новой версии 2.0 ...
WannaCry was kind of going... we just assumed it was phishing campaigns... this is when Loki ransomware was like getting delivered in just troves... Loki was an attachment... delivered via email attachment...
from dumpulator import Dumpulator dp = Dumpulator ( "loki.dump" , quiet = "TRUE" )
In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework.
CVE-2017-11882 ... Products Associated Malware: Loki, FormBook, Pony/FAREIT
Credential Stealers: As in 2017, credential stealers were still accounting for the most significant amount of botnet C&C traffic; however there were changes as to which were top of the leader board. Pony held the #1 spot for two years, however in 2018 Loki took pole position, having more than doubled the number of unique botnet C&Cs associated with it.
We have also observed newer campaigns being used to distribute Agent Tesla and Loki that are leveraging CVE-2017-11882.
Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.