Netwire Lokibot

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
NetWire Lokibot is a notorious vulnerability known for its role in various malware campaigns. It belongs to a family of malware that includes Xloader and Remcos RAT. The distribution of these malicious programs is often facilitated by a loader called GuLoader, which has gained a reputation for utilizing trusted platforms like Google Drive, OneDrive, and GCloud to deliver payloads. In a recent campaign, the operators of GuLoader employed 'github.io' as the download source to distribute the Remcos RAT, a remote access trojan. The use of NetWire Lokibot highlights a significant flaw in software, design, implementation, or human behavior, creating vulnerabilities that threat actors exploit for their malicious purposes. This flaw exposes users to potential risks such as unauthorized access to sensitive information, financial loss, and system compromise. The involvement of GuLoader in distributing multiple malware families, including NetWire Lokibot, demonstrates the sophistication and adaptability of cybercriminals in evading detection and using reputable platforms to deceive unsuspecting victims. In the specific campaign discussed, the operators of GuLoader adopted 'github.io' as a download source to distribute the Remcos RAT. This tactic allowed them to leverage the perceived legitimacy of GitHub, a widely recognized platform for software development and collaboration. By disguising their malicious payload within the trusted domain, the threat actors increased the likelihood of successful delivery and reduced the chances of detection by security measures. This incident underscores the need for robust cybersecurity practices, including regular software updates, strong authentication mechanisms, and user awareness training to defend against emerging threats like NetWire Lokibot and its associated malware.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Trojan
Payload
Remcos
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
GuLoaderUnspecified
1
GuLoader is a type of malware that infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, it can steal personal information, disrupt operations, or even hold data hostage for ransom. GuLoader is encrypted with NSIS Crypter and has
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Netwire Lokibot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
GuLoader Malware is Attacking Law Firms Using Weaponized PDF File