Lokibot (4fead65c-499d-4f44-8879-2c35b24dac68)
Lokibot is a widely distributed information stealer that was first reported in 2015. It is designed to steal sensitive information such as usernames, passwords, cryptocurrency wallets, and other credentials. Lokibot can also create a backdoor into infected systems to allow an attacker to install additional payloads.[Infoblox Lokibot January 2019][Morphisec Lokibot April 2020][CISA Lokibot September 2020]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| SilverTerrier (e47ae2a7-d34d-4528-ba67-c9c07daa91ba) | Tidal Groups | Lokibot (4fead65c-499d-4f44-8879-2c35b24dac68) | Tidal Software | 1 |