Hijacked LokiBot analysis

In this repository are collected some evidences. These evidences could be prove that LokiBot was hijacked by a third party actor who have been selling hijacked Lokibot version samples.

Files

• ./doc/LokiBot_hijacked_2018.pdf - LokiBot article where is explained all of the evidences
• ./tools/lbdisinfector/LokibotDisinfection.cpp - C/C++ code for disinfect the system of LokiBot
• ./tools/lbdisinfector/LokibotDisinfection_release_x86.exe - LokibotDisinfection Compiled version for x86
• ./tools/lbpatch/lokibot.py - Python class to parse and patch LokiBot samples
• ./tools/lbpatch/lokibot_patcher.py - Python script for patching LokiBot samples
• ./tools/lbpatch/yara/okibot.yar - Yara rules for detecting LokiBot

Disclaimer

These article and tools were made for education purposes. Any actions and or activities related to the material contained within the repository is solely your responsibility. The misuse of the information in this repository can result in criminal charges brought against the persons in question. The author will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this article to break the law.