Skip to content

Commit 5e86aa2

Browse files
nasbenchnasbench
committed
add lokibot
1 parent b3d3fee commit 5e86aa2

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

detections/network/cisco_secure_firewall___intrusion_events_by_threat_activity.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ description: |
2424
* CastleRAT
2525
* Chafer
2626
* DCRAT
27+
* LokiBot
2728
* Lumma Stealer
2829
* Nobelium
2930
* Quasar

lookups/cisco_snort_ids_to_threat_mapping.csv

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ DCRAT,64370,MALWARE-OTHER,Win.Trojan.DcRat variant download attempt
3131
DCRAT,64371,MALWARE-OTHER,Win.Trojan.DcRat variant download attempt
3232
DCRAT,64372,MALWARE-CNC,Win.Trojan.DcRat variant communication attempt
3333
DCRAT,64373,MALWARE-CNC,Win.Trojan.DcRat variant communication attempt
34+
LokiBot,65502,MALWARE-CNC,Win.Trojan.LokiBot variant outbound connection attempt
3435
Lumma Stealer,62709,MALWARE-CNC,Win.Malware.Lumma variant outbound connection
3536
Lumma Stealer,62710,MALWARE-OTHER,Win.Malware.Lumma variant download attempt
3637
Lumma Stealer,62711,MALWARE-OTHER,Win.Malware.Lumma variant download attempt
@@ -108,4 +109,4 @@ Xworm,62775,MALWARE-OTHER,Win.Trojan.Xworm download attempt
108109
Xworm,64185,MALWARE-CNC,Win.Dropper.Xworm variant inbound communication
109110
Xworm,64186,MALWARE-CNC,Win.Dropper.Xworm variant inbound communication
110111
Xworm,64187,MALWARE-OTHER,Win.Dropper.Xworm variant download attempt
111-
Xworm,64188,MALWARE-OTHER,Win.Dropper.Xworm variant download attempt
112+
Xworm,64188,MALWARE-OTHER,Win.Dropper.Xworm variant download attempt

0 commit comments

Comments
 (0)