NetDefend IPS IPS Advisories NetDefend Anti-Virus Anti-Virus Advisories NetDefend Web Content Filtering NetDefend IP Reputation NetDefend Update Center IPS History Feb 20, 2025 Feb 13, 2025 Feb 06, 2025 Jan 30, 2025 Jan 24, 2025 Anti-Virus History Feb 12, 2022 Jan 06, 2022 Oct 23, 2021 Aug 29, 2021 Aug 23, 2021

Home > NetDefend Live > NetDefend IPS Service NetDefend IPS Service Print Advisory ID 48962 Name MALWARE.KOI.LOADER.STEALER.ACTIVITY.W IPS Signature Advanced IPS Signature IPS Group IPS / MALWARE / GENERAL Issued Jan 23, 2025 Description The KOI Loader/Stealer activity starts with the link sent by attacker, after solving captcha victim downloads malware which involves a zip archive containing a Windows shortcut that, when opened, leads to traffic for installing malware and subsequent communication with a command and control (C2) server. The infection chain is initiated through a zip archive, which upon extraction, prompts the user to run an executable file that ultimately leads to the installation of the malware. The post-infection C2 traffic is used for data exfiltration and communication with the attacker's server.

Enter your details in the box below to receive an email each time we post a new issue of our newsletter. Select oneAfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos (Keeling) IslandsColombiaComorosCongoCongo, The Democratic Republic of theCook IslandsCosta RicaCote d'IvoireCroatiaCubaCyprusCzech RepublicDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEthiopiaFalkland Islands (Malvinas)Faroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgia, Republic ofGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHondurasHong KongHungaryIcelandIndiaIndonesiaIran (Islamic Republic of)IraqIrelandIsraelItalyJamaicaJapanJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People�s Democratic RepublicLatviaLebanonLesothoLiberiaLibyan Arab Jamahiriya (Libya)LiechtensteinLithuaniaLuxembourgMacauMacedonia, The Former Yugoslav Republic ofMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesia (Federated States of)Moldova, Republic ofMonacoMongoliaMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorthern Mariana IslandsNorwayOmanPakistanPalauPalestinian Territory,OccupiedPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarReunionRomaniaRussiaRwandaSaint HelenaSaint Kitts and NevisSaint LuciaSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbia and MontenegroSeychellesSierra LeoneSingaporeSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSpainSri LankaSudanSurinameSvalbard and Jan Mayen IslandsSwazilandSwedenSwitzerlandSyrian Arab Republic (Syria)TaiwanTajikistanTanzania, United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited States Minor Outlying IslandsUnited States of AmericaUruguayUzbekistanVanuatuVatican CityVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and Futuna IslandsWestern SaharaYemenYugoslaviaZambiaZimbabwe Click here to unsubscribe Feb 26, 2025