cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Liki login

ariebombarie
Copper Contributor

‎Oct 17 2019 03:19 AM - last edited on ‎Apr 08 2022 10:09 AM by

‎Oct 17 2019 03:19 AM - last edited on ‎Apr 08 2022 10:09 AM by

Liki login

Hi, 

 

My business is using Office 365. Since yesterday on of our accounts has logged in through an application called 'Office Online Client- Loki'. 

 

Is this the malware LokiBot, or is it something that is normal for Office 365?

 

Thanks in advance 

 

Sorry if this is not the right forum

20.7K Views
0 Likes
2 Replies
Reply
2 Replies
Craig Wilson

‎Oct 18 2019 03:11 PM

‎Oct 18 2019 03:11 PM

Re: Liki login

@ariebombarie 

Loki is listed in the URL's for Delve, It could that.

On the site https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges, You can see the following URL's*.loki.delve.office.com, loki.delve.office.com, loki.delve-gcc.office.com, lpcres.delve.office.com.

 

However, the best option, if you are unsure, is to check which users have logged in. In AzureAD scroll down to the Sign-Ins and find which user attempted to connect with Loki. Click on the sign-in event and check where the user logged in from. If it was from a location/IP you know then you can run some AV/Malware tools over the user's workstations. If you don't know the IP/Location then I would start looking at resting the user's password, enabling MFA as well as scanning their PC.

 

If you have Microsoft Defender ATP, you can check cloud app security and seen of the user's PC has been infected as well.

 

 

0 Likes
Reply
mattylicious

‎Nov 10 2023 03:00 PM

‎Nov 10 2023 03:00 PM

Re: Liki login

@ariebombarie 

Check this out: https://crm.hocreview.com/office-online-loki-sso/

Similar thing happened while I was glancing through sign in logs. Found this ms tech community post and then found this link.

0 Likes
Reply