Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: LOKIBOT
- SUBJECTS OBSERVED
- Invoice Payment[SETTLEMENT]
- SENDERS OBSERVED
- ACCOUNTING DEPT <pansvbd@botevgrad[.]com>
- EMAIL BODY
- Dear Sir/Madam,
- We have settled all overdue invoices as instructed by your customer
- Kindly find payment slip as attached for your confirmation
- Please confirm to us when you receive payment.
- Best Regards.
- Christoph Ullrich
- Senior Finance Manager intl. network.
- --
- Oceanic Exchange Ltd.
- P.O. Box 12 Mile 63 George Price Highway
- Cayo District, Belize
- Phone:+501-8247-28162
- EXCEL FILE HASHES
- MT103_023_0817 Copy[.]xlsx
- 83e710ce2762fbb4e5c52daf2c5b619c
- LOKIBOT PAYLOAD FILE HASHES
- sc[.]exe
- 0a30f24c95193838f4ee655563b7ef24
- LOKIBOT PAYLOAD DISTRIBUTION URLS
- hxxp://eliotmusiclabel[.]mx/a1/sc[.]exe
- LOKIBOT C2
- hxxp://pablofile[.]ml/Pablo/fre[.]php
- USER AGENT
- User-Agent is: Mozilla/4.08 (Charon; Inferno)
- SUPPORTING EVIDENCE
- https://www.virustotal.com/gui/file/8450b4affe67a0fbf6ac7d93af37bda86ae202db21593a5bdb848e206784fd21/detection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement