API tools faq
paste
Advertisement
ExecuteMalware

2020-07-02 Lokibot IOCs

ExecuteMalware
Jul 2nd, 2020
3,534
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.01 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: LOKIBOT
  2.  
  3. SUBJECTS OBSERVED
  4. Invoice Payment[SETTLEMENT]
  5.  
  6. SENDERS OBSERVED
  7. ACCOUNTING DEPT <pansvbd@botevgrad[.]com>
  8.  
  9. EMAIL BODY
  10. Dear Sir/Madam,
  11.  
  12. We have settled all overdue invoices as instructed by your customer
  13. Kindly find payment slip as attached for your confirmation
  14. Please confirm to us when you receive payment.
  15.  
  16. Best Regards.
  17. Christoph Ullrich
  18.  
  19. Senior Finance Manager intl. network.
  20. --
  21. Oceanic Exchange Ltd.
  22. P.O. Box 12 Mile 63 George Price Highway
  23. Cayo District, Belize
  24. Phone:+501-8247-28162
  25.  
  26. EXCEL FILE HASHES
  27. MT103_023_0817 Copy[.]xlsx
  28. 83e710ce2762fbb4e5c52daf2c5b619c
  29.  
  30. LOKIBOT PAYLOAD FILE HASHES
  31. sc[.]exe
  32. 0a30f24c95193838f4ee655563b7ef24
  33.  
  34. LOKIBOT PAYLOAD DISTRIBUTION URLS
  35. hxxp://eliotmusiclabel[.]mx/a1/sc[.]exe
  36.  
  37. LOKIBOT C2
  38. hxxp://pablofile[.]ml/Pablo/fre[.]php
  39.  
  40. USER AGENT
  41. User-Agent is: Mozilla/4.08 (Charon; Inferno)
  42.  
  43. SUPPORTING EVIDENCE
  44. https://www.virustotal.com/gui/file/8450b4affe67a0fbf6ac7d93af37bda86ae202db21593a5bdb848e206784fd21/detection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!