Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #IOC #OptiData #VR #Lokibot #ISO
- https://pastebin.com/JHBUsJ7k
- previous_contact:
- 28/11/18 https://pastebin.com/W0e6iWnc
- 28/11/18 https://pastebin.com/4hf0UEqM
- 16/10/18 https://pastebin.com/LPqjHUkQ
- 8/10/18 https://pastebin.com/cZxQGbyq
- 27/09/18 https://pastebin.com/5bpk5kKs
- FAQ:
- https://radetskiy.wordpress.com/?s=lokibot
- attack_vector
- --------------
- email_headers
- --------------
- Received: from novainstrument.com (hosted-by.blazingfast.io [185.62.190.204] (may be forged))
- by srv8.victim1.com (8.15.2/8.15.2)
- for <user0@org6.victim1.com>; Sat, 1 Dec 2018 07:24:44 +0200 (EET)
- (envelope-from jieunne@novainstrument.com)
- From: Jieun <jieunne@novainstrument.com>
- To: user0@org6.victim1.com
- Subject: FW: Purchase Order - PO. 4029530
- Date: 30 Nov 2018 21:23:24 -0800
- files
- --------------
- SHA-256 30d74d66462f5d93eef04b079755574593800e55feeda1682259363e8cb59839
- File name p.o.iso [ISO 9660 CD-ROM filesystem data 'p.o']
- File size 380 KB
- SHA-256 42de623286146b4f6d26dfb73e17b6e95d76509024f1f2b5c1bee734cc22116b
- File name p.o.exe [PE32 executable (GUI) Intel 80386, for MS Windows]
- File size 320 KB
- activity
- **************
- PL_GET: attach
- C2: n/a
- netwrk
- --------------
- n/a
- comp
- --------------
- n/a
- proc
- --------------
- C:\Users\operator\Desktop\p.o.exe
- C:\Users\operator\Desktop\p.o.exe
- persist
- --------------
- n/a
- drop
- --------------
- C:\Users\operator\AppData\Roaming\39B01F\FA74A3.exe
- # # #
- https://www.virustotal.com/#/file/30d74d66462f5d93eef04b079755574593800e55feeda1682259363e8cb59839/details
- https://www.virustotal.com/#/file/42de623286146b4f6d26dfb73e17b6e95d76509024f1f2b5c1bee734cc22116b/details
- https://analyze.intezer.com/#/analyses/bfe5b9ba-dbbb-486a-9385-645b72f950c4
- VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement