Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: LOKIBOT
- SUBJECTS OBSERVED
- Purchase Order NO_4082021
- SENDERS OBSERVED
- exports@grdcompany.com
- MALDOC FILE HASHES
- Purchase Order NO_4082021.xlsx
- 7c93eb8e06a1734cd40e729172eae349
- LOKIBOT PAYLOAD URLS
- http://revolver-reloaded.de/contentcj/vutomecj.exe
- LOKIBOT PAYLOAD FILE HASHES
- 97071E.exe
- 7598c86263182dca909e4b70a6e5f2bb
- LOKIBOT C2
- http://arkt.xyz/mrtker4/w2/fre.php
- C2 PACKET CONTENTS
- POST /mrtker4/w2/fre.php HTTP/1.0
- User-Agent: Mozilla/4.08 (Charon; Inferno)
- Host: arkt.xyz
- Accept: */*
- Content-Type: application/octet-stream
- Content-Encoding: binary
- Content-Key: A1795E60
- Content-Length: 176
- Connection: close
- HTTP/1.1 404 Not Found
- Date: Thu, 05 Aug 2021 13:52:35 GMT
- Content-Type: text/html; charset=UTF-8
- Connection: close
- status: 404 Not Found
- CF-Cache-Status: DYNAMIC
- Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BSaFzWv8HeVhuZWpAhC6PlLzkid1Efgk3Y348HcFZtYKQAKnLrKPoaKsJhWjc8xJRH6WMIW%2B7Wa3fXDMvbrFdNDQ%2FZOuyGD3i0uOlULiQemtoct5n1zkzCg5mw%3D%3D"}],"group":"cf-nel","max_age":604800}
- NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
- Server: cloudflare
- CF-RAY: 67a081bd89dd4bbf-YUL
- alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
- SUPPORTING EVIDENCE
- https://app.any.run/tasks/0f19c470-3fdb-41e9-81d7-733dbabaab02/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
