Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: LOKIBOT
- SUBJECTS OBSERVED
- purchase order 090821
- SENDERS OBSERVED
- exports@zwpcompany.com
- MALDOC FILE HASHES
- purchase order 090821.xlsx
- 97f66886c8ed99dff7103f9057076693
- LOKIBOT PAYLOAD URLS
- http://klipotrim.com/cjnewa/cjuyro.exe
- LOKIBOT PAYLOAD FILE HASHES
- 97071E.exe
- 09a33d0fb401a5ab4a5250a799a6689f
- UNKNOWN FILE HASH
- 97071E.hdb
- fb527ebc3cd84eb70acb6d6d1ddcc819
- LOKIBOT C2
- http://arkt.xyz/mrtker4/w2/fre.php
- C2 PACKET CONTENTS
- POST /mrtker4/w2/fre.php HTTP/1.0
- User-Agent: Mozilla/4.08 (Charon; Inferno)
- Host: arkt.xyz
- Accept: */*
- Content-Type: application/octet-stream
- Content-Encoding: binary
- Content-Key: A1795E60
- Content-Length: 3443
- Connection: close
- HTTP/1.1 404 Not Found
- Date: Mon, 09 Aug 2021 16:30:42 GMT
- Content-Type: text/html; charset=UTF-8
- Connection: close
- Status: 404 Not Found
- CF-Cache-Status: DYNAMIC
- Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H17TLh4lp8XYZKhy8z2n4Pt9JIY1xoklPWc0GGO21wgL07%2FkumjZh899YK5p%2B67jj5U56uX21OyW8OqqXycebjjvSTcYVbr6SDt6CVtq31HSkxbn0pVZ1CeJBw%3D%3D"}],"group":"cf-nel","max_age":604800}
- NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
- Server: cloudflare
- CF-RAY: 67c25ed7dadfe6bc-EWR
- alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
- File not found.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement