ioc[.]one - OSINT Cyber Threat Intelligence Database

New Campaign Sees LokiBot Delivered Via Multiple Methods

Tags

cmtmf-attack-pattern:	Masquerading
maec-delivery-vectors:	Watering Hole
attack-pattern:	Cloud Services - T1021.007 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Masquerading - T1036 Powershell - T1086 Masquerading

Show in Graph

Common Information

Type	Value
UUID	1c1e1630-f7be-40c3-80a2-33b90be72793
Fingerprint	bd46a818e9e6cf4f
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 25, 2021, midnight
Added to db	Oct. 16, 2024, 12:40 a.m.
Last updated	Nov. 17, 2024, 5:55 p.m.
Headline	New Campaign Sees LokiBot Delivered Via Multiple Methods
Title	New Campaign Sees LokiBot Delivered Via Multiple Methods
Detected Hints/Tags/Attributes	42/3/54

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ph/research/21/h/new-campaign-sees-lokibot-delivered-via-multiple-methods.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	375	cve-2017-11882
Details	CVE	77	cve-2016-0189
Details	Domain	1	trojan.pdf.powload.am
Details	Domain	1	trojan.x97m.cve20180802.al
Details	Domain	1	ulvis.net
Details	File	13	2.pdf
Details	File	70	vbc.exe
Details	File	15	trojan.pdf
Details	File	1	2021-08-09_220350.pdf
Details	File	2	assessment.pdf
Details	File	1	loa.pdf
Details	File	1	023.pdf
Details	File	1	jhs-po-2108-11425.rar
Details	File	2	-1.pdf
Details	File	1	1459-po21-15.docx
Details	File	1	i229-i231.xlsx
Details	File	1	s28bw-421072010440.pdf
Details	File	1	po20-003609.xlsx
Details	File	1	pdf_r34567888.html
Details	File	19	trojan.html
Details	File	1	pdf_rg234999233.html
Details	sha256	1	c59ac77c8c2f2450c942840031ad72d3bac69b7ebe780049b4e9741c51e001ab
Details	sha256	1	5a586164674423eb4d58f664c1625c6dfabcd7418048f18d4b0ab0b9df3733eb
Details	sha256	1	fb7fe37e263406349b29afb8ee980ca70004ee32ea5e5254b9614a3f8696daca
Details	sha256	1	98983e00b47bcbe9ebbaf5f28ea6cdbf619dd88c91f481b18fec7ffdb68ab741
Details	sha256	1	71998bb4882f71a9e09b1eb86bac1e0a0ac75bc4c20ee11373b90173cedc7d0b
Details	sha256	1	e5d84990d7abd7b65655ac262d3cad346cdaf47f5861bff8b33b8bc755832288
Details	sha256	1	2210000d2f877c9fd87efe97605e90549c5d9008a90f9b062a570fc12437e318
Details	sha256	1	e7a518b83d9f57a4cb8726afc6bb27a15f6e68655552e13b24481df83b9320fb
Details	sha256	1	fc5bf62f57c77efa9f9264878f1753a35c27fb44bce7d9a00f8f094315355661
Details	sha256	1	c6aede79cc1608da1e3ed5c8853b1718351429573679d6b847c90c44e48137d4
Details	sha256	1	639f6453e961aa33302d34962ccdd29fbc9235b2a0df8b1ac0acc0bb040af7e0
Details	sha256	1	b1b0045f890afd14b4168b4fc0017ac39c281fe5eee66d3c9523040e63220eb4
Details	sha256	1	3798eb011f5d8ee7f41e3666dac7fac279cf670ad4af4060aaef33a7def3c6f7
Details	sha256	1	45f1b4b0a627f1a2072818d00456dc4fc6607edf9a1a1c484f04f800d25b93d2
Details	sha256	1	da56c38fad7c2ee8e829aea9bd3c4b523ea0b65e935805d68df12c7a28e5d5dd
Details	sha256	1	d8bb1bb8587840321e74cf2ab2f3596344cbb5ffeb77060bd9aade848fed03fd
Details	sha256	1	9f66135d831d5ba4972ba5db9e0fd4515dfaecc92013a741679d6cddbe29ab25
Details	sha256	1	324d549fb7b9999aa0e6fb8a6824f7a05fe5f1f21d76fb2d360cb34c56eb1995
Details	sha256	1	ca155beb7d28cde5147eba7907c453d433b7675ba1830e87d5a4e409b5b912e1
Details	IPv4	1	192.23.212.137
Details	IPv4	1	198.23.212.137
Details	IPv4	1	104.21.62.89
Details	IPv4	1	104.21.71.169
Details	IPv4	1	185.227.139.5
Details	IPv4	1	46.173.214.209
Details	IPv4	1	192.227.228.106
Details	Url	1	http://198.23.212.137/document/pdf_r34567888.html
Details	Url	1	http://198.23.212.137/regedit/reg/vbc.exe
Details	Url	1	http://198.23.212.137/document/pdf_document_s233322.html
Details	Url	1	http://198.23.212.137/document/pdf_document_sw211222.html
Details	Url	1	https://ulvis.net/q4gl
Details	Url	1	https://ulvis.net/q4km
Details	Url	1	http://198.23.212.137/document/pdf_rg234999233.html