ioc[.]one - OSINT Cyber Threat Intelligence Database

New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems

Tags

country:	China Iran
attack-pattern:	Data Direct Credential Stuffing - T1110.004 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Mshta - T1170 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	49681cf4-6d61-41f6-a57e-99d20c2d6693
Fingerprint	ac372971002786d9
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 16, 2022, 8 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
Title	New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems
Detected Hints/Tags/Attributes	134/2/167

Source URLs

	Redirection	Url
Details	Source	https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware

URL Provider

Details	Provider	Source level domain
Details	blackberry.com	blogs.blackberry.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	loki-locker.one
Details	Domain	167	tutanota.com
Details	Domain	155	yandex.com
Details	Domain	1	picc.io
Details	Domain	58	mailfence.com
Details	Domain	42	msgsafe.io
Details	Domain	35	tutamail.com
Details	Domain	46	firemail.cc
Details	Domain	16	goat.si
Details	Domain	68	keemail.me
Details	Domain	1174	gmail.com
Details	Domain	272	outlook.com
Details	Domain	84	airmail.cc
Details	Domain	144	cock.li
Details	Domain	396	protonmail.com
Details	Domain	287	yahoo.com
Details	Domain	24	rape.lol
Details	Domain	83	tuta.io
Details	Domain	35	cyberfear.com
Details	Domain	23	techmail.info
Details	Domain	1	loki.black
Details	Domain	5	loki.help
Details	Domain	8	bingzone.net
Details	Email	5	d4rkw4ve@tutanota.com
Details	Email	7	dark4wave@yandex.com
Details	Email	1	blackspyro@mailfence.com
Details	Email	1	blackspyro@tutanota.com
Details	Email	1	decnow@msgsafe.io
Details	Email	5	decnow@tutamail.com
Details	Email	6	decoder@firemail.cc
Details	Email	1	decryptfiles@goat.si
Details	Email	5	filemanager@mailfence.com
Details	Email	5	helpingdecode@tutanota.com
Details	Email	5	miiracle11@yandex.com
Details	Email	5	miracle11@keemail.me
Details	Email	1	payfordecrypting@gmail.com
Details	Email	5	payfordecrypting@outlook.com
Details	Email	8	rdpmanager@airmail.cc
Details	Email	5	roxlock@keemail.me
Details	Email	5	roxlock@mailfence.com
Details	Email	1	shadow0@mailfence.com
Details	Email	1	shadow11@mailfence.com
Details	Email	1	skydancerf5@cock.li
Details	Email	5	sapphire01@keemail.me
Details	Email	5	sapphire02@mailfence.com
Details	Email	5	unlockpls.dr01@protonmail.com
Details	Email	5	unlockpls.dr01@yahoo.com
Details	Email	1	adairfile@mailfence.com
Details	Email	1	adairfile@tutanota.com
Details	Email	1	admindec@rape.lol
Details	Email	5	anoniran@protonmail.com
Details	Email	1	badlamadec@msgsafe.io
Details	Email	1	dark.killer@mailfence.com
Details	Email	1	darkkiller@cock.li
Details	Email	3	decryptyourfiles@firemail.cc
Details	Email	1	decsup@tuta.io
Details	Email	5	falcon9@cyberfear.com
Details	Email	2	filemanager@cock.li
Details	Email	1	jesushelp01@techmail.info
Details	Email	1	jesushelp02@mailfence.com
Details	Email	2	kingbo@tutanota.com
Details	Email	1	kingboo@mailfence.com
Details	Email	1	kingvps1@mailfence.com
Details	Email	1	kingvps@mailfence.com
Details	Email	1	lockirswsuppurt@mailfence.com
Details	Email	5	lockteam@cock.li
Details	Email	5	lockteam@keemail.me
Details	Email	1	loki.black@mailfence.com
Details	Email	1	loki.black@msgsafe.io
Details	Email	5	loki.help@bingzone.net
Details	Email	5	loki.help@mailfence.com
Details	Email	1	loki.support01@techmail.info
Details	Email	1	loki.support02@mailfence.com
Details	Email	1	loki01@keemail.me
Details	Email	1	loki02@mailfence.com
Details	Email	1	lordpdx@tutanota.com
Details	Email	2	mrcrypt2@mailfence.com
Details	Email	2	mrcrypt@msgsafe.io
Details	Email	1	mrrobot13@cock.li
Details	Email	1	pf2536@protonmail.com
Details	Email	1	pf2536@tutanota.com
Details	Email	1	puffcrypt@gmail.com
Details	Email	5	rain.man13@mailfence.com
Details	Email	5	rain_man13@keemail.me
Details	Email	1	skydancerf5@tutanota.com
Details	Email	5	tran9ino00@protonmail.com
Details	Email	1	wannayourdata@gmail.com
Details	Email	5	xmagic22@tutanota.com
Details	Email	5	xmaster22@tutanota.com
Details	File	1122	svchost.exe
Details	File	748	kernel32.dll
Details	File	68	mscoree.dll
Details	File	533	ntdll.dll
Details	File	12	logs.txt
Details	File	212	winlogon.exe
Details	File	1	%programdata%\winlogon.exe
Details	File	1	loki.txt
Details	File	2	wvtymcow.bat
Details	File	351	recycle.bin
Details	File	1205	index.php
Details	File	1	tg.php
Details	File	2125	cmd.exe
Details	File	117	taskmgr.exe
Details	File	79	regedit.exe
Details	File	1	loki.config
Details	File	38	restore-my-files.txt
Details	File	2	%appdata%\winlogon.exe
Details	File	1	c:\programdata\winlogon.exe
Details	File	1	x8grzsw.gif
Details	File	456	mshta.exe
Details	File	21	ns.exe
Details	sha256	1	0684437b17ae4c28129fbb2cfe75b83cc8424ba119b9ca716ad001a284d62ead
Details	sha256	1	15d7342be36d20ce615647fac9c2277f46b6d19aa54f3cf3d99e49d6ce0486d0
Details	sha256	1	1a4a3bfb72f3a80e4b499ecebe99f53a2b7785eace7f612b3e219409d1e1ffc7
Details	sha256	1	2a7f01d924a4fc38c9fad586634eccbc28de07d97531c4a02eb6085359093a45
Details	sha256	1	37702b94f9fc14a406312a2a392ad9553cf05c4b6870d94b5cf4781c02c29414
Details	sha256	1	4215b5ce91deb97011cba2dd94d5bac1a745d6d55f6938b86e209eaaf8e655df
Details	sha256	1	52c045b57e24585467be13454c5db551987fd23bfa931a7f6ab41e6f11b8a7ec
Details	sha256	1	55da12a82c8e0b9fda5dbba6612627c0ee5d13d55e3bcc1df2ca9785c97caf64
Details	sha256	1	5ccee068daf8a672d0e63e334e00985aa7fe56aa26b6c036d562728fdf968237
Details	sha256	1	6205056cd92c75579f56bd0ce7159fae9f360d4c183beb10743330952bf22056
Details	sha256	1	630e24cc1c4c95321965ad967e77e1888c48c4b1f653d800c7df08e879814787
Details	sha256	1	75a5d27c77cf8515cff84d789f0e8f849b37e15b9b5f1c0801bab414061048a6
Details	sha256	1	78a530f35d1cc89fc757b7661cbd57b2e9e46aeed53e2e66247db66c214a2ba0
Details	sha256	1	7f23ea1e5ab087ba2c4e0ea251d680ef5190d49181efcc222702075b276d5990
Details	sha256	1	8630df622ee773c3d9c934fe9d925c019b43232e8f2810ee651dcf5f3ec79893
Details	sha256	1	88acae18f2cf7de7bb76784d45d9612561c8890872ea3629f0608577928745a5
Details	sha256	1	8de5b9332556da8f401c5cbf3cea1dbc1e1ba277c0efa85dce8cd36310c2936c
Details	sha256	1	8f78555f0f62b4f280a77109dbaa4aeb5c347d1ea38b521f98c57a7acea8087e
Details	sha256	1	8f8cf6b8cd0c789d3f67f6291bb7c0c5416e27320631c852152a63513185941e
Details	sha256	1	a1e30ea263ba21d656717f7f7824ecb2dc90896f55eae134afaf7691209979fd
Details	sha256	1	ac1b326f23e17726a2b90ce8a9d29c6e44a2cb37b431e2b94734bdd17618ae26
Details	sha256	1	adacbc5402326f87c76cc7737ad924ce5bd7394400ef86a48fa754af9d22da66
Details	sha256	1	b01a96892f3efdaa6682078339b23d8954d571c27ee15a4ce9ef8ad6c415f06d
Details	sha256	1	b8996e435ba229837d13f9837f6c0451f50a5767b0d1f1bb715670c802a1d564
Details	sha256	1	c3fe7ee5451108c16d7730d0bf589f70b841f3846908c1761d827a70f3462ef0
Details	sha256	1	c80513aaff11a2a2914d3a674737f63fbc04c6d5de7fda6f8b6e07df580664cf
Details	sha256	1	c8e8599e8d86ff7daf02ea9c01d31f4cdcf829314c76b84d1b1b8a982d1299c5
Details	sha256	1	cb17673f3cde6e542db3ff5facee2a01fdec462be275e9274c512038470009d1
Details	sha256	1	da0a82d322502cd6d156649dee1e0a45348df0dce272b6ae2dd81af25f774c62
Details	sha256	1	df24b04f6ff0ac50fbf1c01ee02f809c1c3f9fbe9d14eefc3306b1b586bf943e
Details	sha256	1	e28b0a93649010788bbeda883a08254fefe3710700fc2c5a8dea94ec39402ec3
Details	sha256	1	f2da3d1410c5058720a4307acf5fec7fc2b54285be9dd89eae108cce368dcde7
Details	sha256	1	fe930861d5eec95a3ea1239e7a8f4182a2cf5b094ac3a48c4cb2f0ef39facd05
Details	sha256	1	fffcf4be17e732aa3a5387e747290236d0f75ff3a24cb43eca793668d7772ddd
Details	sha256	1	4e6471c4574152d0eb2d2c608e540e505f3db41b50997d1f06c47e587a355d80
Details	sha256	1	7c890018d49fe085cd8b78efd1f921cc01936c190284a50e3c2a0b36917c9e10
Details	sha256	1	9ab1694c978f11521c6bca73d40256e4b433f3279792db8ae1fecc5e0ad174c9
Details	sha256	1	ebc955f12b0a2b588efca6de0af144dd00e33ead80185a887bf7c97329b28ec6
Details	sha256	1	1e6ecdb54224eea50476be03d5a48083deae15301f26ba3519e0c0a5eb77b1f4
Details	sha256	1	268c2924d45c0c7be9b67b85f03ddf5df97f2bc8963faefe1bec244e0cb95225
Details	sha256	1	36b5fe49cd81393f8c60c70c941a1e6aaf181775b0614f1c4a142f38c7af1a81
Details	sha256	1	42088f0e3e9c70b7d1d238f7e3b03a3ca177748ba2568adba9104bbed2827734
Details	sha256	1	6d1ecc48069eae14a831af05d29d2d25c0fa9f7c62f1f51c44d0d70fb014a590
Details	sha256	1	84d9ef8cb92d57b178cce655f3f7808c6f5cf42f15c468f741b253f37ffc39fc
Details	sha256	1	bb382bbc0756832748b33f0d7f7ec218d570afa031937259e69237df4945d074
Details	sha256	1	ca478cb334360bef31d394438cba1449dfe0b8d751cc8eb679f09e12e5068d1a
Details	sha256	1	e9e80fd3fe71d133609f5bc75081b13123e4f9a5ed1920050727955185f3ce52
Details	sha256	1	fe40e5c6244c7e0a256689b6ea0881998fef897cece79a2add3ba8f7a23f4f2b
Details	sha256	1	8cb1e9c99ad716a2541697a6d4ada32433b56e11dfe6aa1cb7c4fbc72b4bad2e
Details	sha256	1	c1e8c720da2297aa4432364441b341ec85e6f7f571cf6348ffdc51f4ae96418a
Details	IPv4	1	91.223.82.6
Details	IPv4	5	3.64.163.50
Details	IPv4	1	194.226.139.3
Details	Url	1	https://picc.io/x8grzsw.gif
Details	Windows Registry Key	13	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	1	HKCU\Software\Loki