#NotPetya #NotRelated files, In other words "Loki Bot" « reversingminds's Blog
Tags
country: France
attack-pattern: Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d4ca7578-68da-41ab-9b1a-7363e5eba390
Fingerprint 8c3428202777028d
Analysis status DONE
Considered CTI value 2
Text language
Published July 4, 2017, midnight
Added to db Jan. 18, 2023, 8:01 p.m.
Last updated Nov. 18, 2024, 3:21 p.m.
Headline reversingminds's Blog
Title #NotPetya #NotRelated files, In other words "Loki Bot" « reversingminds's Blog
Detected Hints/Tags/Attributes 37/2/14
Source URLs
Redirection Url
Details Source http://reversingminds-blog.logdown.com/posts/2000422-not-petya-not-related-files-in-other-words-loki-bot
URL Provider
Details Provider Source level domain
Details logdown.com reversingminds-blog.logdown.com
Attributes
Details Type #Events CTI Value
Details CVE 269 
cve-2017-0199
Details Domain 2 
french-cooking.com
Details Domain 340 
system.net
Details Domain 2 
coffeinoffice.xyz
Details File 2 
myguy.xls
Details File 1212 
powershell.exe
Details File 1 
c:\users\d00rt\appdata\roaming\45298.exe
Details File 1 
myguy.exe
Details md5 2 
A1D5895F85751DFE67D19CCCB51B051A
Details md5 1 
49F3606755B12230BFF639361C7109A7
Details sha1 1 
9288fb8e96d419586fc8c595dd95353d48e8a060
Details sha1 1 
234a7174e67eec394faf5139bc79c69bf0ebffb8
Details IPv4 3 
84.200.16.242
Details Url 1 
http://french-cooking.com/myguy.exe