ioc[.]one - OSINT Cyber Threat Intelligence Database

PowerPoint Malware References Drake Lyrics to Drop Lokibot & Azorult | AppRiver

Tags

attack-pattern:

Show in Graph

Common Information

Type	Value
UUID	f2ec76b1-7d44-4e47-abcc-8f9b09b80353
Fingerprint	c07a492bd3f4ae1
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 1, 2022, midnight
Added to db	Jan. 18, 2023, 10:47 p.m.
Last updated	Nov. 17, 2024, 9:42 p.m.
Headline	Blog
Title	PowerPoint Malware References Drake Lyrics to Drop Lokibot & Azorult \| AppRiver
Detected Hints/Tags/Attributes	23/1/28

Source URLs

	Redirection	Url
Details	Source	https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/

URL Provider

Details	Provider	Source level domain
Details	appriver.com	www.appriver.com

Attributes

Details	Type	#Events	Value
Details	Domain	358	pastebin.com
Details	Domain	45	paste.ee
Details	Domain	1	d228z91au11ukj.cloudfront.net
Details	Domain	1	xnasxjnasn.blogspot.com
Details	Domain	1	resources.blogblog.com
Details	File	456	mshta.exe
Details	File	409	c:\windows\system32\cmd.exe
Details	File	199	excel.exe
Details	File	323	winword.exe
Details	File	60	c:\windows\system32\schtasks.exe
Details	File	312	calc.exe
Details	File	1	c:\users\admin\appdata\roaming\f63aaa\a71d80.exe
Details	File	82	fre.php
Details	File	1	a6.pps
Details	File	1205	index.php
Details	sha256	1	80c10ee5f21f92f89cbc293a59d2fd4c01c7958aacad15642558db700943fa22
Details	sha256	1	a3c8f58fd18e564ec11c247aede37b0be763d1fca46d0cbe5d032cf17e3a6bf3
Details	IPv4	1	143.204.214.11
Details	IPv4	6	104.20.68.143
Details	IPv4	4	107.175.150.73
Details	IPv4	1	23.106.160.1
Details	Url	1	http://j.mp/mo7xasnnr
Details	Url	1	http://107.175.150.73/~giftioz/.cttr/fre.php
Details	Url	1	http://pastebin.com/raw/cntxyppn
Details	Url	1	http://j.mp/ml2xasnnr
Details	Url	1	http://pastebin.com/raw/c5qng3dr
Details	Url	1	http://paste.ee/r/sfv9l
Details	Url	1	http://23.106.160.1/panel/2/index.php