Lokibot Indicators of Compromise (IOC) Feed

Lokibot IOC Feed

Lokibot is a malware threat that broadly targets victims across many verticals. PrecisionSec provides a curated Lokibot IOC Feed which is included in all intel subscriptions.

What is Lokibot?

Lokibot is an information stealing trojan used to steal sensitive data such as usernames, passwords, cryptocurrency wallets, and other credentials. The malware is usually delivered using spear phishing emails containing a malicious attachment. Lokibot infections often result in theft of VPN and other login credentials which in some cases ultimately leads to a ransomware attack.

Screenshot of a typical Lokibot phishing email. — Typical Lokibot Phishing Email with Malicious XLS Attachment

PrecisionSec Automated Lokibot Incident Flyout

Automated Lokibot Alerts in Microsoft Sentinel

PrecisionSec actively tracks ongoing Lokibot malware campaigns. Samples are tracked using hash values (md5, sha256) and network telemetry and config data are extracted and added to our outgoing intelligence.

The data feeds seamlessly integrate with most major security products including MISP and Microsoft Sentinel. All PrecisionSec threat intelligence products include Lokibot C2 and distribution IOCs with a subscription.

Recent Lokibot IOCs

Below you will find the most recent Lokibot IOCs from our Threat Intelligence Feed. All of these indicators have been internally verified using custom YARA rules. Please note the data below is intentionally delayed by 48 hours. For live data updated every minute, including command & control (C2) data, please sign up for a free trial.

URL / IP / MD5	Date Added
http://www.grupodulcemar.pe/FACTURA09876567000.bat	2024-11-20 16:20:06
http://66.63.187.231/xampp/wer/we/seemybestoptionforentiretimegivenmebackwith______suchagreatthignswithentiretimewithmegood______seethebestthignsalwaysgivnebestthigns.doc	2024-11-20 10:10:11
http://94.156.177.41/simple/five/fre.php	2024-11-20 07:18:11
http://192.3.243.136/55/caspol.exe	2024-11-20 07:10:06
https://66.63.187.231/657/caspol.exe	2024-11-20 03:09:07
87.120.113.235	2024-11-19 18:18:16
http://87.120.113.235/18/pin.php	2024-11-19 18:18:13
http://94.156.177.41/davinci/five/fre.php	2024-11-19 16:31:26
94.156.177.41	2024-11-19 10:18:04
http://94.156.177.41/maxzi/five/fre.php	2024-11-19 10:17:58

Ready to see all of our data?

If you’re ready to take a look at our full set of data, click below to start your 15-day Free Trial.