Lokibot IOC Feed
What is Lokibot?
Lokibot is an information stealing trojan used to steal sensitive data such as usernames, passwords, cryptocurrency wallets, and other credentials. The malware is usually delivered using spear phishing emails containing a malicious attachment. Lokibot infections often result in theft of VPN and other login credentials which in some cases ultimately leads to a ransomware attack.
Automated Lokibot Alerts in Microsoft Sentinel
PrecisionSec actively tracks ongoing Lokibot malware campaigns. Samples are tracked using hash values (md5, sha256) and network telemetry and config data are extracted and added to our outgoing intelligence.
The data feeds seamlessly integrate with most major security products including MISP and Microsoft Sentinel. All PrecisionSec threat intelligence products include Lokibot C2 and distribution IOCs with a subscription.
Recent Lokibot IOCs
URL / IP / MD5 | Date Added |
---|---|
http://clogwars.com/~zadmin/lmark/seng/link.php | 2024-12-21 20:09:27 |
http://seguridadindustrialujan.com/hu/fre.php | 2024-12-20 18:49:27 |
http://gistsstack.com/panel/fre.php | 2024-12-20 18:48:14 |
https://rottot.shop/BISH/PWS/fre.php | 2024-12-16 14:18:08 |
http://185.94.191.80/primseven/logs/fre.php | 2024-12-16 07:30:38 |
http://tondice.flu.cc/images./imgs01sg-/fre.php | 2024-12-12 21:15:38 |
http://abscete.info/ret/four/fre.php | 2024-12-12 21:15:21 |
http://talkbutton.ai/cgi-bin/fre.php | 2024-12-12 21:15:03 |
http://moradoor.com/five/fre.php | 2024-12-12 21:13:19 |
http://zaaeews.nut.cc/awsw=ewsazum/zswaweoumn=/a/p/fre.php | 2024-12-12 21:13:17 |