# Copyright (c) 2014-2019 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Reference: https://twitter.com/ps66uk/status/1032177208335450112 # Note: C2 direct link is added due to remark from #239 occe.com/image1/image/Panel/five/fre.php # Reference: https://twitter.com/malwrhunterteam/status/1032537769787183104 americaircairmakan.com botnet.americaircairmakan.com # Reference: https://twitter.com/FewAtoms/status/1033040103155871744 agodatex.ga http://185.185.40.152/jeff/five/fre.php # Reference: https://twitter.com/olihough86/status/1033055339359420417 polixservices.com # Reference: https://twitter.com/0xffff08000/status/1033054440306036737 embramedica.com.br/site/wp-content/plugnis/ipconfig/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://twitter.com/malware_traffic/status/1033003634001367042 yardng.com # Reference: https://twitter.com/pollo290987/status/1032998085503447041 rmsalf.com # Reference: https://twitter.com/olihough86/status/1031644479109963776 http://191.101.42.43/fdgd/five/PvqDq929BSx_A_D_M1n_a.php studemplo.com/admin/studemplo/Panel/five/PvqDq929BSx_A_D_M1n_a.php phcc-india.com typrat.club www.cem-hk.co # Reference: https://twitter.com/asset_island_/status/1031608741504933889 pldtdsll.net # Reference: https://twitter.com/0xffff08000/status/1031613343797207040 claudfx.win # Reference: https://twitter.com/pollo290987/status/1031544753505165312 http://191.101.42.43/fdgd/five/fre.php # Reference: https://twitter.com/James_inthe_box/status/1030579493910413312 acadaman.com dandoesinternet.com # Reference: https://twitter.com/James_inthe_box/status/1030487639688794115 kelvinarinze.ml scoverykingdom.gq # Reference: https://pastebin.com/UGm39pdU # Reference: https://pastebin.com/mgVvSRHi 002vt.tk/james/fre.php http://141.105.71.166/me/fre.php http://141.105.71.76/blz/fre.php http://151.80.162.219/marle/fre.php http://185.111.75.169/cart/disk/fre.php http://185.148.146.193/~agroinovate/zizisisi/Panel/five/fre.php http://185.206.144.81/lawi/fre.php http://185.24.233.254/donep/fre.php http://185.24.233.32/open/libs/fre.php http://185.24.233.46/dusx/busz/fre.php http://185.24.233.74/dusk/hond/fre.php http://185.24.233.79/baca/opio/fre.php http://185.24.233.80/pend/chan/fre.php http://188.215.229.41//GIS/fre.php http://191.101.42.43/fdgd/five/fre.php http://31.220.2.200/~hancockw/nok/five/fre.php http://31.220.2.200/~justicet/ag/five/fre.php http://5.206.226.99/juicy/fre.php http://80.211.102.126/deve/tide/fre.php http://84.38.132.105/oki/Panel/fre.php http://84.38.133.160/new/Panel/fre.php http://85.254.72.30/donbig/c1/fre.php http://89.187.86.7/~blackdia/new/mhoney/fre.php http://89.187.86.7/~blackdia/vic/bless/fre.php http://89.45.67.131/smg/fre.php http://89.45.67.145/emy/fre.php ace.alasrglobal.com/ace/Panel/five/fre.php ace.alasrglobal.com/skinny/Panel/five/fre.php ace.alasrglobal.com/wise/Panel/five/fre.php ackh.ir/gabi/five/fre.php ackh.ir/hamid/five/fre.php ackh.ir/papa/five/fre.php ackh.ir/sp/five/fre.php adrack.us/wp-content/uploads/five/fre.php ahmad52sell.cf/admin/five/fre.php alexamondwonderltd.com/freeBrow/fre.php alpacham.com/ndretr5478/fre.php anitoid.alasrglobal.com/austine/five/fre.php araslanow.net/js/Panel/five/fre.php araslanow.net/wipadmin/Panel/five/fre.php awele.duckdns.org:1717/zip/fre.php babasoft.ooo/fre.php bapican.com/image/admin/Panel/five/fre.php blackdiamondsco.ae/bossftown/fre.php blackdiamondsco.ae/rooney/fre.php blackdiamondsco.ae/wogor/fre.php blogsports.com.ng/cli/Panel/five/fre.php brighten2.alasrglobal.com/file/bell/five/fre.php brighten2.alasrglobal.com/file/tin/five/fre.php brighten2.alasrglobal.com/file/vas/five/fre.php brighten.alasrglobal.com/file/do/five/fre.php britlite.ga/fade/type/fre.php bsales.cf/bs/Panel/five/fre.php bsales.cf/ft/Panel/five/fre.php cityhotel.ge/believe/five/fre.php cityhotel.ge/focus/five/fre.php cityhotel.ge/rozay/five/fre.php colnoygums.com/freg/fre.php cytanets-com.cf/philip/panel/fre.php cytanets-com.cf/qwertyu/panel/fre.php dandoesinternet.com/cis1406/tutorial10/fre.php dandoesinternet.com/cis1407/fre.php dandoesinternet.com/mobile/ch1/fre.php devhaevents.us/2415452354/242424/fre.php dutch-tour-guide-marrakech.com/app/Panel/five/fre.php eastlandproduce.us/.well-known/acme-challenge/over/raw/fre.php eholes.viewyoursite.co.uk/LucianoLokiPanel/fre.php emakqroup.tk/obi/panel/fre.php emakqroup.tk/sim/panel/fre.php embramedica.com.br/site/wp-content/plugnis/fre.php emoticon.tk/hcode/kmaster/fre.php e-ne1.com/Hab-Lok/fre.php eurobike1.cf/obinna/fre.php familyhealths.ga/cdi-directory/five/fre.php fascine-cemdene.com/wp/wp-includes/js/js/five/fre.php fasterre.gq/hcode/bazon/fre.php fojidedar.com/bazz/fojide2/fre.php fojidedar.com/fojide/fre.php fojidedar.com/soft/amadin/fre.php fox-lighting.ga/poop/club/fre.php freecaps.ml/over/jump/fre.php fruitfulmonth.tk/raphael/fre.php geranntibankasi.com/getyoui980/jertyui989/fre.php haksenlimited.com/slim/fre.php hamon.ir/mate/five/fre.php highstarsino.cf/anyi/fre.php hkenngr.com/herty987/letry78/fre.php homeduderezort.com/includes/1010/fre.php homeduderezort.com/includes/gator/fre.php homeduderezort.com/includes/nas/fre.php homefieldtech.com/anu/five/fre.php homefieldtech.com/box/five/fre.php homefieldtech.com/juke/five/fre.php homefieldtech.com/mzx/five/fre.php homefieldtech.com/Obo/five/fre.php homefieldtech.com/uok/five/fre.php housded.cf/hcode/azuka/fre.php icannsorg.com/icann2/five/fre.php icannsorg.com/icann/five/fre.php incitecpivot-au.com/mertyui567/kertli879/fre.php inout-me.ml/fixx/sure/fre.php inquire.website/images/five/fre.php isnmainpasedal.com/amb/fre.php jamespanel.tk/cole/fre.php jamespanel.tk/low/five2/fre.php jamespanel.tk/odee/fre.php joxax.privatedocuments.site/jox/loki/fre.php jvl-jp.co/ser567/gotert/fre.php katherinajetter.com/vxzc/Panel/fre.php katherinajetter.com/xzcsadwqe23/fre.php khanapenaband.com/jon/fre.php lablocks.site/Panel/five/fre.php laloderkozam.com/laloder2/five/fre.php laloderkozam.com/laloder3/five/fre.php laloderkozam.com/laloder4/five/fre.php launchgrowthtoday.download/bobo22/Panel/five/fre.php launchgrowthtoday.download/choo/Panel/five/fre.php launchgrowthtoday.download/jamike/Panel/five/fre.php logsession.space/citycenter/fashion/trending/fre.php lovaniacreative.com/wp-admin/js/inc/Panel/five/fre.php madlovert.ml/swanky/wp-content/uploads/Panel/five/fre.php magic1.cf/gat/fre.php magic3.ml/gozie/fre.php marksky.org/medosky/fre.php msa-fit.gq/sql/Panel/five/fre.php mxchlp.com/team/wide/fre.php namesnetworks.com/blog/educational/fre.php nextlevelshop.info/woldpress/logistics/Panel/five/fre.php nextwaveconsulting.com.au/Cpanel/Panel/five/fre.php novachim.ro/plugins/editors/five/fre.php nutgetsloversplay.usa.cc/wp-content/themes/twentyfifteen/Panel/five/fre.php oajandassociates.com/images/oajand/Panel/five/fre.php officebase.website/js/five/fre.php ojoboplaza.club/Angel/Panel/five/fre.php ojoboplaza.club/Drama/Panel/five/fre.php ojoboplaza.club/Man/Panel/five/fre.php onlyadoonbit.com/asji/fre.php opercomex.co/billionaire/kendra/fre.php orkaden.com/wp-includes/Text/me/fre.php panelhq.cf/jr/five/fre.php panelhq.gq/airforce/five/fre.php panelhq.gq/chelsea/five/fre.php panelhq.gq/gold/five/fre.php panelhq.gq/stars/five/fre.php profirst.com.vn/aug777/five/fre.php profirst.com.vn/aug/five/fre.php ptads.ml/pide/seed/fre.php punjabjaogi.com/Panel/fre.php qureshioffice.alasrglobal.com/admin7/bgn/sfe/fre.php qureshioffice.alasrglobal.com/admin/xxx/zzz/fre.php qureshioffice.alasrglobal.com/sam1/xknf/kdlt/fre.php reachmy90s.com/includes/Panel/five/fre.php rozedaro.com/administrator/Panel/five/fre.php saintechelon.tk/fre.php sccoast.tk/logs/panel/fre.php sccoast.tk/phil/panel/fre.php schooolcode.download/uk8k/Panel/five/fre.php shaktiorkatimo.com/symboss/fre.php shinyei-co.gq/cade/dope/fre.php sinomagnetor3.cf/anyi/fre.php soolitaytangya.com/blessed/Panel/five/fre.php sternpid.ga/firm/fost/fre.php strcutform.com/vinye/Panel/five/fre.php strijdbladen.ga/donstan/five/fre.php swaz.hanirnail.net/five/fre.php szccf361.com/flinkas260/fre.php theonlygoodman.com/eig/fre.php theonlygoodman.com/nin/fre.php tondice.flu.cc/images./45skele/fre.php tondice.flu.cc/images./imgs01sg-/fre.php tradelink.qa/aug/five/fre.php tutorialdnsstep1.com/admin/fre.php tutorialdnsstep1.com/toturial/fre.php uzocloudservers.gq/jeff/five/fre.php veloceqlobal.net/rain/hope/fre.php victoralifts.com/wpss/fre.php wapsihonaylo.com/wapsi3/five/fre.php wapsihonaylo.com/wapsi4/five/fre.php wapsihonaylo.com/wapsi/five/fre.php wcegroups.com/done/hont/fre.php westiles.ga/lope/coop/fre.php wiglelamberfo.com/eme/fre.php constantialiquidators.com/freg/fre.php crownventureintl.com/wip-admin/Panel/five/fre.php gardensun.ru/daily/fre.php gardensun.ru/eca/fre.php mysticalreflections.life/web-content/web/upgrade/wp_obtain/log/Panel/five/fre.php netgateway.top/panel/fre.php scoverykingdom.gq/jeff/five/fre.php semaprin.info/mi/fre.php sierracontrol.ru/cmd11/fre.php sierracontrol.ru/vipu/fre.php woelpuu.com/hertuyi/teryio/fre.php woelpuu.com/terypp/youip/fre.php zealsale.com.np/file/Panel/five/fre.php xsftruss.ml/edunew/fre.php ymwsolutions.com/testfilez/fre.php nawck.ml mitch-portal.tk sintrol.cf sirmitch.ml # Reference: https://myonlinesecurity.co.uk/slightly-different-lokibot-delivery-via-embedded-ole-objects-in-rtf-word-doc/ kikehraeein.com/web-obtain/file/web/log/Panel/five/fre.php # Reference: https://twitter.com/DynamicAnalysis/status/1034488992987860995 apidava.tk # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html szccf361.com # Reference: https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html 1113sophie.info 41230319.net cryptocoindigital.com kacakbahisfirmasi.com marryingmaldonado.com mywdn.com risu-nursery.com saurabh.online shiqiyingli.com sicknessfitness.com themonkeygrindervintage.com unsubchef.com win.link xn--vhq6e39ls7w.net zexpar.com # Reference: https://viriback.com/30-days-later-97-panels/ annamadums.ml/jazzy/PvqDq929BSx_A_D_M1n_a.php bellegin.ru/doncha10/pen.php bellegin.ru/don-cha11/pen.php bellegin.ru/oshok/pen.php bollingoes.ml/ngoes/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/blam/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/block/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/konvict/five/PvqDq929BSx_A_D_M1n_a.php braithwalte.co.uk/smith/five/PvqDq929BSx_A_D_M1n_a.php cadjetbums.ml/tbums/PvqDq929BSx_A_D_M1n_a.php domainsender.info/moon/five/PvqDq929BSx_A_D_M1n_a.php domainsender.info/sun/five/PvqDq929BSx_A_D_M1n_a.php dunysaki.ru/buch-x5/pen.php dunysaki.ru/doncha-2/pen.php dunysaki.ru/stephen/pen.php erintoba.info/bbbb/Panel/five/PvqDq929BSx_A_D_M1n_a.php eriousimen.ml/eriou/PvqDq929BSx_A_D_M1n_a.php finelets.ru/buch-x3/pen.php finelets.ru/buch-x4/pen.php finelets.ru/fankzu/pen.php gokuu.club/ckan/PvqDq929BSx_A_D_M1n_a.php gokuu.club/M/PvqDq929BSx_A_D_M1n_a.php joanread.ru/decap/pen.php joanread.ru/work-1/pen.php lidgeys.ru/buch-k/pen.php lidgeys.ru/buch-l/pen.php lidgeys.ru/buch-m/pen.php lidgeys.ru/buchX-1/pen.php lidgeys.ru/buch-x2/pen.php lidgeys.ru/eddy/pen.php papgon10.ru/davidm/pen.php papgon10.ru/don-12/pen.php papgon10.ru/don-one/pen.php papgon10.ru/kennyB-1/pen.php papgon10.ru/oshok-two/pen.php thousandan.ml/andan/PvqDq929BSx_A_D_M1n_a.php topreadz.ru/alexbe/pen.php topreadz.ru/doncha-3/pen.php topreadz.ru/willy-1/pen.php ultrainstinct.ru/file/exe/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/Dstan/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/hsp1/Panel/five/PvqDq929BSx_A_D_M1n_a.php unifarmex.net/nesto/Panel/five/PvqDq929BSx_A_D_M1n_a.php uy-akwaibom.ru/vinho/Panel/five/PvqDq929BSx_A_D_M1n_a.php vailablity.ml/vaila/PvqDq929BSx_A_D_M1n_a.php viettrust-vn.net/samii/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/home/five/PvqDq929BSx_A_D_M1n_a.php vopspyder.website/log/five/PvqDq929BSx_A_D_M1n_a.php wheelonexs.ml/wheel/PvqDq929BSx_A_D_M1n_a.php # Reference: https://github.com/stamparm/maltrail/pull/284#issuecomment-417861246 ajmanz.gq # Reference: https://twitter.com/DynamicAnalysis/status/1037472184636256256 theonlygoodman.com/fit/fre.php # Reference: https://twitter.com/nullcookies/status/1038235674565066757 crasemerzom.com # Reference: https://twitter.com/avman1995/status/1038285919219068928 http://99.198.127.106 blackdiamondsco.ae/test/fre.php # Reference: https://twitter.com/ViriBack/status/983011333506588672 # Reference: https://pastebin.com/nwWHHFe0 bartolini-system.net/loop/PvqDq929BSx_A_D_M1n_a.php logs.boxxta.website/ikol/five/PvqDq929BSx_A_D_M1n_a.php # Reference: https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html (Win.Dropper.Hploki-6682476-0) bvasetro.com com-logninsauthorize.info grm-group.info healinggoodness.com losmejorescrm.com mechakawaii.com mytechnik-beratung.com ptt-test.com testci20170903033002.net thlg8.com vintageontheline.com # Reference: https://pastebin.com/bEqJKZfZ strutitinca.ro/ftp/fre.php zenshinonline.ru/amb/fre.php zenshinonline.ru/eka/fre.php zenshinonline.ru/file/fre.php # Reference: https://www.maltiverse.com/sample/1ea139164e3525a5a4f3feb333551a806852cca40e49698fbf65d49bd4f7c27c loggerkeys-hosting.xyz # Reference: https://www.maltiverse.com/sample/16d06c604487ad96b04f226827dc033d61c80b345a323faee5c9d4a0b2a108d0 tananaislanoidd.ga # Reference: http://cybercrime-tracker.net/index.php?search=Lokibot corelis.group zenshinonline.ru harltdoors.com devhaevents.us grace4good.cf theonlygoodman.com premierevents.co.zw # Reference: https://twitter.com/ViriBack/status/1046391838448537601 # Reference: https://pastebin.com/4QRaU8T7 geranntibankasi.com/slowkizzy567/kertyui456/PvqDq929BSx_A_D_M1n_a.php hkenngr.com/herty987/letry78/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/dertyu987/treyuo9809/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/lerty67/loivet56/PvqDq929BSx_A_D_M1n_a.php incitecpivot-au.com/mertyui567/kertli879/PvqDq929BSx_A_D_M1n_a.php insightthk.com/hermonth/jerk/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki2/PvqDq929BSx_A_D_M1n_a.php insightthk.com/loki3/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/gert67/teryu7/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/nwokorie45777/fertyuoui/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sert67/tyuio98/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/sertyoup/latinoper90/PvqDq929BSx_A_D_M1n_a.php jvl-jp.co/slamp89/ketu56/PvqDq929BSx_A_D_M1n_a.php kaokao-twn.com/yerter/getyu/PvqDq929BSx_A_D_M1n_a.php karenandkarren.com/multi980/mertyui989/PvqDq929BSx_A_D_M1n_a.php kurarray.com/fertyuio/lopiytu/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuier/liouy56/PvqDq929BSx_A_D_M1n_a.php kurarray.com/loptyuio/lop0980/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/gertyu99/ertyu8/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/hertyuu89/menter67/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/kertyu767/jertyu657/PvqDq929BSx_A_D_M1n_a.php ledteroptyi.xyz/loipter/teryuop999/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/cash2/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/kelle/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/money/PvqDq929BSx_A_D_M1n_a.php lltagrain.com/tino/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki2/PvqDq929BSx_A_D_M1n_a.php oceanlinkmarrine.com/loki4/PvqDq929BSx_A_D_M1n_a.php oliverrbatlle.com/setyi98/etruo89/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/dertyuop345/teryup234/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/limitedmert/menter567/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/nertyoiu67/eartyuoiyue67/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/slamptiert5/fertyupw456/PvqDq929BSx_A_D_M1n_a.php phcc-india.com/startboi89234/netwer675/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/betstyui789/erty6786/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/fishyoiu/fishtery77/PvqDq929BSx_A_D_M1n_a.php pldtdsll.net/sertyu45/teryu34/PvqDq929BSx_A_D_M1n_a.php redsseammgt.com/loki5/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/hertioyu567/lertu789/PvqDq929BSx_A_D_M1n_a.php rmsalf.com/mentiyu98/letluy78/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/kogilop/yopuit77/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shakamally/loipy67/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/lokily89/werty6789/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/smello/ertyop009/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki4/PvqDq929BSx_A_D_M1n_a.php dersertlord.xyz/loki5/PvqDq929BSx_A_D_M1n_a.php sertencee.xyz/shunshuo/terrampeedar/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/serto99/jerty45/PvqDq929BSx_A_D_M1n_a.php siyaghasourccing.com/sertoiu/fertuiop/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopitre87/teryuio09/PvqDq929BSx_A_D_M1n_a.php slompbit.xyz/lopityrety/kerterty/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/hertuyi/teryio/PvqDq929BSx_A_D_M1n_a.php woelpuu.com/terypp/youip/PvqDq929BSx_A_D_M1n_a.php # Reference: https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ oceanlinkmarrine.com/loki1/fre.php oceanlinkmarrine.com/loki2/fre.php oceanlinkmarrine.com/loki3/fre.php oceanlinkmarrine.com/loki4/fre.php oceanlinkmarrine.com/loki5/fre.php # Reference: https://twitter.com/avman1995/status/1046751735971282944 nisol.ga/chika/fre.php # Reference: https://pastebin.com/AasLyArF monochromestr.site/fbm/encode.php # Reference: https://twitter.com/avman1995/status/1052426452187185153 octone.igg.biz/chri1/cgi.php # Reference: https://app.any.run/tasks/4515e611-f351-436b-982a-72229c1a1853 hmcrogenics.com # Reference: https://twitter.com/dvk01uk/status/1097767868874264576 /LL0/200g-xz/cat.php # Reference: https://twitter.com/dvk01uk/status/1097357708246896640 /kston/link.php # Reference: https://twitter.com/Securityinbits/status/1090893221754884100 /scott/link.php # Reference: https://twitter.com/Racco42/status/1027476386808848384 maxthon.duckdns.org sockets.duckdns.org # Reference: https://twitter.com/ps66uk/status/1062658307507273733 /sgbbu2/cat.php # Reference: https://twitter.com/illegalFawn/status/1113086451233755136 alexiwobi.ga dandyla1.ga # Reference: https://twitter.com/luc4m/status/1103214408682139648 aurelio.xyz # Reference: https://twitter.com/0_1_0_1_0_0_0_0/status/1116638803475746816 camopionari.cf dankasa.tk olododo.tk sweetreuyh.tk underneat.gq yriuiuteuieu.gq # Reference: https://twitter.com/pancak3lullz/status/1121057197914509312 /cka2/cat.php # Reference: https://twitter.com/JAMESWT_MHT/status/1134360866550439936 /m/2/cat.php # Reference: https://twitter.com/JayTHL/status/1124325778685087745 /lmark/atz/link.php # Reference: https://any.run/report/0159364dc4a13deea8595d019b3c1e44ca100690b3d7f2df7d79cfd86d4b36ce/03c9c9b6-a7fc-41fc-a6d1-6f35ec60f94a romelulukaku.tk/anyi/fre.php # Reference: https://any.run/report/ff2824a9281b5e0ecd4b90b7779a66dfa4453b143b1115e4a9019a2f859083e0/b6a22489-c558-44f8-92b7-c6f90b8c0920 liverfook.ml/tuneshi/fre.php # Reference: https://twitter.com/ViriBack/status/1134662952898965504 # Reference: https://pastebin.com/pkZ0TBnc beautynams.com begurtyut.info flmates.com hyoki-jp.top # Reference: http://tracker.viriback.com/ (# Lokibot) bridgecornenterprises.com doosantax.com unimasa.icu # Reference: https://www.virustotal.com/gui/ip-address/185.79.156.24/relations http://185.79.156.24 # Reference: https://twitter.com/P3pperP0tts/status/1135824585885196288 leorentacars.com # Reference: https://twitter.com/JAMESWT_MHT/status/1136248211654545408 gadujez.tk # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/lethatch.se%2Fnelpa%2Ffive%2Ffre.php lethatch.se # Reference: https://connect.security.ibm.com/app/threat-intelligence-insights/report/url/technosevregroup.com%2Fzxd%2Fpanel%2Ffre.php technosevregroup.com # Reference: https://github.com/runvirus/LokiPWS/blob/master/README.md offset7.com # Reference: https://twitter.com/James_inthe_box/status/1136674160862609408 execuitiveship.com # Reference: https://twitter.com/dvk01uk/status/1137999393158770688 exalumnosldea.cl # Reference: https://twitter.com/dms1899/status/1138742747773460482 mbh-co-uk.ml sas-agri.ml # Reference: https://twitter.com/dvk01uk/status/1138774057606926341 fantasticpipo.club # Reference: https://twitter.com/dvk01uk/status/1138775767171698690 ezigbo-mmadu.xyz # Reference: https://twitter.com/James_inthe_box/status/1138815213640114176 http://45.67.14.154 http://185.79.156.24 # Reference: https://twitter.com/dvk01uk/status/1139485923991785473 uehsjtsjksf.tk # Reference: https://twitter.com/dvk01uk/status/1139494526307975168 fraiser-campbell.ga # Reference: https://twitter.com/pancak3lullz/status/1139534936518594561 freecapes.com # Reference: https://twitter.com/JAMESWT_MHT/status/1140603897523949568 /kas/4/cat.php # Reference: https://twitter.com/dvk01uk/status/1140936638148820995 sparkickwears.ga # Reference: https://twitter.com/blackorbird/status/1141557021000552448 fileshareing.tk # Reference: https://twitter.com/x42x5a/status/1141970343818665984 007akin.top # Reference: https://twitter.com/Racco42/status/1141969102753423360 bichchats.top # Reference: https://twitter.com/Racco42/status/1143810986920599553 saculcin.top # Reference: https://twitter.com/x42x5a/status/1143895404527988736 tqe2009.com # Reference: https://twitter.com/dvk01uk/status/1144811922715549696 lionelibrahimovich.tk # Reference: https://twitter.com/dvk01uk/status/1146410395357339649 ayakkokulari.com # Reference: https://twitter.com/killamjr/status/1147113714132275200 openningsoonming.zapto.org # Reference: https://twitter.com/_odisseus/status/988303327090937857 # Reference: https://app.any.run/tasks/20ed9962-0799-4f3b-bfbf-6dd77e5b9979/ i876edw4e5f6tg78hy9tg7r6ftgiy8.erlivia.ltd # Reference: https://twitter.com/smica83/status/1149194882231209985 mbixch.site # Reference: https://twitter.com/Racco42/status/1149662812722978816 aliiff.com villaviras.com # Reference: https://twitter.com/hexlax/status/1149768235434352645 automatia.in lestonline.ga taleohio.ga # Reference: https://twitter.com/Paladin3161/status/1149639116125921284 kitchenraja.com # Reference: https://twitter.com/hexlax/status/1150113306545467393 bioconscolors.com # Reference: https://twitter.com/James_inthe_box/status/1151156619733921792 wupx.ga # Reference: https://twitter.com/reecdeep/status/1151737917259354113 ysvina-vn.com # Reference: https://app.any.run/tasks/69193d3f-ffe6-4db8-ba64-b408caeffde0 hotkey--cn.com # Reference: https://twitter.com/coderippers/status/1152188547253846016 orientsdelivery.xyz # Reference: https://twitter.com/reecdeep/status/1145960074046791680 eko-colors-pl.com # Reference: https://twitter.com/IdoNaor1/status/1152892001844629505 abulutari.tk # Reference: https://twitter.com/reecdeep/status/1153195564852547585 matbin.com # Reference: https://twitter.com/blackorbird/status/1155781572718546944 sparkickwears.ga # Reference: https://twitter.com/James_inthe_box/status/1155945383048011777 pitr0s.com # Reference: https://twitter.com/reecdeep/status/1157201656397860865 hochom-tw.com # Reference: https://twitter.com/Racco42/status/1157215058319040512 maviiletisim-com.tk # Reference: https://twitter.com/Racco42/status/1158765032299270144 kusumgar.cf # Reference: https://twitter.com/reecdeep/status/1158984342108090369 monastaybags.com # Reference: https://twitter.com/reecdeep/status/1159008913691435008 hilbizworld.top # Reference: https://twitter.com/reecdeep/status/1159438247208075264 hotkey--cn.com # Reference: https://twitter.com/reecdeep/status/1159446926196183045 teslaghane.com # Reference: https://twitter.com/reecdeep/status/1159833486817034241 sovamegroup.com # Reference: https://twitter.com/Paladin3161/status/1159984272897216513 quecik.info # Reference: https://twitter.com/reecdeep/status/1161226121515544576 sportyclik.com # Reference: https://twitter.com/reecdeep/status/1161220049413246977 sun-clear.net # Reference: https://twitter.com/reecdeep/status/1164074211213807616 confirm3.pw # Generic (callback) paths # Reference: https://twitter.com/hexlax/status/1157657573790814208 # Reference: https://pastebin.com/LHJrNpnV # Reference: https://pastebin.com/wHV90Sc2 /0sc9/cat.php /l3y0/cat.php /2leek/cat.php /50-red/cat.php /500two/cat.php /52006/link.php /atz/link.php /ch/link.php /jes/link.php /key/link.php /chri1/cgi.php /fbm/encode.php /ka22/cat.php /st3ph/cat.php /umgo2/cat.php /sail/cat.php /seems/cat.php /slek-b/cat.php /fre.php /3sx0z2.php /45_76_8.php /AklDq9M1n_a.php /BobBy929BSx_A_D_M1n_a.php /BobDq929BSx_A_D_M1n_a.php /ChiNa929BSx_A_D_M1n_a.php /CvqDq929BSx_A_D_M1n_a.php /DaqDq929BSx_A_D_M1n_a.php /EvqTq939BSx_B_D_D1p_a.php /IkeNn929BSx_A_D_M1n_a.php /KelDq929BSx_A_D_M1n_a.php /KelEc929BSx_A_D_M1n_a.php /KelEh929BSx_A_D_M1n_a.php /KenDq929BSx_A_D_M1n_a.php /Natyyx_A_D_M4n_a.php /NonYe929BSx_A_D_M1n_a.php /ObiNn929BSx_A_D_M1n_a.php /PceHq925BSx_L_B_M1n_a.php /PrCm98ArhvF_A_K_M2n_a.php /Pvq929sM1n_a.php /PvqDNINo_M1n_a.php /PvqDerereA_D_M1n_a.php /PvqDq929BSx_A_D_M1n_a.php /PvqDq92allin_a.php /PvqDq92nat1n_a.php /PvqDq9MAxxxoloa.php /PvqDq9ohhho_a.php /SliDq929BSx_A_D_M1n_a.php /SlqDq929BSx_A_D_M1n_a.php /SomAq929BSx_A_D_M1n_a.php /SsgDq929BSx_A_D_M1n_a.php /SsqDq929BSx_A_D_M1n_a.php /StaDq929BSx_A_D_M1n_a.php /StaRm929BSx_A_D_M1n_a.php /StaRq929BSx_A_D_M1n_a.php /TryNdie.php /Ttq929BSx_A_X_M11n_a.php /UpDated_X_T_N1q_a.php /VirGi929BSx_A_D_M1n_a.php /graceofgod-favour.php /okwy_A_D_server.php /panel_jee.php /pen.php # Reference: https://any.run/report/a234966b36ea3816665501b926ef6fe22f4e8ba90a80af0f66662c4cd4dba915/6a5e8f49-5529-4f67-a457-eab7a3f1635e scanchart-rny.com # Reference: https://any.run/report/49e77f3fa26d7427bc726783325c2729c666038e0c4546c87e5678adcadaa4a8/8c88a7b4-fac6-494f-aba2-142d845136a2 cbnid.net # Reference: https://twitter.com/DynamicAnalysis/status/1168991384457699329 clotiahs.info jiraiya.info zjvvymy.com # Reference: https://twitter.com/reecdeep/status/1169151595747127296 modcloudserver.eu # Reference: https://twitter.com/Mesiagh/status/1170048273366695936 # Reference: https://pastebin.com/kMXDsSNr 171.15.198.199:1443 # Reference: https://app.any.run/tasks/bf013836-f219-494b-a54b-e25c13a7a400/ ottappalam.com # Reference: https://www.fortinet.com/blog/threat-research/new-infostealer-attack-uses-lokibot.html palikyu.ml # Reference: https://twitter.com/reecdeep/status/1173492999457841154 mapsi-shipping.xyz # Reference: https://twitter.com/dvk01uk/status/1173464780159508480 svmarketingindia.com # Reference: https://twitter.com/Racco42/status/1173547031979278336 clotiahs.info # Reference: https://app.any.run/tasks/84841357-56f4-4d71-9f7b-4e5dde21edf7/ nucsquaremall.ga http://nucsquaremall.ga/~zadmin/lmark/ch/link.php # Reference: https://twitter.com/ninoseki/status/1175189790469189632 fatmazpharmc.com # Reference: https://app.any.run/tasks/6ecd4749-affb-4505-8b95-bd307a609be8/ handrass.co.rs/don/five/fre.php # Reference: https://any.run/report/397217271ce8684d24144b1eb612d6d45921573bb8cdd0e53fae1d44d2456a64/ff14e78f-0c45-45b0-b93e-8170121cc7de kaokao-twn.com # Reference: https://any.run/report/91628bad8c6b90dd333f850db85dcc2c313dbbccd84ecae45441b72c2a09603d/aba660a1-69bc-4f44-bc21-c962997baf13 barzaker1.tk # Reference: https://any.run/report/a2c93eb56dd983d63654dbbd82ee2967d1acb50f4fcd700ab3dfb7743fe64e9a/36fcc660-a97e-491f-9b05-af099620ac4c gruputsk.com # Reference: https://any.run/report/30e5e29f2e4e69e88032805b3cdfd8e86e48f6837a375f096263b86f9fe4de01/b5efffc2-b5b6-4e87-9958-4ab0e7c23db3 opercomex.co/php/webpanel/fre.php # Reference: https://any.run/report/c407bb7c069e983d20752c582476ab1606b4947724194f949ba90eefe9e05a24/9012e28b-9667-4070-9751-b3f2ef211d50 ponsse.site # Reference: https://any.run/report/050c206340ce8ea775797da9d55a250e488174d87d9529fb25db13a07168c471/8c33a2a5-51af-4547-bdb7-d5a3b93ea4c4 barzaker1.cf # Reference: https://any.run/report/1c0f62f0277289f74ffd1f03f5097f17a1e14494c4c612ed30aa2a9899759d3a/d4d20c0c-7aa3-449b-b365-8b2b9e243050 dtolnba.tk # Reference: https://any.run/report/78de464e43327ba4f9ef245c72e26b28e1fbd5175bccd15253fde852bd1eb61d/1a751b0b-e75f-4b67-829c-de5f1a86a932 megatradeinvestment.com # Reference: https://any.run/report/7e6b471d1fe43841b1c995df98e2feede05280d251f50fcf6b6f084ae902817a/9fd319fa-3e9d-4d15-8837-9b2d08fe6b8e 185.234.216.240/0x22/loki/fre.php # Reference: https://any.run/report/8897b096fa6661307bb3d2d97df155b2a4d673ee4e2e50ee37de23179a79afa6/e73a0ccf-14b0-4445-a00c-84076510d095 panelego018.info # Reference: https://any.run/report/7c7d40b6e024d074acb2aa9b21e60e5a2e132424cdd4f23432013cfadc368392/88ea1ed2-25ac-4786-86dc-a052020f6b2d 62.108.37.205/jeff/five/fre.php # Reference: https://any.run/report/af51d7d35c70e8572b1bf1bf7cac2f9c79da70920e972f5df338bd34b7908b51/17cb8efa-8ccb-4ccf-9e71-ca9cb30be138 jaobhaezrasam.com # Reference: https://any.run/report/da8cb79eb0b11f4c7e18890217c465afe508900d4d0fe029df10a08d7f50722e/28736ba8-2474-4fe3-9e7d-766ff32819f5 twosisterswine.com.au/admin/Panel/five/fre.php # Reference: https://any.run/report/856cfd8e4168c08f6382cc6a7a94f2812d40d09e4b5a17728f142c5bf1d7b892/76cc0b7e-1668-4fea-92db-47ce9f0e2d82 gracetime.tech # Reference: https://twitter.com/P3pperP0tts/status/1179292959172370433 onlygoodm.com # Reference: https://app.any.run/tasks/2bd648b0-c9cd-45a1-ac4b-3c253c2c01aa/ peaches19.com # Reference: https://twitter.com/Racco42/status/983258396664229888 ritsuninfra.in