{ "type": "Domain", "indicator": "loki.help", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/loki.help", "alexa": "http://www.alexa.com/siteinfo/loki.help", "indicator": "loki.help", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3349046717, "indicator": "loki.help", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "68d752a02fe9fb45e82adcee", "name": "TI Advisory No-ESAF-SOC-TI-320", "description": "\"The ransomware compromises confidentiality by encrypting sensitive files, while integrity is\nundermined by data tampering through forced extensions and ransom note injection.\nAvailability is critically affected when files are locked and, if ransom remains unpaid, the Master\nBoot Record is overwritten, rendering the system inoperable. Authentication mechanisms are\nbypassed via persistence and unauthorized scheduled tasks, ensuring continuous attacker\ncontrol.\"", "modified": "2025-09-27T02:57:36.979000", "created": "2025-09-27T02:57:36.979000", "tags": [], "references": [ "Cyber Threat Advisory - New Ransomware Profile LokiLocker Ransomware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Abinsiby12345", "id": "358730", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 42, "FileHash-SHA256": 39, "domain": 6, "email": 52 }, "indicator_count": 184, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "246 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a2c17363fdfb72ab1d3", "name": "Conti Group IOCs (March 2022) with other Ransomware Indicators", "description": "", "modified": "2023-12-06T14:50:20.091000", "created": "2023-12-06T14:50:20.091000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "FileHash-SHA1": 327, "email": 67, "FileHash-MD5": 51, "FileHash-SHA256": 121, "URL": 19, "hostname": 20 }, "indicator_count": 954, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a0ebac8772c2a67c7e9", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:49:50.754000", "created": "2023-12-06T14:49:50.754000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570844f02a76f986c48cf20", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:19.464000", "created": "2023-12-06T14:25:19.464000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570844a3b4a08f43446898a", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:14.362000", "created": "2023-12-06T14:25:14.362000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708445e5d8848f75e580ce", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:09.808000", "created": "2023-12-06T14:25:09.808000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708407a5cf4c0504fd0357", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:24:07.941000", "created": "2023-12-06T14:24:07.941000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657084050011524abcdf1bdf", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:24:04.080000", "created": "2023-12-06T14:24:04.080000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6242ff76ccf35c60b225e7c4", "name": "Conti Group IOCs (March 2022) with other Ransomware Indicators", "description": "Here are the latest indicators of attack for the Conti group (March 2022) including IOCs for Redline Stealer, Lockbit, BazarLoader, among others.", "modified": "2022-04-28T00:00:15.198000", "created": "2022-03-29T12:45:42.136000", "tags": [ "ransom", "bazarloader", "lockbit", "lokilocker", "Redline" ], "references": [], "public": 1, "adversary": "Conti Group", "targeted_countries": [], "malware_families": [ { "id": "Ransom:Win32/LockBit", "display_name": "Ransom:Win32/LockBit", "target": "/malware/Ransom:Win32/LockBit" }, { "id": "ALF:Trojan:MSIL/LokiLoader", "display_name": "ALF:Trojan:MSIL/LokiLoader", "target": null }, { "id": "Loki", "display_name": "Loki", "target": null }, { "id": "TEL:Trojan:Win32/BazarLoader", "display_name": "TEL:Trojan:Win32/BazarLoader", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Redline", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Redline", "target": null }, { "id": "ALF:HeraklezEval:PWS:MSIL/RedLine", "display_name": "ALF:HeraklezEval:PWS:MSIL/RedLine", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Mitchell.Darnell", "id": "165445", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 67, "domain": 349, "FileHash-MD5": 51, "FileHash-SHA1": 327, "FileHash-SHA256": 121, "URL": 19, "hostname": 20 }, "indicator_count": 954, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "1494 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623dc649bd28a75d3180c68b", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T13:40:25.411000", "tags": [ "lokilocker", "lockbit", "cor20 metadata", "drops", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null }, { "id": "Drops", "display_name": "Drops", "target": null }, { "id": "COR20 MetaData", "display_name": "COR20 MetaData", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 62, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6233e2f0db3b7a843b869753", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2022-04-17T00:01:27.728000", "created": "2022-03-18T01:40:00.311000", "tags": [ "lokilocker", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "caralin0702", "id": "73972", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 102, "modified_text": "1505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62344fb3a21ccc45cc1c76b6", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-17T00:01:27.728000", "created": "2022-03-18T09:24:02.998000", "tags": [ "lokilocker", "lockbit", "cor20 metadata", "drops", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null }, { "id": "Drops", "display_name": "Drops", "target": null }, { "id": "COR20 MetaData", "display_name": "COR20 MetaData", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rishadarakkal", "id": "183757", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 52, "modified_text": "1505 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623346b35e2416503cd10f92", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-16T00:04:53.479000", "created": "2022-03-17T14:33:22.865000", "tags": [ "lokilocker", "raas", "NetGuard" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "BinaryDefense", "id": "111374", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_111374/resized/80/avatar_ca13c2b840.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 272, "modified_text": "1506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6231f5ad9724f041542667df", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-16T14:35:25.294000", "tags": [ "lokilocker", "lockbit", "cor20 metadata", "drops", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null }, { "id": "Drops", "display_name": "Drops", "target": null }, { "id": "COR20 MetaData", "display_name": "COR20 MetaData", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jackl3-3", "id": "40027", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 86, "modified_text": "1507 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6231f5af4430c8dc60822ef8", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-15T00:03:47.669000", "created": "2022-03-16T14:35:27.512000", "tags": [ "lokilocker", "lockbit", "cor20 metadata", "drops", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null }, { "id": "Drops", "display_name": "Drops", "target": null }, { "id": "COR20 MetaData", "display_name": "COR20 MetaData", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jackl3-3", "id": "40027", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 86, "modified_text": "1507 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "61d569c5ff13a4ed2dd30458", "name": "Loki Locker Ransomware - Decryption, removal, and lost files recovery (updated)", "description": "Loki Locker ransomware is a type of malware that encrypts files and demands a ransom to decrypt them, causing damage to computer systems and sending them to the attackers' email addresses and text messages.", "modified": "2022-01-05T09:49:57.537000", "created": "2022-01-05T09:49:57.537000", "tags": [ "loki locker", "waldo", "qewe", "phobos", "windows", "onedrive", "combo cleaner", "restore", "screenshot", "microsoft", "desktop", "pictures", "c279f237", "peertopeer", "ransomware", "cleaner", "virustotal", "cyber", "loki", "bitcoin", "dharma", "crysis", "tools", "click", "explorer", "copy" ], "references": [ "https://www.pcrisk.com/removal-guides/21572-loki-locker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Loki Locker", "display_name": "Loki Locker", "target": null }, { "id": "Windows", "display_name": "Windows", "target": null }, { "id": "Phobos", "display_name": "Phobos", "target": null }, { "id": "Qewe", "display_name": "Qewe", "target": null }, { "id": "WALDO", "display_name": "WALDO", "target": null } ], "attack_ids": [ { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1052", "name": "Exfiltration Over Physical Medium", "display_name": "T1052 - Exfiltration Over Physical Medium" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "demoextraa", "id": "176114", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "email": 21 }, "indicator_count": 22, "is_author": false, "is_subscribing": null, "subscriber_count": 57, "modified_text": "1607 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.pcrisk.com/removal-guides/21572-loki-locker-ransomware", "Cyber Threat Advisory - New Ransomware Profile LokiLocker Ransomware.pdf", "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Conti Group" ], "malware_families": [ "Loki", "Cor20 metadata", "Phobos", "Tel:trojan:win32/bazarloader", "Loki locker", "Ransom:win32/lockbit", "Lockbit", "Alf:heraklezeval:trojan:msil/redline", "Waldo", "Alf:trojan:msil/lokiloader", "Windows", "Lokilocker", "Qewe", "Alf:heraklezeval:pws:msil/redline", "Drops" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "68d752a02fe9fb45e82adcee", "name": "TI Advisory No-ESAF-SOC-TI-320", "description": "\"The ransomware compromises confidentiality by encrypting sensitive files, while integrity is\nundermined by data tampering through forced extensions and ransom note injection.\nAvailability is critically affected when files are locked and, if ransom remains unpaid, the Master\nBoot Record is overwritten, rendering the system inoperable. Authentication mechanisms are\nbypassed via persistence and unauthorized scheduled tasks, ensuring continuous attacker\ncontrol.\"", "modified": "2025-09-27T02:57:36.979000", "created": "2025-09-27T02:57:36.979000", "tags": [], "references": [ "Cyber Threat Advisory - New Ransomware Profile LokiLocker Ransomware.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Abinsiby12345", "id": "358730", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 42, "FileHash-SHA256": 39, "domain": 6, "email": 52 }, "indicator_count": 184, "is_author": false, "is_subscribing": null, "subscriber_count": 21, "modified_text": "246 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a2c17363fdfb72ab1d3", "name": "Conti Group IOCs (March 2022) with other Ransomware Indicators", "description": "", "modified": "2023-12-06T14:50:20.091000", "created": "2023-12-06T14:50:20.091000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 349, "FileHash-SHA1": 327, "email": 67, "FileHash-MD5": 51, "FileHash-SHA256": 121, "URL": 19, "hostname": 20 }, "indicator_count": 954, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708a0ebac8772c2a67c7e9", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:49:50.754000", "created": "2023-12-06T14:49:50.754000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570844f02a76f986c48cf20", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:19.464000", "created": "2023-12-06T14:25:19.464000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570844a3b4a08f43446898a", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:14.362000", "created": "2023-12-06T14:25:14.362000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708445e5d8848f75e580ce", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:25:09.808000", "created": "2023-12-06T14:25:09.808000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708407a5cf4c0504fd0357", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:24:07.941000", "created": "2023-12-06T14:24:07.941000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657084050011524abcdf1bdf", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "", "modified": "2023-12-06T14:24:04.080000", "created": "2023-12-06T14:24:04.080000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA256": 50, "FileHash-SHA1": 26, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6242ff76ccf35c60b225e7c4", "name": "Conti Group IOCs (March 2022) with other Ransomware Indicators", "description": "Here are the latest indicators of attack for the Conti group (March 2022) including IOCs for Redline Stealer, Lockbit, BazarLoader, among others.", "modified": "2022-04-28T00:00:15.198000", "created": "2022-03-29T12:45:42.136000", "tags": [ "ransom", "bazarloader", "lockbit", "lokilocker", "Redline" ], "references": [], "public": 1, "adversary": "Conti Group", "targeted_countries": [], "malware_families": [ { "id": "Ransom:Win32/LockBit", "display_name": "Ransom:Win32/LockBit", "target": "/malware/Ransom:Win32/LockBit" }, { "id": "ALF:Trojan:MSIL/LokiLoader", "display_name": "ALF:Trojan:MSIL/LokiLoader", "target": null }, { "id": "Loki", "display_name": "Loki", "target": null }, { "id": "TEL:Trojan:Win32/BazarLoader", "display_name": "TEL:Trojan:Win32/BazarLoader", "target": null }, { "id": "ALF:HeraklezEval:Trojan:MSIL/Redline", "display_name": "ALF:HeraklezEval:Trojan:MSIL/Redline", "target": null }, { "id": "ALF:HeraklezEval:PWS:MSIL/RedLine", "display_name": "ALF:HeraklezEval:PWS:MSIL/RedLine", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Mitchell.Darnell", "id": "165445", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 67, "domain": 349, "FileHash-MD5": 51, "FileHash-SHA1": 327, "FileHash-SHA256": 121, "URL": 19, "hostname": 20 }, "indicator_count": 954, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "1494 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "623dc649bd28a75d3180c68b", "name": "New Ransomware Family Identified: LokiLocker RaaS Targets Windows Systems", "description": "A new strain of ransomware called LokiLocker has been identified by BlackBerry Threat Intelligence and is likely to be released in the next few months or even more, but its origins are unclear, so far.", "modified": "2022-04-24T00:01:15.470000", "created": "2022-03-25T13:40:25.411000", "tags": [ "lokilocker", "lockbit", "cor20 metadata", "drops", "loki", "koivm", "checker", "raas", "tactic", "norse mythology", "windows pcs", "locky", "lokibot", "confuserex" ], "references": [ "https://blogs.blackberry.com/en/2022/03/lokilocker-ransomware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "LokiLocker", "display_name": "LokiLocker", "target": null }, { "id": "Drops", "display_name": "Drops", "target": null }, { "id": "COR20 MetaData", "display_name": "COR20 MetaData", "target": null }, { "id": "LockBit", "display_name": "LockBit", "target": null } ], "attack_ids": [ { "id": "T1135", "name": "Network Share Discovery", "display_name": "T1135 - Network Share Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1561", "name": "Disk Wipe", "display_name": "T1561 - Disk Wipe" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "manuelzepeda", "id": "102853", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 26, "FileHash-SHA1": 26, "FileHash-SHA256": 50, "domain": 16 }, "indicator_count": 118, "is_author": false, "is_subscribing": null, "subscriber_count": 62, "modified_text": "1498 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "loki.help", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "loki.help", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780249617.6715724 }