Tag: Loki

batlxt.org Loki Bot (Hosted in Russian Federation Moscow Mail.ru Llc)

Uncategorized

Domain name : batlxt.org IP :  95.163.214.100 URL : http://batlxt.org/y8x/pin.php Steals Credentials From Local FTP Client Softwares : C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml C:\Users\user\AppData\Roaming\Far Manager\Profile\PluginsData\42E4AEB1-A230-44F4-B33C-F195BB654931.db C:\Program Files (x86)\FTPGetter\Profile\servers.xml C:\Users\user\AppData\Roaming\FTPGetter\servers.xml C:\Users\user\AppData\Roaming\Estsoft\ALFTP\ESTdb2.dat key: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts key: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts key: HKEY_CURRENT_USER\Software\Ghisler\Total Commander key: HKEY_CURRENT_USER\Software\LinasFTP\Site Manager Sample : hxxp://107.189.10.150/HT/7845100.jpg Hosting infos: hxxp://whois.domaintools.com/95.163.214.100

kdotraky.com(Loki Bot Hosted In Shinjiru MSC Sdn Bhd)

Uncategorized

Sample here : hxxp://kdotraky.com/kat/herbpc.exe Panel here : hxxp://kdotraky.com/temp/ All directories listing here : hxxp://kdotraky.com/ Contacted hosts : hxxp://kdotraky.com/dot/shalwa.exe hxxp://continentalrnovers.com/ hxxp://kdotraky.com/kat hxxp://kdotraky.com/kat/herbpc.exe hxxp://kdotraky.com/temp/Panel/five/fre.php Hosting info : http://whois.domaintools.com/101.99.75.184