LokiLocker Inactive

Ransomware group first observed in 2024. Uses 7-Zip for deployment.
PDF Report Back to Groups
0
Total Victims
2024-09-01
First Seen
2025-06-17
Last Seen
0
Known TTPs
28.3d
Avg Delay
0
Negotiations
ONION URLS
l7tjxjpaihc7uija2z2xogkppndqqce7g4wvdykgzp2vv6nl5gv6s3oa.onion
TOOLS
7-Zip Cobalt Strike ngrok
FILE EXTENSIONS
.enc
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded

No TTPs data

No YARA rules

TypeValueDescriptionCopy
tox A6B407447D3D25B1FBAC66EF874A5320FE2BFABFC99AA274D73ACB8EC2CA1CFCBF1418D0C9C2 Associated with LokiLocker ransomware
sha256 a36367b1adda4b22d36846e3b809cfa288e9c5b6a0969ad4cbad09dc8668801f Associated with LokiLocker ransomware
btc bc1q3zeyobgr4qymwvk7kypr2irnlcabwx3mp5hi2z Bitcoin ransom address - LokiLocker campaign
md5 fce3ea025cd9ccf79d801272c51b2456 Malware sample hash observed in LokiLocker attacks
ip 130.210.79.222 C2 server IP - LokiLocker campaign
sha256 dd7a6e3c26d0cadf553dd644a86fa8d2bbea7f5d65cce5358bc24477a5a2b901 Infrastructure linked to LokiLocker
tox 8D34EE1AB832DD1EBF8CD46D6FFC9C48C603DB9D4DBFF449FA86F8C41C7AF041EE98FE7E810A Infrastructure linked to LokiLocker
md5 fd5197b3e084ee161c4675e8ebba4a5e Infrastructure linked to LokiLocker
sha256 a047c3d13b3960a7a3b463313165fbaee0d7270b208ec80c61e2c1b26534c367 Infrastructure linked to LokiLocker

No ransom notes