API tools faq
paste
Advertisement
Antelox

New Locky distribution sites - 23/06/2016

Antelox
Jun 23rd, 2016
666
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report diff
  1. *Email sample*
  2.  
  3. _Subject_: Final version of the report
  4.  
  5. _Body_:
  6.  
  7. Dear [NAME],
  8.  
  9. Lance Davis asked me to send you the attached Word document, which contains the final version of the report.
  10. Please let me know if you have any trouble with the file, and please let Lance know if you have any questions about the contents of the report.
  11.  
  12.  
  13. Kind regards
  14.  
  15. Faith Leonard
  16. Chief Executive Officer
  17.  
  18.  
  19. In attachment a zip archive with a javascript file.
  20.  
  21. Javascript sample - MD5: c4b65cb100b08a3e3b366ccf7c161dc9
  22. VT: 1/55 - https://www.virustotal.com/en/file/3fe9169a286bcedc3c7ba1da0160dded07af0540211ed32c6144cc4435f4a42e/analysis/
  23.  
  24. *Compromised domains (49)*:
  25.  
  26. 3141592.ru/ wyesvj
  27. 4k18.com/ u69f97
  28. aberfoyledental.ca/ 6dil05
  29. abligl.com/ 8v62l4i4
  30. adbm.co.uk/ 1o2wejz
  31. angeelle.nichost.ru/ y6s1y9h
  32. arogyaforhealth.com/ jujg6ru
  33. atlantaelectronics.co.id/ quv7rcc1
  34. babycotsonline.com/ ph42q6ue
  35. barum.de/ c2blg
  36. beautifulhosting.com.au/ rxn80
  37. bilgoray.com/ vi5sfu
  38. bobbysinghwpg.com/ pdqcqlnr
  39. boranwebshop.nl/ ggc7ld
  40. bptec.ir/ kvk9leho
  41. cameramartusa.info/ xrfpm
  42. capitalwomanmagazine.ca/ 6k1oig
  43. century21keim.com/ c7xb2xy
  44. certifiedbanker.org/ obmv6590
  45. cg.wandashops.com/ evqbfwkx
  46. clients.seospell.co.in/ fkn67zy
  47. climairuk.com/ h32k491o
  48. climatizareonline.ro/ azkqs
  49. cond.gribochechki.ru/ zibni
  50. dentalshop4you.nl/ m22brjfz
  51. disneyexperience.com/ psyyhe
  52. elviraminkina.com/ ojyq1
  53. empiredeckandfence.com/ h2uppib
  54. euro-support.be/ rdl3n7u
  55. focolareostuni.it/ 0k2ren
  56. freesource.su/ ijugasq1
  57. grantica.ru/ 6hjli
  58. honeystays.co.za/ siu2k
  59. ideograph.com/ k7qfsxx
  60. imetinyang.za.pl/ 74hd4by5
  61. immoclic.o2switch.net/ styvuwti
  62. jd-products.nl/ xjld131
  63. karl-lee.se/ x23ft
  64. margohack.za.pl/ wkiokl
  65. matvil8.freehostia.com/ 64tmb1
  66. mycreativeprint.com/ mqib9te
  67. oakashandthorn.charybdis.seedboxes.cc/ f7ge4y3k
  68. promoresults.com.au/ gx4al
  69. redpower.com.au/ xlkdld
  70. tip.ub.ac.id/ k2e32vh
  71. www.centroinfantilelmolino.com/ 60wfh
  72. www.darkhollowcoffee.com/ oqlyd9m
  73. www.ellicottcitypediatrics.com/ 7d6sdl
  74. www.keven.site.aplus.net/ fmlonxl
  75.  
  76. *Sampled downloaded and decoded*:
  77.  
  78. File Name: 9oaELw13vFr7w.exe
  79. MD5: 4d48a039371d95e49b8ef7c4e2459946
  80. VT 4/56 - https://virustotal.com/en/file/e5a6828f732bea6b66c4f6d850b235f6c1f139b10f8d9f2c3760298cfd88c163/analysis/
  81.  
  82. For this campaign the argument passed to the Locky dropper is no more 123 but 321. Credit to @siri_urz
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!