Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-05-24: #jaff email phishing campaign "IMG_xxxx.pdf"
- Download sites:
- http://abcenglishclub.com/FsMflooY
- http://b.cms-hosting.by/FsMflooY
- http://better57toiuydof.net/af/FsMflooY
- http://billiginurlaub.com/FsMflooY
- http://david-faber.de/FsMflooY
- http://digital-helpdesk.com/FsMflooY
- http://dogplay.co.kr/FsMflooY
- http://ecoeventlogistics.com/FsMflooY
- http://elateplaza.com/FsMflooY
- http://electron-trade.ru/FsMflooY
- http://hr991.com/FsMflooY
- http://jinyuxuan.de/FsMflooY
- http://khaosoklake.com/FsMflooY
- http://minnessotaswordfishh.com/af/FsMflooY
- http://olgasmile.ru/FsMflooY
- http://oliverkuo.com.au/FsMflooY
- http://pcflame.com.au/FsMflooY
- http://tabelaistanbul.net/FsMflooY
- http://tbhomeinspection.com/FsMflooY
- http://tdtuusula.com/FsMflooY
- http://uslugitransportowe-warszawa.pl/FsMflooY
- http://williams-fitness.com/FsMflooY
- Malware:
- - encoded on download SHA256 aa8ec3a016b5f12a5974a0c46aba8a3c3c4e4b6753c0e58705e15a73d0a7c234, MD5 be60ac06c22159319bd757e0c35be957
- - decode by XORing the data with key 1pBtVh8rkqQb9luW406gBgOR2UHpDVGI
- - decoded SHA256 077b498d9cc163e1ff5547e1abd625b8655f0339cb5e79d64c2ded17abb9e425, MD5 c9c897215e6f805eaf03ad56afd6e331
- - sample https://www.virustotal.com/en/file/077b498d9cc163e1ff5547e1abd625b8655f0339cb5e79d64c2ded17abb9e425/analysis/1495620406/
- C2:
- http://y887drossetorling.info/a5/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
