SHARE
TWEET

2016-12-16 Locky "Message from RNP00xxxxxxxxxx"

Racco42 Dec 16th, 2016 145 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2016-12-16: #locky email phishing campaign "Message from RNP00xxxxxxxx"
  2.  
  3. Email sample:
  4. ---------------------------------------------------------------------------------------------------------------------
  5. From: <donotreply@[REDACTED]>
  6. Subject: Message from "RNP002CE0A34F45"
  7. To: [REDACTED]
  8. Date: Fri, 16 Dec 2016 18:45:34 +0700
  9.  
  10. This E-mail was sent from "RNP002CE0A34F45" (Aficio MP 2352).
  11.  
  12. Scan Date: Fri, 16 Dec 2016 18:45:34 +0700)
  13. Queries to: [REDACTED]
  14.  
  15. Attachment: 20161216184534653_0004.docm
  16. ---------------------------------------------------------------------------------------------------------------------
  17. - sender address is donotreply@<recepient's domain>
  18. - subject is "Message fom "RNP00<10 hexa chars>"
  19. - attached file "20161216<7-8 digits>_<3-4 digits>.docm" is a Microsoft Word document with malicious macro that will download malware
  20.  
  21. URLs, malware etc ... are same as in "Attached document" campaign http://pastebin.com/a24a6vcm
RAW Paste Data
Top