Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *Email sample*
- _Subject_: Re:
- _Body_:
- Dear ...:
- Please find attached our invoice for services rendered and additional disbursements in the above-
- mentioned matter.
- Hoping the above to your satisfaction, we remain.
- Sincerely,
- Doyle Alvarado
- Divisional Finance Director
- In attachment a zip archive with a javascript file. No difference from previous campaign [1] spotted.
- Javascript sample - MD5: b83ef684529156e0bce902dc8da9c72e
- VT: 2/56 - https://virustotal.com/en/file/58854ba6819996ab0700f4ccb95ed7b8cc72ff57ac6b89f3d4c93ef6a6219d70/analysis/
- *Compromised domains (47)*:
- akdenizozalit.com/ ixoxi
- allchannel.net/ lue6c4
- aloprint.com/ bk0f2
- arabian-star.com/ nay7jq7
- beluxfurniture.com/ 0jcxx
- clerici.info/ g1sd5d59
- depaardestal.nl/ z5htsm
- ding-a-ling-tel.com/ bazk3kao
- easysupport.us/ fl85xie
- ekonova.nazwa.pl/ wc0coj
- ft.dol.za.pl/ ymsikgp7
- fuji-mig.com/ awcigpa1
- futuretech-iq.net/ koqpy
- handicraftmag.com/ mrihc
- heavenboundministry.com/ i7a59qj
- hrlpk.com/ s5ibqz1
- hyip-all.com/ 9qwmc65
- iminlife.com/ cqoanbzr
- infocuscreative.net/ didt48j
- innatesynergy.com/ mrgdve3
- jasoncoroy.com/ szlzqni
- kitchenconceptagra.com/ 5s9xb7j
- komplettraeder-24.de/ w61qx92
- marxforschung.de/ tt18a
- modelestrazackie.za.pl/ zfww8nx
- otolocphat.com/ bv2n241r
- passagegoldtravel.com/ bqugo3qb
- pawelbuczynski.za.pl/ z1q8u
- percorsipsicoarte.com/ 6gz707c
- pub-voiture.com/ dcsjrjm
- racedayworld.com/ 808k8pd
- reginamargherita96.net/ hhtvomcw
- rzezba-bierowiec.za.pl/ y7fbo1a
- samrhamburg.com/ jrh9b
- scpremiumbikes.com/ 3y1b0n4s
- searchforamy.com/ 1fz0k9kp
- stbb.pt/ z59ifwj
- stckwt.net/ p4jlk
- testfacility.awsome.pl/ zc73v
- totalsportnetwork.com/ kpbrp2mq
- ugmp.nazwa.pl/ xkhhf2n
- unitedprogamers.za.pl/ ylxt67
- vantagenetsvc.com/ a7xssz
- vinabuhmwoo.com/ 69udv
- wasearch.us/ 6mm3hk
- wbksis.com/ 5mxl28il
- yourworshipspace.com/ a3py3w
- *Sampled downloaded and decoded*:
- File Name: 1pqsLqX45.exe
- MD5: 0bf7315a2378d6b051568b59a7a0195a
- VT 7/55 - https://virustotal.com/en/file/653fb7c2c76c68d7a71307863f5025ee0f28faf850ca91e1581e3746695ecd55/analysis/
- [1]: https://reaqta.com/2016/05/locky-ransomware-new-loader/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
