API tools faq
paste
Advertisement
Racco42

Locky "988g765f"

Racco42
Aug 8th, 2016
1,606
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.24 KB | None | 0 0
raw download clone embed print report diff
  1. 2016-08-08 #locky email phishing campaign "988g765f"
  2.  
  3. Email sample (sender domain is same as recepients, subject varies; begins with Emailing, Attached, Copy or File):
  4. -----------------------------------------------------------------------
  5. From: "Dolly" <Dolly23@[REDACTED]>
  6. To: [REDACTED]
  7. Subject: Copy: Photo(61)
  8.  
  9. [NO EMAIL BODY]
  10. -----------------------------------------------------------------------
  11. Attachment: "Photo(61).zip", containing "PictureXXX.wsf"; a JScript downloader
  12.  
  13. Download sites (actual download URL also coontains random suffix e.g. ?PaAuxNPFQdk=bSTvQC):
  14. http://alpeteglio.it/988g765f
  15. http://armada-kar.nichost.ru/988g765f
  16. http://books-bsu-pd.atspace.org/988g765f
  17. http://bork-sh.vitebsk.by/988g765f
  18. http://expresso-sf.com.br/988g765f
  19. http://haha8.web.fc2.com/988g765f
  20. http://j-morin.fr/988g765f
  21. http://juegos-sb.atspace.com/988g765f
  22. http://keramago.web.fc2.com/988g765f
  23. http://lunaparkperugia.it/988g765f
  24. http://meguriau.koiwazurai.com/988g765f
  25. http://nflfootballpool.ca/988g765f
  26. http://nikiforov.dax.ru/988g765f
  27. http://w47hqoozb.homepage.t-online.de/988g765f
  28. http://www.acansorga.it/988g765f
  29. http://www.azetapiemonte.it/988g765f
  30. http://www.giuni.it/988g765f
  31. http://www.gonimar.onored.com/988g765f
  32. http://www.lafoce-nonsolovino.it/988g765f
  33. http://www.luigi-varsalona.net/988g765f
  34. http://www.plancho.de/988g765f
  35. http://www.telsiel.com/988g765f
  36. http://www.www.www.www.lappeenrannankalevalaisetnaiset.net/988g765f
  37. http://yosi.sa-suke.com/988g765f
  38. http://zsnbystre.republika.pl/988g765f
  39.  
  40. Added:
  41. http://allrinku.web.fc2.com/988g765f
  42. http://del-sieradz.neostrada.pl/988g765f
  43. http://jk1109.cafe24.com/988g765f
  44. http://pogotowie.pcserwis.c0.pl/988g765f
  45. http://fieldtennis.web.fc2.com/988g765f
  46.  
  47. Added:
  48. http://optimaalopgewicht.nl/988g765f
  49.  
  50. Added:
  51. http://meguriau.koiwazurai.com/988g765f
  52. http://www.pasquaautonoleggi.it/988g765f
  53.  
  54. Malware:
  55. Encrypted: ce07b01c56c3a377e9a2cf8bf04d8741a4b10a926bdd536bbe28255627c97c7e
  56. Decrypted: a8538c61746c690fe5e91999533d68068db0dc16d6f24dc290e952f808262f4b
  57.  
  58. https://www.reverse.it/sample/5ea729545359fe199a1ace2d525488c667b5c096f55838ef9a9eb8132936c4a7?environmentId=100
  59. C2s:
  60. 185.129.148.19:80/php/upload.php
  61. 91.219.28.66:80/php/upload.php
  62. (vkhfytd.xyz) 188.166.150.176:80/php/upload.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!