API tools faq
paste
Advertisement
Racco42

Locky "Documents Requested"

Racco42
Aug 9th, 2016
1,969
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.39 KB | None | 0 0
raw download clone embed print report
  1. 2016-08-09 #locky email phishing campaign "Documents Requested" / "09uh8ny"
  2.  
  3. Email sample (recepient address is from the same domain as the sender; subject can also have RE: or FW: prefix):
  4. --------------------------------------------------------------------------------------
  5. From: "Marcelo"
  6. To: [REDACTED]
  7. Subject: FW: Documents Requested
  8.  
  9. Dear [REDACTED]
  10.  
  11. Please find attached documents as requested.
  12.  
  13. Best Regards,
  14. Marcelo
  15. --------------------------------------------------------------------------------------
  16. Attachment "Untitled(06).docm", macro enabled MS Word document that downloads 2nd stage from:
  17.  
  18. Download locations:
  19. http://flirtchat.atspace.com/09uh8ny
  20. http://jooob.web.fc2.com/09uh8ny
  21. http://rebolyschool.iso.karelia.ru/09uh8ny
  22. http://rot-solutions.com/09uh8ny
  23. http://rovd.vov.ru/09uh8ny
  24. http://sb-11037.fastdl-server.biz/09uh8ny
  25. http://stemnodig.dommel.be/09uh8ny
  26. http://teatrdomowy.republika.pl/09uh8ny
  27. http://user9749.vs.easily.co.uk/09uh8ny
  28. http://www.bogusleek.co.uk/09uh8ny
  29. http://www.cristinabertuzzi.com/09uh8ny
  30. http://www.fliegendergaertner.at/09uh8ny
  31. http://www.genonkoubou.jp/09uh8ny
  32. http://www.ibcresigum.it/09uh8ny
  33. http://www.ladylinetattoo.org/09uh8ny
  34. http://www.noema2k.it/09uh8ny
  35. http://www.prisma-srl.net/09uh8ny
  36. http://www.studiobrogi.com/09uh8ny
  37. http://www.weingut-ettenauer.at/09uh8ny
  38.  
  39. Added:
  40. http://eleksanyi.home.ro/09uh8ny
  41. http://esvb.ru/09uh8ny
  42. http://fullbahis.atspace.com/09uh8ny
  43. http://www.falciano.it/09uh8ny
  44.  
  45. Added:
  46. http://dnaproducoes.com/09uh8ny
  47. http://mesaia.ina-ka.com/09uh8ny
  48. http://tipstersplaza.web.fc2.com/09uh8ny
  49. http://used-alfaromeo-cars.co.uk/09uh8ny
  50. http://www.davidegallo.it/09uh8ny
  51. http://www.elektrykzyrardow.strefa.pl/09uh8ny
  52. http://www.nicolau11a-iasi.home.ro/09uh8ny
  53. http://radiodiscounters.com/09uh8ny
  54. http://www.csc-gauguin.fr/09uh8ny
  55.  
  56. Malware encryped, filesize 278713 bytes
  57. Encrypted malware: ad62a6d0ed626c72135b75692cabe0c7a9b49a94be811678491a2a34a87af5ee
  58.  
  59. https://www.reverse.it/sample/e38da18c6362c84f8869414fbcf7697719c3069800a216a26a9711045bd2caa7?environmentId=100
  60. https://www.reverse.it/sample/12c7443f5ca8f5a0bbcb39ed9f17744107cf4bf894a4c8d54ef3bb10ad041de4?environmentId=100
  61. https://www.reverse.it/sample/6b0c6268df147e846a15851ca30364ee960da486f685d9d344b3f876549548a7?environmentId=100
  62.  
  63. C2s:
  64. 159.203.182.129:80/php/upload.php
  65. 185.129.148.19:80/php/upload.php
  66. (vkhfytd.xyz)188.166.150.176:80/php/upload.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!