API tools faq
paste
Advertisement
Racco42

Locky "Paid bills"

Racco42
Aug 2nd, 2016
1,756
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.99 KB | None | 0 0
raw download clone embed print report
  1. 2016-08-02 #locky email phishing campaign "Paid bills"
  2.  
  3. Email sample:
  4. -------------------------------------------------------------------------------
  5. From: "Antoinette Calderon"
  6. To: [REDACTED]
  7. Subject: Paid bills
  8.  
  9. Hello [REDACTED],
  10.  
  11. lease see the attached last month's paid bills for the company
  12.  
  13. Best regards
  14. Antoinette Calderon
  15. -------------------------------------------------------------------------------
  16. Attachment: 6fa9732c9d.zip, contains "sales charts BF93191F.js"; JScript downloader
  17.  
  18. Download sites:
  19. http://158.199.158.185/e2ti07
  20. http://212.26.129.68/f0671
  21. http://acnek.com/zfwiice
  22. http://alex-walter.de/gzag8yht
  23. http://beate-oberle-kosmetik.de/jqbf9
  24. http://breinco.com/~export/jrjnlkc
  25. http://cinerd.info/wwekm4yk
  26. http://clinic.gov.ua/my2vo
  27. http://dev.appleleafabstracting.com/uis21
  28. http://ecpi.ro/3kc9d2
  29. http://essenciadoequilibrio.net/7vsuk59
  30. http://exportwroclaw.cba.pl/565489s
  31. http://fotografuj.pl/qk4zo4cv
  32. http://gebetech.at/lpgrvcoa
  33. http://go4leiner.de/8wofbvq
  34. http://itconcept.md/mgvlj3m
  35. http://jhengineering.szm.com/5242czu9
  36. http://lifeserv.myarena.ru/0siarbi
  37. http://madiv.ru/pbzgphhj
  38. http://morfaux.fr/hvk9pc
  39. http://my-result.ru/vhzj63z
  40. http://nolwo.ru/nimsr
  41. http://olis.atspace.com/b6aqk
  42. http://plasseramerican.net/3064rl
  43. http://psclimat.ru/rnn59v
  44. http://realm-of-rage.heimat.eu/e4pxmx1
  45. http://rsxxx.com/xy4dghdn
  46. http://russiansnow.web.fc2.com/d8k6pqag
  47. http://sancompany.ru/pl8in
  48. http://setcoop.com.br/87pyu
  49. http://siteriqi.bget.ru/sfgjthf
  50. http://subbenim.atspace.com/kqfyrwph
  51. http://system-inka.de/31f7r
  52. http://terminatorzy.cba.pl/goix6
  53. http://thehybrid.0catch.com/36sye
  54. http://totalrepalrhonda.web.fc2.com/g6qx0t
  55. http://tvoy-android.com/mqs5z
  56. http://ultramarincentr.ru/soao7gp
  57. http://woblk17jc.homepage.t-online.de/ao4sg9
  58. http://wt7dzbn78.homepage.t-online.de/2x5qs94
  59. http://www.arstaelteknik.com/6kpppb
  60. http://www.bagana.net/0743nt3
  61. http://www.cafealaska.es/bc3z9j9
  62. http://www.cosentinoarredamenti.com/1zq31
  63. http://www.dsalchi.org/dmkd5
  64. http://www.gioilda.com/lcoucn62
  65. http://www.serial-production.com/9c4xv
  66. http://www.simons-vakantiehuisje.nl/2e3vp
  67. http://www.stucchifedele.com/9c5m4g
  68.  
  69. Added:
  70. http://sugetipula12.hi2.ro/889eze
  71.  
  72. Encrypted malware, filesize 148484:
  73. f24c52a9bcdaf5daa08b7fc88c8051dc99cce2b1c0a0253291daa100f3d48565 http___158.199.158.185_e2ti07
  74. 6db16094b514944116b419c90bd21d5fc4d3d6181fc6c7d2d9a9fcf27df957a4 http___212.26.129.68_f0671
  75. 4a646bd473d8aa2ed680baa7d3de6693edbe9be247d44c65e61342a3b95fb03d http___acnek.com_zfwiice
  76. 31f48663cd842892da775e3cf71dee6ddb81620ed3db82f9c3db6280cef3d9b1 http___alex-walter.de_gzag8yht
  77. 4f9a257ffebe0a7afbb05af60114f1a282abddbcb91610c1e9876a87d36e053d http___beate-oberle-kosmetik.de_jqbf9
  78. da1d2a1e38345f8e5ca57d0dd9a8e43f8942791060b0b211715b0e106ad5d9f7 http___breinco.com_~export_jrjnlkc
  79. 9eaa8f9d3e4b9966121099611b8f1a43ac16db7be0c2609aaed4d60390dae70d http___cinerd.info_wwekm4yk
  80. 918cfc7e1e9729209cbb75ebde07319a319a4de099d3832799f74356fa490d13 http___clinic.gov.ua_my2vo
  81. 3e23993227e26f108fd23c6780c1a561fd87bf082c37f7912cbba79610c63fef http___dev.appleleafabstracting.com_uis21
  82. e9a837103a388747d74871610ca9decb228ffd3752db62e99733e8db49bc3599 http___ecpi.ro_3kc9d2
  83. c1c580967f1a0bec8eabf6e470206551f2ba0b73a2fecd33a27331cf0dfa03fb http___essenciadoequilibrio.net_7vsuk59
  84. e8f650178b73bcff6f8a054e346d942a663b49ab1f831bce2502c43493a3e234 http___exportwroclaw.cba.pl_565489s
  85. d881d294c49c8f3f8e809401a5297001186278c336cd0d65c3981dc499d00417 http___fotografuj.pl_qk4zo4cv
  86. 3ceb0d5590a7cb90d096d1fcd57ac750c7ae230d91dc7f21534e346a39f528d2 http___go4leiner.de_8wofbvq
  87. 41468add3b2e9dcd21a315a32e42e9e1f4c93f0aa69fcfa3b0d8abee0d760721 http___itconcept.md_mgvlj3m
  88. 3722702d1253114201ebc22914410745f6cd511567d666ebd3449e64fa31673c http___jhengineering.szm.com_5242czu9
  89. b8088bdb5a78e7dad2cb4714b9407c122d4dd32a9ce0113aa2b1f1970d561d5c http___lifeserv.myarena.ru_0siarbi
  90. 62548f0e743abba46ace73eada08bc75aa1499e51c05dff7f35657d14327a620 http___madiv.ru_pbzgphhj
  91. 3f2b07e22680a77ac3586904a83e0ec25b18ddff8073d4cd11caa45d0c138e20 http___morfaux.fr_hvk9pc
  92. e744a7caa594982bd9744138111c37ab84ef5a793d75edec5d17524a74a1da22 http___my-result.ru_vhzj63z
  93. 4e82f4d45cb14623d484d51ad7cc4502e5e01b813473eb03c678189e92dbedd9 http___nolwo.ru_nimsr
  94. 6d581caa894298d47a63f8463e168cdd9446b3589f2094bef8bad920612d0a57 http___olis.atspace.com_b6aqk
  95. 7c1072b26352759749f58b67df38f93113108f319e208e460656dbadb1598a0b http___plasseramerican.net_3064rl
  96. e8f3761fa644dbc4cc4daf3bc70c6daa11e151b13ac21d88e8cdca64ff8a8ee7 http___psclimat.ru_rnn59v
  97. 2b48178888b3e7e161451483e680d22da768e35be567f8a3be2ce9172b35b5a7 http___realm-of-rage.heimat.eu_e4pxmx1
  98. 28d8bf5428211f732f2a142821ef5b2377e31226183e9d9067bc7f19ec9ad445 http___rsxxx.com_xy4dghdn
  99. d013f9fb8f0ca422d65c71cb6e728f69b180b6598c373372d367ace1a3982acf http___russiansnow.web.fc2.com_d8k6pqag
  100. e8e56dd6aad703ffbe756b310b9bd625826e7549da0880ee40c9f32215b486e9 http___sancompany.ru_pl8in
  101. cc0d25a4afce9e51b185c90e7808570e6e34ececedb3c0eaa666080ed6b6bc3a http___setcoop.com.br_87pyu
  102. cc11c209a2367f0e5cbdc4423a91833451e3d7840d9af6942a5d3b269233cc2e http___siteriqi.bget.ru_sfgjthf
  103. f75d67dc205d6a013f7894d3a78916c05ef247fe74bfec5dd3627997f1c3da24 http___subbenim.atspace.com_kqfyrwph
  104. 9ca4d064d8ad886b9bb928ccf6682dc7603d081f771081385ebb7774749e0a18 http___system-inka.de_31f7r
  105. 736c7e74a2b797cd1b515b722db9d96fc7fe949b4f3ad140f627a0f662d4b8b5 http___terminatorzy.cba.pl_goix6
  106. 449b53f6a7c1ac888b4c9e6e8b5b84e92ff878b9b0fa765799d2832fecb55b16 http___thehybrid.0catch.com_36sye
  107. 83ced68aaab1d5f80fe819db32729bf4de35b93b16c55da6e79b73d34dcf05cc http___totalrepalrhonda.web.fc2.com_g6qx0t
  108. 9b698801261863368c1c3e2cde76da8db6159cd6e167dfe874fb038ea3dcebaa http___tvoy-android.com_mqs5z
  109. 658af8593966bf07fee56ac202be22808f14550124afbe8bf3c798da0ca77f75 http___ultramarincentr.ru_soao7gp
  110. 5cb758b77d9c895e29cf7b241ae78a83b36586c4d8c865e0c97fc64dfa24cffd http___woblk17jc.homepage.t-online.de_ao4sg9
  111. acbc872667221ecae39dda5531290ab599c5964ec795847c7f54c9a6d3b8909f http___wt7dzbn78.homepage.t-online.de_2x5qs94
  112. 913083d55c5d8706be384789db73624c57b97e9b217a3812a4b26138b344de8f http___www.arstaelteknik.com_6kpppb
  113. 14bad7b59425cffe991c4e0b68e7e74b813ed70b46cbf1a7128bc46f1c43d321 http___www.bagana.net_0743nt3
  114. 89c5ec5b37f455d7e53952c1a3511ab77b3b22bde74ced574b0dc9546dc896ff http___www.cafealaska.es_bc3z9j9
  115. 9d8615b52641e35cdae13f7ebb9e674e335dbc0e6deb8443bb2bd68db7647220 http___www.cosentinoarredamenti.com_1zq31
  116. 7f7625b02d2de83bc2b16d56b03e19841eea823c2db5cf96994ed04a5dbb4eee http___www.dsalchi.org_dmkd5
  117. 79ec9621aab38dc1f491d86d11ff44db31478eb4c59535245bd3e4eafc40ecbd http___www.gioilda.com_lcoucn62
  118. 93f03dd2998c6facc8ec296d054f1274ab3d558754ce863a97ba1640d34cacf1 http___www.serial-production.com_9c4xv
  119. 92c4179642ade77163894ac62221180e055423431ff8cf7706ecc4628b24c809 http___www.simons-vakantiehuisje.nl_2e3vp
  120. 3850931f975f251a5fc496dcd3d092db8eb8e53ee3537ab9c3ea126186e8db37 http___www.stucchifedele.com_9c5m4g
  121.  
  122. Added:
  123. 35996dfdc1977e8b19531925c84d2199ff3e6d2a9d926ecc7a8757972982ff2e http___sugetipula12.hi2.ro_889eze
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!