API tools faq
paste
Advertisement
Racco42

Locky "Invoice #xxxxx-2016"

Racco42
Sep 7th, 2016
1,782
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.02 KB | None | 0 0
raw download clone embed print report
  1. 2016-09-07 #locky email phishing campaign "Invoice #xxxxx-2016"
  2.  
  3. Email sample
  4. -----------------------------------------------------------------------------------------------------
  5. From: "Houston Porter"
  6. To: [REDACTED]
  7. Subject: Invoice #e861e-2016
  8.  
  9.  
  10. Dear [REDACTED], we have attached the debt payment invoice. Please view the due amount.
  11.  
  12. Respectfully,
  13. Houston Porter
  14. -----------------------------------------------------------------------------------------------------
  15. Attached file <random_hexachars>.zip contains 2 identical files "<8_hexachars> debt payment invoice ~pdf.js" and "<8_hexachars> debt payment invoice ~pdf - 1.js"; a JScript downloaders
  16.  
  17. Download sites:
  18. http://canonsupervideo4k.ws/3yiqvg7v
  19. http://donttouchmybaseline.ws/ggh1aunf
  20. http://listofbuyersus.co.in/bkkpz
  21. http://tradesmartcoin.xyz/4q1hb
  22. http://videoconvertermac.in/4kzlfgm
  23.  
  24. None of the domains actually successfully resolves or connects. The domains are subset of domains in "Agreement form" run earlier today (http://pastebin.com/mDSH1Kah).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!