API tools faq
paste
Advertisement
ExecuteMalware

2021-02-05 ZLoader IOCs

ExecuteMalware
Feb 5th, 2021
5,074
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.15 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: ZLOADER
  2.  
  3. SUBJECTS OBSERVED
  4. Invoice clarification
  5. Zoho Docs - Inf_952.xls
  6.  
  7. SENDERS OBSERVED
  8. notification@zohodocs.com
  9.  
  10. MALDOCS DOWNLOAD URLS
  11. https://docs.zoho.com/downloaddocument.do?docId=2nv9e360d39e723824761854d4f20cf99adfd
  12. https://docs.zoho.com/downloaddocument.do?docId=2nv9e5d8a6fa4c2644b449fb65e3a28b846b4
  13.  
  14. MALDOC FILE HASHES
  15. Pay-954.xls
  16. 778588f472b7cca6fe01a033c99e3d63
  17.  
  18. Inf_952.xls
  19. f809988bc3bf6e667dc9b46075639fdb
  20.  
  21. ZLOADER PAYLOAD URLS
  22. https://mukaznigerialtd.com.ng/server.php
  23.  
  24. ZLOADER PAYLOAD FILE HASHES
  25. ibxux.txt
  26. 96b946d74b7edfd4493f021f7ed4d4de
  27.  
  28. UNKNOWN DOWNLOAD URL (PERHAPS DECOY?)
  29. https://github.com/carterjones/hello-world-dll/releases/download/v1.0.0/hello-world-x64.dll
  30.  
  31. UNKNOWN DLL FILE HASH
  32. hello-world-x64.dll
  33. 7f8a2b842948eb70133fa34f0cfe772b
  34.  
  35. ZLOADER C2s
  36. https://alahsateam.com/post.php
  37. https://bestarticleblog.com/post.php
  38. https://carmeta-ampuh.com/post.php
  39. https://perlisisacsiograv.tk/post.php
  40. https://pyggroup.com.pe/post.php
  41. https://vidhyashram.edu.in/post.php
  42.  
  43. SUPPORTING EVIDENCE
  44. https://tria.ge/210205-zflzebh28x
  45. https://app.any.run/tasks/fe725fa8-703f-4c67-8303-2d5fb7366d2f/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!