Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: ZLOADER
- SUBJECTS OBSERVED
- Invoice clarification
- Zoho Docs - Inf_952.xls
- SENDERS OBSERVED
- notification@zohodocs.com
- MALDOCS DOWNLOAD URLS
- https://docs.zoho.com/downloaddocument.do?docId=2nv9e360d39e723824761854d4f20cf99adfd
- https://docs.zoho.com/downloaddocument.do?docId=2nv9e5d8a6fa4c2644b449fb65e3a28b846b4
- MALDOC FILE HASHES
- Pay-954.xls
- 778588f472b7cca6fe01a033c99e3d63
- Inf_952.xls
- f809988bc3bf6e667dc9b46075639fdb
- ZLOADER PAYLOAD URLS
- https://mukaznigerialtd.com.ng/server.php
- ZLOADER PAYLOAD FILE HASHES
- ibxux.txt
- 96b946d74b7edfd4493f021f7ed4d4de
- UNKNOWN DOWNLOAD URL (PERHAPS DECOY?)
- https://github.com/carterjones/hello-world-dll/releases/download/v1.0.0/hello-world-x64.dll
- UNKNOWN DLL FILE HASH
- hello-world-x64.dll
- 7f8a2b842948eb70133fa34f0cfe772b
- ZLOADER C2s
- https://alahsateam.com/post.php
- https://bestarticleblog.com/post.php
- https://carmeta-ampuh.com/post.php
- https://perlisisacsiograv.tk/post.php
- https://pyggroup.com.pe/post.php
- https://vidhyashram.edu.in/post.php
- SUPPORTING EVIDENCE
- https://tria.ge/210205-zflzebh28x
- https://app.any.run/tasks/fe725fa8-703f-4c67-8303-2d5fb7366d2f/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement