Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2016-09-01 #locky email phishing campaign "Please find attached invoice no: X"
- Email sample (sender address is document@<sender's domain> )
- ---------------------------------------------------------------------------------------------------------------------------------
- From: <document@[REDACTED]>
- To: [REDACTED]
- Subject: Please find attached invoice no: 6787196687
- Attached is a Print Manager form.
- Format = Portable Document Format File (PDF) ________________________________
- Disclaimer
- This email/fax transmission is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended reipient, you must not copy, distribute or disseminate the information, or take any action in reliance of it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer. If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system. For email transmissions please rely on your own virus check no responsibility is taken by the sender for any damage rising out of any bug or virus infection.
- ---------------------------------------------------------------------------------------------------------------------------------
- Attached file "<random chars>.zip" contains file "<random chars>.wsf" containing JScript downloader
- Download sites (the actual URLs contain ?<random>=<random> suffix, but it does not have influence on download):
- http://158.195.68.10/87hcrn33g
- http://branchjp.web.fc2.com/87hcrn33g
- http://chal4.co.uk/87hcrn33g
- http://dashman.web.fc2.com/87hcrn33g
- http://dcqoutlet.es/87hcrn33g
- http://forum.sandalcraft.cba.pl/87hcrn33g
- http://hotcarshhhs6632.com/js/87hcrn33g
- http://hotelimperium.go.ro/87hcrn33g
- http://imperium.nazory.cz/87hcrn33g
- http://kawasima0506.web.fc2.com/87hcrn33g
- http://kissfm.rdsor.ro/87hcrn33g
- http://ksiega.solidworks.cba.pl/87hcrn33g
- http://nevrincea.50webs.com/87hcrn33g
- http://olivier.coroenne.perso.sfr.fr/87hcrn33g
- http://postaldigitalrs.com.br/87hcrn33g
- http://pp4_09_10_2s.republika.pl/87hcrn33g
- http://reklamnibannery.wz.cz/87hcrn33g
- http://rhanwid.com/87hcrn33g
- http://sac360.web.fc2.com/87hcrn33g
- http://school3.50webs.com/87hcrn33g
- http://wccf.huuryuu.com/87hcrn33g
- http://www.archiviestoria.it/87hcrn33g
- http://www.cmg-ingegneria.it/87hcrn33g
- http://www.coseincredibili.it/87hcrn33g
- http://www.courtesyweb.it/87hcrn33g
- http://www.dallaglio-nordin.com/87hcrn33g
- http://www.galaturs.com.ua/87hcrn33g
- http://www.gebrvanorsouw.nl/87hcrn33g
- http://www.gunaldy.com/87hcrn33g
- http://www.idiomestarradellas.com/87hcrn33g
- http://www.infoteria.cba.pl/87hcrn33g
- http://www.motortecnica.org/87hcrn33g
- http://www.termoalbiate.com/87hcrn33g
- http://www.valerypro.com/87hcrn33g
- http://zui9reica.web.fc2.com/87hcrn33g
- Same downloads / malware as in "Confirmation" campaigh http://pastebin.com/W2fkQx9S
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement