Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: URSNIF/GOZI / DREAMBOT
- SUBJECTS OBSERVED
- RE: CHECKING STATUS OF RECON
- SENDERS OBSERVED
- lferguson@wmssd[.]net
- EMAIL BODY
- The contract has been updated, please check.
- Archive password: 7777
- DOCUMENT FILE HASHES
- presentation#_36099.7z
- 3594c7467426d5b8e2d88acff27662d9
- presentation#_36099.vbs
- e38416889180697bbdb06352c3a84427
- URSNIF PAYLOAD URLS
- hxxps://firefox[.]deltalifestyle[.]com/downloads/#VLFLC_corwGaYGAXKmFvE7
- URSNIF C2s
- url hxxp://cdn[.]arsis[.]at/api1/
- url hxxp://cdn[.]arsis[.]at/api1/
- SUPPORTING EVIDENCE
- https://app.any.run/tasks/cb8e176d-e516-4690-8de4-5306bfe1bea7
Add Comment
Please, Sign In to add comment