API tools faq
paste
ExecuteMalware

2020-07-21 Ursnif/Gozi IOCs

ExecuteMalware
Jul 21st, 2020
5,855
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.63 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: URSNIF/GOZI / DREAMBOT
  2.  
  3. SUBJECTS OBSERVED
  4. RE: CHECKING STATUS OF RECON
  5.  
  6. SENDERS OBSERVED
  7. lferguson@wmssd[.]net
  8.  
  9. EMAIL BODY
  10. The contract has been updated, please check.
  11.  
  12. Archive password: 7777
  13.  
  14. DOCUMENT FILE HASHES
  15. presentation#_36099.7z
  16. 3594c7467426d5b8e2d88acff27662d9
  17.  
  18. presentation#_36099.vbs
  19. e38416889180697bbdb06352c3a84427
  20.  
  21. URSNIF PAYLOAD URLS
  22. hxxps://firefox[.]deltalifestyle[.]com/downloads/#VLFLC_corwGaYGAXKmFvE7
  23.  
  24. URSNIF C2s
  25. url hxxp://cdn[.]arsis[.]at/api1/
  26. url hxxp://cdn[.]arsis[.]at/api1/
  27.  
  28. SUPPORTING EVIDENCE
  29. https://app.any.run/tasks/cb8e176d-e516-4690-8de4-5306bfe1bea7
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!