API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 12/17/18

jroosen
Dec 18th, 2018
2,483
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 57.14 KB | None | 0 0
raw download clone embed print report
  1.  
  2. ## Emotet Malware Document links/IOCs for 12/17/18 as of 12/17/18 23:59 EST ##
  3. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  4.  
  5. #### Epoch 1 Document/Downloader links seen for 12/17/18 ####
  6. ```
  7.  
  8. http://159.65.107.159/Amazon/Details/2018-12/
  9. http://35.242.233.97/AMAZON/Clients_transactions/12_18/
  10. http://82.196.13.46/sTUH-kmtbAtWLZr9yVn_ymcdWEsX-Jp/
  11. http://adegas.co.za/AMAZON/Transactions-details/122018/
  12. http://ajmcarter.com/TFTN-ThRBeAwyi55NNf_OHgmdfdhm-MQ/
  13. http://alexzstroy.ru/ersdd-mKTWNesEuoacuCh_AMhDqYzo-jO/
  14. http://allabouthealth.co.za/Amazon/EN_US/Clients/2018-12/
  15. http://ayhanceylan.av.tr/AMAZON/Clients_Messages/12_18/
  16. http://bike-nomad.com/TDOe-hKRTWtYycN3kWT_MHHTuFeEB-z2/
  17. http://bloodybits.com/Amazon/Payments_details/122018/
  18. http://bunonartcrafts.com/FvkrI-dGaPIsJQqwSbW7_EptgWqnB-ZEX/
  19. http://buydirectonline247.com/XkGHn-U1Prtt3lIGdGWj_XgGVLAEU-244/
  20. http://chbw.accudesignhost.com/wp-content/themes/auto-repair/cache/jGZan-7LhBEEVZyUu9LTc_PlDVLInMv-v1P/
  21. http://chillazz.co.za/AMAZON/Orders_details/12_18/
  22. http://clix.teamextreme.jp/Amazon/En_us/Payments_details/12_18/
  23. http://construcaoclinicas.pt/AMAZON/Orders-details/2018-12/
  24. http://construccionesrm.com.ar/bkbFk-CYgSutK522PPkk_FynAZHPES-F1B/
  25. http://dev.umasterov.org/Amazon/En_us/Orders-details/2018-12/
  26. http://diclassecc.com/AMAZON/Clients_transactions/122018/
  27. http://doncartel.nl/SREuG-JJH3NQkCa4BQUL_KMqPqlBvg-XJw/
  28. http://en.worthfind.com/rMmf-k2whfGSKiAfCje_ItuhENMDF-uIi/
  29. http://envosis.com/cgi-bin/MBwGn-kFC4CCyFqH9FSub_TcexyjPu-A0/
  30. http://eroes.nl/Seuly-nxbBkkrGeU1lV0r_imkWyUAjY-MjT/
  31. http://espaytakht.com/CcuFU-SmIeUXw8VTa3wGb_FfCDcBVfZ-We/
  32. http://esselsoft.com/wp-admin/AMAZON/Details/122018/
  33. http://etherealms.com/ptFZ-SgtMp3V9tdsrrt_WihXMYeHe-WE/
  34. http://etmerc.com/Amazon/En_us/Transactions-details/122018/
  35. http://eugroup.dk/Amazon/EN_US/Clients_Messages/122018/
  36. http://febre.cl/Amazon/Payments/12_18/
  37. http://firemaplegames.com/wgFB-1ZS1bnoz0Wtv4h_LqsfTtEQX-y3Z/
  38. http://fotofranan.es/Amazon/En_us/Clients_Messages/12_18/
  39. http://fotrans.me/AMAZON/Transactions-details/2018-12/
  40. http://fotrans.me/yFgE-BStj3QZl770Q1he_NYxpqDbE-Sg/
  41. http://franceslin.com/AMAZON/Clients/122018/
  42. http://frog.cl/ckEJ-GRGtr5ll8vSmYa_kQegxClC-Ws/
  43. http://ghassansugar.com/Amazon/En_us/Clients_transactions/2018-12/
  44. http://glorialoring.com/Amazon/En_us/Clients_transactions/122018/
  45. http://gracebear.co.uk/HaOuF-hn7KjFHVPxKXuGM_JJyrVxsD-2py/
  46. http://greenlandco.kz/AMAZON/Documents/122018/
  47. http://heke.net/oQPJ-CouhRpqsGHmysfH_xcPUhmHzL-zFz/
  48. http://hockeystickz.com/Telekom/RechnungOnline/112018/
  49. http://hps-sk.sk/Amazon/Information/2018-12/
  50. http://iberias.ge/AMAZON/Messages/122018/
  51. http://ibnkhaldun.edu.my/Amazon/Documents/122018/
  52. http://identityhomes.com/Amazon/En_us/Orders_details/122018/
  53. http://inetonline.com/FALEn-aWRsYVA6Fgqgx4_ZpuzblQFo-ReW/
  54. http://inspirefit.net/jxrNz-gsXHX69MOxKnCa_soguqnPZ-nKa/
  55. http://isbellindustries.com/Amazon/EN_US/Clients/2018-12/
  56. http://ismandanismanlik.com.tr/Amazon/EN_US/Transactions-details/12_18/
  57. http://jalvarshaborewell.com/Amazon/Transaction_details/122018/
  58. http://jamieatkins.org/AMAZON/Information/2018-12/
  59. http://jaspinformatica.com/Amazon/Attachments/122018/
  60. http://kc.vedigitize.com/res/Amazon/Payments/122018/
  61. http://kellydarke.com/Amazon/En_us/Information/122018/
  62. http://kids-education-support.com/whxn-hFx8Vd5dgoNaqCn_wYLldTck-pp/
  63. http://landingdesigns.com/Amazon/EN_US/Orders-details/2018-12/
  64. http://leodruker.com/AMAZON/Information/122018/
  65. http://lesamisdulyceeamiral.fr/Amazon/En_us/Clients_information/2018-12/
  66. http://loneoakmarketing.com/yuIz-EpMvwzzi5Th77yB_LGZyWmXVA-DzC/
  67. http://lucdc.be/Amazon/En_us/Transactions/122018/
  68. http://magdailha.com.br/Amazon/En_us/Transaction_details/12_18/
  69. http://mahestri.id/Amazon/En_us/Transactions-details/12_18/
  70. http://maquisagdl.com/AMAZON/Transaction_details/122018/
  71. http://megascule.ro/AMAZON/Orders-details/122018/
  72. http://meiks.dk/Amazon/Transaction_details/122018/
  73. http://meunasahkrueng.id/VZRpZ-WCPbU96KzqX55w_EBpKeODn-vX/
  74. http://mgupta.me/huFqo-myA3g3Y8ADFD6R_VIwsazLd-Ha/
  75. http://minhphatstone.com/KAtiN-kc5UFaJzr908n18_pWnAllGP-eL/
  76. http://mofables.com/Amazon/EN_US/Orders_details/2018-12/
  77. http://mofels.com.ng/Amazon/Clients_information/12_18/
  78. http://nami.com.uy/AMAZON/Attachments/2018-12/
  79. http://net96.it/Amazon/Transactions/2018-12/
  80. http://neurologicalcorrelates.com/OXTO-3ohAr0cKnhMduYu_hhCDYLpV-119/
  81. http://new.family-kitchen-secrets.com/KOkbz-2w1dK8OnOzIpNM6_gWoCOkyUW-0b/
  82. http://ngayhoivieclam.uet.vnu.edu.vn/wp-content/AMAZON/Transaction_details/122018/
  83. http://nhathep.xyz/fzFXa-5YQnFiy0UvwB1y_sviiMedP-CBH/
  84. http://nhatnampaints.com/wp-admin/Amazon/Documents/12_18/
  85. http://oikosredambiental.org/AMAZON/Documents/12_18/
  86. http://ooohanks.ru/AMAZON/Clients_transactions/12_18/
  87. http://pashkinbar.ru/Amazon/En_us/Payments_details/2018-12/
  88. http://pos.rumen8.com/wp-content/cache/AMAZON/Clients_information/2018-12/
  89. http://pos.vedigitize.com/MhYA-k0ddqYvzlWtMeY_nsEKycTk-Bz/
  90. http://pravokd.ru/Brjq-E1yIeBDz8usrbI_SpVHLWWn-VR/
  91. http://psychologylibs.ru/layouts/AMAZON/Information/12_18/
  92. http://quicktryk.dk/CdlAs-Wej75ZUjTuCAKa_WjBhMpBt-dk/
  93. http://remstirmash.kz/Amazon/En_us/Attachments/2018-12/
  94. http://rosznakproject.ru/LaCH-IAAlqmhPNqig0Qj_wwuwkJFeo-pL/
  95. http://sakh-domostroy.ru/Amazon/Information/12_18/
  96. http://salazars.me/Amazon/EN_US/Payments_details/2018-12/
  97. http://salazars.me/Amazon/En_us/Transaction_details/2018-12/
  98. http://salazars.me/eoUVB-QPQnncsuofRRhVG_uxBOpPhEy-6oj/
  99. http://sandau.biz/Amazon/Information/2018-12/
  100. http://sciww.com.pe/En_us/Transactions/2018-12/
  101. http://shootsir.com/Amazon/EN_US/Payments/12_18/
  102. http://sneezy.be/ZcJLu-Gioap0zmmnv3PT_xrOemSMat-qiZ/
  103. http://spot10.net/Amazon/En_us/Attachments/2018-12/
  104. http://sprayzee.com/chadholmescopywriting.com/AMAZON/Transactions/2018-12/
  105. http://stefanobaldini.net/qrqi-KTcsIuajPS1of4_LevrWsddC-ZO/
  106. http://tayloredsites.com/HmKm-jAfqAAeSWJhOEgo_pJjRZmPbd-Lu/
  107. http://tecserv.us/Amazon/En_us/Information/12_18/
  108. http://test.mmsu.edu.ph/wp-content/uploads/hUSLM-dtm0KJf1GFYmdVY_GmLlwhqr-v1S/
  109. http://theblueberrypatch.org/Amazon/EN_US/Transactions/2018-12/
  110. http://thehalihans.com/Amazon/Transactions/2018-12/
  111. http://thelastgate.com/VdBl-OIs23ePiY8yR67_ORLRbuZc-Ja/
  112. http://therundoctor.co.uk/Amazon/Orders_details/122018/
  113. http://tinyfarmblog.com/Amazon/Documents/122018/
  114. http://tomsnyder.net/ElxQF-3ZDT73iDXMrof4h_XsFfqhnE-xZ/
  115. http://tom-steed.com/Amazon/Clients_transactions/2018-12/
  116. http://topjewelrymart.com/jRFE-FCUkvUKQBUcFdeY_aIaCXolmO-Pr/
  117. http://tortugadatacorp.com/Amazon/En_us/Clients_transactions/12_18/
  118. http://toshitakahashi.com/Amazon/EN_US/Clients_transactions/12_18/
  119. http://ulco.tv/nhGc-iUMklrMsXNWO19S_SiVYRLrVY-Vw/
  120. http://ulukantasarim.com/wp-admin/Amazon/Information/122018/
  121. http://utorrentpro.com/Amazon/En_us/Transaction_details/2018-12/
  122. http://vafotografia.com.br/Amazon/En_us/Transactions-details/2018-12/
  123. http://vicencmarco.com/Amazon/En_us/Attachments/122018/
  124. http://welikeinc.com/Amazon/En_us/Orders_details/122018/
  125. http://wolmedia.net/Amazon/Clients/2018-12/
  126. http://wssports.msolsales3.com/Amazon/EN_US/Orders-details/12_18/
  127. http://www.1024.com.uy/Amazon/Payments/12_18/
  128. http://www.ahnnr.com/Amazon/EN_US/Orders_details/122018/
  129. http://www.avele.org/AMAZON/Transactions-details/12_18/
  130. http://www.blackgers.com/CPHm-tXjl0RF1CIxsoa_HCmPrfUA-Y1l/
  131. http://www.blueorangegroup.pl/tmp/Amazon/EN_US/Details/2018-12/
  132. http://www.canadatechnical.com/Amazon/EN_US/Payments/122018/
  133. http://www.casademaria.org.br/KZTx-4JO5lER35M7omw_euJXbdszR-Sj/
  134. http://www.celtes.com.br/Amazon/En_us/Attachments/12_18/
  135. http://www.chaudronnerie-2ct.fr/Amazon/En_us/Transactions/12_18/
  136. http://www.construcaoclinicas.pt/AMAZON/Orders-details/2018-12/
  137. http://www.coronadoplumbingemergency.com/pIwrW-T0kdoC2Q0DsJJOL_cIKmFuQQW-SEh/
  138. http://www.cosmeticdermatology.net/Amazon/Attachments/2018-12/
  139. http://www.craft-master.ru/Amazon/EN_US/Documents/12_18/
  140. http://www.cubitek.com/language/Amazon/En_us/Payments_details/2018-12/
  141. http://www.dianayoung.com/Amazon/EN_US/Clients_Messages/2018-12/
  142. http://www.dosabrazos.com/Amazon/Transactions-details/122018/
  143. http://www.dynamicpublishing.co.nz/BDCjt-Vq6wbQL7ghdouAN_LvOikrAQ-iaj/
  144. http://www.ebpa.com.br/Amazon/Clients_information/122018/
  145. http://www.edeydoors.com/UNmX-y2rd9jw0hfSsfAU_SGFyZmKOx-i9/
  146. http://www.egreenhomesusa.com/AMAZON/Details/122018/
  147. http://www.fyrishbikes.com/PpmK-S9B4p4nQLYBIxV_IWnbSWtx-rj/
  148. http://www.gordyssensors.com/Amazon/En_us/Clients_Messages/12_18/
  149. http://www.gozdekins.com/Amazon/EN_US/Orders-details/122018/
  150. http://www.helen-davies.de/Amazon/En_us/Orders_details/2018-12/
  151. http://www.hizmar.com/UVOb-JqH2DvYf7LeyOc_sBmjsVXm-oP/
  152. http://www.humpty-dumpty.ru/Amazon/EN_US/Clients_information/122018/
  153. http://www.jconventioncenterandresorts.com/Amazon/Information/122018/
  154. http://www.kahkow.com/Amazon/En_us/Transactions/2018-12/
  155. http://www.kinderdiscovery.com.mx/nHXTZ-mxwbsvrfo800Djl_zJOeFhcv-YT/
  156. http://www.laborsteel.com/Amazon/Payments_details/2018-12/
  157. http://www.landingdesigns.com/Amazon/EN_US/Orders-details/2018-12/
  158. http://www.latabledemaxime.com/mhArZ-GkkEp1VvNOiGkh_LDDALFrS-eE/
  159. http://www.linkzoo.net/AMAZON/Documents/12_18/
  160. http://www.lmssupportcenter.com/dyDM-COYVBoHy3MjZTvi_myEKCfKXV-zcY/
  161. http://www.localfuneraldirectors.co.uk/kViwF-uZPMObHf3UkFr7_fQzXakFSN-GIm/
  162. http://www.maquisagdl.com/AMAZON/Transaction_details/122018/
  163. http://www.milagro.com.co/AMAZON/Transaction_details/2018-12/
  164. http://www.myklecks.com/Amazon/En_us/Clients_transactions/12_18/
  165. http://www.naturesharvest.com.hk/Amazon/En_us/Clients/2018-12/
  166. http://www.noblewarriorenterprises.com/Amazon/EN_US/Clients/2018-12/
  167. http://www.odesagroup.com/Amazon/En_us/Payments_details/12_18/
  168. http://www.optimumisp.com/wWrgQ-XyX7DRrG3TDJGN_fIlfGnkR-PBh/
  169. http://www.orlandomohorovic.com/Amazon/Transactions/2018-12/
  170. http://www.paiju800.com/Amazon/Payments_details/122018/
  171. http://www.physio-bo.de/Amazon/Clients_information/2018-12/
  172. http://www.portcdm.com/0xsymlink/root/dev/shm/Amazon/Attachments/122018/
  173. http://www.prmw.nl/Amazon/EN_US/Transaction_details/12_18/
  174. http://www.ptgdata.com/Amazon/Clients_Messages/12_18/
  175. http://www.quicktryk.dk/CdlAs-Wej75ZUjTuCAKa_WjBhMpBt-dk/
  176. http://www.ragamjayakonveksi.com/LVOI-ciiP2TrcvEri2zr_NkaRtevhO-Lx/
  177. http://www.rennstall-vovcenko.de/kiuvv-bydQx89N3FsPvl_HdvVsWRwQ-v0d/
  178. http://www.reparaties-ipad.nl/AMAZON/Transactions-details/12_18/
  179. http://www.rocazul.com/Amazon/En_us/Information/12_18/
  180. http://www.ropergulf.net.au/iNfSo-Ldxt6osBdfylsH_MhKbdguR-qoK/
  181. http://www.rosznakproject.ru/LaCH-IAAlqmhPNqig0Qj_wwuwkJFeo-pL/
  182. http://www.scglobal.co.th/ZRprd-K1LlTZ1naYDsTP_FwJZPJLk-rEm/
  183. http://www.schlossmichel.de/OCDzf-nM8Zd1c5jhuVZp_dhwXyvDY-pw/
  184. http://www.servicesaiguablava.com/Amazon/Details/122018/
  185. http://www.standart-uk.ru/Amazon/EN_US/Transactions-details/12_18/
  186. http://www.stroyted.ru/wp-content/ngg/Amazon/En_us/Payments_details/12_18/
  187. http://www.sumbertechnetic.com/Amazon/Clients_Messages/2018-12/
  188. http://www.sunjsc.vn/LTmgM-aUzzJadtHREpNY_QUHIKCFcj-5n/
  189. http://www.thequeencooks.com/Amazon/Orders_details/2018-12/
  190. http://www.ukstechno.in/AMAZON/Transactions/12_18/
  191. http://www.vidrioyaluminiosayj.com/LOojS-DZJSiNN58uqIBZf_hpRpkLoN-K6p/
  192. http://www.wegirls.be/Amazon/EN_US/Messages/12_18/
  193. http://www.weservehosting.net/cVOCN-W77dqLNU1Loi2IJ_DWWeMTGxk-Fbc/
  194. http://www.yolcuinsaatkesan.com/PqFKD-YfS2COvoO3tsRNB_jAyMJjSu-gov/
  195. http://www.zeltransauto.ru/Amazon/EN_US/Transactions/12_18/
  196. http://www.zengqs.com/pGOrS-vhZO53jkG7z9j9H_dGtZkMCW-CEo/
  197. http://xn--80akackgdchp7bcf0au.xn--p1ai/Amazon/EN_US/Transactions-details/2018-12/
  198. http://xn--e1aceh5b.xn--p1acf/Amazon/En_us/Clients_information/12_18/
  199.  
  200. ```
  201. #### Epoch 2 Document/Downloader links seen for 12/17/18 ####
  202. ```
  203.  
  204. http://159.65.107.159/WMMGw-oWoGaz8F0jeLPw_PmtjCYkmg-sb6/
  205. http://162.243.7.179/wp-content/themes/alveophase3/msf-files/myATT/u8Y_dDmcoer_1BhI9/
  206. http://2d73.ru/seDRp-BJbMOpte0gl2piJ_LDYnqynC-Um/INV/84676FORPO/23017603960/LLC/En_us/Question/
  207. http://31.207.35.116/wordpress/PEOrj-edbBTfpvqGWoA8_JcClxswn-Ph/
  208. http://58hukou.com/EKuJf-zw3nbVewd0XXzT_atkXuQRBb-BGk/
  209. http://58hukou.com/whEaV-35NTA2NDaB8rUZq_qKEIvzRt-zV3/
  210. http://82.196.13.46/iFOSm-AevGWTXvdNM9Kf1_iNrPLOSUb-RvU/
  211. http://agentsdirect.com/AT_T_Online/AbwtfwGT_FDgfEh_VGw6V6/
  212. http://agile.org.il/myATT/GC5TnyU2GgO_Y8rCk5J6_gO3ugnsJBU/
  213. http://aiwaviagens.com/YsEg-gfOmfrmlz5cIdX_rPhWhNmX-3r/
  214. http://altarfx.com/LNtTZ-CN4cV1Fih6eYit_dVkfyDLau-iv/
  215. http://amberrussia.cn/JqeOU-4KpRn854hGTw0i_aqtGKXWEu-Eeq/
  216. http://ara.desa.id/AT_T_Online/KMFENEK22c_xJBgYv_Eu6I6s4NP/
  217. http://arina.jsin.ru/AT_T_Account/VyHcE19_uuiuS9z_ga3VrH/
  218. http://arnela.nl/cL3YgwCLs7_b88UgfssW_JWmB3E/
  219. http://art-dshi2.ru/VBTmi-EDBoQjrAN6ZU4A_lJccCOBqA-GSb/
  220. http://aspiringfilms.com/TGVi-LXF7vpUJNI5adN_PlNfOWUSz-60/
  221. http://aulist.com/GvHr-MMJ5U8ZN2kc5aoq_NkxhpRvvh-t9/
  222. http://aural6.net/ATT/ehULRT_N4ixiH_ThZucMG8VB/
  223. http://billfritzjr.com/1QebEVBvcfE/SEPA/200-Jahre/
  224. http://bio-rost.com/AT_T_Online/eVoNECn_ttzwwcXqb_dx7WxMv/
  225. http://blue-print.fr/dSKew-Vyol6dGedfeeuC_BUBiMfPP-6P/
  226. http://blue-print.fr/mROLT-BnTu88nEoq33cJ_FmQQMNJa-nT/
  227. http://bmdigital.co.za/EXT/PaymentStatus/FILE/En_us/Important-Please-Read/
  228. http://bridgeventuresllc.com/jGIF-NlJNiRjwOak8Tv_FLKaeyyL-Wa/
  229. http://buydirectonline247.com/DmVQt-5VnHz1gO7b7dG0y_jyFTAptyq-Lnf/
  230. http://centraldrugs.net/NJyTU-fVH063bHPftIsH_RdLIBVED-XA/
  231. http://chaudronnerie-2ct.fr/rLVD-6RB8aaRKt1bBmz_vZqrXLKX-7O7/
  232. http://ciss.mk/sj/wp-includes/efUz-ysEsRh9S6OhJYB_nSyCDAwE-xs/
  233. http://cisteni-studni.com/myATT/A8477Nu_3PS7MdGHH_I7nWGv/
  234. http://congtycophan397.com.vn/tlBtI-3Zgwr8h7d6TnEY_ezEbzsyhb-JT/
  235. http://consultesistemas.com.br/INVOICE/68704433607083875/OVERPAYMENT/sites/En_us/Invoice/
  236. http://consultesistemas.com.br/WeXc-6PAjgaIxtKmaAY6_dnnJTlqiG-mH3/
  237. http://consultor100.es/nnZPf-KDgJK8Ht7XadKqe_KojPPsMi-fu/
  238. http://cotafric.net/wp-content/uploads/mDfC-xUdiy8cZDHeNAN_iNDfpiPBU-cd/
  239. http://countrystudy.ru/ZBnf-PxzXxyyuwdeXPt_ieFGuohCj-Zie/
  240. http://craftww.pl/crNs-j5Ei2TVZn5loWx2_WnIhLydap-viF/
  241. http://cvetisbazi.ru/bZuj-kYyDZ3AO2vifRN_sGjsWtYCw-Ktj/
  242. http://datthocuphuquoc.xyz/YJOiC-qMOD4pCpnSgbPr_QRcxkAmjh-dhT/
  243. http://devadigaunited.org/AT_T_Account/pig_S97z1V_h6KxO4x/
  244. http://dimax.kz/myATT/9nT_JfrNL5lp_epL0xOxi4/
  245. http://ditec.com.my/SOzLT-UsBhcWNYgzkG1Ot_KIezIRfC-DKm/
  246. http://dogooccho.com.vn/ATTBusiness/H0KrTe0e5_ayVE2UEM_dbGn9WQR4/
  247. http://doncartel.nl/aAzw-Wc9UZ0KvYSWVoK_kwewZEDk-k0/
  248. http://dpn-school.ru/ATTBusiness/a89Xd2WBy_eD8InR_NWZemrG/
  249. http://drcarrico.com.br/5n0_FxfeSekn_8Zaetr2/
  250. http://ellajanelane.com/myATT/ZC4IntR_GzQ4RF8hp_QXIc7ubOFDy/
  251. http://enthos.net/zJKM_EQzzaSmc_AWRvqJa/
  252. http://eroes.nl/InvoiceCodeChanges/Dec2018/US_us/Paid-Invoices/
  253. http://escamesseguros.com.br/wvvw/ATTBusiness/mqmz_ooaM4tXB8_fTQMqZL/
  254. http://estomedic.com/Dlt_gE5pEMSy_qdvlZ3/
  255. http://evihdaf.com/AT_T_Account/upkC1Xpt69_ri2A3P_Jt8fn/
  256. http://evoqueart.com/Fgnjj-J6Eg4G8plmoI66_gdCYbmSiW-9i/
  257. http://evoqueart.com/myATT/NBFtzzzq_ooezAkh_9QbSA/
  258. http://feaservice.com/ATTBusiness/hM117e_0PdocYSvY_Qr6v9P/
  259. http://firemaplegames.com/CKhl-Q60awPKKA17j6mv_GylTFWfTp-rr/
  260. http://fotofranan.es/KBTK-7nvCBcU9ujAK4kw_SJgZeOyh-u2/
  261. http://ganeshfestivalusa.org/oDbjZ-lSw49e14mz9Pq1R_EBWkaWgoR-CL/
  262. http://gentesanluis.com/AT_T/hX1G_jQwS8BIhL_uofZPVD/
  263. http://germafrica.co.za/AT_T/jug0jGq_WXyD3sbs1_qudMnnuOV/
  264. http://germafrica.co.za/RNova-FrEWfAgx5PII9I_hrbYCTUUx-X9V/
  265. http://ghoulash.com/ATT/5TkiNGyyqlY_fTJqfKy_sL2f5X26/
  266. http://gracebear.co.uk/KeRX-mcCohyg8UTfMx3N_WegzEvVi-pau/
  267. http://greenplastic.com/FWPJ-etsB6VVkzBwndK_JBGeXFalk-crE/
  268. http://gtvtuning.com/cWTt-0jpGuR8yx9piji_ZcekvokVQ-imh/
  269. http://hbk-phonet.eu/XliS-LkQhcxtpOgetcaf_jgsjhFsaw-RCQ/
  270. http://hockeystickz.com/SAIPo-tEMOwWRhSoh22T7_ziGVsheFy-zKC/
  271. http://holidayhotels.top/axjMf-cmHWeKOieSWUtMo_rSeDtuYN-APf/
  272. http://holidayhotels.top/mQdG-JUGdLEJAEDKaEjQ_OksIBtuqS-Dl/
  273. http://huiledoliveduroussillon.fr/hdru-lHcaVizunMRd89P_TdQoLGKYu-qEy/
  274. http://hunterpublishers.com.au/AT_T_Online/QHEu6VwUO_fI6Zg57_ddXZ4C/
  275. http://ideieno.com/kcPw-14gPXZpTl5L2Ur_TvmmgwyUN-ptB/
  276. http://ido.nejanet.hu/zxtrU-hE8z0MK4yGOvpKK_fQNGAiAA-fH/
  277. http://ifab.es/AT_T_Account/yjq2kmdOl_jkEaYAT3_oRFCJLm9/
  278. http://ifcingenieria.cl/ATTBusiness/oU02Op_uVWlOT943_53wwKJL/
  279. http://ifcingenieria.cl/mDpJlAz4Z/de/IhreSparkasse/
  280. http://indocatra.co.id/ATTBusiness/3P0focm_SdHBHAsle_rrdJReV8UFH/
  281. http://inetonline.com/FALEn-aWRsYVA6Fgqgx4_ZpuzblQFo-ReW/
  282. http://informlib.com/YYCx-7NWTxbZqf6BPxZ_HpDqCWQU-Qs/
  283. http://j-cab.se/wKm_s4ycJ87i_aY0Us/
  284. http://j-d-i.co.jp/Cfbv-rYaMVa0rPPfZhV_IZsYIdOsY-Ao/
  285. http://jjtphoto.com/ydQb-ieFeBv72Ueqcqq_fFjqDXBc-30/
  286. http://johnnycrap.com/myATT/Qg9HIc_m1eI5z_Jay6PRSHzt/
  287. http://johnscevolaseo.com/HezS-3umZKZe0JPtWkn_oMVVbLJn-bP/
  288. http://johnsonlam.com/mYHMa-ag8tKx2e2UOI73_BtAOpqQqV-21/
  289. http://journalingtruth.com/MiaIS-GbntlJumdduH0T_DfWgoYbW-WJG/
  290. http://kdecoventures.com/SqEY-rWdXLHgX4yA57D_JnquQvquU-7u/
  291. http://kientrucviet24h.com/RDcg-h09AC5JBpI5C3S_BNSUQFVY-NX/
  292. http://kkorner.net/AT_T_Online/JQLcAXDv6Qn_3YeZeywWN_bUX2h/
  293. http://kniedzielska.pl/KZuwV-FcNTjxoKvrpTVPs_IxXlroBv-5O/
  294. http://kosses.nl/EjhIY-op9grSuKwLl8vS_rLkUQzta-2R/
  295. http://lakewoods.net/izAER-mFwi4rB5O3TPLWF_dmStPVBE-rv/
  296. http://leodruker.com/jHQI-9uzaYEJkWLznFD_wXtJyTAk-vz/
  297. http://lesamisdulyceeamiral.fr/ErNrL-hdVUwA48qZ0LfK_DfndWcaoo-C5r/
  298. http://liliandiniz.com.br/2dUC_F1HDlXair_dDydT1SVGn/
  299. http://litecoinearn.xyz/ATT/RL4jalCAy3_k5penZ2_8cHYPzz/
  300. http://marisel.com.ua/myATT/sEg6zP_QnuzUqhf4_Xmelj8CdG/
  301. http://marthashelleydesign.com/olpsX-LwsPukFpTsNzDi5_HKDVOrDN-ad/
  302. http://mattayom31.go.th/UKhvk-vy8JQkLCJgaGHt5_bRsjRlOMy-rr/
  303. http://mayurika.co.in/myATT/4xbzoi9_UYRLXiy6_NCbX6qEKN8/
  304. http://medpatchrx.com/6Fqd47epBFymYjzq/de_DE/Firmenkunden/
  305. http://mindymusic.nl/YkGJ-hW83CFhXYEoNx7l_TeYWLxBO-ov7/
  306. http://miniaturapty.com/OlbmS-00Sg55g34GnirwV_GusTYxJAN-U55/
  307. http://minterburn.co.uk/AT_T_Account/F7qD8WPT_WXMZNzKt_wlQ4Drdop/
  308. http://mofables.com/beYiE-HWIb1qfIXT339GW_HfiEhCSwm-OIx/
  309. http://move-kh.net/ATTBusiness/T4Wg0Ne50wf_BnTjtAA_OLygur8Mu/
  310. http://move-kh.net/bYVK-xFW5YOJnn7ZGCBE_gsxChVHs-fS/
  311. http://msexata.com.br/tWEE-RsiAaS7uoyPffN_JHlxalLB-bE/WIRE/Commercial/
  312. http://ngobito.net/SPKSA-4FF8nJ56dd0pyf_wxADDIPGS-GGG/
  313. http://notarius40.ru/QCuF-mSzhzfwQ5tUAkL_YHnfyKou-BnN/
  314. http://oikosredambiental.org/LjYpP-WYyyqGqGvh5WQPp_djtnHEYcY-8LR/
  315. http://olacabattachment.com/faYAf-ssnS4hfCJshUxvE_VzmEkzKm-uL/
  316. http://oldmemoriescc.com/AT_T_Online/XeLZhRG0Mxb_PSWBv8qn_1Sue0/
  317. http://olyfkloof.co.za/aWVC-3IHqqLvmLyeU2bV_LrAIAjXP-K5/
  318. http://olyfkloof.co.za/nTTqgFCzKKKsNYQyFB/SWIFT/200-Jahre/
  319. http://omega.az/ATT/u1On_scqpZl_Tsbv0tL/
  320. http://omega.az/WRrUv-psko7sNrrXk8Ak_dJJLfueP-ZG/
  321. http://paiian.com/web/site/AT_T_Online/YYAFSrDY_ZV2Umy_7wj0vad/
  322. http://pclite.cl/lpWfH-bklSQf31o9cZZc_NVchGYhaf-HRP/biz/Personal/
  323. http://pclite.cl/myATT/3eStk6bQWc6_QUm6OlDp_KnAJ2SM0so8/
  324. http://plagading.edufa.id/wJqE-tOspIfR9BCrRuY_KZNYwjSPK-9Q/
  325. http://proxectomascaras.com/bXpu-KUBybPoLvZLkpa_douCBhim-Nxl/
  326. http://qinner.luxeone.cn/CIro-Phn7KjFHVPxKXu_AWFpGOtMK-HeF/
  327. http://raldafriends.com/QNKNw-eDST5sDSmRBlHO8_QMuylddSF-6R/
  328. http://realitycomputers.nl/gadne-mJqRXki6OpFP2GJ_xZfGthaR-Si/
  329. http://realitycomputers.nl/MQWk-Yz8DXc1v6LkJa7k_deQmclqEJ-zVV/com/Personal/
  330. http://robwalls.com/AT_T/TFh1oy2EDA_cbchtx5K_qqmEXCDuDv/
  331. http://robwalls.com/TNpjK-7s9ay66zXTjWPx_jhRjwUFXt-JFq/ACH/PaymentInfo/Document/EN_en/Invoice-75343683/
  332. http://rockcanyonoutfitters.com/RFQy-P5zZBU1LjnEdXB_SoYTSONT-ztB/
  333. http://romeoz.com/ATTBusiness/Aj5I1_6YmHylRk8_IGSq4/
  334. http://rumaharmasta.com/AT_T_Online/QWx_3Gk4QQliU_Qa2rjY6oOGy/
  335. http://simple.org.il/oVuR-9LQoCJDvyJPADM_nmGlDore-f0J/
  336. http://site.uic.edu.ph/myATT/WTTt61QgNn_PUXWGgasB_hbT1V/
  337. http://skycentral-176dinhcong.vn/xXMt-n0WgxUWhn5wXQZy_gVUtTdJc-ZqU/
  338. http://skytechretail.co.uk/xmbgD-1jOJRX5BPnmPCWJ_RmeYkhMTl-l2o/5366937/SurveyQuestionsfiles/En/Service-Invoice/
  339. http://skytechretail.co.uk/xPadl-fjHv5sDHaTYmrt3_BUsglannx-oXm/
  340. http://slittlefield.com/myATT/RagdE_NBa0YgjaC_AnvCqT/
  341. http://smallbizmall.biz/PsEjF-PTkmHaTg2l7Nt1K_ELxqBIOH-Fh/
  342. http://smallbizmall.biz/uJSZ-u78CF6kWwHmgUK_ITTuWNjHV-zZL/PAY/Commercial/
  343. http://snits.com/YVUHr-0UZVufXZ1krN7N_pqOdSlWc-wq/
  344. http://starstonesoftware.com/vwlK-3AHlv2GCuSjDc3M_LlOuinCEF-E1T/
  345. http://steveleverson.com/YBQlx-oKkPL2AOWk99Qz_cEZOmkck-jIz/
  346. http://surmise.cz/jZtr-jTHjqhknSsfMKwV_eEjeKwBH-ppV/
  347. http://sylvester.ca/TRLNM-hCMtrFKuKsWPUs_YIRmiMMd-g8/
  348. http://sylvester.ca/yQvE-hU9MDI0hU42gbS_yJTAUlSlI-oJy/
  349. http://symbisystems.com/AT_T_Online/Qulh_UkYRFw_gGjfoLhm7p3/
  350. http://symbisystems.com/gXRGM-gWCOI8tfAsVhRET_zZwadvHjw-Ss/
  351. http://tacticalintelligence.org/QKyh-fnmGK63cuWCR9Zd_vNdFVlkWZ-9y/
  352. http://tacticalintelligence.org/SjyNK-xQu2D58So7hdewI_BxSYumYfq-yll/PAYMENT/Smallbusiness/
  353. http://talajewellery.com.lb/9Y3ep9fF_m5Tocelj_tH09DUt/
  354. http://talajewellery.com.lb/Fvscu-976Dvu07XA9vdS7_TbCTjYAi-v4/
  355. http://tasha9503.com/ATTBusiness/ECshzhHcu_1gYr0Gob_GWx2YqFHkY/
  356. http://tasha9503.com/gvTr-MG7qNa3C1zER4d_jqYbmVHqg-NX/
  357. http://teambored.co.uk/AhrD-nbY1frhaxi07PAQ_uTzYtfxF-2mO/
  358. http://thecreativeshop.com.au/tTZr-QssvPZ08tIa98X_JuofCGxh-WH/
  359. http://therundoctor.co.uk/kVbV-gOjERAEVy9aru1_WLcBLEQWX-YA0/
  360. http://theshowzone.com/xUwE-xH85xQve1DQsLGB_ywBeVznUu-f5/
  361. http://thinking.co.th/MFzB-TlShWtOzRk1m4D_inaFsiIht-Kd/
  362. http://thungcartonvinatc.com/MxZhe-bBdwsbFVz36TAJH_YObpULtA-II/
  363. http://tokomebelan.com/xSAKU-MPVhi0LCLLE9lGj_ybsOKrnt-nr6/
  364. http://tomsnyder.net/sQch-pKactG8z8OkE6gS_zVSPnADt-mdA/
  365. http://topsalesnow.com/nEdH-y1BBshbNXAKrUJ_lYuKCVPj-6V/
  366. http://track.wizkidhosting.com/track/click/30927887/johnsonlam.com?p=eyJzIjoibUhTTmF3SGdobEd1V1U0OHE2NmdOY2YxTW1RIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvam9obnNvbmxhbS5jb21cXFwvbVlITWEtYWc4dEt4MmUyVU9JNzNfQnRBT3BxUXFWLTIxXCIsXCJpZFwiOlwiMGUyYzEyYzExNmVmNDdhZWJmNDVhNzM4YzFlNDZlODlcIixcInVybF9pZHNcIjpbXCI1M2FiZmY4YTFiMjVjNzJhYWIwOGE4OWMzMTM4ODU0YmIwNThmYjViXCJdfSJ9/
  367. http://track.wizkidhosting.com/track/click/30927887/simple.org.il?p=eyJzIjoiUXl2UmRFMnNMQXJ5bGRQeG1qRGVBRDh6OWxJIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvc2ltcGxlLm9yZy5pbFxcXC9vVnVSLTlMUW9DSkR2eUpQQURNX25tR2xEb3JlLWYwSlwiLFwiaWRcIjpcIjY1M2ZlYmE4MGI2NTQ2ZDU4YjAxOWMyODQ4NjhhZjVhXCIsXCJ1cmxfaWRzXCI6W1wiMzNjMzZjZTkxOTE3ODNlMDZjNWU2NDdkNTMyMmVkYjk3MzcyZWRkZlwiXX0ifQ/
  368. http://track.wizkidhosting.com/track/click/30927887/www.zengqs.com?p=eyJzIjoiVE1tYmJSd3VWVm5LdnN5NTNGeGk5bjVqaWNjIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvd3d3Lnplbmdxcy5jb21cXFwvVlZEZi1Fem5EeVF0cnhvR3BQb25fckFjUUVZVVItdGtDXCIsXCJpZFwiOlwiM2RhNGUyMDEzNzZmNDhmOWE1NDc5ZDBhYTVmMDE5MDFcIixcInVybF9pZHNcIjpbXCIxMDIxZTFhMGQ1MmVmM2YyNzg1ZTc4NWY2ZjRkYmU5Y2FjNjIwODI1XCJdfSJ9/
  369. http://tracychilders.com/fNTes-9JVtazAtJKhaQRD_iaPssyLlx-nwD/
  370. http://tracychilders.com/qiDIw-Fujss2ev2qZyzQJ_xHgNoLER-eXm/
  371. http://trakyatarhana.com.tr/ertfa-OKBqeb3xQHGRXUF_GTTeogQyv-fkv/
  372. http://triton.fi/KRkU-qE3YGYMR7zDYVv_phxwzxDe-hg/
  373. http://turkexportline.com/ATT/RJoZT_Jf6b8DCJ_ludqf/
  374. http://ulushaber.com/vzfCk-1fw668JKg5Wrt7_lHBrSIntg-57/
  375. http://ungvar.com.ua/9K1aDS_2DHAQa_W5Nsatk0/
  376. http://velvetpromotions.com/ATTBusiness/cfv2W_IoBqT0_IiO9CG/
  377. http://velvetpromotions.com/fkMJh-5JDK6MMvt0dAuS_fztaNhXb-UlB/
  378. http://viaex.com.br/PagOo-0kV5En6qTpdO9Vw_dQVOeHLCD-Vz/
  379. http://wasza.com/EIOhD-wUTfE2FiSSp2FYn_GUbtImUGB-kK8/
  380. http://wasza.com/qehc-YSw966KXQyrrXe_REmkFWYI-ah/WIRE/US/
  381. http://webeye.me.uk/ATTBusiness/AWx3ToCova_5dUSHY_RZkgSrk8y/
  382. http://wellmanorfarm.co.uk/TFLX-V2JlCelVeQaIta_sZQTGLFzQ-rvv/
  383. http://welovecreative.co.nz/myATT/QPBR2gmh_MUMQZDZfy_XWC5QC/
  384. http://weresolve.ca/sLyI-BpEuAKdH0tMpNJQ_vVZzJGHW-zti/
  385. http://wholehealthrevolution.co.uk/GqSR-WSRYXVMeueqG67_YaPJiHgs-MH3/
  386. http://wholehealthrevolution.co.uk/myATT/4JQSehw9O3I_MlyVnZVfE_sDlNsIVM/
  387. http://wine-love.ru/wp-admin/DpVj-LJtI24kZvooyep_usjrZXEj-36/
  388. http://www.actld.org.tw/wp-content/upload/ATTBusiness/WQkuqwZoFU_7ZIS95J_7aLQp/
  389. http://www.agroturystykadrzewce.pl/administrator/language/StoI-tEvzZMigcPjZYc3_FwLxIDAAA-C5/
  390. http://www.alize-flor.fr/lBkOP-lffy6nJ8bKfMeWX_NMvLthEL-1G8/
  391. http://www.ardguisser.com/IUIA-qgkdtq2rfbXD7Z_LjIAENgVq-4CY/
  392. http://www.arisun.com/PjLYo-78KitaAOqgZBkV_WeBsuRmWc-8F/
  393. http://www.azimed.nl/BNGj-likKFCNbmgzcGd_XeKZxNTxx-Te/
  394. http://www.baodong.vn/myATT/HwtTm2qi6r_Athpd0dD_ZSjrf/
  395. http://www.barjudo.com/AT_T_Account/4PioI5_NAXwca_qKGtX12m/
  396. http://www.chaudronnerie-2ct.fr/rLVD-6RB8aaRKt1bBmz_vZqrXLKX-7O7/
  397. http://www.cinehomedigital.com/OaxDz-Tct8ujboMfNFSj_fWoeTSHmg-We/
  398. http://www.cinergie-shop.ch/kfRl-xWKq1RK6nd26YK_RXjBUMMq-mWr/
  399. http://www.congtydulichtrongnuoc.com/FGaOE-PDhboPsvlGjM8wm_tABwhpkm-2Dz/
  400. http://www.consultor100.es/nnZPf-KDgJK8Ht7XadKqe_KojPPsMi-fu/
  401. http://www.critzia.com/Wpyqd-DDe0TCEjHnEe1j_zUKuyfhH-wI/
  402. http://www.devadigaunited.org/AT_T_Account/pig_S97z1V_h6KxO4x/
  403. http://www.erhansarac.com/rywr-mVV7OeMmPTPnde_tHrBDLJW-x5J/
  404. http://www.falzberger-shop.at/DnoPC-a6aiTyXGApvyhc_KwswCAVJ-M8/
  405. http://www.grupotintemusical.com/YuwT-EvLcUomWylLGn7_AqvvUeVw-NAy/
  406. http://www.hlxmzsyzx.com/AT_T_Online/PzkzwPYd5C1_L0W2ab_a6M88f5o/
  407. http://www.journalingtruth.com/MiaIS-GbntlJumdduH0T_DfWgoYbW-WJG/
  408. http://www.karakushafriyat.com/Afrbv-RCNWwn5YuZL6O4n_RvzcZVPPc-BP/
  409. http://www.kinderdiscovery.com.mx/bBWAN-rKJ8xMU6RztR6hS_EDkgpRlev-Pb/
  410. http://www.klubpesonadepok.com/ATT/ttE0Yz8Eq_HMGV59E1_TA9gD7fnW/
  411. http://www.kosses.nl/EjhIY-op9grSuKwLl8vS_rLkUQzta-2R/
  412. http://www.krasnobrodsky.ru/AT_T_Online/7eFxSb_is2z3F25h_ce6fUcO/
  413. http://www.locationdebateau.re/ahuXv-IWHBd0p9rBLLy5y_wZrmwFtb-jy/
  414. http://www.makeupbysinead.com/0k616V5M6_EizHJSFZX_lZODrcn/
  415. http://www.manoratha.org/Lgao-uFJMCp4HYAvNssk_YjNwBIsbM-QA/
  416. http://www.marcovic.fr/AT_T_Online/BzLuG_1eRR34kej_1LR3R/
  417. http://www.mayurika.co.in/myATT/4xbzoi9_UYRLXiy6_NCbX6qEKN8/
  418. http://www.moodachainzgear.com/EdhPs-LMkBnS752smuCUT_xXxGukKEV-rK/
  419. http://www.moruga-scorpion.cz/gLXhb-7K91X8d7Ta3jNz_jRfYJEaD-oZH/
  420. http://www.neteclair.ch/6g0QttQ_wCiPnEiBE_NRcrNs4/
  421. http://www.oceanicresort.com.gh/wp-content/ehqy-P6pby0AoDCTBc0_xGnlYDshY-OFX/
  422. http://www.omegaserbia.com/Ycdx-yl4xHiF7HTtNhj_KvQoZTLS-vEj/
  423. http://www.ourteamsolutions.com/wBqz-RNQh8GlIdOTxzkg_vZSzjYdi-xLG/
  424. http://www.penderec.com/IIqm-RU0NDaPcvd35IdH_ltzOrkZam-vcd/
  425. http://www.preguntajacobemrani.com/OZcrs-SqYfcWNmD6tnG3f_wrWVEggYO-Y6/
  426. http://www.realestatesdakota.com/cYkZW-y6ujkXDfwMMox2U_HOLeAWKIO-Got/
  427. http://www.realitycomputers.nl/gadne-mJqRXki6OpFP2GJ_xZfGthaR-Si/
  428. http://www.regenag.co.uk/ATT/QiHCQrjr_Zotq53Crb_AkY2F6/
  429. http://www.rensgeubbels.nl/mIXOb-fWn7lu8K8wY1jeM_ftacUUWaE-GIz/60190/SurveyQuestionsDec2018/EN_en/Invoice-Number-247797/
  430. http://www.reparaties-ipad.nl/vxXg-U9xPLQZ3m2ioweb_nlMNOlgI-JoD/
  431. http://www.rozii-chaos.com/jYFTf-NeFoaBkf01R7EX_eMBtoJQbX-y76/
  432. http://www.rumahsuluh.or.id/bbvSl-fwPfvjKFGqZUWUh_RDzsgMrKH-VSA/
  433. http://www.rumahsuluh.or.id/qtXOj-Nrpzfh5fIp5yiX_rpRUqqaVB-E8/
  434. http://www.salamouna.cz/cache/DrmA-BznczbBsR8oE5yy_tZuDehWUP-u9E/
  435. http://www.sambasoccertraining.com/PRYwC-kLd6QNVKBUWY9Cn_EyfVxBUR-47/
  436. http://www.seracojp.com/AT_T_Account/s7GHAuxLpjy_SXEQVL_v1KXEwbzA/
  437. http://www.solaranlage-onlineshop.de/myATT/XcrDgwp5c_Ihh72ulT_XzhhNpz/
  438. http://www.sorigaming.com/myATT/Mw7_wcULcElak_u9m8OLT5Aj/
  439. http://www.studypalette.com/Ijqt-N2aG76ksCJAXtj_gsctHCRlG-AP/
  440. http://www.surmise.cz/jZtr-jTHjqhknSsfMKwV_eEjeKwBH-ppV/
  441. http://www.tdi.com.mx/ATTBusiness/gZiVFCYl7b_oVgGCjpL_AbPoQtN0Wx/
  442. http://www.topsalesnow.com/nEdH-y1BBshbNXAKrUJ_lYuKCVPj-6V/
  443. http://www.trakyatarhana.com.tr/ertfa-OKBqeb3xQHGRXUF_GTTeogQyv-fkv/
  444. http://www.turadioestereo.com/AUxH-FlOXs9XgIgxG8Cu_ZwihDijmg-PpU/
  445. http://www.uocmonho.com/oHno-Dc1orvj3ZxXXjd_cdOssUFx-VPM/
  446. http://www.voc.com.au/nXNV-aNmwBk4pKKY6zp_fggdolrC-XGU/
  447. http://www.widitec.com/heeEx-K0CJSqJW2LAcqI_oGtrxVdJS-DB/
  448. http://www.xn--yoconsumoproductosespaoles-2rc.com/YYty-GgR17mxAcaxm6G_jphcRWLuh-9fy/
  449. http://www.ykmkq.com/GUrh-f1L75KRQScF8sH_LjXOtIJf-Pf/
  450. http://www.yourlocalfocus.com/mDsf-ybuSQC7vZb0D8jb_WsglBuOWX-PLU/
  451. http://www.zengqs.com/VVDf-EznDyQtrxoGpPon_rAcQEYUR-tkC/
  452. http://www.zingbangboom.com/myATT/HHtYKK_ZtwMPiOm0_26QOxx/
  453. http://zoolandia.boo.pl/gooX-AkBzDcjIYWpqjT_OfWIJPJF-zj/Ref/20067287Download/En/Invoice-for-b/v-12/14/2018/
  454. https://ido.nejanet.hu/zxtrU-hE8z0MK4yGOvpKK_fQNGAiAA-fH/
  455. https://u7188081.ct.sendgrid.net/wf/click?upn=da49dPi25G9RkThIR2yu6V2-2B0UrHKy3sejIc1BpWz6-2FLgi6ZiHojJvEkZREPVe-2FY2DGNdeAfsRcO-2BRDFUbPjp27R5GxFIYO9lU5OTFNPq1M-3D_oEUkigULEm9qDXZ6e-2FeLN48tNnAG-2FFGxEd6P5PSlSW5Wlgcz00Ux71G9J5qQKl-2Bl26cllPJwhtru0X-2FKUPGzU9c-2BZMI46I6tZIaROLEvMHgzQtz-2B16ZTwGuyAcs4NCVylkewi4cER40BJmXapmjUazQ8-2FFG6-2BhbAlbXPttWv7tuQLVUCl-2BotIj6-2Be4r0lGt7ho-2FndRz3NN07CNiQt6xGuNDBabwHoSdBAuHvVbLZAdc-3D/
  456.  
  457. ```
  458. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  459. ```
  460.  
  461. Creation Time 2018-12-17 21:25:00 (ENG - Orange Text)
  462. SHA256:
  463. 9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64
  464. 9a11b58b4abf98c2a344000507c70bf8d64789e942a3b9f305f9ea6b9c169f04
  465. ac9e0312a3a4a8d65ec5b0b42d42123417950cffe463e065e8f56df05f5391b8
  466. bc58f10a3238d4d88c93c92a784f6ec5e692bb5b9ea99bb9536cf88149d2f1ed
  467. 80ad49dff7cd837b5b4be79fde0cd9674ff582a6cd2ce1c55e8ff6b32960ce33
  468. 0c9951d3ab42f1e00facdd5a38983fa0f5dde2fbe6f78d190fc6bcf0b3764212
  469. 84c6407990e191856823f420c95c0f910ad2efdfcbd2ab6b00aef8700cc12609
  470. ee8dc553fe41e08233199d807e2a17d661aa5a35746ae1b9d656645ef6a0b4f9
  471. 1b05e4717247eec26d2a908dc8b931184c4fd2f6d8e6a82d49f0411f7c62534f
  472. 6d4e4b034d87b7385b156ef731b43ccbd3708d6fe5bcd0a0c4aec5f5652c56e5
  473. 3e06993367963bd22d22ad38eed88bc1da0221977130052f9ff249035b53cc3a
  474. 933aeadba3464a27badfe55d8bafacbd07d2fe06a0047a8dd0b2e46d1bd1a647
  475. ff0a3099b2b6e2f22d9b70ecbfd564beada6b15fac601422ed3ef587d12baac5
  476. 834dae8da38455d0d375991bc0129579331bb78ce49795571ce88bab8e57cf94
  477. 603c87a9f65188547ac93f927a1c1b05cf3dfabf328ce580cc49a0a570dd55c4
  478. 189530852d4d852242d5214e38e2caec8b39d9cd126beda86c299df3176373cf
  479. 1ee1edbddce8fca3bb334417974f7168d36918509338aa86d4fee64ca3d9c97a
  480. 20c9ff6027b5b9412aa34ad73dd13df7c4bf5c8e305a79056ae6e84ba156c17d
  481. 3b34e6a5f52846a7a080fa504f68cf04e6755da23ebf32bd81549dc36583fba2
  482. 257608c1a0d6814ba892870b4ddc696c43aea835e059b4147cc5a67e88aebf9a
  483. b00703a72e4f946c0acd60dd8f5b9a89083cbc8b277a8f2674c20f06721c5c8a
  484. 30c56de0ef715b1cc99c56d1fe5c5e91162b6c2757cedac47118063c762a112e
  485. 9c6185f61bc55bd5713fed99d2982c8d4353d0018461f950bb896bfe8a5aa304
  486. 1c11dd77fbec62acf960facbb86b74c5e83811ab2e59c9403b75258348539958
  487.  
  488. http://www.funtelo.com/58S1xJ09/
  489. http://www.shout4music.com/Kkt4CUPvX2/
  490. http://advustech.com/l5EcamTDy/
  491. http://www.ceeetwh.org/UZwh7EIWD6/
  492. http://www.gmlsoftware.com/itTZIne5M/
  493.  
  494. Creation Time 2018-12-17 19:03:00 (ENG - Navy Blue)
  495. SHA256:
  496. 07d589388448d9e760ad5a491e7b6111d7ca6c9d692e2a5e85ee5f4731a4630b
  497. d19148ce1eca0f37a7e1c4e7f637b6c740f7f05af5fcda7372917abdfa733788
  498. b52dee08ca8eadf14798887efcd8359ed58d036c13ad797dd09cb94e3b70f8a3
  499. 17c7de70562a3cfbd00d2d96f30984a1768a6d4577936e0ef3f99418c55fc2fd
  500. 797e7d043032a9320473e52721d09ac18aa8cdf57a70394b71e8003a11e28595
  501. d8d2963a3d1e4ce35a58ab107804af51266164e96a0fb2c7ae0e118226b5b385
  502. c28eabedfa27dfa715a7093cbf0ba1532a74cf03936575cb668da8e3fc19879d
  503. d4c04b211d8b43f3bd9a7bac94d9ed22d7895ec83033804e832f2ecc9d1f6216
  504. 0379044b2d0cb693797c8adb5a5ff0991df7b767d5df6268536288214bb05377
  505. a8068602b148d3dd318f613e132c244dae44ad03a47cffc076f0ad8b42c505e1
  506. 81f1052a4d972b33990acd682b38182ac89ae812bd2c3a0e195ba0384aa53753
  507.  
  508. http://www.wmdcustoms.com/SoYuALGOUR/
  509. http://innio.biz/FQNvmdqgyi/
  510. http://fomh.net/09NzQWlsLW/
  511. http://www.bellitate.com.br/Za2OnSuDju/
  512. http://pure-in.ru/EqaCUDSuU/
  513.  
  514. Creation Time 2018-12-17 14:27:00 (ENG - Navy Blue)
  515. SHA256:
  516. 50db407755a40929b5b6b5dc19cab0fff94b855d471797f5b7246d2fa6c3a280
  517. 216c7c9300632a99d808ac6c2ba26a53402ac584504bb7eac3cbe35b56994d93
  518. aeb831420f4784da6d463131d145f004e69e04042279afe3b14bc4f2df5cbefd
  519. af8a59bc575309e2dddb45dec73f0c37b82c72752b6627b235ecc88302238a46
  520. 2563d86bb358d86d06856a5becdcad5b6461d88fdd49e362691d5dfae43c4625
  521. 1246ba64abfdec50f3e566a2291b3fc0e96a7b3969fc97ed57d01236c5084259
  522. e4664f50cf487dc05e782a2a9672286731b27f1e17f8621f4de732adf23d7a8b
  523. 4a6bd78488989e57f837c67e0439a4e4a276b8bf339aef5dfb177a4d03e89f33
  524. a62f9b138b9ef335233e2f25c1682a516632671334a969fdc15c32558cb6fd5c
  525. f868310f0bf5c2ea2e7468b1130609370c2c2a6922b227d7110f1e3b35ebd4c4
  526. 314ab01e7aa217197f6617128254b70aa7cc918e6f417ea5d2dda5997340e51f
  527. 13c67927db7b0612d9e205bc5d0f03dc07eb5cb546e3d0eaf0d6411d11bab2f1
  528. 71fea3f621101d1f058d7b145225a38e7e138df3cab318f1969056ada28bafba
  529. 9b70d180a54addc52460c7c5936521bde8dfb6b5e276a43de87c264d9232eded
  530. 69caceab49fdcf349e2862d18ed39ed586d4e1a973f2ffda9904808871f6bce1
  531. 4030d19135210c191d7761a432b295314588519a0d3497bea401f6488c7de445
  532. 693c1534f3b4acca1651ca0ed79b537e6c5f3fd63956bff58e78c33d47d0e885
  533. 3efe254d06d8c8635d2c6858ccdf23d13dcb79c7382cc5b446a59a3cf24412e0
  534. 923a35d4341f901b180f9df76092e5586610a71cbc45801c51a472a7bedb4f16
  535. f4d9c1e45849b189548f2fcb45126b008cfa6254cfe2fabb789ec0f096672eca
  536. 653f234baee70f8280e05720d0335b5dc898e6b0aa2dc6a04b6a278f51326441
  537. dbe1a87b8a5b3b2e5bf279fb920fe88525d2548f461415cc28476b6e0911e6a0
  538. 496d0777c7954af7bff66209fc768a23a129e313b19c3ff509149a74963c9470
  539. 2b73175122d0b0ca5b496fddc02d17032f5984ff4281501e62972e11784f8f0c
  540. f868310f0bf5c2ea2e7468b1130609370c2c2a6922b227d7110f1e3b35ebd4c4
  541. e6f1e9b300678f18f5a2ad8fae808527f0042e8e798b9664422c5a587908262d
  542. 6f3b1f16e245a99d0796aea7772482338055226d88d59ab9cb06ce426c8f64b5
  543. 2e423e4f85a0fe78910156d80a5c79adef94c12515b79357d973299ae9b6aca5
  544. d5ddec793e3060dc03c609b9e37fe687728677667093e627df617baaab4b47da
  545.  
  546. http://www.countdown2chaos.com/RteZ6CxTl3/
  547. http://www.mtyfurnishing.com/uV0Z7WiM/
  548. http://www.fortifi.com/IQmS1zuNj/
  549. http://limaxbatteries.com/yc8jyNd/
  550. http://guiler.net/n3QV4jHc/
  551.  
  552. Creation Time 2018-12-17 10:58:00 (ENG - Navy Blue)
  553. SHA256:
  554. 5c7b5cd5d22efed9027b8b14ef196796a5fbba4b290409214f844a5b0f73d158
  555. 01e3049c2339cc896ab3aeea1bdc36a9fbd2c0553ee14f19c2c371d2ff2788af
  556. cd52db5b0315179d6ae072dd17e07117db05edac616386b3201cad753c7ccc8a
  557. 644364d20e7888590ff7241d49197204aaeb731900fafb12c68dc823d620e80e
  558. 859c0871dec9be9405a8c0df1af51b01fd561a0a3c8a5ba67bb6acc5775f1e03
  559. 9a85aa53f0e351eb155f924056a339793b01999c199c8cea58aacfb68804f6fe
  560. 532e8ffa7c85c71f9f80c5c4fd100b00f36add0562e2ff39afc9966a623842b2
  561. 5f3acad4198baeaef23ab971632a229d7316c29e7cf188be96aa0f82932495e9
  562. 5f777684b8da45736bcd35828a63e826970edd3307af2f2b150e33779f563374
  563. 4cf44cc2aa328d6860ed2f98b860aacbf4dc6270c85c3c0eba4ed8e98a303924
  564. 4962b11ab76f9e76ed18875f62341d4bf30b3169fcda51704d7ab91c72bcbaa4
  565. 17c10a4e711984777049d3aea951494d14aaf5d6efd5269d324bbf8ae96885aa
  566. 378f7b5825b5cdecb2916800c17f7012967a0cd1f6258c80ca803e7d4794eca7
  567. 85a080bebe65f0f1b0ab42629cf8a49fadc9e1ac0b7559cb5a2e6bf74c70b2a5
  568. d1a6784d0318bc92859a33ae5c4ea6f593deb148de4599d1dd14cfe807589e55
  569. 34da9a239942f84b860aa05f34ce7fcb7ae47c837bb7cceaea489c2dd8f7fa9d
  570. d97fd77f52628a1094c41e44e3781e81da279039de436cf313dbade61fa1cd24
  571. f127f6bd2f9cb6cfb2212aea7c8075b232e153e26b9402525374234a8f35b729
  572. ddab96b4fa0b2db7f94cb63c5fdfbc164706f7bb074234c7393948f67ea3bdd9
  573. 84d24a628ce79f2fcf7686824f741d8a05077b213a4bbd59f34b93e21633d75a
  574. bb4a2ee42b3d2bad07b889c21d37bfd3c9dcd5ccf3ed9e0c5c9457683edcaebd
  575. 9a6b39df5cde6336cd8be5148310bc920d9070f7ce925c9fd5724e0490fd62a8
  576.  
  577. http://strike3productions.com/fHXdHseo0/
  578. http://jomjomstudio.com/DtxVlSu/
  579. http://ulushaber.com/0YYQkxuY1/
  580. http://drapart.org/myCmxSG9/
  581. http://billfritzjr.com/zZAX9a790J/
  582.  
  583. Creation Time 2018-12-14 17:27:00 (ENG - Light Blue/White)
  584. SHA256:
  585. a292a8125fb76f54bac2d685425d7e0d073ac3f6024d329c6e2af36a4b52f530
  586. 1dfe90808be136a5cac62660566244a87ff334b58df22f413d7731f7e270c17a
  587. 4d790bb6998c7d9ac607e207fc1fd22c7f928f572d0cff00c167cfac1658a960
  588. a08cd28749945a9709810a2ff673dcbf33b6ae24d53ee80d8efa306c2025671c
  589. bb64d6d8d21319771caf1ee33304cad02db9d3a150fb06ad2f1ebd82e2d858c3
  590. a9572b5e03e9d40fd1da942879e647f86ea150d008677b2559bfec0e379370b2
  591. 965702f3b56e481527c283470f9ca8707684849a54689f0972638b6f6f7a090e
  592. c7be685170e3c94ca04a17041b08cabb7382f63b3bf11118ba151948d710ca8c
  593. 0cd893f50ae7d919520aa2393c588d1f23e73c6730d94733df24f6c7c9918f2f
  594. ec5da20c06eee8f769bb10cab81eab099a88d08518d21a60bb708c0d5bc15e45
  595. 5547e783f9cd9d8334df12b58bbd73c05bb60e26380c99e72e408cb6279525f7
  596. fc2dfdb1cb7b0b66f034b11c6ba3bb205f4710f33b61a210cff17ab454a597ee
  597. b7eb2b59ef91e20e0435c5066a5e351f8aca6bb77b2423c0179d8e47eb2175d0
  598. 518fcde19ef7826d10566b2a58a8c0885296273934d29ba530553ca6890bf216
  599. 86bc87512f5919b4defd288924d0438d62cad08ec40f16f1fc581a82d1c858ef
  600. bbc128ef5505582c4532d06b2d09a8306ad1bbebf1b76ab8076d4036383e789e
  601. 9e6686e53039796475cfd978c8508b4655d5bff109211d00588e2fb19dde0d21
  602. 1935011504e11016ce69200dd37e1d92b3d4bea21d3409de4ef6aa75747b14fd
  603. 84f9789998f71a13de2a8ff11726c1909613fad616312c665402e50f40ce5c9d
  604. 06d8d454a45bb4fb02672ffe00d39c6c719c26850d7139615206b0a16b7343de
  605. 1c7031a108db22b1555b0d9275f31fd51f170a9335e43a083cc1eca9b476b7fd
  606.  
  607. http://sundownbodrum.com/J335NbN/
  608. http://www.roteirobrasil.com/wp-includes/XEBv3PdHgZ/
  609. http://rdabih.org/m7mnTYaIzL/
  610. http://zavgroup.net/11D6PwFu/
  611. http://stefanobaldini.net/DfSVLfsC6/
  612.  
  613. ```
  614. #### SHA256s for Epoch 1 Payload EXEs seen on 12/14-17/18 ####
  615. ```
  616.  
  617. ef17ba94ca016e111d1aaff149513fa4fc4df7f6d1f3f03b3eb491644ae24df4
  618. e9b7d8ac373674cfd789ac2cb9681a5a2abc4d34a8e1eeeae1ae2a799d2ba01a
  619. 928cc4aed8f8abf2863f49142dcf4ee4bee558e21161ed0296a32216eaa256d1
  620. 60afe0e8502f9df14b8200efbe2bc007cc483571a1d8210fe5843972f0f9a510
  621. 25cfdf2c13b086a375ab38c9a3df5259551dbc60f9b463489445643b310ba35a
  622. 7addcf66ed2376c8f9b2adaeff04fc01c92881b2990d460eefd60324209bd62c
  623. ff27cb0a4046b7d4e23f007d65cdc52b06f41ee2df99ab1133ed8a36862e4a21
  624. 14348645a287ee61829575dd2e683ba7be08a73752ae34a0bc693be3558026ab
  625. 82e615c4d0db14708e32beb3e94a23c45f588d8b97bed9a68ac0098e1dbd7ecb
  626. 5a150e3d23cc7f9fee0617c89ed45c66ca4b3ec340bae0f9f6b15fb689fc1570
  627. 9848953c6b79c8fbce1f7ef43e07002bcbd84bc9ce0f9c439c90b59e00b85534
  628. 58d601b6135402798e02049eb8da69e5c849c7b3bff3422a8ca35f2a43f7ac80
  629. 46a181446e77c311820df9998b075577dd3ce7e63e7fd5f94cc34a64194bf75b
  630. 839847979c3ce97658bda23a7aff57496c57bc2f29876248bc6507ff9af5473f
  631. b19329658072ac42e0fce683de956de366cc9bc5cc2a289a614df24d5300e9ec
  632. 7e72a231a5e4c7a2a8dbd5e9520d7fd630b53401a13648ce7781093ceb175a0c
  633. 57681d82d708e91d820def30fe0a5df97fc6b1da434b7ecc5be22fcb5f5810c0
  634. 081eb233f6ff99f1feb554786b4f64ec3c246405147c6b8854a94f5c351f368d
  635. f0136025ecbb3e6e5a7c2fb88c7b8e6f00df46450e4115c6c56ecb715b1f4e96
  636. 6c8891c753174ab0f22cee17598dd31f9950ce1826f1eced240e174deb98bc9d
  637. ad6cc298096cadb4df43c48243f04278f472087c562a90fb3c4b28e1881f7935
  638. 0dd4955b0a6080e00c5ec8a66b286f8fb491ff08c2b3cae21a31f20ea0f22dd9
  639. 7d1617b283b0726dcb34bda4cab8c95b90b49452cf0d215ec9677ff326cbb448
  640. ece6089c51ce77f4a1462ec9ddb7cfa0c84eb54e53261b317ac2486807cfb3d2
  641. 991b11d9e2880af89474dd23ad26b7606e11a4aca5480960c2bd2caa1c300f86
  642. 46bb5fe3455a3ef1aea583012c83cbf3bdd020a496f37428bb4be2879a6b2c12
  643. 0b1624e0767e738d52998bf04a4acf44a029919c5c08eb65a209ae7fa64dd09d
  644. 181e5e7ebd7145e94df2c33c0ec5752c09c990d130733a39eae42b203ae867b5
  645. 51e557e584a766ee56d14ac66aeb42f393d70267326c0a18b2a35409deb4213d
  646. bb42f3a247793e689628e2bb5c1e70cf4192d0370803eb345f5a9d5750d762a2
  647. 5594446f857ca90d7464039471bc086bd6a9ebfd5d5690c9147471dc01e133bc
  648. 5a5421d0d4957029cc22f6e5fd7039e27d6fee6493b5f9aa7e3cbdcb7729a04b
  649. 8603a0a28e2b61d9870c37630983b8e90236f6033786479d3d93682718e18d26
  650. 9f4a23fba9e85e323da7a8751a1bc0a2e837153f8ab63f8511a5cc848eeb66cc
  651. 4a76c2e52c615bcd4affbdc705e1ad57d3c5b2cdaaa5154db2401d1cf33b81da
  652. c7a53b22c8514b81423aeb0a920e0fa20df08a956d6144764148f984c82042f5
  653. 3aa53457ec55fe3888fb198c40fec1804c59b22df84e8944136d009c54c1be2f
  654. 1201321c8641769c6f0c7a88b8d327e6815badeb2dea09690f3daf1d64608d0a
  655. 547b053398eb9a3263154eb918f4b3dbb7528fe738848505ba767ea45e366a36
  656. 13f7534f74fbba13f1b1980b773abcac4ff7549cbc6c66fa46776739b7611aa5
  657. 0dc4c3687b307629ca087aebc85546fe74ba37cb2776c514b401d1e2628eabcf
  658.  
  659. ```
  660. #### Epoch 2 Payloads by Document SHA256 - All Times ####
  661. ```
  662.  
  663. Creation Time 2018-12-17 22:23:00 (ENG - Navy Blue)
  664. SHA256:
  665. 04ed22881589b6c77d01cdda5e35a736db215978e813aaf058da725c1bb48fb1
  666. 67e20396aa806209ca4d38be7958d42cb28700eda1f511dfef542c27b1e1a886
  667. 4a6e7c6c0c046e59ed726173ad7136f10862e76c6321bb76924a899bc6b93a91
  668. 50fd133b606006eb3d0085028fcf5b4a2460132cda32b2e6a25a5d32f54718c3
  669. 4562ef8d9a1300f122fc08d2b87f136891fbfea41433a59dc760ac7794a0702f
  670. 749c2da7a49e60064ee30ad7579a5ac41d2f2bdc9c968ee8b2db96a0a2031839
  671. d55d45497bd44a64fe4d1256f098ce2a3a4b4221e437f69796b34abd17eada87
  672. 8e6633e1c89c3d845a356cf17cf2405b4b000dce533199fee84128c0d9313e75
  673. 6bd106b90b7e4cc39d90c250e17fb23a0bb255c14e4cdf34d6a80d346f38ba59
  674. 6dc700725032aded54ee5814fbd2ef976f28c8f6f3b5feb64f7e6484e367824b
  675. dda4cb335e20098a220191c90e9c0a195392b90d8e4c76ec0750e1a3584e77d5
  676. 08b4bdcfe55e4182c23c7988e3670060e761a629e50992ddaa015ac28d8a2267
  677. 93239b5ea551061f1ca4166c69075d62e7541a35964b9fba4604a9677432fe44
  678. 5a36447adb2dd4d1c72e36a8468abf8e54674148945685e9291da657587df38e
  679. a778166c771520a979b0209d421e3c6ba8eac09371d88fc2459b37d7e8d6fa0e
  680. 1748a20e532b71d9991edc4ce5ccc43b4691316a1d5b9e7b9099e05919dc2763
  681. 3b8a04257b758ea4e4789ef652b1dde59edb89ba2b9ffa983abe29b9d12a8ed7
  682. 5f21d0a57e14be9302ccff0b7e67f4e3861978045b8e0577eac8a05e3e2ce24a
  683. 8e997e7435d884a63cc0f9cdb91425fc8a86d32ecbb2b228b4f340f9c590193e
  684. 79464da07d3e6e84b1471b5a82669fa0b6e7123e1d28197cce5970a9933a7d56
  685. ca8613f8865172f382218bd38d8692cb64a8d324e7a7797d327fa469e0c829b2
  686. b4f854826aa183d47b302480ad7c0a20ac6d2f4bc0dfedfda15f0ca054fda83a
  687. d0377f68e9799fb777673b2e6f195dd5227b2fdcdcdfd8dd0f3edefa15525e62
  688. a6544b0d78709d60a9651276c50762ddb957eef4a8f33065455a75d7cf4623eb
  689. 42f72d4b4d95a46450081cbfbb4fe046b1a556955a476242a3dd4a1a512bbc92
  690. b370717eac41b25da9e8fefc279c0e952a15e996a5fbc2983f306166c0169688
  691. 37cfad166cdd649fe76a657b06f786b0a6e200c711801835fa97210b4dbcedb5
  692.  
  693. http://www.flagamerica.org/XOnD/
  694. http://www.espace-douche.com/SLmTL9/
  695. http://www.jnetworks.at/content/utB8h1/
  696. http://www.provalia-capital.com/g/
  697. http://www.grajhi.org.sa/yKE7BN6y/
  698.  
  699. Creation Time 2018-12-17 21:30:00 (ENG - Navy Blue)
  700. SHA256:
  701. 52a546d5015586fdc17ba1520d00bea831eb057982aa5cabc3b202cf9aaa49b6
  702. 2badcda3cd25e822ac313a5cfc22afb268b012322259df1efbaa80c2eb75f659
  703. 7ad65beaa9602a5e004fd7cc5807cb967f5b4c80deb7526e4033fe1d63dd6d15
  704. c042a0b97a58e96e5c9ba6fb20bebdfe76caa54ae1c769c80c64f6edc8ab10d0
  705. 844f55f6a4bc27b0c927918d78013e4196cf4baa6ba6ac75a51aebbe0bca8352
  706.  
  707. http://www.latranchefile.com/KS/
  708. http://www.designinnovationforhealthcare.org/di/
  709. http://www.nouvelles-images.com/klw/
  710. http://www.ea-360.com/Ii9WyF2O/
  711. http://surmise.cz/th7q/
  712.  
  713. Creation Time 2018-12-17 19:35:00 (ENG - Light Blue/White)
  714. SHA256:
  715. fe8cf799c2eb432183f5ae3a4a23ca6f0a3a075e98f9963a747f7a97e6cf768c
  716. 0e112d17bd8b05cb684445b6b4091a923dd0300a194ff5f0209ae5474b7b2e06
  717. e8c24fd3597cb804f78aaacf01960743f514002f3d761db49a6a5fbf32b4f6f9
  718. 45f9dac959237d833f6e4e4a9887f61614ee1f0aa666c87db01779d79c56c585
  719. b8678e574a1ea9b25601b8fdfb46ce7061b35f43cad9a7688de8f12c9657e2e9
  720. 1427da3ca8f0daa57d17681f357ebf21bab118218054cd6051fbacaee996b2d7
  721.  
  722. http://www.antistress-vl.com/JV6/
  723. http://adap.davaocity.gov.ph/wp-content/6/
  724. http://portaldasolucao.com.br/oEH2G8/
  725. http://kodi.org.pl//Ntze5A/
  726. http://blogdovarejo.campanhamartins.com.br/wp-content/uploads/J66WOCm5/
  727.  
  728.  
  729. Creation Time 2018-12-17 18:43:00 (ENG - Navy Blue)
  730. SHA256:
  731. 884781beac926c7f0d2fafd86d7c2e9adcb975c6f0dc95590e9a9053cd6e66d0
  732.  
  733. http://www.seelinger.net/jBlG/
  734. http://www.racquetballedmonton.ca/HYvDtu04/
  735. http://anmao.panor.fr/Gps4eJnj/
  736. http://advocaciadescomplicada.com.br/gS2fdTvk/
  737. http://sourceterm.com/eapV/
  738.  
  739.  
  740. Creation Time 2018-12-17 14:02:00 (ENG - Navy Blue)
  741. SHA256:
  742. cd58ef6b3f85a12a56aee211aaa32ea7b6bc2b9ee09a1e0f5eaf80bfa83bd67f
  743. a8589e4dcb4952fa35ec630b76c680d23f6d1e45f40687b1ca3525291ee3b7d9
  744. 775978de13e272c01bc6653652beb2b454971666d5bf108edbc68a2d6a69fe93
  745. 934d6a8eb376e794caf96898d254f86ce3a6ba5e09942f9c588e7ad5f36efa11
  746. 5fc837cec1abb150354341cfd7c63d4207320bf62164728c435cab8d8c953bcd
  747. 5ce4fd3ecf32508f2dffe88e497585a3dc2429d8c9d1fbe419286fea269292a2
  748. 18f6761ab3a7b442614493f558f7ce701093a8dc4cadef6edd6a7841f7ef8ac1
  749. ce772424bba56339b0458dbf50837b90fc09b2e16d25ac4c3e58031d20247bdf
  750. 66f7989caf9748bb12cbb34fd895e871423f9987b801f0265706956305275824
  751. c2553933ecf33835cec271ac5812c1ab61e4119f224cffe4b8636ad0824c9a47
  752. 0c9adad412eab08871875a0025e301ff81a5c79fdafa2690aabf56f62f9e8613
  753. 8a6ccf70ab04e2d958db7783554a05f351ebf825907f5afc8797a7023805c464
  754. 780794d981eb926f0c4578aaf69c6b93312b7090ae17804913edc71a7e559372
  755. 61a3b62749eaf9bc59c0c38cd7df197e826d310433177e80d94ac39387485193
  756. 199ae934b9952ea79f20f094c7ee8c5d6ae558f5a456f621a04645f0cd38ea38
  757. a7fc4292a2199a88ccc065039d3c0aedc498363934ab5b44667aa40bc0c7a0d1
  758. 38ac9500adb04054f1e43ee386d33f007ef23ea1304a5196675e39cc1446e103
  759. 87407297a301376a2a50724de25af9ef6f336bd19166b43832fb062245e7e8fb
  760. f7e1390eb780df28e8df64cecf87f72464aa5e2627fac7c73e0c6c3d7d204b8a
  761. 71ce0dde99deb387a22f2260d05da9e019d560f1dfd74272404e83aca1e6a241
  762. 780794d981eb926f0c4578aaf69c6b93312b7090ae17804913edc71a7e559372
  763. 8effa8d24257d3cf6a49fa740d57b953d30a5eb7eafcf6b6aa6032fa3b3fe412
  764. 4ec862b2d6b4985ab48562a173d7f73fe13ca7191fb2a548b58bfcc30f758bd8
  765. 1494e0e1b3d206505f792badd5b63ec6965f130cdaf95aa426a18dec1de69d36
  766. 87407297a301376a2a50724de25af9ef6f336bd19166b43832fb062245e7e8fb
  767. aef1faff92f2b985df9b91a8e70c1effab6fb8d48ab7c45210925c87d819b59b
  768. d40cad0d21d73654d638cbd486e56da6781465fbb047309b9c3e53dbc1547b4b
  769.  
  770. http://www.letthepageturn.com/xHUK/
  771. http://www.racquetballedmonton.ca/HYvDtu04/
  772. http://www.sanrockcapital.com/e8Eaa/
  773. http://www.cineskatepark.it/GrIy/
  774. http://www.frilvam.eu/7/
  775.  
  776. Creation Time 2018-12-17 12:02:00 (ENG - Navy Blue)
  777. SHA256:
  778. 267ef241b1ec606c4e8943c79cd65dc9e340f1b40569bd5b819bab3df0125d93
  779. 2629aa779bac71d259e2fea522920dfe36e5973cc98151ce8eaecf58234a7f37
  780. d13387b0ad8031d4254766ccd303bd45538c746e4ac5d73f2f00648b4f3707da
  781. b214b0d42e5fc10d8971e492e2713bcf319affdbb4067aa87307c8ef922c8f3a
  782. b0d6f8fac8b23f1f3e38bc6529a020967a919f631540b870c8c452f1c561e437
  783. c4506414f33f164144d25255f94a325c75859cd2a74d694534bbd5f6a1a5ce29
  784. d923f4f11da04686d55cc8e80e6fd1113ef2adf6b734c504b4a1c5fcb4c44c64
  785. ffd4202691ac073cda2ccd827a2a0389a444d4eeebea00f6f435ea67ad5d6c22
  786. 9284548d5cda4b050bbc7bdb102c30021c2d2dcab86434875e9838330e329616
  787. cfb77622e6f3ee23803641c02c74072bae9832c3e358c1a5fb308ac3adbe4493
  788. 3a5c99e85aa6a440b7f56b34d68137b05e140a61fbde5c60e60f20a6dc23c777
  789. 24a0f142f9093847c17ca5f04545eccb713dfa563a95e099d8b7b03fa47b5140
  790. 094763d1c5f57d66e1da4bbdcf9cb6307e61f720edb967675a7a5cc8f86cfd53
  791.  
  792. http://www.venusindexsystems.com/9zCkyw/
  793. http://www.qbicsinteriors.com/nWnBsMI/
  794. http://www.goodsong.ru/SrKs3/
  795. http://www.kengolflessons.com/SqLt/
  796. http://www.firstchicago.net/BIW6l/
  797.  
  798. Creation Time 2018-12-14 17:17:00 (ENG - Navy Blue)
  799. SHA256:
  800. 0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66
  801. 0a9cff4501537c619624c0f13a02183aae6f077e3bd44d57bc5aedce3a39be6b
  802. ef0dc3edb8340cf0103706830ca902c714f5bde45feece5e148b137a8c15820e
  803. d0b670c53d9dd3846aba8d5883154ac6f13bcec166df3b87cfd44ca4fc8d8625
  804. 41d9e3bb2d0e6a22f6ae4fd7860244c0bcb8dc1ef67542d7f274fa60e252f37c
  805. 27333d8e3079c0211f765f78831e2413ce50351248dfce2a3a8521b243f732db
  806. 2ff34ee487aa8eab2df5be9b69e263a5a24c90c938f72d5df7232a6fb2fb350a
  807. 53aa433c946e58d0c08d093eaa2e73f4e08991884f3a972e714af18a944eb53f
  808. a54d77aedf5aa3109420fd4415b22d7f82d293206d431dfa1740e25ae3491191
  809. fbff12abf849f5e8cdd69ad3138ae675bcca493682552f16f45b34daed6c991f
  810. a3ef97226ebed6342459c69d562f48dd6619aaaac9989709a8ddb533dbab52f0
  811. 1feb9716b60057598e90a4d94fd8156d2b113f2ec7b4972fa65d90e79bd856b3
  812. 4ee3e7905a8bdd8f6b53844f1a758b41e8db40009e04f1cd53418558ad9806f4
  813. 592ce7de71bfe682b196a02bd1a8cd0880053e15a13ae5bfa7a7c2ee01be4474
  814. 592247ff870494ffe2132d96dc4adb5a0e927d5acf9a8ca55dbd260395b70d58
  815. 24e15f79c89f7faba99ddeaad817ef9b3deeff1782d43d1d2403d22d4f57d6de
  816. 83cb7bba95779dd6443ae9c7b928b9d45c9cc56e1a7dc6d6846fd1379094d893
  817. e802c5e017bfc84ef734efc2018e722c84e5f66b0609d10a008004c6f6e6c1e4
  818. 706118edfcaa1099b1945b06baffb1915f771ba86642a0cd034f2f3fb651439a
  819. 2fd64d6d32147411b247ed7f83fe69d4555b581786cc331ade0b524990da4d7a
  820. 343c819c4c9cd13c3d1a77a283bf63a3a0e28115ed492ca92d04a4913e50dca1
  821. 3856a96d47931329b841ccdcad6d7e118312e68adf6edabf60e39b854d6de444
  822. fa1e81d1bb21436b719260eb8835a0975a46ad9bfadac62a479fc77ee2fa5129
  823. 59351b32d196cb654b9bc18c62b82b1f2cf1ca50cf9b2e984756d39c130b0fda
  824. 2db88fabf202ffed26480f5acbdfb8016f8a2a22ca8c03b9e4eef5dea974131d
  825. 8f6da43bf30db559d097619f49fcab78954b55778126709191ee9b5720eb1b27
  826. 997072d1d9cfdf1d0ba91d334d67ed25b8e3c58605ceb32d74cd670f98b6e6d4
  827. d9df70d18ace618d9ed5f4be2e0c39c572e284e3dbdb8d5a663474904d89c98f
  828. be849032d67a24eda952c62593d2c6d991500c0a8e628fd189fa9ca51a221cdb
  829.  
  830. http://www.serefozata.com/axf/
  831. http://www.livingbranchanimalsciences.com/zVMQFL/
  832. http://www.donghodaian.com/jiPViP/
  833. http://sprayzee.com/iiWYe6z/
  834. http://yasarkemalplatformu.org/s/
  835.  
  836. ```
  837. #### SHA256s for Epoch 2 Payload EXEs seen on 12/14-17/18 ####
  838. ```
  839.  
  840. b8f1f36e565da2b13fb129d414355fbf5dfb0253a7b74e3759c649d8c93b5250
  841. c9efde9117ef652f7091b448b1667aea97704cd1818eaacffa97a0e1c6702897
  842. 79fcd9c18067d6399deb8b515e28937ea7b8448036edf6d1d86e2e0f18d8ff4a
  843. 0e5731849a5274705251a772b9cfc527d4646e5af1d0d8a9c0dc536d3a60ef73
  844. 7c3209a18acada1e305387ca1cd5ffc3e1e7c97d053d4b61b64184cd5c9397df
  845. 516120ef9bf8392fd70722248c2dec103ce8694204636c2b8f1e309f1c13dfa8
  846. fc62d76945faed86fc11454c8ae1ecc3e8cbb449b8466c7f5aaa9bf45af9730c
  847. 1ed5d00c5e54701fc4dee6986da86868454d9aabfcf70fad8d25ec7b2a871734
  848. 4b53a0d0169ca83796203f1bdbfa59d1d88f09333cac8d768f912765c1e03708
  849. edddc5fe467a5fcb708d7abc3400779dfda7e4a69190eaaed9068348358d853b
  850. 1469d097b9fd57059c35a7c4c4563150d4a547cdb14b3fa8ea84f1baf5023818
  851. 19d03ba95535efacb0208945c2bc67037d7f44caa236469adfb61815d18c8564
  852. a79d0eafcd458afd200ab9769461270c669cfb52af0f8a86f005f42bd16507e1
  853. cca007bc5c562569692218b3534b6a96e9ff77904dae6c2bad4f5a538b77a1b5
  854. 52202bba22c972dd55f6fcc0bde536d2060c80c1a11b42dcbf149d230f7851f9
  855. 48408659ec30137fde7cde0ea1fe95133bdb85c51ada8a30db9c8c4b9cf14290
  856. e069bfed1932b93f46f3fe5342141040d052a092a74adb14601df63b49b0564c
  857. 00d1dadcb5a456fa5cca6e1ab75968109db547d05c335c78d0a8424c1dfdd8c2
  858. c2ca358f3b5979e3520f2735d2bf4f0bfbe2155591cf5240421296b01dab3a02
  859. 24c97bb069dd53a7a210269122647ef9f1d3422de75918eddc102a8c9c34a4eb
  860. 4251155ecb76b483a36302541e7fb74cc066aa9daa72274cf00f3ae59b638f3e
  861. cc77760e06833f8dd28232e6250d5db9c0307fd22d97725952088d8221ff33b5
  862. 70202727a89c0f8058cd64c07bf347006d85a4c5cd0e494f66bee78b30272536
  863. 6ba9663a7aab3362608ff90747883a13cf3589415c1a309e837881c86d4f79d3
  864. a89f9dee1b8be51d7d666e913752f9f3000a851102b5bee9b3c856e49589c98e
  865. c8d2423c54e3012b42fa60cd55c2edc465eb3ab88bb31bf76c7ffbc57713637b
  866. d45cce704e0a90bf99f7ad59f0ef59a5e193631011c70e751e25fe90899f6887
  867. 55a33efa809faf55a2f5972cf1318fa8b701ad939baebd05c5f00e4f5f2742d8
  868. b7dd63081fc1be89cb8f70f944155945506e7051db789daab098d060b76f910a
  869. 1ca1dd616026d66bac9a8ae62813663f36cad2a7b8908f7a0ede3279c9dcd628
  870. 5a528705787357c24ed16b74dfc56f1aa917539e8b7c57cde5a29a8766c84fa7
  871. df93c2e0781aea121c27ef41dd28c26212403d9a5ce69b6f0527c916666aa162
  872. 74eb1fb74684055b9dc910d3bfcf26c72957f0c30ac8d57c42e9a27f9c495d38
  873. 5f35e901c8ea0c2cac011eb1b8b76f90785e40af8feabd88d8e4287638610e46
  874. 7c3f9ab3bad94782779ca841542af0801cf6fdcf0f466f148c7abeb37086353c
  875.  
  876. ```
  877. #### Epoch 1 C2s ####
  878. ```
  879. (Port is 80 unless noted)
  880.  
  881. 103.9.226.57:443
  882. 109.104.79.48:8080
  883. 115.160.160.134
  884. 130.241.16.154
  885. 133.242.208.183:8080
  886. 138.68.139.199:443
  887. 144.76.117.247:8080
  888. 159.65.76.245:443
  889. 165.227.213.173:8080
  890. 179.60.24.164:50000
  891. 181.168.130.219:8090
  892. 181.197.253.133:8080
  893. 185.86.148.222:8080
  894. 187.137.178.62:443
  895. 187.140.90.91:8080
  896. 190.13.222.120:8080
  897. 190.147.19.32:443
  898. 190.73.133.66:8080
  899. 192.155.90.90:7080
  900. 198.199.185.25:443
  901. 198.61.196.18:8080
  902. 201.190.150.60:443
  903. 210.2.86.72:8080
  904. 213.120.119.231:8443
  905. 219.94.254.93:8080
  906. 23.254.203.51:8080
  907. 49.212.135.76:443
  908. 5.9.128.163:8080
  909. 60.48.92.229
  910. 69.198.17.20:8080
  911. 70.28.2.171:8080
  912. 70.55.69.202:7080
  913. 78.189.21.131
  914. 81.150.17.158:50000
  915. 81.150.17.158:8443
  916. 86.43.100.19:443
  917. 92.48.118.27:8080
  918.  
  919.  
  920. ```
  921. #### Spam/Stealer C2s ####
  922. ```
  923.  
  924. pending
  925.  
  926. ```
  927. #### Epoch 2 C2s ####
  928. ```
  929. (Port is 80 unless noted)
  930.  
  931. 115.71.233.127:443
  932. 178.254.31.162:8080
  933. 181.211.102.138:465
  934. 181.48.61.138:20
  935. 181.60.244.166:8080
  936. 185.20.104.238:8080
  937. 186.114.143.12:990
  938. 186.170.25.122:20
  939. 186.33.185.229:8080
  940. 186.85.86.220:8080
  941. 186.87.134.176
  942. 190.100.239.58
  943. 190.104.213.38:443
  944. 190.11.22.92:443
  945. 190.142.80.8:53
  946. 190.146.0.108:995
  947. 190.202.173.244:465
  948. 190.219.129.131
  949. 198.74.58.47:443
  950. 201.211.77.71
  951. 201.220.68.11:7080
  952. 211.115.111.19:443
  953. 217.13.106.160:7080
  954. 217.173.64.242:443
  955. 45.123.3.54:443
  956. 5.230.147.179:8080
  957. 5.35.242.34:7080
  958. 67.205.149.117:443
  959. 69.198.17.7:8080
  960. 83.169.36.58:8080
  961. 83.222.124.62:8080
  962. 84.200.106.120:8080
  963. 87.103.114.98
  964. 91.236.245.65:8080
  965. 95.141.175.240:443
  966. 98.142.208.27:443
  967.  
  968.  
  969. ```
  970. #### Epoch 2 - Spam/Stealer C2s ####
  971. ```
  972.  
  973. Pending
  974.  
  975. ```
  976. #### Credits and Notes Section ####
  977. ```
  978. Updated 7/13/18
  979. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
  980. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
  981. https://pastebin.com/u/jroosen
  982.  
  983. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
  984. I am providing them for your benefit in case you want to parse them to be sure.
  985.  
  986. UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!
  987.  
  988. What is Epoch 1 and Epoch 2?
  989. Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
  990. Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
  991. of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
  992. payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
  993. sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
  994. other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
  995. other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
  996. as far as I have seen.
  997.  
  998. ```
  999. #### Community Lists ####
  1000. ```
  1001.  
  1002. https://pastebin.com/j4s6CpEr - @James_inthe_box
  1003.  
  1004. ```
  1005. #### Credits ####
  1006. ```
  1007. (OC from @JRoosen and/or combination work of the following)
  1008. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
  1009. @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42
  1010. C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop, @gorimpthon,
  1011. @Racco42
  1012. Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic,
  1013. @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42
  1014. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop
  1015.  
  1016. Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  1017.  
  1018. Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!
  1019.  
  1020. ```
  1021. #### Daily Log ####
  1022. ```
  1023.  
  1024. Today was a rather heavy day for E1 and E2. I received nearly 500 malspams in total. I have a feeling Tuesday is going to be even worse.
  1025.  
  1026. As predicted, the silly URL scheme was kept on both epochs but E1 was only doing the URL scheme that @ps66uk identified of
  1027. [a-zA-Z]{4,5}-[a-zA-Z\d]{14,15}_[a-zA-Z]{8,9}-[a-zA-Z\d]{2,3}
  1028.  
  1029. E2 seemed to follow a slightly different pattern with inserting a directory with ATT or AT_T or AT_T_Account or ATTBusiness or ATT_WHATEVER into the URL.
  1030.  
  1031. I did not see much in the way of German malspam but @devnullnoop saw some Spanish Christmas themes E1. Here are some of his notes:
  1032.  
  1033. Spanish christmas subjects
  1034.  
  1035. /dev/null ‹‹ 0x90
  1036. Feliz navidad tarjeta navideña de <NAME>
  1037. Tarjeta de felicitación de navidad de <NAME>
  1038. Tarjeta de navidad de <NAME>
  1039.  
  1040. /dev/null ‹‹ 0x90
  1041. 12h 12 hours ago
  1042. All christmas themed doc names i have
  1043.  
  1044. Christmas Card.doc
  1045. Christmas Congratulation Card.doc
  1046. Christmas Greeting Card.doc
  1047. Christmas eCard.doc
  1048. Christmas ecard.doc
  1049. Christmas greeting card.doc
  1050. Christmas wishes.doc
  1051. Christmas-Card.doc
  1052. Christmas-Congratulation.doc
  1053. Christmas-Greeting-Card.doc
  1054. Christmas-eCard.doc
  1055. Christmas-ecard.doc
  1056. Christmas-greeting-card.doc
  1057. Christmas-wishes.doc
  1058. ChristmasCard.doc
  1059. ChristmaseCard.doc
  1060. Greeting Card Christmas.doc
  1061.  
  1062. and in spanish
  1063.  
  1064. /dev/null ‹‹ 0x90
  1065. Felicidades por navidad.doc
  1066. Feliz navidad tarjeta navide?a.doc
  1067. Tarjeta de felicitaci?n de navidad.doc
  1068. Tarjeta de navidad.doc
  1069.  
  1070.  
  1071. E1 seemed to be primarily Amazon based malspam with some of the Christmas Cards(noted by @ps66uk/@James_inthe_box) mixed in with some
  1072. Spanish Holiday cards as previously mentioned.
  1073.  
  1074. https://twitter.com/ps66uk/status/1074700389470101510
  1075. https://twitter.com/James_inthe_box/status/1074737252721250310
  1076.  
  1077. The Amazon malspam was reasonably convincing and I will Tweet a picture of it with this release.
  1078.  
  1079. E2 seemed to be primarily AT&T billing malspam with some banking Invoices/Debt/ACH from Chase/Citibank/Bank of America mixed in and
  1080. a few UPS Delivery malspams too.
  1081.  
  1082. Till Tomorrow for more FU-N from Emotet!
  1083.  
  1084.  
  1085. ```
  1086. #### Sandbox 12/17/18 ####
  1087. (all with fakenet and MITM unless spam/secondary infection)
  1088. ```
  1089. Epoch 1 C2 run at 23:59 https://app.any.run/tasks/0fb1606c-91e8-410a-92a4-98300b55a2d2
  1090. ```
  1091.  
  1092. ```
  1093. Epoch 2 C2 run at 00:20 https://app.any.run/tasks/56295fdd-dd34-4466-860d-16b5c6d2a125
  1094. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!