Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #IOC #OptiData #VR #Lokibot #ACE #SCR
- https://pastebin.com/AVWK3XsB
- https://radetskiy.wordpress.com/?s=Lokibot
- email_headers
- --------------
- Received: from uk1.securemaster.net (unknown [109.203.117.220]) by mailsrv.victim.com with smtp
- Mon, 01 Oct 2018 13:09:14 +0300
- Received: from [127.0.0.1] (port=53455 helo=uk1.securemaster.net)
- by uk1.securemaster.net with esmtpa (Exim 4.91)
- (envelope-from <trackingmail@dhl.com>)
- id 1g6v1h-0000co-CM; Mon, 01 Oct 2018 17:02:05 +0700
- Date: Mon, 01 Oct 2018 17:02:05 +0700
- From: DHL EXPRESS <trackingmail@dhl.com>
- To: user1@victim.com:;
- Subject: DHL eDelivery: DHL/AWB1434XXXX66 (REMINDER)
- X-Sender: trackingmail@dhl.com
- User-Agent: Roundcube Webmail/1.3.3
- files
- --------------
- SHA-256 a070f08beb1ff29239324dac17e5a3b2fe09b0e3a9f904c11ecc5b47239b1919
- File name DHL BILL OF LADING SHIPPING DELIVERY INVOICE.ace
- File size 283.49 KB
- SHA-256 75317d3f83d1892cac8844f1dfc0ab965d949d8b156e64f292c9028e01a3ec40
- File name DHL BILL OF LADING SHIPPING DELIVERY INVOICE.scr
- File size 575 KB
- activity
- **************
- proc
- --------------
- netwrk
- --------------
- 45.122.138.6 lltagrain.com POST /kelle/fre.php HTTP/1.0 Mozilla/4.08 (Charon; Inferno)
- comp
- --------------
- DHL BILL OF LADING SHIPPING DELIVERY INVOICE.scr 2448 45.122.138.6 80 ESTABLISHED
- [System Process] 0 45.122.138.6 80 TIME_WAIT
- persist
- --------------
- no
- # # #
- https://www.virustotal.com/#/file/a070f08beb1ff29239324dac17e5a3b2fe09b0e3a9f904c11ecc5b47239b1919/detection
- https://www.virustotal.com/#/file/75317d3f83d1892cac8844f1dfc0ab965d949d8b156e64f292c9028e01a3ec40/detection
- https://analyze.intezer.com/#/analyses/fa5c33aa-461c-4903-a3fd-af7b6b9eb4d7
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
