Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GuLoader
- =========
- SUBJECTS OBSERVED
- SM-3417892309623.xls
- SENDERS OBSERVED
- Travor Medlock <[email protected]>
- MALDOC FILE HASHES
- SM-3417892309623.xls
- cecd8184636f7ee361a3477061927ee8
- PAYLOAD FILE HASHES
- chrad.exe
- 0dc1627037b59a71aee7da5586443e7d
- Hsix
- 01f141daf203cf24197cc9e2a563d519
- GULOADER PAYLOAD DISTRIBUTION URLS FROM POWERSHELL/VB
- http://185.205.209.166/pftp/chrad.exe
- https://drive.google.com/u/0/uc?id=1nThFciVANTfNY2NEQai1E0FlGEeh3Z4W&export=download
- https://doc-0c-0o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/22a42b77ufshvf24nhqc295ng1bihj5q/1591295325000/03494046271176666289/*/1nThFciVANTfNY2NEQai1E0FlGEeh3Z4W?e=download
- GULOADER C2
- 216.38.2.198:3360 (TCP)
- Qakbot
- ======
- SUBJECTS OBSERVED
- Re: 1st data merchant services
- FW: Charges and Payments
- SENDERS OBSERVED
- MALDOC FILE HASHES
- KTEQ_6612_03062020.zip
- d7483ae2037a9a4151e3d72f63114784
- Contains:
- KTEQ_749241244987_03062020.vbs
- c13a76771782466a13192107e1cf45b9
- QAKBOT PAYLOAD FILE HASHES
- 8888888.png
- f535a7722df28598d46004fd7d86923d
- PicturesViewer.exe
- 0493e5b9ac5faa3b6a125e8360613979
- MALDOC DISTRIBUTION URLS
- http://truemansmoke.com/ddwbsfe/KTEQ_10363_03062020.zip
- https://pranaplanet.com/vpmhzmlqvmb/KTEQ_6612_03062020.zip
- QAKBOT PAYLOAD DISTRIBUTION URLS
- http://wadebaverstock.com/jonxuyoz/8888888.png
Add Comment
Please, Sign In to add comment
