API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 2019/02/01

jroosen
Feb 1st, 2019
2,949
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.60 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 02/01/19 as of 02/01/19 21:00 EST ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 02/01/19 ####
  5. ```
  6.  
  7. http://%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%B8%D1%82%D1%8C-%D0%BF%D1%80%D0%BE%D0%B1%D0%B5%D0%B3.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/
  8. http://103.254.86.219/rdfcrm/custom/history/En/download/IerL-df2gV_oVB-9P/
  9. http://159150.cn/En_us/Copy_Invoice/378061074/ILMSu-xvmIl_F-qs/
  10. http://184.72.117.84/wordpress/document/Invoice_number/6896360139826/FYqMN-RWQQZ_BoWJxJ-Lcd/
  11. http://247dojrp.nl/xerox/ZRJfx-7ZJ_JgojTwe-6Q/
  12. http://4evernails.nl/tksE-ab_isovH-7u/PaymentStatus/US_us/Paid-Invoice/
  13. http://72.52.243.16/pHSPU-bi0a_nsbUjtygy-HN/EXT/PaymentStatus/EN_en/Invoice/
  14. http://79645571170.myjino.ru/US_us/document/Invoice_number/8511786174934/wdIM-bT_TtreOFQi-0w/
  15. http://7-chicken.multishop.co.id/US_us/llc/5534905732028/qoIo-wyD_plk-4S/
  16. http://abbateylamantia.it/xerox/85846883715805/CDKX-oRBA4_kOn-19/
  17. http://accountamatic.net/scan/yNHd-vhh_XsCnMI-hXo/
  18. http://adrienneaubrecht.net/US_us/xerox/Invoice/708116322/YRBte-uD4_mTPJm-By2/
  19. http://africanstitch.co.za/En/llc/Invoice_Notice/AOEAo-Vg_nehWZicKO-SiH/
  20. http://agencjaekipa.pl/file/New_invoice/NGcEX-HD_TeXqYP-uV/
  21. http://ahadhp.ir/US/info/New_invoice/504787775406/gzBGa-59t4X_dIuilW-x3h/
  22. http://airshot.ir/Copy_Invoice/IGSWi-gSnV_pcuBldS-EEE/
  23. http://ajelectroniko.com.ar/download/Invoice_Notice/aatn-ALi_XHUpBOUto-SND/
  24. http://alesya.es/En/New_invoice/abqkj-87_EwsgnGn-0Vs/
  25. http://alfemimoda.com/En/download/Invoice_Notice/2167035/TrHR-OKVql_OFRN-2e/
  26. http://alirabv.nl/En_us/download/RgFNU-RP_ciSna-QbU/
  27. http://alkmaarculinairplaza.nl/US_us/company/qQPoi-yDobl_Yd-kq/
  28. http://allens.youcheckit.ca/En_us/Invoice/152191368084/rkxd-ELj_bpVeGgEg-d1/
  29. http://allianti.nl/company/ugKU-4KauY_wBZqL-Bwl/
  30. http://allopizzanuit.fr/corporation/New_invoice/fvvCb-yX7F8_PXSTX-a1/
  31. http://altuntuval.com/En_us/download/Invoice_Notice/yzwG-H2Qcc_CnESUCWM-YL/
  32. http://amocrmkrg.kz/US_us/info/650792644812/Xpcao-T1_hAm-zHU/
  33. http://apotheek-vollenhove.nl/En_us/llc/Invoice_Notice/556745098/vMDme-GvLW2_zqOlxMVf-8aP/
  34. http://azsintasin.ir/En_us/info/Inv/3604676/RkvD-Ju6b_JRCNJhqjA-gz/
  35. http://aztel.ca/wp-content/plugins/En/corporation/Copy_Invoice/oSVv-0y8_pbPUqhi-ote/
  36. http://aztel.ca/wp-content/plugins/PDGO-W3wSY_rYRJUe-6E/En/Invoice-for-q/y-01/30/2019/
  37. http://babetrekkingtour.com/En_us/xerox/Invoice/oRbv-Su_OvA-hY/
  38. http://bachhoatrangia.com/US_us/download/New_invoice/97189562470/iiCG-1egV0_VTwQV-c9/
  39. http://backuptest.tomward.org.uk/US_us/info/Inv/24184421841/qLMA-99w_ErDTjVQ-8R/
  40. http://balkondiy.ru/llc/VErKC-kV_y-cU/
  41. http://bangmang888.com/En/scan/New_invoice/1732375871/afso-p1dE_tBKTzb-my/
  42. http://batdongsanphonoi.vn/company/Invoice/705521921519480/etWSq-W9u_N-nbN/
  43. http://baza-dekora.ru/En_us/company/Inv/qSDUS-bWS_BeoqTXgW-JP6/
  44. http://bezoekbosnie.nl/En/llc/LBADl-dx_xg-RQ/
  45. http://bizzblog.nl/US_us/doc/Invoice_Notice/pswap-jguB6_jaZ-0Xi/
  46. http://blog.beginningelastic.com/US/jpiv-NI_MlQC-JkS/
  47. http://blogg.postvaxel.se/US_us/file/Invoice_number/PFwO-3mTM_yEC-pyy/
  48. http://bluewavediving.net/EN_en/corporation/Invoice_Notice/okUP-EsT_VNAipWNNy-0P/
  49. http://bnpartnersweb.com/Dmfcg-MLyY_aIemsV-erT/3049173/SurveyQuestionsEn_us/Invoice-79497080/
  50. http://bobin-head.com/En/dFjs-J2t_VfM-gBM/
  51. http://bobors.se/US/file/Invoice_number/COsM-9T3_FEDS-tk/
  52. http://bommesspeelgoed.nl/EN_en/document/Copy_Invoice/glQZT-FkTv_lPhSeW-9A/
  53. http://bonusklanten.nl/EN_en/llc/AHnb-crKaG_MCsAAKC-5r/
  54. http://buzzplayz.info/tlv2k5j/En/xerox/aqrCT-u5z_KYLQoE-Md/
  55. http://centurytravel.vn/xerox/Invoice/bEULD-8ON_qAKU-HW/
  56. http://citizensportinstitute.org/US_us/cVFh-M5_E-eH/
  57. http://claycrete.kz/pCaPM-fzfhm_fFcV-Zk/INV/02727FORPO/259584581835/En/308-41-691139-285-308-41-691139-678/
  58. http://clipingpathassociatebd.com/scan/13094522662/ffLz-EtCr_xM-t9N/
  59. http://comeinitiative.org/llc/Invoice_number/yNUPO-hC_UiLHO-XnR/
  60. http://com-unique-paris.fr/EN_en/doc/Inv/0514977598/pbHx-ionZ_u-g3C/
  61. http://coworking-bagneres.fr/US_us/xerox/Inv/puIfp-E6_AlzSHRw-4Yz/
  62. http://daftarmahasantri.uin-antasari.ac.id/En/info/Copy_Invoice/eePe-bGV_SmPigS-4Wm/
  63. http://dancesportcareers.com/EN_en/xerox/Inv/8536456021/Rsgi-i1nu_FWhdr-vE/
  64. http://davidcizek.cz/Invoice/ifKgg-jrzA_PvC-a7/
  65. http://debestedeals.nl/doc/Invoice_number/092659920000/PWUDS-69mwg_XIfD-b2/
  66. http://deltaviptemizlik.com/US/xerox/hPvyN-ktPB5_MkOe-sh/
  67. http://dentalradiografias.com/En/llc/Inv/OeTdr-R0_uYWt-Hz/
  68. http://detectin.com/En/New_invoice/049214325625/RXQLq-KmR_doy-2oe/
  69. http://distinctiveblog.ir/En_us/download/Invoice/13780395302/xMyuV-MR244_IyDkWbxk-Yrl/
  70. http://docs.web-x.com.my/US_us/eyaul-luVo_jfLnl-K8/
  71. http://dominiumtwo.com/EN_en/company/New_invoice/7493526056601/JEkX-cT_I-rD/
  72. http://dornagold.com/US/doc/003026928/AvqAu-xqp_Hjv-sEM/
  73. http://drapart.org/corporation/Copy_Invoice/cgZI-SK_ZkogRyy-iXH/
  74. http://duken.kz/US/WVmx-txM6_CHWlBwz-85/
  75. http://easilycompared.nl/US_us/corporation/vPEd-OWM_jt-Zb/
  76. http://eaxo.info/En/doc/Invoice_number/kUNRf-FhEB_Qo-tC/
  77. http://ecolinesrace.ru/US_us/scan/Inv/vPlXf-g8_kemaW-qW/
  78. http://elitepierce.com/download/Copy_Invoice/35209282/fXIAw-Yx7_Z-XZN/
  79. http://engba.bru.ac.th/images/Inv/NhYTp-Di_jDBzfddOC-Lt/
  80. http://euniceolsenmedia.com/doc/Copy_Invoice/WfWul-PrX66_OaQobr-syG/
  81. http://exploringviews.com/company/New_invoice/Rpjw-6JM_nsxdAt-CO/
  82. http://expresstaxiufa.ru/EN_en/xerox/Invoice/HBiQ-jAr0O_cQGiWMTj-ib/
  83. http://ezassist.nl/oENv-12FT_Uvc-Q9/PaymentStatus/EN_en/Scan/
  84. http://fapco.biz/US_us/document/eQhp-kcTtu_mg-FFk/
  85. http://faternegar.ir/En_us/doc/Inv/rgJS-ThUb_hZhWV-xCk/
  86. http://fergus.vn/info/Invoice_number/aahd-Bo8_mSq-NM/
  87. http://finalblogger.com/document/New_invoice/tCkGQ-It_ZLA-XOh/
  88. http://fira.org.za/Inv/54172812168/isSIg-zr_AwzdXPZE-Pb/
  89. http://forodigitalpyme.es/US_us/llc/Invoice_number/1563693034432/nMaJ-C9J_VGmhsCM-8H/
  90. http://frezerovka-laser.ru/llc/Invoice_number/bTvLU-1g_WmYKZqOhw-UgF/
  91. http://gezondheidscentrumdemare.nl/US/doc/5242039/KCxf-yP_rdhPGcr-QVA/
  92. http://gofy-tuinbouw.nl/En_us/xerox/AeeWz-Kw_Ir-Zju/
  93. http://greenruby1.com/doc/Copy_Invoice/GPXCI-xt1_Chok-XYG/
  94. http://greenupassessoria.com.br/36520103003/pcpV-Xo5L_ekLX-bdA/
  95. http://groeigeneratie.nl/Invoice_number/rbcrx-nKK_v-bpx/
  96. http://hiamini.com/US/company/Invoice_Notice/GErMg-TTY_Rayn-RrN/
  97. http://hoanggiatravel.vn/US/458870390/xIAi-De4hZ_GnLV-5aA/
  98. http://horadecocinar.com/wp-content/plugins/all-in-one-seo-pack/css/llc/FdgE-nG44_PkZJI-Avy/
  99. http://host1727451.hostland.pro/New_invoice/cOlhG-kR_FgSMh-mmu/
  100. http://hydroed.pl/hydroed/hydroed/hydroed/sklep/Adapter/info/Invoice_Notice/rrDi-0m5i_g-Zt/
  101. http://igsm.co/etep-3tF13_iy-6Ov/En_us/Past-Due-Invoices/
  102. http://ist.co.ir/US_us/oKnG-oju_q-z88/
  103. http://itskillconsulting.com/US_us/download/2202146627436/EADV-We_PlFXfNP-5TK/
  104. http://jipschool.org/US_us/doc/39895353/bhwZu-JKpcn_wmFeb-0zh/
  105. http://khaledlakmes.com/En/llc/Inv/hTIE-thoP_YOi-WPv/
  106. http://kinozall.ru/download/New_invoice/1173281514/CcVUb-6q_HDTiOqpFG-n6/
  107. http://kiratamericakcoa.org/llc/New_invoice/Zqqec-BL_LCdtghXq-Qg/
  108. http://labtcompany.com/US/xerox/566105270/iSXYu-Eptx_VhbOoqh-I22/
  109. http://links2life.nl/file/Invoice_Notice/NHZp-gclTF_lnBfXc-Vg/
  110. http://livelovereiki.co.uk/En/company/Invoice_number/eohKq-s9V_u-9Yy/
  111. http://lojasleonardo.com.br/document/Inv/BPWa-pTR_seJdUc-SWp/
  112. http://lucaalbrecht.nl/US_us/New_invoice/usRn-IxZ_ZEU-kEf/
  113. http://mail.coralwood.in.cp-in-14.webhostbox.net/llc/94880653/TfnRl-uG_O-wLf/
  114. http://marisel.com.ua/file/722778756860/EntAH-eN_ehJnSBEfO-sxW/
  115. http://maximcom.in/En_us/scan/Invoice/fuesH-Vxvfz_HscL-f7U/
  116. http://mediarox.com/scan/Invoice/BEFNn-9zzs_SKu-fo/
  117. http://meetbg.com/wp-admin/EN_en/file/bLMz-vD_nouY-9C9/
  118. http://mgmprofessionalmakeup.com/Invoice_number/xtyK-Qc_lwtHeur-YR/
  119. http://mgnregapaschimbardhaman.in/zfJu-tnc_tJaiDLx-Sbm/
  120. http://miamifloridainvestigator.com/info/Invoice_Notice/cFdL-TT2F_sT-2K1/
  121. http://micnet.site/En/xerox/Invoice_number/07534977141/PNDwX-QolB_LfGZ-83r/
  122. http://mikaid.tk/En_us/scan/571640507/AUlgy-Zf1_tRiiLJ-40Y/
  123. http://mingroups.vn/document/nfoO-Ywwul_v-atG/
  124. http://moneylang.com/En/doc/Invoice_Notice/0374271/AknLI-mB1_u-4gP/
  125. http://monsieur-cactus.com/US/xerox/Inv/bjHl-dq_fo-IR/
  126. http://mzeeholidays.com/En/xerox/FtNOp-Ob_hCjDXgekw-CFL/
  127. http://nail-belyaevo.ru/En/corporation/Inv/zWxzd-UIK_OdaNHVP-v1h/
  128. http://nightonline.ru/images/US/llc/Invoice_number/jGgh-U3p_zzsUsmIF-Lbz/
  129. http://noithatshop.vn/US_us/file/140304883/POGv-ggJW_wwjH-YL2/
  130. http://noscan.us/6948655669/SEgz-dpJ2y_OU-pwe/
  131. http://oceangate.parkhomes.vn/info/New_invoice/VVKvv-P0z_FN-qq/
  132. http://offerpics.com/US/JrukO-Tn_GmRy-OS1/
  133. http://ohscrane.com/EN_en/860732273/pnKX-OVL_JJa-ji/
  134. http://olgasavskaya.ru/EN_en/corporation/New_invoice/156947959466/egAb-Gw9Ca_NNwDV-m0/
  135. http://pay.hudavaqt.com/llc/Invoice_number/gCxF-bq_Rs-cu/
  136. http://pcltechtest2.com/xerox/UbjC-lQ_hJZUg-ZOw/
  137. http://perfectiongroup.in/EN_en/download/CaRul-8wme_N-sU/
  138. http://photos.egytag.com/wp-content/Inv/VMyJv-hW356_a-D1/
  139. http://plusvraiquenature.fr/En_us/corporation/Copy_Invoice/DxNvK-9f_bYIVLcSmI-wt/
  140. http://podhinitargetsports.com/En_us/llc/New_invoice/320714613936741/vyghz-LPsq8_lNzUUuFDr-BSb/
  141. http://portaldecursosbrasil.com.br/US_us/scan/Invoice_number/pnrSW-D9v_gyr-qL/
  142. http://printingphuket.com/company/Copy_Invoice/Hbqs-5K9_cM-gm/
  143. http://pwp7.ir/yFdd-XQHGS_WoOfGuH-TN/Invoice/769742842/En/Need-to-send-the-attachment/
  144. http://rccspb.ru/file/Invoice_Notice/nMPKa-qSpq_nthQ-zN7/
  145. http://realgen-marketing.nl/US_us/file/Invoice/Mvrv-MG_wlOtk-yd/
  146. http://remontstiralnikhmashin.ru/US_us/corporation/Invoice_number/51961250909930/SXEL-2fv5n_OTuwh-pkK/
  147. http://sassearch.net/doc/Copy_Invoice/uIqC-aU_xIfj-5o/
  148. http://selh-latam.com/wp-admin/US_us/bUjYg-lk87N_FQtZxiT-O3/
  149. http://sepehrbime.ir/US_us/info/New_invoice/caZpF-MERr_r-IQ/
  150. http://sepehrjazz.com/En_us/scan/New_invoice/2172227669285/hCOBx-G3fCL_DcimrraEa-mP/
  151. http://shade-vapedistro.ru/US_us/Invoice/iGquC-B4_JSP-kqb/
  152. http://shlifovka.by/scan/Invoice_Notice/TUhMP-nn2_tURzaudhT-Ym/
  153. http://shop.mg24.by/EN_en/FAdS-7Om_ZqaM-nn/
  154. http://signalcomtwo.studiosigel.com.br/US/New_invoice/CQCf-6dX_fvlpV-TTY/
  155. http://smemy.com/En/doc/Invoice/xlCl-YrThr_vMn-e6/
  156. http://socialinvestmentaustralia.com.au/wp-content/logs/En_us/corporation/Esfn-yrrp_PYTjU-hbv/
  157. http://soheilfarzaneh.com/US/ONFqP-1Hwm_TAJBTdhX-ZJg/
  158. http://solumark.com.br/EN_en/document/UYZjz-Wd_Xxa-VjS/
  159. http://solumark.com.br/EN_en/document/UYZjz-Wd_Xxa-VjS/index.php.suspected/
  160. http://sosh47.citycheb.ru/components/Lpwto-Fl_ZmQZ-sio/COMET/SIGNS/PAYMENT/NOTIFICATION/01/30/2019/EN_en/Past-Due-Invoices/
  161. http://sosh47.citycheb.ru/components/xerox/wCNCz-QV_fMuv-2pa/
  162. http://space-camp.net/US_us/file/88936152577933/YPiG-4m_Z-wM/
  163. http://ssearthmovers.in/xerox/Copy_Invoice/GlAYR-xN_BbfKAE-yZ/
  164. http://staging.tigertennisacademy.com/VHOlY-UDhP_VxipHJKOY-Jb/Southwire/DNJ70133401/En/Open-Past-Due-Orders/
  165. http://studiafoto.kiev.ua/doc/Copy_Invoice/KMuk-HK_KCS-vU/
  166. http://subramfamily.com/boyku/company/Invoice/075677436/mHzCm-o0_SHMduFub-Ay/
  167. http://summertour.com.br/company/Invoice/jZuH-lqHDE_rVZ-Fja/
  168. http://svai-nkt.ru/En/corporation/Invoice_number/jQxe-VGfy_PVswUKb-ZLx/
  169. http://svyyoursoft.com/xerox/Copy_Invoice/sTNV-PC3_iNATW-7cq/
  170. http://sxyige.com/US_us/Copy_Invoice/8768891378/HZuM-Gl_JgiCCIg-sYl/
  171. http://taoweb3trieu.com/En/document/Invoice_number/zRzl-hgc_oxEbV-Rc/
  172. http://tehranstanford.ir/En/file/Invoice_number/xhsG-wWCT_JIm-8s/
  173. http://temptest123.reveance.nl/US/company/70352102/MlbiD-b9N_gghcBve-5C/
  174. http://test.steelservice24.ru/En_us/llc/Copy_Invoice/435020224450766/LCLa-LXWwn_DptuuEgl-5Eb/
  175. http://thales-las.cfdt-fgmm.fr/cgi-bin/US_us/Copy_Invoice/SIVav-V1hfx_DcDhOMM-5l/
  176. http://thales-las.cfdt-fgmm.fr/cgi-bin/xpga-NRvI_kkQovJftn-dL/INVOICE/En_us/Paid-Invoices/
  177. http://thptngochoi.edu.vn/llc/New_invoice/40803342/Fmsm-rF_rOFFZdwn-WB/
  178. http://tischer.ro/En_us/llc/Copy_Invoice/pXyoI-ToF_TVouC-o4/
  179. http://tlpclient.site/En_us/corporation/rISRc-u4v1_A-kX/
  180. http://tokcafe-cambodia.cf/corporation/Invoice/5881372/KdQxb-nBEDv_UXNmmpCjT-J8/
  181. http://trblietavo.sk/US_us/corporation/VIyI-14_bNfmvrjng-ON/
  182. http://trehoadatoanthan.net/US_us/file/Invoice_Notice/087655598167/yNeML-5iR_JB-0no/
  183. http://tresfucinos.gal/Inv/39638630/DiNC-1u_gwjTNqrm-WJP/
  184. http://trip70.com/xerox/Copy_Invoice/TRhzP-Gj_dkmSS-tx/
  185. http://tscassistance.com/En/file/Inv/hCaGW-Rjs_Gt-zp/
  186. http://uhost.club/US_us/xerox/Inv/kMryc-RLmwT_Mt-ULV/
  187. http://uk.thevoucherstop.com/04606315258216/iDvO-bl_DQnrqpsy-reN/
  188. http://ulco.tv/EN_en/corporation/Invoice/ZcoyP-R1s_N-94/
  189. http://valkarm.ru/scripts_index/US/scan/Invoice_Notice/RfhV-Mqw_OZsdN-nH/
  190. http://vanana.co.kr/uopnksj2/doc/Invoice/kwuf-CRo_mB-Q59/
  191. http://vergnanoshop.ru/scan/Inv/oBur-V64f_M-uH/
  192. http://villasnews.com.br/En_us/document/Copy_Invoice/eCfEy-9pb_GQbQuX-El/
  193. http://viralhunt.in/US/company/New_invoice/XHuq-kEPKD_PHRj-0q/
  194. http://waaronlineroulettespelen.nl/En/corporation/fLxO-JfbBa_gJEmw-7RQ/
  195. http://weresolve.ca/US_us/xerox/LEVa-nxXM_KN-gCE/
  196. http://wieczniezywechoinki.pl/document/Inv/yxMG-W9VEO_LhWkyta-8Fo/
  197. http://willywoo.nl/En/download/Copy_Invoice/0729552600181/LPweH-rf_LvkN-mS/
  198. http://www.ajsmed.ir/US_us/doc/JmiYU-XU_k-88d/
  199. http://www.bxfwgc.com/US_us/download/Invoice_number/AWOa-qW7q_DhuhQDWKF-Qqp/
  200. http://www.devitforward.com/bhNQR-RE_rnVjNQrM-2iF/X89/invoicing/US_us/Paid-Invoice/
  201. http://www.devitforward.com/corporation/Ccwc-CWKSj_LaanaDnGV-l0/
  202. http://www.dighveypankaj.com/EN_en/document/kjcR-zfBjV_LMUd-tY/
  203. http://www.fazartproducoes.com.br/En/file/Invoice_number/qqweB-BQYL_dOVcup-8XL/
  204. http://www.fenismuratsitesi.com/EN_en/llc/ryquW-2xuK0_BiwhsP-3ay/
  205. http://www.finalblogger.com/TBNkQ-Ln_ykHnLmBl-AlI/INVOICE/US/ACH-form/
  206. http://www.forodigitalpyme.es/US_us/llc/Invoice_number/1563693034432/nMaJ-C9J_VGmhsCM-8H/
  207. http://www.jackservice.com.pl/En_us/file/Invoice_Notice/DZZF-PTvn3_SYmIz-YjH/
  208. http://www.kelaskayu.com/doc/Invoice_Notice/rGCS-N2Ql_Po-1QB/
  209. http://www.ledet.gov.za/US/xerox/SpgLY-b9_ghcPrc-C0/
  210. http://www.mulkiyeisinsanlari.org/file/Invoice/109696281215901/dBrR-udCP_sfBmGL-4sA/
  211. http://www.peyzaj.site/En_us/xerox/Invoice_Notice/fqWGI-0kI_eGOAHLdr-5md/
  212. http://www.pgpthailand.com/US/download/Invoice_Notice/YSsD-ygAz_obCwjqhU-Zq/
  213. http://www.retro11legendblue.com/US/doc/Invoice/YUuc-i8i7_Lkqaez-J7l/
  214. http://www.rijschool-marketing.nl/FIZj-LX_xnNyDGY-dw/ACH/PaymentInfo/En_us/Invoice-Number-08274/
  215. http://www.rijschool-marketing.nl/Invoice_Notice/hNqJ-fWZJB_vFFyGxL-Uu/
  216. http://www.smartcommworld.com/site/kazania/En_us/file/Inv/SKTH-6VRH1_tPQEV-vI/
  217. http://www.snickarsnack.se/wp-content/uploads/En/joYB-fy_jnW-GVp/
  218. http://www.sp11dzm.ru/US_us/file/Invoice_number/46045358/TtYok-5J_RedyXbOEK-vuT/
  219. http://www.tubeian.com/En_us/New_invoice/uJbh-ARJwQ_KiKLM-0u/
  220. http://xn--80atlp0a2b.xn--p1ai/VxkO-DqBc5_O-3m3/
  221. http://xn--90ahba3ac2l.xn--p1ai/En/Invoice_number/54899616/QMag-bDAa2_PWFs-OS/
  222. http://xn-----9kccsa1afbhzcgd9a1ay5l.xn--p1ai/En_us/download/EfFJ-wR_ZTbUuox-T25/
  223. http://xn----btbghml4ahgdfobl2l.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/
  224. http://xn--e1akcc3dxc.xn--p1ai/info/Copy_Invoice/743562177396/OTAU-2C9sA_LCZJEtzJ-Dgv/
  225. http://xn--ph1b7hh5o6o5a.com/doc/4959100/MOCHc-A0v_vbvzSwwCs-uHz/
  226. http://zarema-kosmetolog.ru/xerox/Inv/CNBH-6h_vOoEESHno-c1r/
  227. http://zaxm.com.au/Invoice_number/PGiA-JfOcj_tB-nnA/
  228. http://zemelniy-yurist.ru/hbWv-f3iNd_ynC-MXc/En_us/Service-Invoice/
  229. https://citizensportinstitute.org/US_us/cVFh-M5_E-eH/
  230. https://noithatshop.vn/US_us/file/140304883/POGv-ggJW_wwjH-YL2/
  231. https://sparks.ntustudents.org/US_us/company/OUqsy-ZlZ_D-r9n/
  232. https://tischer.ro/En_us/llc/Copy_Invoice/pXyoI-ToF_TVouC-o4/
  233. https://www.xizanglvyou.org/uomisj2l/US_us/TdeM-x7_II-wh/
  234. https://xizanglvyou.org/uomisj2l/US_us/TdeM-x7_II-wh/
  235.  
  236. ```
  237. #### Epoch 2 Document/Downloader links seen for 02/01/19 ####
  238. ```
  239.  
  240. http://%D1%81%D0%BA%D1%80%D1%83%D1%82%D0%B8%D1%82%D1%8C-%D0%BF%D1%80%D0%BE%D0%B1%D0%B5%D0%B3.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/
  241. http://103.254.86.219/rdfcrm/custom/history/En/download/IerL-df2gV_oVB-9P/
  242. http://159150.cn/En_us/Copy_Invoice/378061074/ILMSu-xvmIl_F-qs/
  243. http://184.72.117.84/wordpress/document/Invoice_number/6896360139826/FYqMN-RWQQZ_BoWJxJ-Lcd/
  244. http://247dojrp.nl/xerox/ZRJfx-7ZJ_JgojTwe-6Q/
  245. http://4evernails.nl/tksE-ab_isovH-7u/PaymentStatus/US_us/Paid-Invoice/
  246. http://72.52.243.16/pHSPU-bi0a_nsbUjtygy-HN/EXT/PaymentStatus/EN_en/Invoice/
  247. http://79645571170.myjino.ru/US_us/document/Invoice_number/8511786174934/wdIM-bT_TtreOFQi-0w/
  248. http://7-chicken.multishop.co.id/US_us/llc/5534905732028/qoIo-wyD_plk-4S/
  249. http://abbateylamantia.it/xerox/85846883715805/CDKX-oRBA4_kOn-19/
  250. http://accountamatic.net/scan/yNHd-vhh_XsCnMI-hXo/
  251. http://adrienneaubrecht.net/US_us/xerox/Invoice/708116322/YRBte-uD4_mTPJm-By2/
  252. http://africanstitch.co.za/En/llc/Invoice_Notice/AOEAo-Vg_nehWZicKO-SiH/
  253. http://agencjaekipa.pl/file/New_invoice/NGcEX-HD_TeXqYP-uV/
  254. http://ahadhp.ir/US/info/New_invoice/504787775406/gzBGa-59t4X_dIuilW-x3h/
  255. http://airshot.ir/Copy_Invoice/IGSWi-gSnV_pcuBldS-EEE/
  256. http://ajelectroniko.com.ar/download/Invoice_Notice/aatn-ALi_XHUpBOUto-SND/
  257. http://alesya.es/En/New_invoice/abqkj-87_EwsgnGn-0Vs/
  258. http://alfemimoda.com/En/download/Invoice_Notice/2167035/TrHR-OKVql_OFRN-2e/
  259. http://alirabv.nl/En_us/download/RgFNU-RP_ciSna-QbU/
  260. http://alkmaarculinairplaza.nl/US_us/company/qQPoi-yDobl_Yd-kq/
  261. http://allens.youcheckit.ca/En_us/Invoice/152191368084/rkxd-ELj_bpVeGgEg-d1/
  262. http://allianti.nl/company/ugKU-4KauY_wBZqL-Bwl/
  263. http://allopizzanuit.fr/corporation/New_invoice/fvvCb-yX7F8_PXSTX-a1/
  264. http://altuntuval.com/En_us/download/Invoice_Notice/yzwG-H2Qcc_CnESUCWM-YL/
  265. http://amocrmkrg.kz/US_us/info/650792644812/Xpcao-T1_hAm-zHU/
  266. http://apotheek-vollenhove.nl/En_us/llc/Invoice_Notice/556745098/vMDme-GvLW2_zqOlxMVf-8aP/
  267. http://azsintasin.ir/En_us/info/Inv/3604676/RkvD-Ju6b_JRCNJhqjA-gz/
  268. http://aztel.ca/wp-content/plugins/En/corporation/Copy_Invoice/oSVv-0y8_pbPUqhi-ote/
  269. http://aztel.ca/wp-content/plugins/PDGO-W3wSY_rYRJUe-6E/En/Invoice-for-q/y-01/30/2019/
  270. http://babetrekkingtour.com/En_us/xerox/Invoice/oRbv-Su_OvA-hY/
  271. http://bachhoatrangia.com/US_us/download/New_invoice/97189562470/iiCG-1egV0_VTwQV-c9/
  272. http://backuptest.tomward.org.uk/US_us/info/Inv/24184421841/qLMA-99w_ErDTjVQ-8R/
  273. http://balkondiy.ru/llc/VErKC-kV_y-cU/
  274. http://bangmang888.com/En/scan/New_invoice/1732375871/afso-p1dE_tBKTzb-my/
  275. http://batdongsanphonoi.vn/company/Invoice/705521921519480/etWSq-W9u_N-nbN/
  276. http://baza-dekora.ru/En_us/company/Inv/qSDUS-bWS_BeoqTXgW-JP6/
  277. http://bezoekbosnie.nl/En/llc/LBADl-dx_xg-RQ/
  278. http://bizzblog.nl/US_us/doc/Invoice_Notice/pswap-jguB6_jaZ-0Xi/
  279. http://blog.beginningelastic.com/US/jpiv-NI_MlQC-JkS/
  280. http://blogg.postvaxel.se/US_us/file/Invoice_number/PFwO-3mTM_yEC-pyy/
  281. http://bluewavediving.net/EN_en/corporation/Invoice_Notice/okUP-EsT_VNAipWNNy-0P/
  282. http://bnpartnersweb.com/Dmfcg-MLyY_aIemsV-erT/3049173/SurveyQuestionsEn_us/Invoice-79497080/
  283. http://bobin-head.com/En/dFjs-J2t_VfM-gBM/
  284. http://bobors.se/US/file/Invoice_number/COsM-9T3_FEDS-tk/
  285. http://bommesspeelgoed.nl/EN_en/document/Copy_Invoice/glQZT-FkTv_lPhSeW-9A/
  286. http://bonusklanten.nl/EN_en/llc/AHnb-crKaG_MCsAAKC-5r/
  287. http://buzzplayz.info/tlv2k5j/En/xerox/aqrCT-u5z_KYLQoE-Md/
  288. http://centurytravel.vn/xerox/Invoice/bEULD-8ON_qAKU-HW/
  289. http://citizensportinstitute.org/US_us/cVFh-M5_E-eH/
  290. http://claycrete.kz/pCaPM-fzfhm_fFcV-Zk/INV/02727FORPO/259584581835/En/308-41-691139-285-308-41-691139-678/
  291. http://clipingpathassociatebd.com/scan/13094522662/ffLz-EtCr_xM-t9N/
  292. http://comeinitiative.org/llc/Invoice_number/yNUPO-hC_UiLHO-XnR/
  293. http://com-unique-paris.fr/EN_en/doc/Inv/0514977598/pbHx-ionZ_u-g3C/
  294. http://coworking-bagneres.fr/US_us/xerox/Inv/puIfp-E6_AlzSHRw-4Yz/
  295. http://daftarmahasantri.uin-antasari.ac.id/En/info/Copy_Invoice/eePe-bGV_SmPigS-4Wm/
  296. http://dancesportcareers.com/EN_en/xerox/Inv/8536456021/Rsgi-i1nu_FWhdr-vE/
  297. http://davidcizek.cz/Invoice/ifKgg-jrzA_PvC-a7/
  298. http://debestedeals.nl/doc/Invoice_number/092659920000/PWUDS-69mwg_XIfD-b2/
  299. http://deltaviptemizlik.com/US/xerox/hPvyN-ktPB5_MkOe-sh/
  300. http://dentalradiografias.com/En/llc/Inv/OeTdr-R0_uYWt-Hz/
  301. http://detectin.com/En/New_invoice/049214325625/RXQLq-KmR_doy-2oe/
  302. http://distinctiveblog.ir/En_us/download/Invoice/13780395302/xMyuV-MR244_IyDkWbxk-Yrl/
  303. http://docs.web-x.com.my/US_us/eyaul-luVo_jfLnl-K8/
  304. http://dominiumtwo.com/EN_en/company/New_invoice/7493526056601/JEkX-cT_I-rD/
  305. http://dornagold.com/US/doc/003026928/AvqAu-xqp_Hjv-sEM/
  306. http://drapart.org/corporation/Copy_Invoice/cgZI-SK_ZkogRyy-iXH/
  307. http://duken.kz/US/WVmx-txM6_CHWlBwz-85/
  308. http://easilycompared.nl/US_us/corporation/vPEd-OWM_jt-Zb/
  309. http://eaxo.info/En/doc/Invoice_number/kUNRf-FhEB_Qo-tC/
  310. http://ecolinesrace.ru/US_us/scan/Inv/vPlXf-g8_kemaW-qW/
  311. http://elitepierce.com/download/Copy_Invoice/35209282/fXIAw-Yx7_Z-XZN/
  312. http://engba.bru.ac.th/images/Inv/NhYTp-Di_jDBzfddOC-Lt/
  313. http://euniceolsenmedia.com/doc/Copy_Invoice/WfWul-PrX66_OaQobr-syG/
  314. http://exploringviews.com/company/New_invoice/Rpjw-6JM_nsxdAt-CO/
  315. http://expresstaxiufa.ru/EN_en/xerox/Invoice/HBiQ-jAr0O_cQGiWMTj-ib/
  316. http://ezassist.nl/oENv-12FT_Uvc-Q9/PaymentStatus/EN_en/Scan/
  317. http://fapco.biz/US_us/document/eQhp-kcTtu_mg-FFk/
  318. http://faternegar.ir/En_us/doc/Inv/rgJS-ThUb_hZhWV-xCk/
  319. http://fergus.vn/info/Invoice_number/aahd-Bo8_mSq-NM/
  320. http://finalblogger.com/document/New_invoice/tCkGQ-It_ZLA-XOh/
  321. http://fira.org.za/Inv/54172812168/isSIg-zr_AwzdXPZE-Pb/
  322. http://forodigitalpyme.es/US_us/llc/Invoice_number/1563693034432/nMaJ-C9J_VGmhsCM-8H/
  323. http://frezerovka-laser.ru/llc/Invoice_number/bTvLU-1g_WmYKZqOhw-UgF/
  324. http://gezondheidscentrumdemare.nl/US/doc/5242039/KCxf-yP_rdhPGcr-QVA/
  325. http://gofy-tuinbouw.nl/En_us/xerox/AeeWz-Kw_Ir-Zju/
  326. http://greenruby1.com/doc/Copy_Invoice/GPXCI-xt1_Chok-XYG/
  327. http://greenupassessoria.com.br/36520103003/pcpV-Xo5L_ekLX-bdA/
  328. http://groeigeneratie.nl/Invoice_number/rbcrx-nKK_v-bpx/
  329. http://hiamini.com/US/company/Invoice_Notice/GErMg-TTY_Rayn-RrN/
  330. http://hoanggiatravel.vn/US/458870390/xIAi-De4hZ_GnLV-5aA/
  331. http://horadecocinar.com/wp-content/plugins/all-in-one-seo-pack/css/llc/FdgE-nG44_PkZJI-Avy/
  332. http://host1727451.hostland.pro/New_invoice/cOlhG-kR_FgSMh-mmu/
  333. http://hydroed.pl/hydroed/hydroed/hydroed/sklep/Adapter/info/Invoice_Notice/rrDi-0m5i_g-Zt/
  334. http://igsm.co/etep-3tF13_iy-6Ov/En_us/Past-Due-Invoices/
  335. http://ist.co.ir/US_us/oKnG-oju_q-z88/
  336. http://itskillconsulting.com/US_us/download/2202146627436/EADV-We_PlFXfNP-5TK/
  337. http://jipschool.org/US_us/doc/39895353/bhwZu-JKpcn_wmFeb-0zh/
  338. http://khaledlakmes.com/En/llc/Inv/hTIE-thoP_YOi-WPv/
  339. http://kinozall.ru/download/New_invoice/1173281514/CcVUb-6q_HDTiOqpFG-n6/
  340. http://kiratamericakcoa.org/llc/New_invoice/Zqqec-BL_LCdtghXq-Qg/
  341. http://labtcompany.com/US/xerox/566105270/iSXYu-Eptx_VhbOoqh-I22/
  342. http://links2life.nl/file/Invoice_Notice/NHZp-gclTF_lnBfXc-Vg/
  343. http://livelovereiki.co.uk/En/company/Invoice_number/eohKq-s9V_u-9Yy/
  344. http://lojasleonardo.com.br/document/Inv/BPWa-pTR_seJdUc-SWp/
  345. http://lucaalbrecht.nl/US_us/New_invoice/usRn-IxZ_ZEU-kEf/
  346. http://mail.coralwood.in.cp-in-14.webhostbox.net/llc/94880653/TfnRl-uG_O-wLf/
  347. http://marisel.com.ua/file/722778756860/EntAH-eN_ehJnSBEfO-sxW/
  348. http://maximcom.in/En_us/scan/Invoice/fuesH-Vxvfz_HscL-f7U/
  349. http://mediarox.com/scan/Invoice/BEFNn-9zzs_SKu-fo/
  350. http://meetbg.com/wp-admin/EN_en/file/bLMz-vD_nouY-9C9/
  351. http://mgmprofessionalmakeup.com/Invoice_number/xtyK-Qc_lwtHeur-YR/
  352. http://mgnregapaschimbardhaman.in/zfJu-tnc_tJaiDLx-Sbm/
  353. http://miamifloridainvestigator.com/info/Invoice_Notice/cFdL-TT2F_sT-2K1/
  354. http://micnet.site/En/xerox/Invoice_number/07534977141/PNDwX-QolB_LfGZ-83r/
  355. http://mikaid.tk/En_us/scan/571640507/AUlgy-Zf1_tRiiLJ-40Y/
  356. http://mingroups.vn/document/nfoO-Ywwul_v-atG/
  357. http://moneylang.com/En/doc/Invoice_Notice/0374271/AknLI-mB1_u-4gP/
  358. http://monsieur-cactus.com/US/xerox/Inv/bjHl-dq_fo-IR/
  359. http://mzeeholidays.com/En/xerox/FtNOp-Ob_hCjDXgekw-CFL/
  360. http://nail-belyaevo.ru/En/corporation/Inv/zWxzd-UIK_OdaNHVP-v1h/
  361. http://nightonline.ru/images/US/llc/Invoice_number/jGgh-U3p_zzsUsmIF-Lbz/
  362. http://noithatshop.vn/US_us/file/140304883/POGv-ggJW_wwjH-YL2/
  363. http://noscan.us/6948655669/SEgz-dpJ2y_OU-pwe/
  364. http://oceangate.parkhomes.vn/info/New_invoice/VVKvv-P0z_FN-qq/
  365. http://offerpics.com/US/JrukO-Tn_GmRy-OS1/
  366. http://ohscrane.com/EN_en/860732273/pnKX-OVL_JJa-ji/
  367. http://olgasavskaya.ru/EN_en/corporation/New_invoice/156947959466/egAb-Gw9Ca_NNwDV-m0/
  368. http://pay.hudavaqt.com/llc/Invoice_number/gCxF-bq_Rs-cu/
  369. http://pcltechtest2.com/xerox/UbjC-lQ_hJZUg-ZOw/
  370. http://perfectiongroup.in/EN_en/download/CaRul-8wme_N-sU/
  371. http://photos.egytag.com/wp-content/Inv/VMyJv-hW356_a-D1/
  372. http://plusvraiquenature.fr/En_us/corporation/Copy_Invoice/DxNvK-9f_bYIVLcSmI-wt/
  373. http://podhinitargetsports.com/En_us/llc/New_invoice/320714613936741/vyghz-LPsq8_lNzUUuFDr-BSb/
  374. http://portaldecursosbrasil.com.br/US_us/scan/Invoice_number/pnrSW-D9v_gyr-qL/
  375. http://printingphuket.com/company/Copy_Invoice/Hbqs-5K9_cM-gm/
  376. http://pwp7.ir/yFdd-XQHGS_WoOfGuH-TN/Invoice/769742842/En/Need-to-send-the-attachment/
  377. http://rccspb.ru/file/Invoice_Notice/nMPKa-qSpq_nthQ-zN7/
  378. http://realgen-marketing.nl/US_us/file/Invoice/Mvrv-MG_wlOtk-yd/
  379. http://remontstiralnikhmashin.ru/US_us/corporation/Invoice_number/51961250909930/SXEL-2fv5n_OTuwh-pkK/
  380. http://sassearch.net/doc/Copy_Invoice/uIqC-aU_xIfj-5o/
  381. http://selh-latam.com/wp-admin/US_us/bUjYg-lk87N_FQtZxiT-O3/
  382. http://sepehrbime.ir/US_us/info/New_invoice/caZpF-MERr_r-IQ/
  383. http://sepehrjazz.com/En_us/scan/New_invoice/2172227669285/hCOBx-G3fCL_DcimrraEa-mP/
  384. http://shade-vapedistro.ru/US_us/Invoice/iGquC-B4_JSP-kqb/
  385. http://shlifovka.by/scan/Invoice_Notice/TUhMP-nn2_tURzaudhT-Ym/
  386. http://shop.mg24.by/EN_en/FAdS-7Om_ZqaM-nn/
  387. http://signalcomtwo.studiosigel.com.br/US/New_invoice/CQCf-6dX_fvlpV-TTY/
  388. http://smemy.com/En/doc/Invoice/xlCl-YrThr_vMn-e6/
  389. http://socialinvestmentaustralia.com.au/wp-content/logs/En_us/corporation/Esfn-yrrp_PYTjU-hbv/
  390. http://soheilfarzaneh.com/US/ONFqP-1Hwm_TAJBTdhX-ZJg/
  391. http://solumark.com.br/EN_en/document/UYZjz-Wd_Xxa-VjS/
  392. http://solumark.com.br/EN_en/document/UYZjz-Wd_Xxa-VjS/index.php.suspected/
  393. http://sosh47.citycheb.ru/components/Lpwto-Fl_ZmQZ-sio/COMET/SIGNS/PAYMENT/NOTIFICATION/01/30/2019/EN_en/Past-Due-Invoices/
  394. http://sosh47.citycheb.ru/components/xerox/wCNCz-QV_fMuv-2pa/
  395. http://space-camp.net/US_us/file/88936152577933/YPiG-4m_Z-wM/
  396. http://ssearthmovers.in/xerox/Copy_Invoice/GlAYR-xN_BbfKAE-yZ/
  397. http://staging.tigertennisacademy.com/VHOlY-UDhP_VxipHJKOY-Jb/Southwire/DNJ70133401/En/Open-Past-Due-Orders/
  398. http://studiafoto.kiev.ua/doc/Copy_Invoice/KMuk-HK_KCS-vU/
  399. http://subramfamily.com/boyku/company/Invoice/075677436/mHzCm-o0_SHMduFub-Ay/
  400. http://summertour.com.br/company/Invoice/jZuH-lqHDE_rVZ-Fja/
  401. http://svai-nkt.ru/En/corporation/Invoice_number/jQxe-VGfy_PVswUKb-ZLx/
  402. http://svyyoursoft.com/xerox/Copy_Invoice/sTNV-PC3_iNATW-7cq/
  403. http://sxyige.com/US_us/Copy_Invoice/8768891378/HZuM-Gl_JgiCCIg-sYl/
  404. http://taoweb3trieu.com/En/document/Invoice_number/zRzl-hgc_oxEbV-Rc/
  405. http://tehranstanford.ir/En/file/Invoice_number/xhsG-wWCT_JIm-8s/
  406. http://temptest123.reveance.nl/US/company/70352102/MlbiD-b9N_gghcBve-5C/
  407. http://test.steelservice24.ru/En_us/llc/Copy_Invoice/435020224450766/LCLa-LXWwn_DptuuEgl-5Eb/
  408. http://thales-las.cfdt-fgmm.fr/cgi-bin/US_us/Copy_Invoice/SIVav-V1hfx_DcDhOMM-5l/
  409. http://thales-las.cfdt-fgmm.fr/cgi-bin/xpga-NRvI_kkQovJftn-dL/INVOICE/En_us/Paid-Invoices/
  410. http://thptngochoi.edu.vn/llc/New_invoice/40803342/Fmsm-rF_rOFFZdwn-WB/
  411. http://tischer.ro/En_us/llc/Copy_Invoice/pXyoI-ToF_TVouC-o4/
  412. http://tlpclient.site/En_us/corporation/rISRc-u4v1_A-kX/
  413. http://tokcafe-cambodia.cf/corporation/Invoice/5881372/KdQxb-nBEDv_UXNmmpCjT-J8/
  414. http://trblietavo.sk/US_us/corporation/VIyI-14_bNfmvrjng-ON/
  415. http://trehoadatoanthan.net/US_us/file/Invoice_Notice/087655598167/yNeML-5iR_JB-0no/
  416. http://tresfucinos.gal/Inv/39638630/DiNC-1u_gwjTNqrm-WJP/
  417. http://trip70.com/xerox/Copy_Invoice/TRhzP-Gj_dkmSS-tx/
  418. http://tscassistance.com/En/file/Inv/hCaGW-Rjs_Gt-zp/
  419. http://uhost.club/US_us/xerox/Inv/kMryc-RLmwT_Mt-ULV/
  420. http://uk.thevoucherstop.com/04606315258216/iDvO-bl_DQnrqpsy-reN/
  421. http://ulco.tv/EN_en/corporation/Invoice/ZcoyP-R1s_N-94/
  422. http://valkarm.ru/scripts_index/US/scan/Invoice_Notice/RfhV-Mqw_OZsdN-nH/
  423. http://vanana.co.kr/uopnksj2/doc/Invoice/kwuf-CRo_mB-Q59/
  424. http://vergnanoshop.ru/scan/Inv/oBur-V64f_M-uH/
  425. http://villasnews.com.br/En_us/document/Copy_Invoice/eCfEy-9pb_GQbQuX-El/
  426. http://viralhunt.in/US/company/New_invoice/XHuq-kEPKD_PHRj-0q/
  427. http://waaronlineroulettespelen.nl/En/corporation/fLxO-JfbBa_gJEmw-7RQ/
  428. http://weresolve.ca/US_us/xerox/LEVa-nxXM_KN-gCE/
  429. http://wieczniezywechoinki.pl/document/Inv/yxMG-W9VEO_LhWkyta-8Fo/
  430. http://willywoo.nl/En/download/Copy_Invoice/0729552600181/LPweH-rf_LvkN-mS/
  431. http://www.ajsmed.ir/US_us/doc/JmiYU-XU_k-88d/
  432. http://www.bxfwgc.com/US_us/download/Invoice_number/AWOa-qW7q_DhuhQDWKF-Qqp/
  433. http://www.devitforward.com/bhNQR-RE_rnVjNQrM-2iF/X89/invoicing/US_us/Paid-Invoice/
  434. http://www.devitforward.com/corporation/Ccwc-CWKSj_LaanaDnGV-l0/
  435. http://www.dighveypankaj.com/EN_en/document/kjcR-zfBjV_LMUd-tY/
  436. http://www.fazartproducoes.com.br/En/file/Invoice_number/qqweB-BQYL_dOVcup-8XL/
  437. http://www.fenismuratsitesi.com/EN_en/llc/ryquW-2xuK0_BiwhsP-3ay/
  438. http://www.finalblogger.com/TBNkQ-Ln_ykHnLmBl-AlI/INVOICE/US/ACH-form/
  439. http://www.forodigitalpyme.es/US_us/llc/Invoice_number/1563693034432/nMaJ-C9J_VGmhsCM-8H/
  440. http://www.jackservice.com.pl/En_us/file/Invoice_Notice/DZZF-PTvn3_SYmIz-YjH/
  441. http://www.kelaskayu.com/doc/Invoice_Notice/rGCS-N2Ql_Po-1QB/
  442. http://www.ledet.gov.za/US/xerox/SpgLY-b9_ghcPrc-C0/
  443. http://www.mulkiyeisinsanlari.org/file/Invoice/109696281215901/dBrR-udCP_sfBmGL-4sA/
  444. http://www.peyzaj.site/En_us/xerox/Invoice_Notice/fqWGI-0kI_eGOAHLdr-5md/
  445. http://www.pgpthailand.com/US/download/Invoice_Notice/YSsD-ygAz_obCwjqhU-Zq/
  446. http://www.retro11legendblue.com/US/doc/Invoice/YUuc-i8i7_Lkqaez-J7l/
  447. http://www.rijschool-marketing.nl/FIZj-LX_xnNyDGY-dw/ACH/PaymentInfo/En_us/Invoice-Number-08274/
  448. http://www.rijschool-marketing.nl/Invoice_Notice/hNqJ-fWZJB_vFFyGxL-Uu/
  449. http://www.smartcommworld.com/site/kazania/En_us/file/Inv/SKTH-6VRH1_tPQEV-vI/
  450. http://www.snickarsnack.se/wp-content/uploads/En/joYB-fy_jnW-GVp/
  451. http://www.sp11dzm.ru/US_us/file/Invoice_number/46045358/TtYok-5J_RedyXbOEK-vuT/
  452. http://www.tubeian.com/En_us/New_invoice/uJbh-ARJwQ_KiKLM-0u/
  453. http://xn--80atlp0a2b.xn--p1ai/VxkO-DqBc5_O-3m3/
  454. http://xn--90ahba3ac2l.xn--p1ai/En/Invoice_number/54899616/QMag-bDAa2_PWFs-OS/
  455. http://xn-----9kccsa1afbhzcgd9a1ay5l.xn--p1ai/En_us/download/EfFJ-wR_ZTbUuox-T25/
  456. http://xn----btbghml4ahgdfobl2l.com/corporation/Invoice/3136971110/oiil-5P_MWXcu-4U/
  457. http://xn--e1akcc3dxc.xn--p1ai/info/Copy_Invoice/743562177396/OTAU-2C9sA_LCZJEtzJ-Dgv/
  458. http://xn--ph1b7hh5o6o5a.com/doc/4959100/MOCHc-A0v_vbvzSwwCs-uHz/
  459. http://zarema-kosmetolog.ru/xerox/Inv/CNBH-6h_vOoEESHno-c1r/
  460. http://zaxm.com.au/Invoice_number/PGiA-JfOcj_tB-nnA/
  461. http://zemelniy-yurist.ru/hbWv-f3iNd_ynC-MXc/En_us/Service-Invoice/
  462. https://citizensportinstitute.org/US_us/cVFh-M5_E-eH/
  463. https://noithatshop.vn/US_us/file/140304883/POGv-ggJW_wwjH-YL2/
  464. https://sparks.ntustudents.org/US_us/company/OUqsy-ZlZ_D-r9n/
  465. https://tischer.ro/En_us/llc/Copy_Invoice/pXyoI-ToF_TVouC-o4/
  466. https://www.xizanglvyou.org/uomisj2l/US_us/TdeM-x7_II-wh/
  467. https://xizanglvyou.org/uomisj2l/US_us/TdeM-x7_II-wh/
  468.  
  469. ```
  470. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  471. ```
  472.  
  473. Creation Time 2019-02-01 20:55:00 (ENG - Zoomed Indigo/White)
  474. SHA256:
  475. 5f534f09e248c6715536b30987b44f91e250db701647977ed7843c4ee31f45e0
  476. 60a0eea150d874b92826f4e83b1b6825b2a27affeaae5b0343a4b66442c541ee
  477. 97048c33fbc13997c4df5c44dc973fb6cf9ab6acd6052387f87ffef76999d966
  478. 8399da775d2d4b8faa8ab4f0e0216e8e2926a6cb02971c887123fea83dda64c4
  479. 93761bdb4cdfaad1d53e3426a16ccb0deac6dc17de5db406dd8524beaffb020a
  480. 9ab5068195f8b84a03bb86aea5e66ca63f707680997c00b4355f156244da662b
  481. b2f545f6380a81e7493d6ad18cc1f21b7df03d57b514ac71189472dca866adee
  482. d585a08b27b2c793bebd0f61b5c771d219e0cd92ea316301ad13705b653a73b2
  483. b6114ea4d2572a64883aa50803d85579f510b22256b308381a6cc13ff6f214c8
  484. 99a0b248ed52c12c39df7aedf6f50326b4e2aaa5fa9c8e56c9723c9af9d96c84
  485. fce0457a4ed4cdee17cae7a9db228f8c40322f29f1d066c4cb9c576832f20381
  486. 14e3c5afa36bb7353e55f958b885c7d86628b37b7049212ee2324e961be8bfb4
  487. 590be490e279b6764fe8214f6507d0dc20e0e4cd31b5d12f45f80a4b7e2ab9af
  488. 77b691bfb7dc63e1b2e343c559bf415ef98250a8ef9b146d04d5192d7a8ab195
  489. 1cf63143f11136b69ecda542514fe508fca3bf3ce85c805d69723b8fe6d7dcc2
  490. b21bb5f7765ebd69c4ab623047fb09a1bb3d2ad2b15dd6442f4d46c83e4b37dc
  491. a370fe41affb593b76ec48095b2b6b66ccf9db9061456aafa9cf322706ee4139
  492. 4cecb54838dda22df5a3ff3e5fe2f77956835cd4d1c95d62f1a4c4a26fc108a8
  493. 9c268839c1abd1d009a39653790ed4cea9681c1d0880c6b96652cb3a8b35faa4
  494. 131633043bf662e69dd8b307fcbea8b5e2126923e6d70054db2c23e0135f3b02
  495. 726b5d200edb3df66c8b53d5f408497761efcc25a521e71e788945067bb50bc9
  496.  
  497. http://pro-course.ru/7WN7n1n/
  498. http://tapchisuckhoengaynay.com/wp-admin/Attachments/FJhztkIS/
  499. http://de.thevoucherstop.com/TxJjRtZj/
  500. http://3kiloafvallen.nl/wwfuZp3g/
  501. http://uckelecorp.com/QNTVLmNmt/
  502.  
  503. Creation Time 2019-02-01 17:07:00 (XML Based - ENG - Orange/White)
  504. SHA256:
  505. 1ecf7028a822879634ce5636246cf2bcaea495468f8776afad473402b83a0eb4
  506. aa84808fe014579670bc23833ea14eb6b56727ccc549ae85cd2e6df72627cefb
  507. 82664dc54b8e81455d78995b0da64dad746e2ec25cc6eae4a5cd6b705922d5aa
  508. dceda7777f8f39e6f86fd86f212a1a7941fb701138ae08baf464068f927ecfd2
  509. 65df62a2dc7404c2e07b13dc9b55d487a6d082c5c020e990117f598088609fb0
  510. f499f4901b4e241f6a6d74aa0c0d2ac42beff916f61fdd79d96474e6b22f6f5f
  511. 7e7d10e04eaddc56cfec9467ed0a55e485fc0fea637216caee231ec2cf6998c0
  512. 15da1678c339624957293bee346681bab776eab2b23f92ecfbc635669a3d5d21
  513. 42586bd4ec9223ae961816fb7ba0d24687f49e327f8fbe2bbaa20c27d40075f4
  514. 180c6a4163a771cc9897f3a6b39c6c06338ae92a0fa4f8b9e5bf04e37ef995ff
  515. 69bc98eedb72ee8938ff2b0443dc167438b3f9d5d29718791ca6c7fc08fea268
  516. 1890c700b0b4987e0c544971f6d00d190b6181c0fde600a8ec756181bc4a704b
  517. 1201c6d6303d7a0fd5d1d8791537752611666acc576252477d8eeedca9edd052
  518. fa3fd3a799f742ac8fb379391a94e1ea1f71d911307dc449e1b18fbfc0d451d7
  519. e05bdd8ea3e0a571e898c7db4902755f1040dd3efb12a2acfd16106b84276be4
  520. a5ae4735091092990eaf155494a4aa44ec1677bc0f5b3afe684a98017194288b
  521. e3b8c754bf5c42272bdcbe744cd9d64db639a9f34deb844a397ad818942c5f7f
  522. 5d574461cff91daccddbc3462d580dfb2f81cb433d3ceee2db95064d4daf0cbf
  523. 173d611e12662f8c2e7a5cb12919d39db555e6793692664c3871f043cfad80fa
  524. 1cd5a16b9ad93d3665291653430267b21f8a39bab91264518d206ba0d1f5cb28
  525.  
  526. http://jaspinformatica.com/lSK5RBn/
  527. http://littlestarmedia.com/wp-content/plugins/all-in-one-wp-migration/storage/qTbFtGS/
  528. http://k.iepedacitodecielo.edu.co/bulko10cV/
  529. http://kadinveyasam.org/dLGoGet/
  530. http://profreestyle.nl/NhNKe8J/
  531.  
  532.  
  533. Creation Time 2019-02-01 14:05:00 (XML Based - ENG - Orange/White)
  534. SHA256:
  535. 9b27237b1323d4005b57da6b6ad15ab06e40ef9a096df6bc6571e528a198dbf8
  536. 71a9fec8ea0916371d0ba5bdf3168ef11eab53c7622c5bb4f74861a1521a2d89
  537. 2004c42b12642630ecfbb726add85ef100207f8bbf2f456b7be6d4b18b9b02d4
  538. 5d6db4836c1cb84c836747002cc720931c994c7c48644dfca96b996659121f22
  539. ed4dca43b58da975dd37977ca72ceada1c18d4d22485060c1d640bc37f2c7527
  540. 5807dbc163d897404d582a7981bb2bf012c39a9e7bbabad57fbdb3f0b3803afb
  541. 459961ffa7ec89e4d1779ee6fb8a2564bef6f7d5ac37442af4975914dd4cf2e4
  542. d3118f69dbce9fce8f077d69c2d83ba23f824ff335119b7e44caf21fc33799ae
  543. 0dd1eab508919e1df7f1ffa4411fadf5fe6fb8b41ab1fab254f5cc3ac94e9b7a
  544. 3363d57449c265f3b89b67bb2d10193ba791dc0e2361bfa56857bd647a824334
  545. 4db454bf61befcfdacccae5fa3e58ac5e4653c5741a0cdf53349ae3b2f5198e9
  546. d42e07d9637b3b885695861f9b5482abaa40dfa665d288de6a11f8cf3891f7ed
  547. b0de25009d3a713216af40bd489844b45175d82e3233dc8241a117b6b38ad041
  548. 2d33c701929046c5e8b8d879138e3d1baa74fce96eac849c9978a496a5538b54
  549. 14167cae69706ee42cb28990709d1c01c12bd70a93081e889f1b633d50829636
  550. f7a4e2e98fd18ecac1cbccb038645a641c558cafbeece25fdeeba51196afb3e3
  551.  
  552. http://marcelaquilodran.com/XDyss3V/
  553. http://johnnycrap.com/gXXm0QU/
  554. http://erickogm.com/BXkXAa1/
  555. http://rmz-anticor.ru/IpeUQcngY/
  556. http://u11123p7833.web0104.zxcs.nl/j97Hkz3U/
  557.  
  558. Creation Time 2019-02-01 12:29:00 (XML Based - ENG - Orange/White)
  559. SHA256
  560. 8e85da0cba4ed704cb6a699475ae3cb682b90a16e8b1ef54315b980036cf0b22
  561. 92f528d708229e0add1cad91fa75d447af2b820f774bd4cdc6468ff12e8b2c84
  562. 38e7d5357ad2d7facff21654657ebac8daa713431cb8fdf9221934ab061cf7a6
  563. 4ff89a792d9db35dbd51f2a8eb585eb46004967db17173a180c96fb0e892333c
  564. 6bef6f6be8180c1d3fd62614683e8ccd0c90a7fd6d11eb8004efb7a28d6fb6dd
  565. 4685c25bb547ab94e9bfde63934a51f6ed5edddd7c8c86160b3b06f54377b041
  566. 5feb2b47d9a8fbc7aa1a54e7167bcad6ec1c0ea72ddbacb03bbd874e199216b7
  567. 57d72271db7fe9251d9becdffa427325a3221adc44f396f75daa354ad488f2b8
  568. c53067ab0301784f9069f01e686f4771407077b8f1b960703394d9ab9ff19b2d
  569.  
  570. http://www.panditshukla.com/UZXZMQ3O/
  571. http://weiweinote.com/XoQjxRX4mm/
  572. http://besthealthmart.com/LmU9SyRurW/
  573. http://theaothundao.com/w7nzEiy/
  574. http://www.laxsposure.com/2FuJEaG8X/
  575.  
  576. Creation Time 2019-01-31 22:34:00 (XML Based - ENG - Unzoomed Indigo/White)
  577. SHA256:
  578. 0e30f94385fb05699cd8088c1bc4b323a773004afdb027207f2930413fce7189
  579. 9cf80f7a527c30221d8df71b6b8238394a134f025ccc463d0d1b6b8d0ef04f23
  580. 254c73d78ecf5399905c416930446aa5f12265c3dd48be1750c52ee9b7523120
  581. e0390f84f0b61088bb7cc7c8a18603126a9cd1b7b6dad69fb60339ce12c63dab
  582. bf45aa47e4e574de40167dc3717ab99f0aefff4b6c0bd3214c0b991c34602b12
  583. 614bac693c15cfa5e2fe49d6b0eb24e5223077ab0c433b43068a6224f21b3b2c
  584. 23fb71e5b913598183026129d24aa547daaea1c972dee4cb678ecd37d266fc5c
  585. b17f80b96e46d04b8485b6c31e295d9cc497f6959dab371d291fbc1a6e8ec5d3
  586. 82dc0507ef3d6c4c8be32fc1a81cbfea8358a6a96471488470a56325153e5a49
  587. 6b696e4152ecc79979f81d25afba7da53c3b4fca8f69c0fe454fb5159e60bac8
  588. 1a19153fdf27ba10e54c10474c0e253c0b2bfa2a7f4cce56393e7fc0ec44539d
  589. 371ae839fc28b4ceb0ea0478f59794d492fa779255fc99044c0b3f80b396190d
  590. deffe3f569e05999bd659bce9f17499ef466c48d283eddf94033b4e0aa2fefc9
  591. 9213672fd02a1ae767ac5ac3fe03d4a2f28ded9015afcaaaad115a647f00164c
  592. 1049bd9fdc3a17285c7342ead0e830d18fb20915cfcf2033a425ac89d365bf82
  593. a974a8c50dd31ee29f3df77ef4bc62b21d78f08cd7cd3b4097d18d8e07f88254
  594. b390e40273759309dcc728e95fd6563045826dad0300719a74401ad29fc02460
  595. 504a11ff200b00bffb5fff6be6ab6477fae5f2fb9c4caa7f46862c8d939bab21
  596. 89306487dbce30207cc925b46c923a64e954a09e19bf0d18f26f59ceafb89b51
  597. c2b4f2fa1177c98fc2bec664cc40b45996e6a279b44ebfe53ae6b4811a274de6
  598. beed8418c04af5514436e9eb4d884ac04120cb20674af8cb267462312ae5fa6f
  599. 713e3430c50a7a9f5f81fc2a9c8c28d7e2cfc5bd7d088c496f7558f33fc9c0a7
  600. cb50a37f3c74ba159dfcf334562c59a2a55e75563cdd1852e6f634b5612dca8b
  601. ac8c4b5e1d58b5b66535e0ee3a297259a6d2907c0c8fbcde04259a70960a5689
  602. 1ca522099559479c794b9623b0f361e3e3660e8bb4fe7f8956a9153f84058d2a
  603. 5f987496ab9ac737d1943f6ef374789ea0a847d7995cb5699c89545f49b72c6c
  604. dfa04deeabdd9a613d73029d79098ae6cb9a0a6dc98299b8d57d4517ff0b0f32
  605. 47ee7e5da39e6493316bbc10bcadfd9029a2103fb45dcc4eec1495cfaaab8483
  606. d04626dfa8cca7db841370b072cb648baff8e67c552d6ce2f54abacbc66fd4fd
  607. 38538755dac7ec18276126db5bf3c69427f065da094b9d1b97731645b823c79d
  608. 94783ca10babfa71834a87db91735b2566656ebe8a9b6b43f86460433642ba96
  609. caf6812adb5f64fbe4fd4dfffb6aef539ebd4d93f8918eebc4b284f6eb781df6
  610. 011c22ccda68e333b61ef7d81eb9ff3eb48bf43e8d6b487e85a4242b377471fc
  611. 43b3dcee455b379b2f25f1136dd18b4c86d9b94fc71ed60791cd77cb6a55fdac
  612. 4f706ce9c252cc6f452b5b796bd9f56965ef4205075c9d9e09ad774c01068778
  613. 3929773cb3392d35716ee6a4da350645078bbdb4dd7fc186832212b9cd346e97
  614. 7e6330b5f989442ca7a7882164d6d1b191a40fd64367614a30ee62578bfcb4a5
  615. c6872523c8f83e7d876cb500f8110d8776d2c206a5d5110d37f6b48846b2e9d1
  616. 53d8bacdabccc0f5bb4e866f956eed32acc24e01b8ce634f443922a2c73c1d34
  617. 7388522d799c39abbec59ac13e71f06f9b8b0b95d77324eeb6b738b7145405e3
  618. 1cb08e1339bd49b5c46ffad70b6497e76a3bdf06b7bf967df6670bb589ee4b84
  619. 50b6061f9a4b06efaa9c39424d4250bc879d2163ec86a7f38d96807de5d5a2c0
  620. 16859a9ed9e2f5e12a7f26e219b4bb65f055a0060501ac487dcb8e4c73d108c6
  621. 9dd1a0787b8dc36b830bab54d542b436c72fcbfa92c85423e566aea9e602054f
  622.  
  623. http://www.lesprivatzenith.com/5TwfiKgZzV/
  624. http://efhum.com/HiUT2Pz/
  625. http://dogmencyapi.com/HNE7oHjL/
  626. http://dsuc.cl/wp/wp-content/uploads/hILRunEIdV/
  627. http://sunshinemarinabay-nhatrang.net/oQS6tJP2/
  628.  
  629. ```
  630. #### SHA256s for Epoch 1 Payload EXEs seen on 02/01/19 ####
  631. ```
  632.  
  633. d4abdc28f2dad5f06ec2305f1aec2e62f2b57be49c118b7684d6f1e2e15b567a
  634. cc00e7baf294bc49372bd59b71f83ce90daf97e1525b89ece015eb999ac5b3eb
  635. 8a8162459c2a56f3a9cefd328923203f0adf4a8d8b1da45743cae948fa4bc3f7
  636. 9bd0cbdddff975dfe9073ecba71700c4de13722ad8efaa013762301e2cb72ca7
  637. 5996baa6d2387a965fac216500ce0a63ab3ab5cb5bc0c88fda2e16076ab353e6
  638. 4303ba683ff2350ccc3503536ceec2106fe6b540e09923a4f8b3a0c00d9d0a90
  639. 7b1549fae02859acfbf634a3688beeb55a5ec2ee38874d122b2919504d379a8a
  640. 68b16e6c4e64343cfa09dfc7b00c162429817b98fb9986efb6c6ff68abceb00f
  641. 4921a811a74bf96e87dfcefbf0fe7ca6b8a9a8b8fa0d75a289603c26d37da551
  642. e9062b9b032b4fd2a62296474928334a493599b7a52e11cead3c220a45a3b366
  643. b3869875a37a29836c469adb00bf1eb32c262daa018db6cefdfe60c5323c56cd
  644. 90e7e8c8f4e157acd95760ff6b6a257c5461c731ff12c547749e28c9f8e3e5f7
  645. 9b286ee5bf0e81bc2722e1a15ed606384c4879907863853a0ec26cde4ca679a7
  646. c2098fc26da736df07b98feecbe6cd4be6133cf45c64b622c5912fac56a2f46b
  647. 7c074fd29d4ad7c06d1ca4b50edd4f49627d494020c7b965ef2eaee71e2ce0c3
  648. 338f18704744f0464b0eb55d7b0ca90df7a6ba13e5d0ea5249bcd70982e8c4b7
  649. d3fcdb800b413d05950fb0cfa696ca11762bdd0d26e5562d46898370e2ac38a5
  650. 93cead95a0296476ed8dcf36262bee2ebb16dfba0fc97409ba90cdb4b123f572
  651. b8cd0fd3f9d5b69fff150847c44aa4ffb476d21312fc166a71a8ca2d6d5836e3
  652. d77a07559837c88a88ee3e260913689f53649ed3f53112f9bcbbb248445dcbb4
  653. b4ae655c787c89aa1eb44ab6d87cd9fab1eb7dc002a16df7b97a7fadd0f106a8
  654. ac14790dc7ecde793f789063e6fe0ed9ca0893bb224cf63a2ad608e0673a0158
  655. 6d608015a30b08ab0e73690cd7a10991784df67f605b925f79bdb1d87570b716
  656. dc26411a05dce2e305bd3d55ebcf8e50c2cb52bbaef3ccb848a59e5fa98390cb
  657. 1693b02d79f24b99c7e8914b845d2575a2e960488dd27bf7a297e999f5e8dcf7
  658. 67778d30ac1c1f63e7c28c5477f8e13a236cde8b50f2259f5e80692663203517
  659. 0a0aa4c20acb0be6d3b93308b0a6a5003c6dc696e2be029f1679cf708ea82cb5
  660. c285245b758f132642b24477c28e8876cea7b0537a3505585f8b1d9b64e78489
  661. a5084bbc226b86f9c901e797b2efbff4b3e9af9d044a5f5836ab7fddaf4652c7
  662. 75fa918a0db144bf4d2b022d14a51de8ecdc507b340453eb872e1f2d7afa0c38
  663. 09b6db6788d031db041749d03d2ae999ec9bd21fd96a3c3e957c4cd9d1b9828c
  664. f44d2a38c1c2b2931512456f92688efb7b2cf730ad229f2ee9a108ca1b49f634
  665. cc6d680ce9c5fef62793cfab2215a3420e1ef85630aefc21fe40eba433a3b4ff
  666. b229de24b009ae2671194e4bc18482078351e8bc49c70b3f8459f0597a3448f9
  667. 306c970326ae7b6402e2bb5ec5a5253b85fa219640f11cec06f6809371347197
  668. 20399f98069d9f1f5226dafffd477f448030718c789fda33ad397b5789b8cce1
  669.  
  670. ```
  671. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  672. ```
  673.  
  674. Creation Time 2019-02-01 20:51:00 (ENG - Zoomed Indigo/White)
  675. SHA256:
  676. 7848cf417e8bd3fc58b71a61cec40b6773e6d80355f44fb0c7f7504e18dee3b7
  677. f4b9d93c0a524b3ca39e24d9d507795a9e16cf77b9de94e0327557c3a7c8d2d0
  678. 5bd21e7c9a102a79a455b8ab67f1a6e380ac6274e568bf451e81cdb9b58b03ea
  679. 897cfde213f675672f4b6f60bfbecfed5bbe1d7500ce68253ae5a54b76c13ce4
  680. 61a9dfbcdae93648c0a5776d0eed0118c2004adc388bf552b1a644ea95f24313
  681. bc81d537252a6633688aebc89cb33e18fc2e7da74f2787224a457d9c293cdd3a
  682. d2ac5e2df15e79e76c861f06a3b0e09e50f227723f1bee85dc85f21e4b95e6c5
  683. ec3153bd07d67d1777c5223e52c94b70f6dc9eb059042f376fa33bc2a9b5b8f7
  684. cdb91b4fd2e892c13cebb46b7637adb1a18157a1dfdaedbe0a9209af687abd85
  685. 3278d448c595516afef84073eac81a8497a2d6edad2dd299fdf135c36689e486
  686. 3947ca1f03224700ae405997929aee70681721d1b12d66264f98274e3877f962
  687. 2c501ad8d997e4ac222c09ca97eb90fe58e9b64f33657eef8e9671674d99ddec
  688. 3e6f9ce542036e8f9167f1c19ccb8d80f26f934b96d21e56a8f225e861b96825
  689. 09c8251a2f3b7f1b847ccb0088fe2fd8489047c0bd4533916f505d0920621bd9
  690. 7cd49000722135983ea36f937c89aa30ae5faee40cab62476cd1708a9210ca00
  691. d5e97889c5b3bb6f202040edbf7a35398e92a8fd5a473c9db75b7da5a1a5085c
  692. b4b1503c281fb2733ee1fd3c77a1cb5646b78c9a49fcfc0da239c48f02272480
  693. 7f9096f0ccc89f21d9bf8a3c528b755fd7d8fe873594d28862fd4b6ac9112c29
  694. eb78c827cf587f2c174ff15ef8e6863b88210b88c90f525fa938d776020c6ab3
  695. 02e4efad92133d6d0d8035ab157b07047123a0fedc6023fb8fe6404eaa997e2f
  696. fe80c50674e413d3a665319055702e7a003d42450c2d274e1fd97b668d00d4c2
  697. 0ad82020d842a8ecab482d1671cffa0ce55f221da9f3c1cb380b3e88db50cc5e
  698. 5b9ac39780859b84a4bd9c4c3d775ce042387cf1c50f1738c5e9121967bbb9aa
  699. c390cfefc5d766c6617fb8903c07ff346cb72065f5ee92b44e5ee3cdd98cd37b
  700.  
  701. http://rift.mx/1q6yfowWdTLO_y6PDvDqM1/
  702. http://ylgcelik.site/images/assets/gqozUJEiIYeC_dnZTDQX/
  703. http://aviontravelgroup.com/MyxIIPxzR57RBIQ_BMNwuCa3q/
  704. http://ecohoney.com.ua/QIBhgUzx_M2znhUL/
  705. http://wa-producoes.com.br/4m5Lb0xKdUs9N49_eln5oEXK/
  706.  
  707. Creation Time 2019-02-01 14:50:00 (ENG - Zoomed Indigo/White)
  708. SHA256:
  709. 2085951bebaad4c9da34c479e8cf0823e4e52eb1eae31130b216c6fd47b841c6
  710. a1ac9fca21482d5b00845c14ab1615963d8c713e8d36bd7824644df3b162fa3b
  711. fbbfb5fdcda19060ce5cb5c6f71957fe38e7f91ec2463f0575ea0c6ebced0711
  712. c728db654250cd1c32cfcc2c98111abcc1eccb17d395c333dd8774b38ef8972e
  713. c7ce84d12ab302cda097013744a7503454431eb687b1262b9a005fcd67577901
  714. 98720bf626762d8ada742c39e84492a72e9064db0846b94f87da13f62eda0357
  715. f15350c7baa03b9ce96c0ed468f0fbcd9cedf943c5c0a0198435be0859054c34
  716. 31b744489a0062082c6bac9dd563225fb0113cb4938a0de93a6dc964a1ddadce
  717. bb048848a70809e3eca2cb2eb516b662d8692b594dc83c29fb72b4a7f9d65d29
  718. 07ffaade52c5bb401238f6d3534ed52c05aa7d1fd18973cc8b19dcb5110edd12
  719. d84a7486f7e7e20cf5f0c2de623b1f053efabc09e41e03ed96ee86269e5ec083
  720. ca5813bef05cdf7854670d24718ce50b06a5b85477f3dfc68a73e01a193d31f1
  721. 08b4049763b8d920dfa304db1b463a18d750a19063afcf1b30b98f078e820b12
  722. e2fb3efe99f30c5593c2058bf654f269556da4103e13481b5b7f80a36cf0485b
  723. 1555a04d43594dd9cf28bec5f144c325a1bcdd2d5a30be70dbc4ff495dfd2f2c
  724. f7f033a02973adb35956d62ca63ed2f721f8fe9881625752535792d6f3598f2d
  725. de274a7356988ad484b84431ce99d9702612c8d51cf6800f678631fd8779dfd7
  726. 7f57e27e78b65dda0f0747acf4a1ac16fdfae0114e09464395eb94c7fed7c5f7
  727. 885625d5b0802570c6043655ec255f6bb5a17184dc897c98c6d4c712d2e4a831
  728. ad3cf50504284da769ef01de9fc64b1d6a5d1b29f05fded87c00863115ff8d2f
  729. 826083c03a1b8181ca8d92eb17e6be6b49cd59e926b3c11d803a64209b77af01
  730. ad1dbdd18b75dc6c0128e55ac16f9843162c15a3877caae1ef79cadd5162d9db
  731. f26c9a9f18154d094530e04a95017168da014f0b86ba2bac44a3ab8671a8e0e7
  732. d56190ede19e527b154c85b109b2dd3e564d5f818a5b4d21b768aa9d68aba587
  733. 1c1b815685734e97d9febfca8053e2d4cc4d74c25d610becde753d5f71e575c6
  734. f84fa76f455741887fedfa77d90bdcd85d2d26d019c8a5b5176d91b07358e9c5
  735. 263324730bf7c8703b70e420f2593e21183773bd934bf20c490aba8d1c57fec8
  736. 0b627b4eca9b9e8bd04a0d1a103876f6e0fa91049fd0b51bae9ae41acaacf15b
  737. a27260a1fe5c659000bca59b786be94ae93ee51494d4d455fef197b6857c8de1
  738. f5c428125890ca669b432ac3c349bed68874dc3232e2abc1ebbf53060510cbfe
  739. 6c6e85c469084d7f7ae8b020fbcb55d33ae6f53bce33056908ecba6d3ea0a6c5
  740. 13481916c2d382273259fe98cb096e83a01985506d65249239e8c6ad4cfae316
  741. 9f6136d19a4716877b66602a6e6443d9e60971432ea889fbecc2a29432d7b33c
  742. 0c9767d38437ed9380416211e99b79c1aa7693326510cd859d8d0f52976ecb35
  743. 50593373795c57ed8b6d919eaebf84a3ee17d8d13cd3b3b6f2cacb9df6be40b8
  744.  
  745. http://www.hopeintlschool.org/FQ9AFMoF8GZKwyVvg_GC/
  746. http://antigua.aguilarnoticias.com/nYZZcHxoYdA/
  747. http://teatrul-de-poveste.ro/wp-content/themes/wcFvmRjqfPbdA/
  748. http://mywedphoto.ru/SPcBpzOvD6_bogkPa/
  749. http://epl.tmweb.ru/QBSLvgDEuAXTt_ETNrGAVki/
  750.  
  751. Creation Time 2019-02-01 13:06:00 (ENG - Zoomed Indigo/White)
  752. SHA256:
  753. 9426e9eb49b3f6b2a9165b5d140649c5c094a00d0b5a26404eaeb78dd0ec6550
  754. 4c48c53658f14e1edc26c53b610714be24f510209bab60d864888b2e1510c204
  755. 78405027a50217eba1e46f36fe5a2de8f0e55b3fc778b73ca9ee8efbba8a3af6
  756. f436b4809dc8d8fd477840944b71f2c912f53e89b62049bab9497f93c47e505b
  757. e01e540c07f09cb2307405cc15803f4b8a89fa6d9a41cd73e9b585fbfbffdb87
  758. 3d6598bdee6ce76fab53bad64e023a0679851a6c4e2a201a498a55121b23c77a
  759. e6eab10c33240f56cd0b4717e13f78a588673df8e5a899e0f6cf799a67b553e7
  760. 721674b13fd245b3bdf8d3d84346a047df6f5802bbeafaf81dc9147e595107cd
  761. 43835f267eb55257d62e0f772de5d00e76452efab629ac4627cbf117e0ea2ce1
  762. 745bd8ce1c43ea792cea43f201cdd9dce3509d1cffde6558e926997ad1aa7c3e
  763.  
  764. http://daglenzen-bestellen.nl/H69gSAmR6K_Q/
  765. http://santacasaaraxa.com/hTa01UNNGlaF_Wh/
  766. http://shariknavaz.ir/wordpress/LC4RRma1lMBjP1UBb_h/
  767. http://chiquigatito.com/Lfhsa6x6V_Zi9QGNFCS/
  768. http://papillons-workshops.com/1cqgOtDkDTQM1/
  769.  
  770. Creation Time 2019-01-31 22:57:00 (XML Based - ENG - Unzoomed Indigo/White)
  771. 2019-02-01T12:01:00Z
  772. SHA256:
  773. 5fedf56b2c894799115c9391f023b78285b077e26840f7fa85a170271dbb476b
  774. 5189e726871752dc94c841d41175b7ec2863868b61fecbbfb99564b68b0cde9a
  775. 5e4919bca2feb6438f35e4fa90769e1e1d35f51a1255b37463730ceb12b289f0
  776. a2d17a16704cada8e35e2a669e7c838af5d252328a61a66ff7965500332f8dae
  777. adfd2c18cd896d66374092237ccc604f59bf0a65544e010a1be31acde25befef
  778. 3c23d9ce4c04846aa0cbb3b9cf8056fbfaebcf6f0431bc3cccc606928314c037
  779.  
  780. https://dasco.kz/S7J8cFPhFOcnYTN_csUANfv/
  781. http://otohondavungtau.com/IOOa043VGKyE/
  782. http://regenerationcongo.com/vsyAOUANbOGsmYfz_XV2/
  783. http://www.grantkulinar.ru/Eq2DcVTLnmu0SDMA/
  784. http://webnahal.com/3dSJgw12xw0/
  785.  
  786. Creation Time 2019-01-31 22:57:00 (XML Based - ENG - Unzoomed Indigo/White)
  787. SHA256:
  788. 7ba274b3ba076576abb91e85e3ebc050572ed4dd1c1bfc512c77c8d3912ccbc6
  789. 652649f7488516a394a24289adc31f59f4d396147490ed03769b289864fd28e8
  790. 85730cfa970d3660dd80d9303de15b72bc2f69a9344a06330046bf4f870419d8
  791. 2c0180d1523da26d913e005b755aa6d2f6d5c1f0cdbb85f15db036a8fa638889
  792. ae9a7b94c9c8ace70360f1bce28f468b7ce09ac955332425db6cb560ff65f94f
  793. 6d0f356e0a8e462b7a02b92293007681a169bb538d50e505499e97c480e2d4a7
  794. 6024792d45b1884c58f7adb7b12f73d0ec5f72fc1ef732269626f9ff6868c2d2
  795. 1ed9cde54fd47f141c408446b25da4f7df843407fc40345dd1a31ed923cacca7
  796. 5a0f7b9af6c965cfb77100076bc425fd4253dd883b9c351f04305277c11a8733
  797. a365f3fb306213abcf764ea4b9ef50c4663e127d42a8c22f0c6fa243c19935e5
  798. 52256d6f9a9d04b2e60c2d354b1970dc3ac6577912a0d9041ae3452ff1ae0942
  799. c2721d11dd3f49b2eea93a2a730a8726f2ef2708b9d68b16439b7e859463ab38
  800. e4c6955e4ded6e9608a1a5ec19e4e261faead5bc36012a8d2dc6125e35b1f264
  801. bc42be027848c904683b6ec92c284a905f163291d8fd2caf9343a717d1366d76
  802. 9ea587735b4ae170106bed245d00926334201405814b6f47c95591c7985a9a94
  803. 977939446e36bdc7ffccd8c9a0b9108176aa3267a434a435cb3bf009c8058fb2
  804. 4d28269b2dc1ae17ad5c6f136f864dac28b1481b8ef4366ec35dfbf6fb02b3ff
  805. 7c45eb206a28c7a4ec00c7df85768ecbb4f06198f3c524035062c66a02b54802
  806. 32e397f0162c954c215c60f4801cbaaa7d615a0ccede24a467466dfa2903dbf5
  807. dac4ea5b990a9a9bd6bf2a57072a3abfefa2b4767f117f2daaabdc1a2e462ba1
  808. 8191c0a71dfcee1860c9bfc1346cca2154fe76aa8c8ef3a59680359cc42f6929
  809. 0c661e5988f7e1e17759c3a4bb73aafccfbfe9ab27509d3b68e7c8ba0fbe1460
  810. caa788e21addf383dc7d26280693a3903251354d18c0cc011a5c6bb40ea66949
  811. 72a6405f7d902fa9cdec66709f35bfeeccc894e541329b8b7710c0a1caa6fa6c
  812. 0d29961633b0b6301ca1ffdb3988052c55dc7241ae5fe743fbf10fd84021cbe1
  813. 37811b82997059a85f6064f8a5663b1f4af739d238816147d46058c375b4ae7a
  814. 2cd82a8bf5d021f6f57cbbe4646b1db3afc463cd4a3f261c511bd5ff362ff757
  815. 135a1b0278442e31d559f770713d98d3a5f0e04db76a65ec23e01c1ef7eadc52
  816. 44dbd00929ab84c7e5324d5f671e59710e32cd17ffa8f4b143a860ac890653c4
  817. cc01472276c1d32a5e7bd1f737174fb0707c2613ad738c36a4be1c677043dfd4
  818. 91130b1b6859b4394f2a14bf09b500000758188bdadb50719fbd20ce55a346f4
  819. 3eae2a5524e15bfcc8427fe700b413f8a4d0c32a07c790bc83bd25f1c1699f57
  820. f989d2aefbda20268089ce551567d98b4887ac504b17cb3e2768ee96d3b8a2db
  821. fa7a1db6fd5b5012df922dc035d668901d74f740bd6f58296b35b47ce26cb1a0
  822. c40bea614380796f1479c21e4640c9d8df76efe044fddcc49b8cf1f3dc16a990
  823. d08f26201494e7674b68b80ab70e2e51c6824a1ee164239b2d7dc95906fea519
  824. 984ec4af5760fed18d559200b356fe49b4af32ab979d129f775ef143425dadb3
  825. 8a31a5b38738b287ed94cc9dc1cde98765ed496e8994bc82b3cfa954be4b2c67
  826.  
  827. http://localfreelancersng.com/JJ5na9IyL/
  828. http://pobedastaff.ru/6iYWKl5I_MG/
  829. http://wellbeinghomecareservices.co.uk/A9Y90usX88aRT/
  830. http://vkckd.kultkam.ru/QUxQZUG_9i/
  831. http://beautyandbrainsmagazine.site/cfmGNuDVbnc50bks/
  832.  
  833. ```
  834. #### SHA256s for Epoch 2 Payload EXEs seen on 02/01/19 ####
  835. ```
  836.  
  837. e6507bcd7520457d8bde704f74814dd242f3c254eb257b7c68e663fbfc635b99
  838. f391bd4b97026a0a26f0f8fb138894d97c9c4ec74a08590a071ad6586649d143
  839. 37266781729865713000e8f3b7b764b885064701568ff11747c16f1ca1c384b2
  840. 4509339437b65f1bea4158ac112d846a6e8ddaed4275666ea1cb3425f0733146
  841. 5016ca91e81164beb11cc356f1f621df8b6a2e885eb53ba4815541cad427f60b
  842. 6b1b9a38d91d70b7a6563f54a12c9d436de717ca396d3d4766c8e5299ccb384e
  843. 94d8e7266597a33d4d1f3fc4c08cd6735ab9a35fe91f6bee71036285ee4d806a
  844. 6366e9c885587f60860501520c4fa37008a0741bf47a7c1638aa5f0478676590
  845. 71d9884d5dbe2fd9c6b987ea85d9bac8eebd7dc162c381091e8e17b225177f85
  846. a1fbccd948294295998121605259fad8bb3637d9cf1be57ada53cdf92746b3a7
  847. a19c8a2d748aa89afd3709e188233377e4e2e7e7a63821601e502321cf6443eb
  848. c62e61212c8d05f8c07bcf9a67d5215b54d757491a67e87582ede1c7c29bce24
  849. 8e563d531b14d9366c47679bfd07c6d8c8f5d57a2d0c78d51ad69633493b8a46
  850. f1e0ec4b0fc032f94e7ade57b220362823849f99f5d2c81c42907457e1bbf2a5
  851. 52d4dafbcfae960f9c56c22dd3013b33747410cc14d384ae26caaae26f7e74c5
  852. f39cafdb5363ce67fbe4a9b7ee04dbff04af7ffaf1147a1bb0391670ccb3cc61
  853. 66d6576e4def88a010b718379cf7d284f00e5d24b6f7b75fd418a43627800a4e
  854. 9d45b8f14f783f62cd00225b7274846140a6e70caef87112836f51fc260bb8c9
  855. f8ae3fe59bfe9fea4375679dcc6459841dd80670d0957f963fca66abd1f7cb4b
  856. 9ec80864d13d4f46cf0d50b0cf5c51a61cbb8d54f95c035d249d9833117a61fd
  857. 5e33a02fe51d6b519b1e67b32d738764691e69c6d52b603871c060393d3a3710
  858. 82d11f9b46d7596fb2a1139db2d8a1aed923b103a21e5b783ec341373c2e19ce
  859. ecf3fad5f83b6687a7df418ff770e711eb976406afb162ffe15f74bd5eaf1a03
  860. 6ad54111bac3c378e00738abcc7cae942d026df1a1dc43eaab67dc33c75be8f2
  861. d29309c8f8dd1bbfd620936e16d2814894f76acad8df44e0e944e9283adf3420
  862. 865e400608a6e40b220076db5db810fea49d1b311535cf0835d641d6f0d0d0e1
  863. 2654c6765e86728105ac6a61d072641c2d1133bab75e15644c113cc514aefc54
  864. 07812c27c68bb23252d70707a4854d5fcc5987644de373ee9877836242b6dc0d
  865. fec3c1e223d8e4125a1b2d308d21415a5d9b9fef9df437a0ba03807c6375f82e
  866. c31adc70775048592919015a7e02ba6fc1e2753228a9e25f57fece0b5c97cd36
  867. b0b616c84f70f0897e4ae26b6e1b2f56c9156e3598eb77721bb1f33878690be8
  868. 251ea69820887811b6435675e0ec6a1c70f35fdff71dd151f58e309624df09f0
  869. db0e2fff1177d877df4f2dc25416e7a5f24d949e6565652d65f02312e77e4e6e
  870. b3466af383e3b0cfd43167a64e870498766f266a8ea9fbea1ec3ef446954a1fc
  871. 1e3ca439f4bd7406823094f1d9c5b2c867cae43b1ec17dd7049b8f1244a55682
  872. 4f5641e7f9c595f14933d521cec57ae7ee3bb3fd533cd6534c7c2e4115df6707
  873.  
  874. ```
  875. #### Epoch 1 C2s ####
  876. ```
  877.  
  878. 1.9.150.93:80
  879. 101.187.168.2:443
  880. 101.187.168.2:465
  881. 105.227.228.7:22
  882. 109.104.79.48:8080
  883. 132.248.18.45:8080
  884. 133.242.208.183:8080
  885. 138.68.139.199:443
  886. 144.76.117.247:8080
  887. 159.65.76.245:443
  888. 165.227.213.173:8080
  889. 181.126.84.70:80
  890. 181.164.241.251:443
  891. 181.30.61.163:22
  892. 181.39.66.29:443
  893. 185.86.148.222:8080
  894. 186.71.54.74:20
  895. 187.146.243.126:22
  896. 187.147.145.48:143
  897. 187.153.217.39:50000
  898. 187.153.217.39:7080
  899. 187.208.214.53:20
  900. 187.209.66.50:7080
  901. 187.232.31.68:7080
  902. 189.131.162.36:80
  903. 189.135.82.225:8080
  904. 189.236.96.21:993
  905. 190.110.239.130:465
  906. 190.110.239.130:995
  907. 190.159.143.96:20
  908. 190.162.189.46:80
  909. 190.17.128.149:21
  910. 190.190.100.185:80
  911. 190.246.193.16:443
  912. 190.47.153.46:8080
  913. 190.97.32.17:80
  914. 192.155.90.90:7080
  915. 197.232.52.70:20
  916. 200.80.163.11:7080
  917. 201.142.199.76:465
  918. 210.2.86.72:8080
  919. 216.81.19.67:22
  920. 219.94.254.93:8080
  921. 23.254.203.51:8080
  922. 24.53.231.96:50000
  923. 5.9.128.163:8080
  924. 63.143.67.107:20
  925. 68.149.151.102:22
  926. 69.163.33.82:8080
  927. 70.24.147.203:443
  928. 70.45.30.28:8080
  929. 72.47.248.48:8080
  930. 78.186.175.183:21
  931. 79.98.31.206:443
  932. 84.45.230.228:443
  933. 92.48.118.27:8080
  934.  
  935. ```
  936. #### Spam/Stealer C2s ####
  937. ```
  938.  
  939. 104.236.185.25:8080
  940. 187.162.64.241
  941. 189.210.118.95:443
  942.  
  943. ```
  944. #### Current Epoch 1 RSA Public Key ####
  945. ```
  946.  
  947. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
  948.  
  949. ```
  950. #### Epoch 2 C2s ####
  951. ```
  952.  
  953. 104.129.188.170:21
  954. 104.220.134.222:443
  955. 104.58.17.163:80
  956. 108.183.160.57:8080
  957. 108.51.109.34:443
  958. 115.71.233.127:443
  959. 148.103.9.108:53
  960. 153.121.36.202:7080
  961. 172.78.170.109:80
  962. 173.162.110.1:53
  963. 173.164.202.129:143
  964. 173.255.196.209:8080
  965. 173.67.158.100:7080
  966. 178.254.31.162:8080
  967. 178.62.37.188:443
  968. 181.61.253.171:21
  969. 187.188.148.16:143
  970. 198.74.58.47:443
  971. 206.15.68.84:20
  972. 208.78.100.202:8080
  973. 211.115.111.19:443
  974. 217.13.106.160:7080
  975. 24.180.7.155:80
  976. 24.209.31.102:22
  977. 24.209.31.102:8090
  978. 32.215.44.214:8090
  979. 39.61.49.128:22
  980. 45.123.3.54:443
  981. 45.63.17.206:8080
  982. 47.180.177.96:80
  983. 47.33.113.20:20
  984. 5.230.147.179:8080
  985. 50.107.8.203:8090
  986. 50.192.4.161:8080
  987. 50.31.0.160:8080
  988. 62.75.187.192:8080
  989. 62.75.191.231:8080
  990. 64.53.242.181:8080
  991. 66.214.30.150:8080
  992. 67.205.149.117:443
  993. 67.42.71.66:20
  994. 69.195.223.154:7080
  995. 69.198.17.7:8080
  996. 69.2.176.134:20
  997. 69.2.176.134:22
  998. 69.2.176.134:443
  999. 69.2.176.134:8080
  1000. 69.23.232.239:143
  1001. 70.100.118.224:80
  1002. 70.119.159.214:443
  1003. 70.91.215.57:22
  1004. 71.215.247.43:8080
  1005. 72.28.237.18:443
  1006. 72.91.227.119:143
  1007. 74.195.15.29:53
  1008. 75.109.110.102:8080
  1009. 75.99.13.124:7080
  1010. 83.222.124.62:8080
  1011. 94.76.200.114:8080
  1012. 95.141.175.240:443
  1013. 96.56.159.107:993
  1014. 98.142.208.27:443
  1015. 98.174.202.154:21
  1016.  
  1017.  
  1018. ```
  1019. #### Epoch 2 - Spam/Stealer C2s ####
  1020. ```
  1021.  
  1022. 189.210.118.95:443
  1023. 198.58.114.91:4143
  1024. 201.171.48.28:443
  1025.  
  1026. ```
  1027. #### Current Epoch 2 RSA Public Key ####
  1028. ```
  1029.  
  1030. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
  1031.  
  1032. ```
  1033. #### Credits and Notes Section ####
  1034. ```
  1035. Updated 7/13/18
  1036. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
  1037. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
  1038. https://pastebin.com/u/jroosen
  1039.  
  1040. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
  1041. I am providing them for your benefit in case you want to parse them to be sure.
  1042.  
  1043. ```
  1044. #### What is Epoch 1 and Epoch 2? ####
  1045. ```
  1046.  
  1047. What is Epoch 1 and Epoch 2? (updated 01/29/2019)It has been awhile since I refreshed this section so I wanted to update it and bring it up to date.
  1048.  
  1049. I have been tracking Epoch 1 and Epoch 2 since May of 2018. Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for
  1050. communications. Epoch 2 is currently the larger of the two botnets and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing
  1051. version of Emotet at one point in May/June of 2018. Now Epoch 1 seems to be the smaller of the two since this time period. Despite having unique unshared
  1052. C2 infrastructures, these two botnets have been seen to move bots from one to the other and show similar behavoirs seemingly controlled by a single
  1053. entity/group. Here are some observations I have noted since I have been watching these botnets:
  1054.  
  1055. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an Epoch 2
  1056. document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those being delivered
  1057. in maldocs on Epoch 2 at any time.
  1058. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
  1059. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
  1060. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on Monday morning/Sunday night.
  1061. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and Epoch 2 may
  1062. have a document hosted on host.tld/B.
  1063. - The RSA keys will change every month or so for C2 communications on each Epoch/Botnet.
  1064. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
  1065. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
  1066. - C2s are never shared between Epochs/Botnets.
  1067. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours to stay ahead
  1068. of AV defs.
  1069. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
  1070. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
  1071. - The easiest way to tell what botnet a sample is from is to find the payload and then check the C2s/RSA Key.
  1072.  
  1073. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
  1074.  
  1075. ```
  1076. #### Community Lists ####
  1077. ```
  1078. https://pastebin.com/qLWEmzLf - @mesiagh IcedID/BokBot configs dropped by 50% of Emotet.
  1079. https://otx.alienvault.com/pulse/5c549d7172ee433e1c90242e/ - @SecSome
  1080. https://pastebin.com/pq3QP18F - @pollo290987
  1081.  
  1082. ```
  1083. #### Credits ####
  1084. ```
  1085. (OC from @JRoosen and/or combination work of the following)
  1086.  
  1087. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
  1088. @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial
  1089. @shotgunner101, @HerbieZimmerman
  1090.  
  1091. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
  1092. @gorimpthon, @Racco42, @Jan0fficial
  1093.  
  1094. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
  1095. @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial,
  1096. @OguzhanTopgul, @HerbieZimmerman
  1097.  
  1098. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
  1099.  
  1100. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  1101.  
  1102. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
  1103. @digitalocean, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic,
  1104. @abuse_ch/urlhaus.abuse.ch and @Virustotal for providing services/software no charge to this cause!
  1105.  
  1106. ```
  1107. #### Daily Log ####
  1108. ```
  1109.  
  1110. Today I received about 200 malspams and most of those were link based and came near the end of the day from 17:00 until 18:00 EST. Almost all of them
  1111. were based on an HTML template that is talking about Viewing Receipts or Invoices.
  1112.  
  1113. Also we saw the documents change from XML based docs to normal doc files again. This happened first on E2 at about 1300UTC and then eventually
  1114. that same change was carried over to E1 at approximately 21:00UTC. @Unixronin detailed some of the changes in the obfuscation of these macros
  1115. inside of the new format .doc files:
  1116.  
  1117. -------------
  1118. https://twitter.com/unixronin/status/1091363797078589441
  1119. Today's #emotet obfuscation changes:
  1120. 1) "caption" text in the maldoc template
  1121. 2) powershell .replace() to tidy up the 2nd stage downloader
  1122. 3) url's split on something other than @ finally. ;-)
  1123. 4) downloads the payload as putty.exe (LOL)
  1124. -------------
  1125.  
  1126. So essentially this is a newer template we haven't seen with Emotet so far. Other than this, not really much new. C2s are the same as yesterday.
  1127.  
  1128. We will see what next week brings from the Emotet files! :)
  1129.  
  1130. Have a great weekend everyone!
  1131.  
  1132. ```
  1133. #### Sandbox 02/01/19 ####
  1134. (all with fakenet and MITM unless spam/secondary infection)
  1135. ```
  1136.  
  1137. Epoch 1 C2 run on 2019-02-02 at 01:30 UTC https://cape.contextis.com/analysis/34427/
  1138.  
  1139. ```
  1140.  
  1141. ```
  1142.  
  1143. Epoch 2 C2 run on 2019-02-02 at 01:30 UTC https://cape.contextis.com/analysis/34428/
  1144.  
  1145. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!