Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: DRIDEX
- SUBJECTS OBSERVED
- Invoice Processing
- INVOICE_247508
- Past Due Invoices
- Please Find Invoice (Invoice 499451) Attached
- Please Find Invoice (Invoice 760319) Attached
- Your invoice # 227401 is attached.
- Your invoice # 367680 is attached.
- SENDERS OBSERVED
- quickbooks@notification.intuit.com
- system@sent-via.netsuite.com
- DOCUMENT FILE NAMES
- Inv_227401_226760.xls
- Inv_367680_250688.xls
- Invoice_247508_544343.xls
- Invoice_469300_020304.xls
- Invoice_795959_288604.xls
- Sales_Invoice_499451_757983.xls
- Sales_Invoice_760319_907617.xls
- Sales_Invoice_843501_611641.xls
- DOCUMENT FILE HASHES
- d80bd52838a72d155143fef947b86917
- DRIDEX PAYLOAD URLS
- http://eosouthasia.showtimemobileapp.com/ace8vfl.gif
- http://nobet.onvizyon.com/pxznnlv.txt
- https://personasnegativas.combustiblecorrecto.com/x8mxj7.txt
- http://aarvytechnologies.in/bvht1x.pdf
- DRIDEX PAYLOAD FILE HASH
- ace8vfl.gif
- 2e94ba2da1286e2b93005d46ee5fb6d7
- bvht1x.pdf
- 9a821fc91c5053a2b52dbb0c16f89dc0
- x8mxj7.txt
- 2e94ba2da1286e2b93005d46ee5fb6d7
- DRIDEX C2s
- 157.245.130.146:3786
- 209.59.199.129:4443
- 37.187.161.206:33443
- 94.126.8.2:443
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/800034/
- https://urlhaus.abuse.ch/url/800179/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement