Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: ZLOADER
- SUBJECTS OBSERVED
- Agreement No 922 details
- Agreement Number 800 details from Vertex Brews
- Contract ID 346 info
- Invoice ## 728 info - from Cloud shack
- Receipt ID 836
- You have Overdue Invoice
- Your New service Invoice - number # 741
- SENDERS OBSERVED
- geganlanorfind@aol[.]com
- gnancy73@aol[.]com
- janunelipoilba21i@aol[.]com
- nurikprusha@aol[.]com
- phillipscarol615@aol[.]com
- telwater.tobur1994i@aol[.]com
- woidegar_bowshield1984w9@aol[.]com
- EXCEL FILE NAMES
- det[.]836[.]xls
- det800[.]xls
- order-346[.]xls
- Contract_100.xls
- order[.]922[.]xls
- Inf-728[.]xls
- EXCEL FILE HASHES
- 6acbf602dcc8dca87be67394d7a29d7e
- 78ecc78f6854fa533b642ae7f37da854
- 860f11bf817164ceee98c51803874181
- 97f4364bf131e22e427ecc08fe2147a5
- d7dd42df72bf0dc89d1e3df46a44fd72
- e48784b86b027523837354ed29924223
- ZLOADER PAYLOAD URLs
- hxxps://megamaq[.]com[.]ar/wp-keys[.]php
- hxxps://vietankhe[.]com[.]vn/wp-keys[.]php
- hxxps://bangrajan[.]org/wp-keys[.]php
- hxxps://noithatthongminhamd[.]com/wp-keys[.]php
- ZLOADER C2s
- hxxps://alginis[.]com/wp-parsing[.]php
- hxxps://anuki[.]in/wp-parsing[.]php
- hxxps://cloudguchenleteli[.]gq/wp-parsing[.]php
- hxxps://pmi-print[.]de/wp-parsing[.]php
- hxxps://poikatamanfang[.]gq/wp-parsing[.]php
- hxxps://stockgainers[.]in/wp-parsing[.]php
- hxxps://tjiowa[.]com/wp-parsing[.]php
Advertisement
Add Comment
Please, Sign In to add comment
