API tools faq
paste
Advertisement
ExecuteMalware

2020-12-08 ZLoader IOCs

ExecuteMalware
Dec 9th, 2020
4,426
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.95 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: ZLOADER
  2.  
  3. SUBJECTS OBSERVED
  4. Invoice number 5785 info
  5. Nov. Service Invoice
  6. You have Customer Invoice number 2535
  7. Your Incoming Invoice
  8.  
  9. SENDERS OBSERVED
  10. allencarol860@aol.com
  11. millerbetty86@aol.com
  12. kulakov.97@aol.com
  13. robertsrobert12@aol.com
  14.  
  15. EXCEL FILE HASHES
  16. e3d5acb66464b3059b50ac72202aff64
  17. 2a41ca4ae24eb91c03c3dce10d402f96
  18.  
  19. EXCEL FILE NAMES
  20. Pay_5785.xls
  21. order-3327.xls
  22. Pay_2535.xls
  23.  
  24. ZLOADER PAYLOAD URLS
  25. https://leadingpips.com/crypt.php
  26. https://mobitel-servis.si/vendor.php
  27. https://sadiahyat.com/scan.php
  28. https://www.localco.ae/wp-scan.php
  29.  
  30. leadingpips.com
  31. localco.ae
  32. mobitel-servis.si
  33. sadiahyat.com
  34.  
  35. ZLOADER PAYLOAD FILE HASHES
  36. xS5r.txt
  37. d739f2a40c41d99855ed49ddff5cf5b3
  38.  
  39. ZLOADER C2s
  40. https://agrospas.co.rs/wp-punch.php
  41. https://fnxcrypto.com/server.php
  42. https://lywakelireal.ga/wp-smarts.php
  43. https://maschuquisaca.tk/wp-punch.php
  44. https://nature4health.id/wp-punch.php
  45. https://serproimsas.com/wp-punch.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!