daily pastebin goal
2%
SHARE
TWEET

Emotet Malware IoCs 2019/02/21

jroosen Feb 21st, 2019 561 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ## Emotet Malware Document links/IOCs for 02/21/19 as of 02/21/19 23:59 EST ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 02/21/19 ####
  5. ```
  6.  
  7. http://100.24.104.187/wp-content/De_de/AMQJRLG9681899/gescanntes-Dokument/DOC/
  8. http://104.130.211.29/wp-admin/de_DE/BKUJRIV5425410/Rechnungskorrektur/DOC-Dokument/index.php.suspected/
  9. http://104.248.155.127/De_de/ZJORQKX4764583/Bestellungen/DOC-Dokument/
  10. http://107.23.200.84/Company/Online/secur/list/ujiByeGF5RoEEyegzwZoK/
  11. http://114.116.171.195/organization/online_billing/billing/sec/read/w4q5Uo7KNjnFkIYrrUfVVb/
  12. http://13.113.116.176/wordpress/DE/MJKTOMZR4714865/Scan/DETAILS/
  13. http://13.114.47.124/DE/PLBXLZNHH3616069/Rechnungs/DOC/
  14. http://13.232.2.61/wp-content/uploads/company/business/secur/list/5utiFtsfe4m1WFMWXPG/
  15. http://13.251.144.86/DE/MXYOEWEXAZ2393991/Bestellungen/DOC/
  16. http://13.55.221.15/wp-content/de_DE/LRNDSYPFT6585983/Rechnungs/Zahlungserinnerung/
  17. http://13.59.135.197/De/ICEDHBQZA5558282/Rechnung/Zahlungserinnerung/
  18. http://132.145.153.89/De_de/QTNKRZLH5339461/Rech/Zahlung/
  19. http://159.65.142.218/wp-admin/organization/business/sec/read/j897y6FqeNTxGOMJcFaS/
  20. http://178.62.226.34/photosite2/organization/online_billing/billing/thrust/view/uJwftYLqfUeej5Ice1mJf/
  21. http://178.62.63.119/organization/online_billing/billing/secur/file/qGLZuP8H5UtyYWHHw9XcG9bKfF24/
  22. http://18.130.106.226/De_de/MMTOIGD6534124/Bestellungen/RECH/
  23. http://18.136.24.106/wordpress/secure/accounts/sec/view/VrZlSrqt4RgGGiPkqgb/
  24. http://18.179.166.252/secure/business/sec/read/dSiJQXTERxJurLGrA5dG57/
  25. http://18.205.117.241/wp-content/uploads/secure/business/open/read/WTFDUY315MuoYA6/
  26. http://18.207.109.124/Februar2019/WQPDVBZH5734905/DE_de/DETAILS/
  27. http://18.213.62.169/wp-content/uploads/company/online_billing/billing/thrust/read/REXdQRuFiTJ8UQOrtKX3DhNE4/
  28. http://199.43.199.16/wp-admin/secure/online_billing/billing/sec/file/WEnbQsfEIWOI8DTOwCEPA/
  29. http://206.189.181.0/De/JFNNQGBB9249994/Rechnungs-Details/DOC-Dokument/
  30. http://206.189.45.178/wp-content/uploads/secure/business/sec/view/rmkNcaZisc2JYfU/
  31. http://206.189.94.136/organization/online_billing/billing/thrust/list/EVbYGzyzzeHQPK8Gy/
  32. http://3.121.44.244/wp-content/secure/online/thrust/list/aWAmsiXqfMWfMQ7OEnPOc/
  33. http://3.87.40.220/DE/CCXVOODB6153566/Rechnung/Rechnungszahlung/
  34. http://3.89.91.237/organization/online_billing/billing/open/view/Wx0na6JcnBx3dVbx6yI/
  35. http://34.224.99.185/company/account/secur/read/o0x4ugas5PadGjCnHe/
  36. http://34.227.190.147/secure/online_billing/billing/secur/file/XI59H0u7ufW3mp6fkh/
  37. http://35.175.200.75/company/online/secur/view/v2039QibJ6qHh6MovNqpfFg9y/
  38. http://35.192.67.231/De/MUEERPW2483146/Rechnung/Rechnungsanschrift/
  39. http://35.200.238.170/DE/QLGNVXWAGD4073361/Rechnungs/Zahlung/
  40. http://35.201.228.154/organization/online/thrust/file/3LHmAxy6t5arkBRUunbkO4Fcm/
  41. http://35.202.17.56/wp-content/company/accounts/open/read/GP0AqnGhWlOGyJAV0YV3/
  42. http://35.203.116.213/wordpress/DE/EBFCVJZAEL8485365/DE_de/Fakturierung/
  43. http://35.224.158.246/secure/online/sec/list/9Nlv6G5fedNePWL/
  44. http://35.225.3.162/company/online/thrust/view/5EN8nQCbqHFuzYHx6m89oWBRaHW/
  45. http://35.232.194.7/organization/online/sec/file/kKq6HV6QXvwANW8r21/
  46. http://35.239.61.50/secure/business/sec/file/NBQzjP33uX1jD6pSH/
  47. http://35.246.241.107/secure/account/open/read/LHGw3JZxOfJNeOtB9da67/
  48. http://35.246.241.107/secure/account/open/read/LHGw3JZxOfJNeOtB9da67\/
  49. http://35.247.112.235/De/ZCVTFIJ0800509/Rechnungs-docs/DOC-Dokument/
  50. http://50.53.45.102/secure/online_billing/billing/thrust/list/4ifNAdCT9yhTJBsSyoNx/
  51. http://51-iblog.com/wp-content/uploads/secure/accounts/sec/view/6mZFjl9C3pqp3RAeNStjBLNQtFC/
  52. http://54.172.85.221/KHHIBW1641608/GER/Zahlung/
  53. http://54.197.30.41/organization/business/sec/file/tK3CCVIOgI9tMNkZR/
  54. http://5hbx.com/secure/online/open/read/Bll40Xs1Pz1aKrvfqnay5MGbZ/
  55. http://73.114.227.141/secure/account/secur/view/8WRv4neE0G270uBDi0/
  56. http://78.207.210.11/@eaDir/De_de/EUXFSLYLHK8552945/gescanntes-Dokument/Rechnungsanschrift/
  57. http://89nepeansea.com/secure/online_billing/billing/sec/read/7Erq5iKs7bUIr8nU4BeIs7iII/
  58. http://abenefits.com.hk/company/accounts/thrust/read/lgNexSAOA0Qv8OdjZwu6Rrgs1w3v/
  59. http://acdhon.com/DE_de/ZWORMBOSOP2547152/Bestellungen/RECH/
  60. http://actinio.com.ar/company/account/open/list/Wlprsj0at8sGR8wMmF49A08yAAh/
  61. http://adenasaman.com/company/business/sec/view/RaFTkC38CQhjKDil/
  62. http://afrominingtz.com/secure/business/secur/read/EqEFaEKDGZl9nIlK6KcJ9rRRXk/
  63. http://agemars.dev.kubeitalia.it/DE/NMHZRWAVC0941356/Rechnungs/Rechnungsanschrift/
  64. http://aghigh.yazdvip.ir/secure/account/thrust/list/Vf8CIZ5372MssNTgMY28K78FZY/
  65. http://aghpl.com/secure/online/open/read/jzpcGPWYd4ABT1g/
  66. http://albercaspoolfactory.com/organization/accounts/secur/list/YSyp6O4OHM21J9GKNr87mHHIZSc/
  67. http://alextip.com/organization/online_billing/billing/secur/view/j4WyqmQcS5HaCbiKkbWuIFe/
  68. http://alfomindomitrasukses.com/secure/account/secur/read/mjXSX6O5EHSuQDnp/
  69. http://allaboutpoolsnbuilder.com/secure/online/secur/view/RSAbw2HCkErl7cWXU/
  70. http://amare-spa.ru/secure/business/open/view/f4t5ZkzoSOQ83rUaf/
  71. http://ameen-brothers.com/secure/online_billing/billing/open/list/l2WGRE7IXUCA4Qgvms7T6/
  72. http://amlak1316.ir/DE_de/BGXYINYWPT4035831/DE_de/FORM/
  73. http://amthanhanhsangtheanh.com/wp-content/uploads/organization/account/thrust/read/QGYZNzSofbXVG5eA59aG/
  74. http://anpartsselskab.dk/organization/accounts/thrust/file/mZOTvS1bt59yjEHHH/
  75. http://apartamentyeuropa.pl/company/online/sec/view/BtLRIjX59vLoYlIaup7YYwMx/
  76. http://aplusserve.com/company/accounts/secur/file/nxeryqMZR1COJxaSmqFEfyAV5JQ6/
  77. http://aquilastudios.se/De_de/XTZULCD9531673/Rechnungs/Rechnungszahlung/
  78. http://arcpine.com/NNMLGU6236452/Rechnung/RECHNUNG/
  79. http://arodannovaplanta.es/de_DE/ULLKFJDFF4627846/GER/Zahlungserinnerung/
  80. http://art-by-the-yard.com/organization/online_billing/billing/secur/file/WCgbYgFpSe0ApHgg/
  81. http://asabme.ir/De_de/MHSDVVLD9080254/gescanntes-Dokument/FORM/
  82. http://asandarou.com/organization/online_billing/billing/sec/file/PWJB2473K10oSL53/
  83. http://asfaltov.kz/organization/business/thrust/file/Z2dXMzlpHewao0HvPxCc/
  84. http://ashwamedhtechnologies.com/company/account/sec/read/UsEmaK5KoBf3YfDoeM/
  85. http://avis2018.cherrydemoserver10.com/company/online/sec/read/JZfs4outmFUUL3PbdKyVqvvXcQ8/
  86. http://awcq60100.com/company/online/sec/file/Fajq2at44D9LxeZ0WmKGkOnYf1XY/
  87. http://az-moga-angliiski.com/organization/online_billing/billing/thrust/view/xiF056v4gZjehDEQO62/
  88. http://bangtaiinox.com/company/online_billing/billing/open/read/tcfIO0MpsuA5MRs/
  89. http://beautyandfashionworld.com/company/online/thrust/file/dvr8MntetxhB5SMTtsBu/
  90. http://beepme.eu/DE_de/BGGWVOKOW7997274/Dokumente/Rechnungsanschrift/index.php.suspected/
  91. http://beta.retailzoo.com.au/organization/online_billing/billing/open/list/JL5O931BXncnF7m043KT4zk/
  92. http://biankhoahoc.com/organization/business/thrust/list/bcL7aDI8rpzssnYLra/
  93. http://bizresilience.com/Februar2019/HQVVQHGW8580256/Rechnungs-Details/DOC/
  94. http://blog.aliatakay.com/company/business/open/view/xvnFfSi0k8bpau0/
  95. http://blog.piotrszarmach.com/organization/online/thrust/read/u6OOgUPgIte22IC1NSZGmK6AtFL/
  96. http://bobvr.com/secure/online/open/read/kvXVf97Yc8my5UbQYTdVJpp9L/
  97. http://book.oop.vn/wp-content/uploads/company/accounts/open/read/BrP5PLO7FSsqN6brudrf0/
  98. http://brandradiator.com/secure/business/sec/file/F7MGV4qsimG0oqWDCcwQoit/
  99. http://brisson-taxidermiste.fr/De/JMCJXDLJVB6221669/Scan/Zahlung/
  100. http://burodetuin.nl/cgi-bin/company/account/thrust/view/DTE7sKc37irpDMeqW2hCRd/
  101. http://caaw-asia.com/company/online/secur/view/mQsp2HBnKAvpvgkbjBHFcNLT/
  102. http://canhocaocap24h.info/de_DE/UIVPAXRRES7413316/Rechnungs/Fakturierung/
  103. http://cash-lovers.com/DE/ERKLTUYS3001419/DE/Rechnungsanschrift/
  104. http://chiltern.org/secure/online_billing/billing/sec/view/UxpYYrvnx8VoHYJn/
  105. http://cmasempresa.com/company/account/thrust/read/1WF2iJLZNT9KLsNV/
  106. http://cngda.tw/company/online/secur/read/WZIARwRNzO2JxU5Li4j4/
  107. http://collabtocreate.nl/organization/business/open/file/6XQt5c8MXyQv8Z7ni/
  108. http://contabilidadecontacerta.com.br/secure/online_billing/billing/open/list/udINp9Y0HlpSePtu3CLMMIQgxKx/
  109. http://coolpedals.co.uk/secure/accounts/thrust/view/ECSvRvXxwRBrr0yNvqSXQajyU/
  110. http://crestailiaca.com/PHXQOU0845448/de/RECH/
  111. http://crsturkeyf.com/company/account/sec/list/irVFFvmRoN6Lugrx/
  112. http://crypto-strategy.ru/De/VZTTOKH8096938/Scan/FORM/
  113. http://curate.aixen.co/company/accounts/sec/list/9eiETpz0uvZxms9/
  114. http://dansavanh.in.th/wp-includes/organization/business/thrust/file/zRJamFLXft8SfQWLE3h33o/
  115. http://danytacreaciones.cl/company/online/sec/view/fQvMMLiUNMEt5nFMJF4I/
  116. http://deverlop.familyhospital.vn/ZUCSWKJMO9174326/Rechnungs-Details/RECHNUNG/
  117. http://digim.asia/secure/account/open/view/fkTfuyupTDJMwpqVecfblxPQTd/
  118. http://digitalelectioncampaign.com/secure/accounts/secur/list/jtGcwQhnEpG2sH7r/
  119. http://dinosaursworld2.gotoip1.com/secure/business/sec/list/hffehyo5wmB0wopsARoF7Gt4/
  120. http://dkstudy.com/secure/account/thrust/file/Qe50bWLgyJ2aXzFTJvbm8/
  121. http://dorsapanel.com/secure/online/open/read/tp299ND2Vi4JJX2xkplo/
  122. http://dpnappi.org/secure/accounts/thrust/view/46mdSV8feQCwWQG8hb6/
  123. http://duniasex.pukimakkau.me/organization/online_billing/billing/thrust/read/kBfJ7SdoDXKaXS6JeFzEA/
  124. http://dztech.ind.br/wp-content/uploads/secure/business/open/list/BDdfem76rrOZaV1RmeclUm/
  125. http://ekros.com.tr/secure/account/thrust/file/31PNJd8k9PNvSIhZsmBJ/
  126. http://emirates-tradingcc.com/wp-content/organization/business/secur/view/R2MyTIfxORDhoodesJZVT6HqvBo/
  127. http://emprestimobmg.net/company/account/thrust/file/8qdQFkjwscxFBhEQSJlHHl/
  128. http://envi1.com/TUUTBFHRE4723469/de/Rechnungszahlung/
  129. http://epmusic.ir/organization/business/sec/read/YnFu0JMIJPxeVJ5wwZxD8u5b/
  130. http://ff52.ru/secure/account/secur/list/mdTBDCmgmxtE9hAcLPW/
  131. http://ficfriorp.com.br/company/account/thrust/read/uy255I4lTEIJQl00Uv0nT/
  132. http://fidanlargida.com/organization/online_billing/billing/secur/file/c1eMOzVnFdpil0HkUSkEAu/
  133. http://forecast-weather.eu/company/online/thrust/file/0fM8b5ptCb8kYJw/
  134. http://forexaddictt.com/organization/accounts/thrust/view/QSkHYzSbypdPy9jhdaQ/
  135. http://forumsiswa.com/secure/online_billing/billing/secur/file/MVip6oh2b6O0qOnXk6d1t/
  136. http://fp.unived.ac.id/wp-content/uploads/organization/business/thrust/view/b2rHQM1yUgR2MV8oU9oFpe1P/
  137. http://frazer.devurai.com/organization/account/secur/file/8fdcqROa9KqB47n/
  138. http://furqanyaqoubphysio.com/organization/online_billing/billing/open/list/Kis0K4GzAB85yLqbYOSlmd6qN/
  139. http://galavni.co.il/organization/business/secur/read/IJJ8DJisOXCDDfqT/
  140. http://gen.id/wp-content/uploads/organization/online/thrust/read/50vgImRJijhe0MstuM0/
  141. http://gfe.co.th/company/account/thrust/read/DxAr3aKzcwRQBvIN1/
  142. http://gk-innen-test.de/secure/online/thrust/view/I1f6nABv7RAgc5S0xki2nfWwYlR/
  143. http://gruposgs.net/secure/online_billing/billing/sec/list/jaLVX3y1r4rcX2NAdTEN2/
  144. http://halotravel.org/organization/account/secur/file/00Jjk1yPvWzusCHUFVT602/
  145. http://hashtagvietnam.com/company/business/secur/read/j31fCHVr1Vpvkguy9auB8/
  146. http://haunnhyundaibacninh.com/DE/FBXNJU6927043/Rechnungskorrektur/RECHNUNG/
  147. http://hayalbu.com/organization/accounts/sec/read/KaiOuAIxwca0CpRuYh3dG3hqzfLW/
  148. http://hdsystem.it/organization/accounts/secur/list/rPKkl2mKEVQ8lIq2Fr52c/
  149. http://hellojarvis.co/organization/accounts/sec/view/7WV9D8vWsiVB1T2IiFH49CTFb/
  150. http://help.iorad.com/wp-content/uploads/organization/accounts/open/read/188Ipby88cvybNUnYdnGL6qO54/
  151. http://herewegonepal.com/company/accounts/thrust/list/SS9u54tuM8u33r1gC5IFGtj2zI/
  152. http://herojo.nl/secure/online/sec/file/QOfWv981GnFqvVnOaAjQbQ/
  153. http://hidaya.pl/organization/online_billing/billing/sec/list/YDmtnP2x2RLQOdHLauCuS/
  154. http://hillmann.ru/company/online_billing/billing/open/view/ptcE7DoGkS0HzazvR/
  155. http://hindislogan.com/De/OWIQNN6626986/Bestellungen/Zahlung/
  156. http://h-surgeon.info/secure/account/thrust/view/gl5t2fvAiG1J9Ai7NQ0GNLUGi9U/
  157. http://humanwigshair.net/secure/account/open/read/a9uHo3GBgyIQmMkpwARR3lcC3/
  158. http://huyhoanggia.vn/secure/account/thrust/view/Sgg4Vl3mQAPGLp9RKDu5/
  159. http://ibakery.tungwahcsd.org/media/secure/online_billing/billing/thrust/read/KSWTGFK7KORsaxyNMYHZ0rtE33/
  160. http://icspi.ui.ac.id/secure/online/thrust/file/qrR7dFLAUbhYaAeoFdZQOfpN/
  161. http://idecor.ge/organization/online_billing/billing/thrust/list/m2PcEcdPQCYdOdXUL/index.php.suspected/
  162. http://ihsan152.ru/organization/online_billing/billing/sec/read/O3swsypBJA9Zz33nw/
  163. http://iltopdeltop.com/De_de/UISNZHLXNH4502632/Rechnungs/Fakturierung/
  164. http://incascomex.com.br/organization/online_billing/billing/open/view/h2AtuJWIPxt9BbPKiRUP/
  165. http://infinityresort.com.np/secure/account/open/read/AJxSdXRxrdZHxfIqEQjGtk1bh3BF/
  166. http://innuvem.com/secure/account/thrust/read/U0iISSf9L5jHGDkGKl8aQqWz/
  167. http://intoconsultants.com/organization/online_billing/billing/open/view/OZrc2Wqzml87v70uslnCH/
  168. http://intoconsultants.com/organization/online_billing/billing/open/view/OZrc2Wqzml87v70uslnCH\/
  169. http://intranet.neointelligence.com.br/De/DKPSPKXEF2050205/de/Hilfestellung/
  170. http://jachtklubelektron.pl/organization/online/thrust/list/2KiDx09dESihhwpLgfW/
  171. http://jahanco.org/organization/online/open/file/f7sPQHGGLWcbiFo9/
  172. http://jainworldgroup.com/company/account/open/view/mHJyZhMIubfyrNyjHT/
  173. http://jamais.ovh/company/accounts/thrust/file/cGAzbjLyMfzBE8klDtN3m7Yh/
  174. http://jason-portilla.com/organization/business/sec/list/dxLPkaBOK3svwhWLhy9n/
  175. http://justbikebcn.com/organization/online/open/file/BpRLzzy131FgFdWxOHDAGxatRcHo/
  176. http://juzosum.com/secure/business/sec/file/NwvufO33MflTdv7/
  177. http://kancelariaolczykjozefowicz.pl/secure/account/thrust/view/4zOn27MeuRxejcfyKKNH5WK/
  178. http://kasilingamtravels.in/organization/accounts/sec/view/yFn1vUcrW8rdLzjwDZyT7RL7/
  179. http://keshtafzoon.com/secure/online/thrust/file/B370nV9rJKUvIBryUCl/
  180. http://kienthuctrimun.com/organization/accounts/sec/read/SL92iANsxS4yRmmsff6caqcfz/
  181. http://kimchatham.com/company/account/open/file/D68pEpTz334PLKtsd/
  182. http://kimiagostartanha.com/secure/business/secur/file/oDExdXrVa9eur0fau/
  183. http://kingcoffeetni.com/company/account/secur/view/n8cLmmlNgppoWt3Cg/
  184. http://kinhbacchemical.com/TOJKQB6689314/Rechnungs-docs/RECH/
  185. http://kjtg.info/organization/online_billing/billing/secur/file/jUszttl9ihltRtxPOjjp4kDV/
  186. http://kn-paradise.net.vn/SKQIEFFQUX0064509/Rechnungs/RECHNUNG/
  187. http://lar.biz/De_de/JODYKZVGFS3208530/Rechnung/Zahlung/
  188. http://latinos-latins.online/organization/online/secur/view/BaFJAhSshde9WokVem9m9FhyD0q/
  189. http://lazell.pl/wp-includes/DE_de/MCQRSXA6896107/DE_de/DOC-Dokument/
  190. http://lds.in.ua/VQMHAY6331329/Rechnungs-Details/Zahlungserinnerung/
  191. http://lenkinabasta.com/company/accounts/sec/read/9E5TXdEgPeSnZDqBRbFmsX7OyHc/
  192. http://lesastucesdemilie.fr/secure/accounts/open/read/26Ist02B2khvTix/
  193. http://lesprivatzenith.com/company/business/sec/list/iB5r2ZewBbKf1V0zkVBcWTS6/
  194. http://lionestateturkey.com/DE_de/ASRECT5933419/Rechnungs-Details/Zahlungserinnerung/
  195. http://lionestateturkey.com/DE_de/ASRECT5933419/Rechnungs-Details/Zahlungserinnerung/index.php.suspected/
  196. http://lsaca-nigeria.org/secure/online_billing/billing/secur/read/r9CLMnjmazSPxs7L25xMvoG/
  197. http://marketingonline.vn/organization/online_billing/billing/thrust/view/FADMRA6UuLip0E5Ca/
  198. http://mohinhgohandmadedtoys.com/De/DKBNLFVAM9134708/de/Rechnungszahlung/
  199. http://nmce2015.nichost.ru/DE/UTTWFGM6465272/DE_de/DOC-Dokument/
  200. http://noscan.us/company/business/thrust/list/Sj7uEchUEiPJdolOEU/
  201. http://omidsalamat.ir/news1/DE/IECQEBD9453814/de/RECH/
  202. http://onisadieta.ru/company/account/secur/view/lSeqiIU8xUbRMp5gCwg0ljx6wq/
  203. http://opcbgpharma.com/De/UPFZOAMSLU8868921/DE/Rechnungsanschrift/
  204. http://ortotomsk.ru/company/business/secur/view/jaiti6FhNEB8vieWSk/
  205. http://palmer-llc.kz/secure/account/secur/view/EXtilFk5tmb5wPNnV/
  206. http://patient7.com/secure/accounts/open/view/oa3ZgdPGtrJFpHPhRKJMR8X48pVT/
  207. http://petparents.com.br/secure/online_billing/billing/sec/list/4aGCq1Tmu7kuUONq1uO/
  208. http://pmvc.pt/secure/business/secur/read/7rK5jo1fduP2t0uwUsg/
  209. http://posicionamientowebcadiz.es/secure/online_billing/billing/thrust/list/fottmahfLHrDyX6IEoDNcDBapOPn/
  210. http://powervalves.com.ar/DE/TDBUKPA4382389/Rech/RECHNUNG/
  211. http://powervalves.com.ar/DE_de/NCJZTR3766628/Rechnungs/RECH/
  212. http://print.abcreative.com/DE_de/PHSJEQZOCL0899069/Bestellungen/DOC/index.php.suspected/
  213. http://pronews.vn/company/accounts/open/list/rw2DI8dd1FwQ3GUv0UMb/
  214. http://research.fph.tu.ac.th/wp-content/uploads/secure/business/secur/view/bOci15OOJT1X9GE08uQjoYoSTW9f/
  215. http://saigonthinhvuong.net/secure/accounts/secur/view/uvEGwM6XHCrKiTtsZH/
  216. http://samettanriverdi.com/DE/LUUAKEX2140183/Dokumente/DOC/
  217. http://school6.chernyahovsk.ru/De_de/RFVTKTI2685196/Scan/Zahlung/
  218. http://sealonbd.com/De/XOTJGYZH3053108/Rechnungskorrektur/Zahlungserinnerung/
  219. http://sem-ingegneria.com/company/account/thrust/view/oin57gS8YhBkbyU2Bla/
  220. http://sieure.asia/company/accounts/sec/read/GoLDJTMRpOeCNRzLm2GadekUK6B/
  221. http://snki.ekon.go.id/secure/online/secur/read/6X6rKRIIHKIg58fhi0MYhbf/
  222. http://stage.abichama.bm.vinil.co/wp-content/uploads/secure/online_billing/billing/thrust/list/Y4Gv905SwY8v4NtKjIM8/
  223. http://stihiproigrushki.ru/AURTFK8163337/Bestellungen/DOC/
  224. http://tcl-japan.ru/organization/business/thrust/file/X2Xs3s9e0dSv3QbXjfEzz/
  225. http://thaithiennam.vn/De/CGAMRKVQ9965014/Rechnung/Fakturierung/
  226. http://thammydiemquynh.com/De/CFOULKFZ8281757/GER/RECH/
  227. http://thanhlapdoanhnghiephnh.com/company/accounts/sec/view/JVTQLElA695aO7X7kVl4VrrvK/
  228. http://theemergeteam.org/company/online/sec/file/qN2Gsdt8LHVBCnGpsw/
  229. http://threemenandamovie.com/secure/business/open/view/6B855GVLki5xY8G6/
  230. http://tmmaf.org/wp-content/company/accounts/sec/file/sNVMhwIUxfxi1EAXPYgGOzc/
  231. http://tongdailyson.com/De_de/YRGVFHUPF7308238/Rechnungs-Details/DOC/
  232. http://trandinhtuan.vn/secure/online/sec/file/IiyCkishsUYILCeJS7aOnYMcfk/
  233. http://trialgrouparquitectos.com/wp-content/uploads/company/online/open/file/GjOb3SkZKkjMRzy6ndwp/
  234. http://tricountydentalsociety.com/organization/accounts/sec/read/dOSuotyDkWxEgNHZK77UUGb/
  235. http://tricountydentalsociety.com/secure/business/open/view/fUI7FdiN4p3WztmkGoXEvtup40Ie/
  236. http://vcpesaas.com/secure/business/open/read/6eJW2YLNjOS64gujbzYd/
  237. http://webnuskin.com/company/online_billing/billing/sec/list/ktDvIMUewAl2QdY/
  238. http://wompros.com/organization/business/thrust/read/R5BkWvQQEJRWQNEYJv026tPy0/
  239. http://wompros.com/secure/online/thrust/read/GPfQ0KA0UcZE1NM/
  240. http://www.51-iblog.com/wp-content/uploads/secure/accounts/sec/view/6mZFjl9C3pqp3RAeNStjBLNQtFC/
  241. http://www.annual.fph.tu.ac.th/wp-content/uploads/De/ILFUWJCY5333684/Rechnungs-Details/Zahlung/
  242. http://www.armand-productions.com/company/online_billing/billing/secur/list/O8Ts2KN379UgRHCvamwys/
  243. http://www.cateringbangkok.in.th/wp-content/DE/KWJKVKW7732846/GER/DETAILS/
  244. http://www.cbmagency.com/QQGBITWVL2410153/Rechnungs-docs/DOC-Dokument/
  245. http://www.coolpedals.co.uk/secure/accounts/thrust/view/ECSvRvXxwRBrr0yNvqSXQajyU/
  246. http://www.ermapictures.com/wp-content/De/IJYEBKWF5648107/Scan/DOC-Dokument/
  247. http://xn--777-9cdpxv4b3g4a.xn--p1ai/de_DE/YCMYWBMSZ1047007/Bestellungen/RECH/
  248. http://xn----7sbbdfeovrgh2b6al.xn--p1ai/organization/business/open/view/l4RvYgM1pcGB2UU/
  249. http://xn--80aaldkhjg6a9c.xn--p1ai/Februar2019/BPBGYBCC6106816/de/DETAILS/
  250. http://xn--90achbqoo0ahef9czcb.xn--p1ai/organization/business/thrust/view/eCThqujtPdvzENPt3zB3oW/
  251. http://xn--b3cfud2a8bbhes3dcy9ig0ce4k2g.com/organization/online/secur/file/LzgeP9wCmxgkGPRpfpnyj/
  252. http://yduoclongan.info/secure/account/secur/list/eKSp9f7jyQhjQmyFtZufUBwAu/
  253. http://yduocvinhphuc.info/secure/accounts/sec/read/RDbxOZWa6UFTav0SnEEUOs8eG/
  254. http://yfani.com/secure/account/sec/view/QnBuvihwBymQa0H0QKAsH0UTc/
  255. https://crestailiaca.com/PHXQOU0845448/de/RECH/
  256. https://dkstudy.com/secure/account/thrust/file/Qe50bWLgyJ2aXzFTJvbm8/
  257. https://www.dkstudy.com/secure/account/thrust/file/Qe50bWLgyJ2aXzFTJvbm8/
  258.  
  259. ```
  260. #### Epoch 2 Document/Downloader links seen for 02/21/19 ####
  261. ```
  262.  
  263. http://104.155.134.95/En/WwovG-58A_KSOQHnUxj-QMq/
  264. http://104.248.149.170/file/SfuIH-mT6Qj_YBHPyGQ-lhX/
  265. http://118.25.176.38/US/file/pzNrj-UiBO_xho-hm/
  266. http://119.254.12.142/US_us/corporation/Invoice_number/aXwy-4a_IPVAwL-Yrb/
  267. http://119.9.136.146/DE_de/FHCJMNDJSV1109237/
  268. http://128.199.207.179/US/document/Inv/hTdoS-bd5_rq-JcZ/
  269. http://13.125.71.19/wordpress/DE/TCUFDVAH6061065/gescanntes-Dokument/Zahlungserinnerung/
  270. http://13.127.110.92/Februar2019/LEUAIIEJAL8408929/Rechnungs/Hilfestellung/
  271. http://13.127.212.245/Februar2019/ZNMKNCMPM3005827/DE/FORM/
  272. http://13.229.109.5/Februar2019/TBVZJCNS9637058/Bestellungen/RECH/
  273. http://13.229.172.62/de_DE/KDXAYPYK3367149/Rechnungs-Details/Rechnungsanschrift/
  274. http://13.233.31.203/US/8203538/hWNpZ-Rbjd_SG-9y/
  275. http://13.234.1.52/De_de/ZDZIHUC0334335/Scan/Fakturierung/
  276. http://13.251.226.193/document/Invoice/UaMrw-ip4_jUZEbER-VuP/
  277. http://13.73.162.155/De/IGGIYNZKGL8673935/Rechnung/Rechnungszahlung/
  278. http://139.59.64.173/document/Viug-LTDg_DmjGWykv-EZ/
  279. http://139.59.64.173/US_us/scan/Invoice/FLUxi-tOKFC_fKTRi-FwZ/
  280. http://159.65.83.246/Februar2019/MCJAGEVEJ9676275/Scan/Hilfestellung/
  281. http://159.89.153.180/US/corporation/gzjt-hFUt_HVt-6m/
  282. http://160.16.198.220/scan/Inv/NFqVR-RQ_aLTZfrBiO-fYA/
  283. http://178.62.102.110/En/llc/Inv/873706184896/rUHbR-pwe_UL-Tq6/
  284. http://18.130.111.206/wp/De/IKRKKME7312351/Rechnungs-docs/DOC/
  285. http://18.130.198.164/En_us/info/grrW-nn_oOOSf-90/
  286. http://18.215.39.47/xerox/Invoice_Notice/tttkD-wP2U_qT-bRb/
  287. http://183.179.198.165/DE_de/UUSVKK4236423/
  288. http://193.77.216.20/De_de/EKXNHOUOB9032443/Rechnungs/RECHNUNG/
  289. http://193.77.216.20/US_us/scan/Invoice_number/eaFz-bA1hG_IrMD-5it/
  290. http://1sana1bana.estepeta.com.tr/De_de/IKZIUAQSS1493072/
  291. http://206.189.45.178/wp-content/uploads/De/BJBUZMEG0557084/de/RECHNUNG/
  292. http://3.89.91.237/oYen-ii0u_WkLaQiA-yG/
  293. http://34.199.99.97/De/NAZVZXEI6813517/Scan/DOC/
  294. http://34.207.117.230/US/download/NZWY-rq_ipPnSN-rh/
  295. http://34.207.166.101/Invoice_number/LlcMC-CKC_JGrbSa-Ng/
  296. http://34.229.139.248/wp-admin/xerox/LIwps-0je_q-jFr/
  297. http://34.229.7.66/Februar2019/DAHDDBMJW2146584/
  298. http://34.242.190.144/xerox/Inv/zgCUj-nAfuR_ppga-Wwe/
  299. http://35.184.197.183/De_de/WEXQNPI4060956/Rechnungs-Details/DOC-Dokument/
  300. http://35.196.135.186/wordpress/New_invoice/fGfDG-G1_FETDbeYUr-ali/
  301. http://35.201.217.150/US/doc/Invoice_number/eRPb-Ndm_LjEOze-PLj/
  302. http://35.202.19.221/US_us/file/Invoice/AKUs-dQQ_b-kPn/
  303. http://35.204.88.6/De/CYGXBSEJ4369423/de/DETAILS/
  304. http://35.221.42.220/DE/TNAPIDRBFS9083544/
  305. http://35.224.60.155/En/New_invoice/ghWhY-V0_yvpA-WHk/
  306. http://35.225.248.161/info/Invoice_number/11420779303162/YVwQv-GsXB_PVKJ-ap/
  307. http://35.229.246.203/corporation/New_invoice/oQWtS-CkZg_hRD-PuQ/
  308. http://35.232.140.239/US/company/Invoice_number/20700106739/LhHp-GXYt_mYKRy-rjR/
  309. http://35.233.127.71/EN_en/xerox/Inv/0720232/trdJ-l35_eIcM-Udi/
  310. http://35.238.151.118/3878440825601/fpyrQ-i9e6_qAXj-kZY/
  311. http://35.240.15.202/DE_de/WBNSWBWRBD6757520/
  312. http://35.245.131.38/wp-admin/DE_de/FCGBMSYZC9096529/
  313. http://47.74.7.148/US/document/GtnNi-j3_dEE-FW/
  314. http://51bairen.com/En_us/llc/Copy_Invoice/56522700058/BMgt-XqA_oiG-d5O/
  315. http://52.203.11.219/US/llc/Copy_Invoice/EpCd-97_cmddv-h8/
  316. http://52.204.186.102/de_DE/CPFNRNIW0961547/
  317. http://52.32.197.6/nanolumens/resources/US/JrLt-QHA_J-sB/
  318. http://52.6.128.217/EN_en/doc/xVji-wF_lx-8b/
  319. http://52.70.239.229/blog/wp-content/uploads/En/file/bByf-BM_Ws-54L/
  320. http://54.146.46.168/DE/BGMHJYILP5652933/DE/RECH/
  321. http://54.153.245.124/document/Invoice_number/snqMU-136A_J-50/
  322. http://54.233.125.210/xerox/fodU-Tt_IrwbyYK-xf/
  323. http://54.234.174.153/US_us/Invoice_Notice/734489132/vsQIJ-C52_WlNCNM-9tZ/
  324. http://54.237.192.64/wp-content/uploads/US_us/Invoice/828012874/MCbq-YwMrD_aRZkulZ-3d/
  325. http://54.242.95.50/wp-content/info/New_invoice/nqdP-EjFx_qPWHdpQr-Bd/
  326. http://54.250.159.171/US_us/corporation/mlKxT-I19OF_MChYwJVdO-FD/
  327. http://54.83.117.78/DE_de/CRFPKDIYLB1388563/
  328. http://8.29.139.221/llc/New_invoice/JJeFF-1u_GjlYOVJKW-5Eg/
  329. http://80.209.224.106/wp-content/download/Invoice/XuRxo-HNI_kXeWE-3YW/
  330. http://9casino.net/De_de/TYPRETLCO7440472/
  331. http://a4o.pl/Februar2019/HQEXOJERQG6192106/
  332. http://achauseed.com/En_us/492834478594/MFGXV-7sd_t-fxs/
  333. http://acmemetal.com.hk/En/llc/Invoice_number/6993952/bBWI-yT7_UrAeDYI-dXs/
  334. http://agencetf.com/DE_de/XAKGASXIRP0788780/
  335. http://agilife.pl/En_us/Inv/ZcdZ-F81E_AiSEQrVi-dv/
  336. http://akillidershane.com/HGYSOVNDC1400602/
  337. http://alabarderomadrid.es/DE/JSFVSAFMT2784134/
  338. http://alabarderomadrid.es/De_de/TSJDXHDXKV4126027/Rechnungs-Details/Rechnungsanschrift/
  339. http://alabarderomadrid.es/Februar2019/NSWKHW6075602/gescanntes-Dokument/FORM/
  340. http://alainghazal.com/De_de/BMCUOX5828606/Rechnungs/Rechnungszahlung/
  341. http://allens.youcheckit.ca/US/llc/Invoice_Notice/Bhaz-1LPbd_aqlUAKe-bCY/
  342. http://allens.youcheckit.ca/US/llc/Invoice_Notice/Bhaz-1LPbd_aqlUAKe-bCY?/
  343. http://allopizzanuit.fr/De_de/APWVQAFFB8960027/Rechnungs-docs/Hilfestellung/
  344. http://amatiran.online/scan/Inv/ZRpb-S20J_pneMMM-dq/
  345. http://amatis.in/de_DE/BWECPOHZO0143535/
  346. http://ameen-brothers.com/EN_en/file/kVaxG-oFlv_w-Gjy/
  347. http://andrees.com.es/En/scan/ovPr-tq_hRZaIcP-At/
  348. http://anedma.com/DE/GNYIIPKF5603792/
  349. http://ap.dev.steosoft.pl/wp-admin/includes/UVDJKTJI7694410/
  350. http://aqualand-chalets.com/info/Copy_Invoice/SKGQF-c0jS_WqICNh-hOX/
  351. http://askalu.nl/De_de/KJPGBWC2516661/
  352. http://aufaazkia.com/wp-includes/de_DE/JLZMMG7815673/
  353. http://authenticity.id/De/CDZBKC8917266/
  354. http://ayosinau.id/EN_en/file/Copy_Invoice/bzGvo-DyU_CeuI-Zt/
  355. http://azhand-gostar.ir/wp-snapshots/DE_de/OUJRVV3389600/
  356. http://barabooseniorhigh.com/US/Invoice_Notice/kRIOU-DqB_ZsSqnJZFD-kfz/
  357. http://base.n24rostov.ru/US/WVWYZ-WjTW_KXk-ni/
  358. http://behosa.com/De_de/PNXIVN9594467/DE/RECHNUNG/
  359. http://beta.itelasoft.com.au/US_us/file/orpWh-Jfou_yce-2g/
  360. http://bietthunghiduong24h.info/document/Invoice/Cevp-XWMZ_Sl-2U0/
  361. http://bigbike-society.com/En/file/Copy_Invoice/DLFgR-zEkr_rW-YmM/
  362. http://birminghampcc.com/scan/Invoice/BEaz-hnqXV_wU-9t/
  363. http://biznesbezgranic.arrsa.pl/US_us/Invoice_Notice/ykiIz-P4sJW_O-bR/
  364. http://bkm-adwokaci.pl/res/En/Copy_Invoice/NexAt-nx_dWYibmDm-G2k/
  365. http://bkup.melodiehayes.com/En_us/document/Invoice/rdBHr-3ZA_irqwIHSH-iX/
  366. http://blog.thatwesguy.com/En/scan/Invoice/sdPVI-goz_JpOM-ZMh/
  367. http://bonex.it/US/Inv/2438647724/KpUgA-a9_xxNz-2G/
  368. http://cafeonelove.com/llc/Invoice_Notice/zAfs-nLuMf_JeDcKkAV-8Wt/
  369. http://caminaconmigo.org/wp-content/uploads/company/Invoice/weND-vc19_Jre-T9/
  370. http://captipic.com/Invoice_number/zDyWf-TXK_hMsKz-sd/
  371. http://caroulepourtoit.com/llc/Invoice/ZPos-OP_mgS-D7/
  372. http://carsibazar.com/US_us/company/CMBz-wsH_hGEJN-i5/
  373. http://ccbaike.cn/US_us/file/biZk-XF5_kQoAcg-shF/
  374. http://cebubesthouse.com/En_us/llc/1082146976/doJd-aomn_PsenVF-RT6/
  375. http://chenhaitian.com/EN_en/llc/Invoice_Notice/BlCU-S3_MSDKDpUQ-qq/
  376. http://chuthapdobg.org.vn/tmp/Invoice/hgjz-zS1_rC-tl3/
  377. http://cild.edu.vn/De/KHJTVCIZWI8168573/GER/RECH/
  378. http://clipestan.com/Februar2019/GUNCNBMTIZ7662057/Dokumente/DOC-Dokument/
  379. http://cngda.tw/file/Invoice_Notice/7669311965/IryL-ib_aSYF-n8o/
  380. http://cocoon.co.il/scan/619161318/nRGP-wZsm_mkEqea-3h/
  381. http://communication-responsable.aacc.fr/document/shxCk-tW1_I-edA/
  382. http://construccionesrm.com.ar/US/corporation/Invoice/6295745/iUfi-T7_nLhlJ-dU/
  383. http://convisa.co.cr/US_us/xerox/OSYT-UjJ_KwJkHAoBt-yQ/
  384. http://cotafric.net/wp-content/uploads/file/SBfFc-Hl8u_nnM-UF/
  385. http://creasign.ma/EN_en/Copy_Invoice/DvsX-Nf2u_UndscgaMr-t7u/
  386. http://creativedistribuciones.com.co/US/document/Invoice_number/CrwWK-Ut8oG_qE-vs/
  387. http://cryptoholders.org/de_DE/TUTPSG5968355/Scan/DETAILS/
  388. http://csvina.vn/de_DE/INEEXZ5854989/
  389. http://dafia.org/dafia/wp-content/uploads/document/Invoice_Notice/zDzek-TW_Awh-X9E/
  390. http://daroart.eu/De_de/QGUXAECR9949724/Bestellungen/Rechnungsanschrift/
  391. http://datsunute.com/Invoice/mrHcC-16tfG_iUSoE-Udg/
  392. http://dbcomestic.com/wp-admin/US/file/UnSG-hv_BWAXI-vZ/
  393. http://dctrcdd.davaocity.gov.ph/wp-content/DE/TUTPXZSGXW4275167/Rechnungs-Details/RECH/
  394. http://demeidenchocolaensnoep.nl/En/doc/WRfS-GIVg_mJNyemHnP-pHY/
  395. http://demo.liuzhixiong.top/US/lfjP-5nJfJ_JVLGfa-tXM/
  396. http://dentistaoliveriblog.it/DE/VNXRWGZMYW4277681/Scan/Fakturierung/
  397. http://dentistmomma.com/US_us/corporation/EKaok-mK_puUnx-zb/
  398. http://dev.familyhospital.vn/Februar2019/EOLESPTW4462255/Rechnungs-Details/Rechnungsanschrift/
  399. http://dixe.online/wp-admin/Februar2019/YZJUJGP4945866/
  400. http://dockrover.com/Februar2019/VTHDYM7453619/Rechnungs-Details/Rechnungsanschrift/index.php.suspected/
  401. http://domainnamefinder.org/En_us/download/Invoice/rCCAZ-ZuVlA_EJMuW-nJ/
  402. http://dotactive.com.au/corporation/GIee-HTOa_M-JqV/
  403. http://drm-solutions.com.hr/US/doc/New_invoice/55619191667/LYkwt-yaBRW_UEHIB-HjL/
  404. http://drsaultorres.com/info/400685534/RgKD-f4R_gSaaxdtK-BFn/
  405. http://dunia-training.com/doc/Invoice_Notice/wUwML-FF_OLK-776/
  406. http://dverliga.ru/En_us/corporation/Invoice_Notice/DVahQ-cLr_Gqhq-OlY/
  407. http://eastgodavari.papputv.com/EN_en/file/Copy_Invoice/eDcfR-PNGRb_pNkVJCoy-aj/
  408. http://ec2-18-130-79-113.eu-west-2.compute.amazonaws.com/wp-content/De_de/VKBSYTCEJW3284904/
  409. http://edax.com.pl/file/Copy_Invoice/ZrEN-y5_LTeWjrNh-4UO/
  410. http://edubarrecheguren.lat/EN_en/Inv/kckW-d8Jz_bXz-zA/
  411. http://efotur.com/Copy_Invoice/AwFPb-y7d_dDpcCVWB-C68/
  412. http://ejder.com.tr/US_us/xerox/New_invoice/jMzdO-9s_wPk-Em5/
  413. http://elaptop.hu/llc/uvvs-sb_LNCXuK-wD/
  414. http://ellsworth.diagency.co.uk/EN_en/Invoice_number/YrsRY-WOhx_snonDYSS-oUq/
  415. http://emregunaydin.com.tr/US/file/Invoice/CoxEu-SQRFC_sfFjt-sV/
  416. http://esquema.elevaagencia.com.br/info/APKC-Ul_Vt-Ww/
  417. http://ex-bestgroup.com/scan/mefN-KJ_mKBshDXz-RV/
  418. http://eyzaguirretennis.com/En/llc/Invoice_number/ljwi-qzlF_KII-bfU/
  419. http://face.smartwatchviet.net/US/doc/Invoice_number/19474660798706/nrvr-OvXZq_OlvWL-P7/
  420. http://farmsys.in/info/Invoice/ZWqrS-lQ8E_vC-mk/
  421. http://farmsys.in/US/xerox/Invoice_Notice/WNUat-PQ_SaPVP-Txz/
  422. http://farshzagros.com/DE_de/LLVNER2168947/Bestellungen/RECHNUNG/
  423. http://fastier.com.ar/94725758922/ayULB-ncEkl_gzRr-N0/
  424. http://fb.saltermitchell.com/avily05/de_DE/UGLOKZC3857777/
  425. http://fb.saltermitchell.com/Februar2019/FVSCUWBHMY3334648/Bestellungen/FORM/
  426. http://ferrata.co.id/Inv/oZyK-Aeu_qoJJP-01/
  427. http://fiourbano.com.br/US/file/AdMe-d5_rT-ttO/
  428. http://flapcon.com/De/JDWIES2590578/DE_de/BHZMQAD0156374/
  429. http://floradna.com/En_us/document/rEZBy-Ti_IBmIgb-1K/
  430. http://fms.limited/En/company/Invoice_number/PWbmx-6iM_LHuMKwCQh-PV/
  431. http://fondtomafound.org/wvvw/En_us/llc/Invoice_Notice/SDan-fJ_PRmjfFbQF-D7C/
  432. http://fonopar.com.br/wp-admin/ZGqL-Oa_DxSunp-2qG/
  433. http://freemaster.online/En_us/Invoice_number/fJxGB-qy_n-03/
  434. http://frescoharmonica.com/EN_en/xerox/fJSm-asGF_m-rrJ/
  435. http://frij.gricd.com/company/Inv/oghvd-m6Y2_ipiV-g4/
  436. http://frog.cl/xerox/Invoice/GJLg-mj_sWxLJm-Hj/
  437. http://fwpanels.com/De/ABHYSQR9969074/Rechnung/Hilfestellung/
  438. http://gaminggo.website/dbssxdydaf/file/jeMNh-Ra_puh-g0j/
  439. http://gbconnection.vn/New_invoice/rMoc-MKhBh_LFzUzYM-xKe/
  440. http://gcpfs.info/EN_en/Invoice_Notice/tSPM-UG2C_PHRbW-Rhd/
  441. http://genitbd.com/En_us/Inv/yGbrP-N1GGO_DpNySfrn-ppQ/
  442. http://ggq.kr/ljcu-hx_EZnDjjlvn-4k/
  443. http://ghazalconcert.com/scan/Invoice_number/OzATE-luN5H_MTykzmSt-32/
  444. http://giancarloraso.com/En_us/ETVc-RuzBL_ar-1Ze/
  445. http://girlydesignart.com/doc/auiE-IRUc_jfaS-Imv/
  446. http://goldenlakehoabinh.com/En_us/document/Invoice/QvZzP-kT_chcEge-nV/
  447. http://goldensotka.com.ua/US_us/company/New_invoice/MQhi-2fAV8_YcGbq-no/
  448. http://greez.club/En/xerox/Copy_Invoice/863397311939/COlov-3vi_ylmnIGVir-yS/
  449. http://groundswellfilms.org/FLRIQOKW1501524/Rechnung/Rechnungszahlung/
  450. http://halmstadorienthall.se/corporation/Invoice_number/eVXHL-QG_AuBso-u1/
  451. http://halotravel.org/EN_en/xerox/399528119/ZPRnc-Es42_lNAbkDMp-L9P/
  452. http://hansole.org/info/BBDY-fnf6_OfJj-R1/
  453. http://hapoo.pet/De/VXPACJBW7392599/GER/Hilfestellung/
  454. http://help.saiyou.me/DE_de/NKYQVOSZOT6013887/De_de/GHKWNMACB2480034/
  455. http://himalayacorp.vn/En/Copy_Invoice/602218923301931/SYevx-jGG_shQLfvT-Xq/
  456. http://hnhwkq.com/EN_en/download/Invoice/qGcJv-3qA_webSuxER-cV/
  457. http://hoanganhvunguyen.com/US/Invoice_number/wXbDp-6J4o_Xa-XY/
  458. http://hongcheng.org.hk/US/download/MEHB-Juibl_ygk-sz/
  459. http://honglip.com.sg/En/corporation/Invoice_Notice/AQDb-SePyp_RY-UXB/
  460. http://horse-moskva.ru/En/Invoice_Notice/9413365295891/KrsZk-XdrEe_nVyOBOL-sL/
  461. http://hostdm.com.br/US/company/Inv/MBWtu-v0_K-s1/
  462. http://hourofcode.cn/De/FTTLDGN7338525/Rechnungs-Details/Hilfestellung/
  463. http://htpinvestment.com.vn/corporation/Inv/bkcXb-6aNl8_aF-Q1F/
  464. http://hyper.gaminggo.website/DE/DE/MGCRMUHE2025190/
  465. http://hyper.gaminggo.website/DE/NGSHJBDZ9493402/de/DOC/
  466. http://idiskbd.com/alokitonabinagar.com/scan/Inv/CkfL-UIww3_vTkwPke-IEF/
  467. http://ihatehimsomuch.com/de_DE/HIHGFYCBMO1373082/Rechnung/RECHNUNG/
  468. http://ihatehimsomuch.com/Februar2019/HNEOLZYF0641796/
  469. http://ile-olujiday.com/En_us/Invoice_number/Azpl-1y_HYOjeQhvm-H5v/
  470. http://iltopdeltop.com/de_DE/IANJTUAEE4785475/
  471. http://immanuelprayerhouse.com/EN_en/document/aBGx-w5zH_fsZI-hX/
  472. http://ingramjapan.com/US/corporation/kAuuC-LxnRQ_ev-gg/
  473. http://inhouse.fitser.com/ceascope/php/wp-content/plugins/contact-form-7/US/file/Invoice_number/jBLkJ-ajr82_QCjXmOB-k82/
  474. http://intensi.cz/EN_en/llc/jYjl-Uq_HPe-N3e/
  475. http://iqhomeyapi.com/DE/QTJUMYYBF7855310/DE_de/Rechnungszahlung/
  476. http://iranchah.com/En/xerox/Invoice_Notice/POlmn-ylo1h_VwtSNysTA-CV/
  477. http://iran-tax.com/US/Inv/LhWEW-KG_yAA-vVK/
  478. http://iso-wcert.com/doc/Copy_Invoice/5593042/uWji-T4QB_wisfpWe-abt/
  479. http://israelhumanresources.ru/doc/Inv/072936000705/WWjYH-Vz_Xmy-NQ/
  480. http://istratrans.ru/corporation/Invoice_number/351917407428730/FizH-5Bnoj_RdcpQHiVU-AOF/
  481. http://iya.net.cn/En/llc/ariE-ILe_lRHu-c7/
  482. http://izavu.com/DE_de/PUWBIYD3363260/
  483. http://jacque.lp18.mmi-nancy.fr/llc/Invoice_number/pXCN-UUMn_UKYSnWIb-xd/
  484. http://jakador.com/US/info/Invoice/uiUZl-YAosI_zbcXOgMHv-B20/
  485. http://jamprograms.com/EN_en/doc/Inv/cqnIq-abr_LotaY-BZQ/
  486. http://jaspinformatica.com/HRdFL-IZC_yV-VS/
  487. http://jcpgm.org/download/Inv/yZGE-H8_AD-kZ/
  488. http://jimbira-sakho.net/US_us/scan/mWYTH-3Q5u_EH-cZi/
  489. http://jm.pattronizer.com/En_us/corporation/Eepw-6pd_sJpPqcrF-fA/
  490. http://jurhidrico.com/0875753535/XuBK-U8_WBIZzlssy-64q/
  491. http://kaliningrad-itc.ru/Invoice_number/bWrM-Sq_uFlyKmV-pZ/
  492. http://kamajankowska.com/DE_de/TRXOWRYINA1097305/Rechnungs/RECH/
  493. http://khoangsanbg.com.vn/themes/De_de/JAKPOL2671693/
  494. http://khsportfolio.dk/llc/Invoice_number/xhXVO-Y8e_rd-45x/
  495. http://kndesign.com.br/EN_en/info/Invoice/QiRv-Cn_B-rwx/
  496. http://koszulenawymiar.pl/xerox/Invoice_number/Eomyj-1tjUv_TMcuzwPBW-Z2/
  497. http://krisen.ca/US_us/company/Invoice_number/krsL-sL0Rl_MEHS-bU/
  498. http://kriziachiesa.it/US/xerox/Invoice_number/08345135522/AtyIj-hORf_AWcEv-85/
  499. http://kursiuklinika.lt/language/US_us/download/rwkFB-XM_vUjnFSn-LB0/
  500. http://kymviet.vn/US_us/xerox/Invoice_Notice/xgAU-VAPeY_XWS-Kxi/
  501. http://kynangbanhang.edu.vn/Februar2019/BJRVAYZ7803452/Rechnungs/DETAILS/
  502. http://kynanggiaotiepungxu.edu.vn/info/PJrRM-qjS_LypV-giD/
  503. http://kynangthuyettrinh.edu.vn/de_DE/FGLBXCAG9942671/Rechnung/FORM/
  504. http://kynangthuyettrinh.edu.vn/EN_en/xerox/Copy_Invoice/MTUd-RE9c_ZOjEMbPN-FA/
  505. http://kynangthuyettrinh.edu.vn/MWEMJN5994446/Rechnung/RECHNUNG/
  506. http://lanco-flower.ir/305355513877/cQDda-rvb9_ktRmfX-iWt/
  507. http://latuagrottaferrata.it/De_de/HYIMFYPDR7720398/gescanntes-Dokument/DETAILS/
  508. http://laylalanemusic.com/DE/TIXJZV4153771/GER/RECHNUNG/
  509. http://lazell.pl/wp-includes/de_DE/FBLWXUCY2886002/Rechnungs/FORM/
  510. http://lesamisdamedee.org/US/download/Inv/33722889806/CSeTZ-v9ZW_pLmCOOFRp-DZX/
  511. http://lienquangiare.vn/US/download/851501985/VbzG-91_B-Ll/
  512. http://liketop.tk/Februar2019/DEWZDFS5921051/Rechnungs/Fakturierung/
  513. http://lionestateturkey.com/LSWAGCST5581606/
  514. http://log1992.com/file/453766394/PTlqq-Ex2k_awIHhTin-lMO/
  515. http://lubraperfis.com.br/Februar2019/BNHFDHJ3055032/Scan/Rechnungsanschrift/
  516. http://mantoerika.yazdvip.ir/xerox/Copy_Invoice/BLvZd-boDwE_vmYCwE-kP8/?/
  517. http://mantoerika.yazdvip.ir/xerox/Copy_Invoice/BLvZd-boDwE_vmYCwE-kP8?/
  518. http://marasopel.com/administrator/US_us/download/New_invoice/oaQy-9p_tcrMIFe-7M/
  519. http://masjidsolar.nl/EN_en/doc/Invoice_Notice/yeKx-z3_pQRN-OH/
  520. http://mask.studio/Februar2019/WDEJKKTMWV8742548/Rechnung/FORM/
  521. http://maskproduction.ru/US_us/scan/Copy_Invoice/574264353827648/zfXmL-Z3_DOhxv-Pg/
  522. http://matex.biz/En/company/New_invoice/kxTg-XJr_ddPRb-D0x/
  523. http://matongcaocap.vn/IUEMUPSROR4940478/Rechnung/FORM/
  524. http://megl.ca/llc/Invoice_Notice/VZYa-iN3oZ_MmWHxgsT-C7A/
  525. http://mhills.fr/En_us/llc/Invoice/kSnU-Mid_bQPY-OW/
  526. http://miennamoto.com/De/AHYWAWWKO5529630/Bestellungen/RECH/
  527. http://mir-perevozok.com.ua/company/Inv/JdaNK-E0IW_urnLFmwhE-uB/
  528. http://missionautosalesinc.com/document/Invoice_number/3251088/OGod-ayjn_KZvovLhU-0F1/
  529. http://mrm.lt/company/Invoice/mRLa-XVx19_ZQh-p2m/
  530. http://multishop.ga/MQMWGGO6503348/Rechnungs-Details/DOC-Dokument/
  531. http://ngkidshop.com/DE/CWIRDUAYAA0892717/
  532. http://ngkidshop.com/De/PNTCBH8949302/Rechnungs-docs/FORM/
  533. http://nmce2015.nichost.ru/De/GGRLXCWV7353951/Rechnungs-docs/Hilfestellung/
  534. http://noithatchungcudep.info/wp-content/doc/hpyFR-gY_NQ-xv/
  535. http://nonton.myvidio.site/DE/KZYJVKAKK9205612/DE/JKZFRAZE6345889/
  536. http://noscan.us/Invoice/871430326423/vvQp-D8_rndLvX-sW/
  537. http://ortotomsk.ru/De_de/EHDBXWZBJO7581980/GER/Hilfestellung/
  538. http://pby.com.tr/EN_en/file/1447413675216/oRRFB-Q7f_Q-BQJ/
  539. http://pby.com.tr/scan/Invoice_number/vvTA-Awq_OCIL-tb/
  540. http://phamthudesigner.com/US_us/doc/Copy_Invoice/wNHb-YzG_YbSbGu-Zj/
  541. http://play4fitness.co.uk/US_us/corporation/Copy_Invoice/ECCp-M72g_lIUDwz-Y1H/
  542. http://pronews.vn/US_us/New_invoice/wHaiP-1tU7_axT-neZ/
  543. http://radioviverbem.com.br/download/Copy_Invoice/uzJJ-1qMu_CUdmQR-WBG/
  544. http://research.fph.tu.ac.th/wp-content/uploads/En/corporation/Invoice/VRtDa-f1H_QK-Bws/
  545. http://rohrreinigung-klosterneuburg.at/LjCq-M7p_sVjQmrudi-q7S/
  546. http://rohrreinigung-klosterneuburg.at/UQHCGSRR9409584/Rechnungs-Details/Hilfestellung/
  547. http://romantis.penghasilan.website/En/llc/0204066758/wVcLq-vu8C_hV-Tj/
  548. http://salahealthy.ir/file/Invoice_Notice/DDKGV-C0_Hfa-8EG/
  549. http://secondmortgagerates.ca/DE_de/GFAGQYSJXI9239534/Rechnungs/Rechnungsanschrift/
  550. http://secondmortgagerates.ca/DE_de/HEYWXUF5339793/Rech/Fakturierung/
  551. http://shovot27-m.uz/US/scan/New_invoice/bGmAK-rbvfu_gTdafih-soY/
  552. http://sieure.asia/AT_T_Online/US/llc/pjil-jeGv_tjPGFx-jx/
  553. http://sosh47.citycheb.ru/de_DE/WKZXJI0470165/Rechnungskorrektur/Fakturierung/
  554. http://soyuzhandpan.com/EN_en/scan/Invoice_number/IEwUe-RsKy3_IfBO-lG/
  555. http://sts-hk.com/edjf-jUsEj_le-FD/
  556. http://sweethusky.com/Februar2019/ELUKSM1691772/Rechnungs/DOC-Dokument/
  557. http://talk-academy.vn/En/Invoice_Notice/ygaB-bQF3_BLMQjp-2S/
  558. http://tasarlagelsin.net/DE_de/ECBJUGXDF4914787/
  559. http://techboy.vn/En_us/Copy_Invoice/LUFS-yg_dbUUibF-Je1/
  560. http://thammydiemquynh.com/DE/SRVVFCTS3984940/Rechnungs-Details/Zahlung/
  561. http://thammydiemquynh.com/DE/SRVVFCTS3984940/Rechnungs-Details/Zahlung/index.php.suspected/
  562. http://thanhlapdoanhnghiephnh.com/En/doc/456598441/rQWx-WU40_eWNphD-FKn/
  563. http://thinhphatstore.com/xerox/KjsEB-f4T_uTWKfAO-Zr/
  564. http://tischer.ro/En_us/company/Invoice_Notice/fqNB-r9n_XkDb-Z8/
  565. http://tisoft.vn/En/Invoice_number/302314378501059/rxGg-AQP_u-n78/
  566. http://tolstyakitut.ru/En_us/corporation/HWnKG-HU3L_qyyex-aB/
  567. http://toprecipe.co.uk/EN_en/aBzBO-kkSQ_kBUc-Iqp/index.php.suspected/
  568. http://toprecipe.co.uk/En_us/download/47942822592/MLaNo-OZ_QMSUAMRi-Mf/
  569. http://trialgrouparquitectos.com/wp-content/uploads/Invoice_number/CNqU-501_BvSKJ-n3c/index.php.suspected/
  570. http://ulco.tv/doc/Invoice_number/WRSTM-CHkG_mv-Pjb/
  571. http://ulco.tv/US/document/YhrA-tCKR8_jfPi-DMh/
  572. http://up2m.politanisamarinda.ac.id/wp-content/download/SnUlr-KB_ekxzo-KN/
  573. http://vaws.nl/US/346743887801/VNQR-V3N3Z_y-6G5/
  574. http://vienquanly.edu.vn/DE/FXJNZLWKVN4867450/Bestellungen/Zahlung/
  575. http://viticomvietnam.com/file/KznQ-08qJw_LhSfktv-MH/
  576. http://viticomvietnam.com/US/doc/Inv/xpuF-Da_saTtcD-roD/
  577. http://weiweinote.com/US/New_invoice/yiURQ-1c_K-Gop/
  578. http://weresolve.ca/file/Invoice/vKVR-lro_frym-X62/
  579. http://wp.berbahku.id.or.id/Inv/uzZA-w7_uM-TgW/
  580. http://wpdemo.wctravel.com.au/En/file/wJZbG-k2I_Cw-am\/
  581. http://wpdemo.wctravel.com.au/EN_en/Invoice_Notice/3587030376176/LuApR-pna_EJX-dW/
  582. http://www.aerdtc.gov.mm/wp-content/uploads/En_us/scan/Inv/QPkH-xYMz0_rf-gU/
  583. http://www.anvd.ne/wp-content/kZgN-ahV_iWjLK-Pv/
  584. http://www.birminghampcc.com/scan/Invoice/BEaz-hnqXV_wU-9t/
  585. http://www.cbmagency.com/DE/KRYUXSHE4155921/Rechnungs-docs/Fakturierung/
  586. http://www.dkstudy.com/LGCAITZQT8921006/de/Rechnungsanschrift/
  587. http://www.envi1.com/De/IDBTFZOCC5628343/Rechnungs/RECH/
  588. http://www.face.smartwatchviet.net/En_us/company/Invoice/0149826687/qDPTP-ZIvu_n-itv/
  589. http://www.flapcon.com/Februar2019/YAKEKVU9414009/de/RECH/
  590. http://www.ingrossostock.it/De_de/EVVKTQ3712970/Rechnungs-Details/Zahlung/
  591. http://www.mhills.fr/En_us/llc/Invoice/kSnU-Mid_bQPY-OW/
  592. http://www.play4fitness.co.uk/US_us/corporation/Copy_Invoice/ECCp-M72g_lIUDwz-Y1H/
  593. http://www.porteous.ch/llc/Invoice_number/pyVl-y6_Z-kJ/
  594. http://www.sweethusky.com/De/QOEYOC7374386/Rechnungs/DOC/
  595. http://www.sweethusky.com/Februar2019/ELUKSM1691772/Rechnungs/DOC-Dokument/
  596. http://www.tasarlagelsin.net/DE_de/ECBJUGXDF4914787/
  597. http://www.timothymills.org.uk/corporation/Copy_Invoice/uXaER-jbJ_DYX-lyE/
  598. http://www.wiramelayu.com/DE_de/SFYRPSBT4193902/
  599. http://yduocbinhthuan.info/En/xerox/Invoice/LhiI-F4b_qT-rI/
  600. http://yduoclaocai.info/US/download/Invoice_number/SoDgn-ky_uHWnL-z6X/
  601. http://yduocsonla.info/En_us/Copy_Invoice/40639519133651/rxUE-8CdD_PzJojjy-1rD/
  602. http://yduocthanhoa.info/En/Invoice/PhhUW-q93_PwlmSH-o5O/
  603. http://ylgcelik.site/DE_de/DHUYMDQ8753701/Rechnungs-Details/RECHNUNG/
  604. https://captipic.com/Invoice_number/zDyWf-TXK_hMsKz-sd/
  605. https://carsibazar.com/US_us/company/CMBz-wsH_hGEJN-i5/
  606. https://crestailiaca.com/DE_de/MDWNLCGEB2511352/de/Rechnungsanschrift/
  607. https://drsaultorres.com/info/400685534/RgKD-f4R_gSaaxdtK-BFn/
  608. https://ftp.smartcarpool.co.kr/lf_care/user_picture/download/Tjcvo-DyeDk_bfrd-lw/
  609. https://protect-us.mimecast.com/s/357TC5yx0ZfRY4quOzKwy?domain=54.234.174.153/
  610. https://www.dkstudy.com/LGCAITZQT8921006/de/Rechnungsanschrift/
  611. https://www.verykool.net/vk_wp/wp-includes/de_DE/CQPQBPLVMY8380956/
  612. https://www.verykool.net/vk_wp/wp-includes/de_DE/FBNUBDLC0797768/Rechnungs-Details/Rechnungszahlung/
  613.  
  614.  
  615. ```
  616. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  617. ```
  618.  
  619. Creation Time   2019-02-21 19:28:00 (Doc Based - ENG - 365 Blue Box)
  620. SHA256:
  621. 046f87c718018b50c7c6f539d11492b8fa6e4325e3da77a64f6a702287e5c824
  622. 4b75a9159e22f9e5ae12ab9c732b7075e1965c92be52b859eca1b03eb86ac805
  623. ee60f9e2d38218109aff1d443750aeec436be61873d04466a24c2178928ada5c
  624. a7e75c95eb4d7dbd3236888c12dd4ba59ae69500620a07521120637a6f8abd23
  625. b8644d9f61436749be8678f246cdcc25ef58eef190f10a6ce079fb689caf3ef5
  626. 1186b28adceb8145a036958af9b666a86f94350606c58559013fd7e0bf5b2d10
  627. 2f5f36a66a982a2f0457a6d1b04c50f2da186c5b97464b3be5a7eac114ed467f
  628. 7c8c775210220e5ceee72c0c7459877dbcb72068aa6011fa6a29f5e3fda1b5f8
  629. 84c269a26193867fcf59b3ef37fbb87619721f18163f233f1e7612a423617050
  630. ef843662c0f3ee87c56de95a49c430e90696798956eb5ce980f08b85f4dcb05a
  631. 763e1568e57bc1bc0eea550a996790ae3a08f66eb9a1164257f2ef35875745cc
  632. 32b93c3a0e095ddba394079ec1d18f3a2707172ae7780b213a6973b2d87e565d
  633. d87ab889091040521fc76bda0abdab6bc37bd3afbcb3d4421b3b0c8c2808e15e
  634. e5d8ca1e7faa58e8016549b308650709b9609ed2f655abb165826ebda065a256
  635. 753e6d5f8b2922939f905cc0f324c06acd0d6a3a033691e256ebfd37779583e1
  636. 1e979dd7f93ebf27f9559e151d508110058bc0ae24e7443bda6d206e8040db26
  637. a421681d1d6a43b2ca18bb57d596a9002e3a0442fa5cdee0e2b30098aadcbf47
  638. cd63352e1eae206ee6d7b9646fa765a6638d7a6c093a6f035d04a798300f2672
  639. 0e31b64c56b8b6fb914bc519d0564490c31ddbe81da51a56d1f71ea15635bbb1
  640. f980dc8dc9418b78ad40625e3e2490083d2b1f3a8d0bbd7ee6ad02d6043e218f
  641. 0a0d6e36083123462b0362f0909ceee2eeb962e4fe2bdc3428c452184e701d94
  642. 4c1c586ea91084e4ab171a2a1faec85244e823f4ac0e282faab996a6b33f0700
  643. df4a92dacf24f62e230b0656dabe555c231d1c42c7bd3d1f6128c528458fd3c2
  644. 4ff00fef96a8b96ba389bee1744b3e33a5143b64c6402fdd4bf0d8db8be6ccb2
  645. 99cfc1d7303f75ab1a8ba4ab3f60a7ae67c36eed36aa2098858b9607e2c462bd
  646. 2836974c689831bb98cbfe91a85f59c42a50b1888c82db496d53e1132886f7a3
  647. 155d10bea9e7018e6b20ee840db81ab1938d69531697c41a6896bf1a5b7b6517
  648. 857473dbe88b80da3e1580876384cec6a84cdc85b2a0274a81d5437ae361cf4a
  649. 90ebcdca1a7f6f2ad9a52d8edf26a7e75d4741625d08616c1f6631b4b7f3b426
  650. 20c303567a05318e7ef208304abb8fcaa52329bd26e4584db4db399949fc3241
  651. 9f192124b2235421f53196db5c9e1d538be1d30b5580a3b284bbc953440f9f06
  652. 4950451b96939bc5e872b286398930509981767a8a840e80306f35d1c5d3c173
  653. 50b8e39e1cd2c2886542d0a3c9bcea3e91298fca4af62b23e6a46994335cda19
  654. b408dda7bc388d61fc3032a57d1680f68e81f90b698deff1897a01899cf554d0
  655. 269d5a38bc77f5228031fa16b3b19dea79b6f4095331dc4e6e8edabbd35df36e
  656. 2c5985fb3d6419f4a0e8861860b9aa6f5eefec3f55d41a163e25aef684e597b2
  657. 3ada6e8496565c7288c045e0dcd7d4d019ca3aaca855d2d25d4c83ac7945e9c4
  658. 5a928ccfdda8165fffe7c25fd7dca4270f64f25f6efbb401ae0859058bbe1e7f
  659. e8a539d214ec2ed141d9619bbc2bc1d6b9d73541eca7a0fde94139d7b108774a
  660. 4701102fd7b71169276d8dae3065e6c15fd4667d6fda5375b90e0458a4a5c257
  661. 5f528344740d8555e9a2eef46a7cfb33391ad44274c8e7f303e8bb14cdcebe03
  662. 0b4a62a24b9990ff092bb55fa4375f6e47ab0f423f7e8a9f59ddbfe315626d7a
  663. ed707d534ff4671e1db0ef802074f9b146f7ca4d0c7d4ee7f42e29fe84a3cca2
  664. eaf3d751be767274ae82b72a2d5946ff06ba2e2c8969a8c17f4705e4a0dceb98
  665. 8cdc3a56ab924c1b4ef340ef6fc7246e7c433e2ef7ad6102685faad5f0b40798
  666.  
  667. http://uat-essence.oablab.com/cEP88qz/
  668. http://34.207.179.222/GPc2ykD/
  669. http://204.236.197.55/ZmkN6EP/
  670. http://107.23.200.84/EmllsJND2W/
  671. http://radioviverbem.com.br/SZYTAZDa/
  672.  
  673. Creation Time   2019-02-21 16:02:00 (Doc Based - ENG - 365 Blue Box)
  674. SHA256:
  675. 72f8f36503fee81cb94101360b4a818f4ca293383d0fa2698177135e6d3ad02e
  676. a0a926469f468261834d6b6abd70b6a626d03408cf7b73bbe8c39e6b0acf3f74
  677. 7c25a52b3df28d736ae0dc129acfd7cef828753e24e2b328870dc8c8ee63c142
  678. 6ca4057339dc1e8b1cf203969d32f94dffe5b7f30d74d515b992eb5f8b82323e
  679. 6ea2c3eff96f11f2283b3abe723d1a86c61cdb44fe2cd17ff9ae10ad20cf1a65
  680. 67f07beab41c78304551ba5cf24918d78dd6621626145ec164f21f99f0581427
  681. 8dfb004e386950a6ac3cee1e890cb8d503ffa3ec347422d74dd21b54c9e8bfe9
  682. 4c0ad99eb7984eed6d561d0759d2e7fb705291f5ed82fd2986e19f94dbbfb5ee
  683. ec6d2bc3b18b259ef7d9b7b9fd11a59930e8a64aaeb2cb5f2227dab86cdaf495
  684. 22c8cad80f14337d24c3cc6a419eb885e8adf02b91808ba3401f36717c189192
  685. 6ef6d24af64ceaea46019106f030394c4fa8961ee6c554d1ffc41c3207bbad55
  686. 748a9d4a8f7f3f221340ead90f7a75c53e224058831f2535003f0ea5bdd29c70
  687. b817b86de7889ccd9e05c6643378ffd23cb6bf21f2ea0c910600f59d0f3e2722
  688. 3c496d24793899f2045191fa63fe3dccb0d54ab6f4ca1b414647aca3e9a9a76b
  689. c285c8fcf0c50bc1a50f671b6b2bceef37219c09ac8ce01df4aef50452b7d19e
  690. 2b8126bad5c6a553fef27196e4f63f03bd6f771da259335d2cd793f1d162b390
  691. c43ac1853ba5cd8e87430531b3c16706c109445dc0d7aa5e295a575d6c027642
  692. 2247ea393a089116c2311ec077d662089ae460016dd3fecfbaa31935b0b39801
  693. 59160cb6f9b91540b287acd08ff6c833cadb0c847e80ad5a9ccbbd227bf8d465
  694. 5efaa29779c448ad86f7b3144aa41743abcad1dd39f85629593fc72fcd01a809
  695.  
  696. http://dataland-network.com/NLKzKKZi/
  697. http://ajs-c.com/I6t0zoJW/
  698. http://www.iephb.ru/7xcNngj/
  699. http://postvirale.com/x6aVZ1vHp/
  700. http://104.248.143.179/TUaMxzG/
  701.  
  702. Creation Time   2019-02-21 14:01:00 (Doc Based - ENG - 365 Blue Box)
  703. SHA256:
  704. de0375bb02c9ee35ed5abf40bea64ac325e8e8c0f11044b9061a5d5f1b3652dc
  705. 0f187f266a7f980776537018648b86b03ceb0e98c5d4d5ada2edb679a584bcb1
  706. f9d580839ded49fcf72a4c595ecc004ed2593ad6e87ebc93ec7b5aa8ee83f1ee
  707. 092132a91c31f91a982bfb500628e30ca4d92db2c00e85eaf3466349504e9d56
  708. 45414667e245e5ff1b7a525ab63e7316ae60c936914e118cbca3bfa9fceeb065
  709. 1b426aa2b7174a4d6a069e1fa457a8f688982089f39ef4de2d35034a464b2e8b
  710. 391aac42483279562a3033b3ed838a6d67c23848a0a01a4c7a05d7778ef99296
  711. a722036761be881a9977d624a590e910b9f2632f21665e15a643b2dc25596763
  712. 79401158aaaac4ec98e768969eee7da40861db3869fd8c36185189a368181771
  713. c5995175bc45b814d8b57207958faf22699f441e06e16281f1859a9caa647165
  714. 81149aa3a1622b6f745fd50d1ea7aad51df7012b7bae5620d266769084a300fc
  715. fec778feab458f2c25a06a45f7070ba0edb40c0843669909127e60c13676ad91
  716.  
  717. http://13.54.153.118/hYKUEGPp/
  718. http://13.127.32.1/pwZE5HdZKw/
  719. http://3.0.82.215/gcvkISJt/
  720. http://12pm.strannayaskazka.ru/EWMDoLW
  721. http://34.238.152.238/zG9qBNNp/
  722.  
  723. Creation Time   2019-02-21 10:20:00 (DOC Based - ENG - Unzoomed Indigo/White)
  724. SHA256:
  725. b9c937fa4603e99efca283ca5b615a6952b62168baf2f7a64ea3cb4316b9c69a
  726. 46200b1cbb63008321e6d8c42abee46701464b1f037de0910c237fc69a44939b
  727. 0ab63b9d18b6cc203d0eded9c9b6753c7a259f5408f7cc7160f7893398e728d6
  728. 9952468d91525ee1e25080cbfa6b3ac71599143099ecd3797b7db69a2470c18c
  729. 4aa4f8e7ad9a6e288881d682dd957caec8519083c2dd537a4f92d2e48a57e879
  730. da8fb04d0fd7b7e66f34238b9150ce89db77f5952e2c863252f3d8feeb91602e
  731. b5e3fdc49a042d1cf5023a5b8829556cece6ec86b469355a98e7dab8b9fc7f84
  732. f574ae2643ff26d92691d89dda9eabc1142ba59703f5e39352ceb766c16a2721
  733. 4c8c99d97cb4c90b90e64add8d3b628728b83dab90b4a56577fee94765381546
  734. 453f8bbed4d14b720b70a71d1cc72f0e038d9b36532a8017c8eed4d2029c6358
  735. 3b5886ad43ab8b2992e5b7c84d83a51c1be5fd49bd3350656f8c7c5e02a2e742
  736. c5878c154e79fe399a4480e947fc138c108ba8281f89b1204ec2ece76984318e
  737. 7a166f99a6fa6a578a6be7a96def558d3c2de9104a4badca10afc165c383714e
  738. 7d13b89105096a6f50e24a03c1668a680fce0253c760ec868aa9291043e71fab
  739. efa4bd596b96c43779768551190fe10ad28a94e75866eabf388421207e645785
  740. 194155bc13fd032ae4b9a84930243f6576e8e3a2e3cf333408ef99b40259f66e
  741. ab6f53e4a1a8e3137ae307eaa274f36e31d77c9e5ad1109e1f58aa10dfdafc98
  742. ed57fad51150b0846662f5268685254777367699077f7627f1b4dfcbf8aff6a7
  743. a11f33ec97834a2c8b87abe9b04e3fb0132ba481f5489dd62f5b44c571abd6c2
  744.  
  745. http://tony-shoes.com/7JzXexTmCI/
  746. http://mediarox.com/6wcdQDCe/
  747. http://13.211.153.58/zLoop5rD/
  748. http://178.128.238.130/lgbLuD18/
  749. http://13.250.36.131/luDCfRPwaD/
  750.  
  751. Creation Time   2019-02-21 06:59:00 (DOC Based - ENG - Unzoomed Indigo/White)
  752. SHA256:
  753. 6f0bc8c229080344f5623c0eca3e11d678c5ca55ad8802d2d44f8090db59b973
  754. 729d860a52e775dfdf7fcfea235efd5b6892fad6aba2c31586cecda2f6bbe994
  755. 5582ead41cca3919877ec65de38014bef2cfb9132d5e509420bb6d03a5b933b4
  756. 38ef51e9b2a37b1bde68b6cc8d1edab13083451503bc11764ab5ea12ec509319
  757. 210211315bdd3ebac1b94ac3ff1ab075edffc5c3c7aab4e2b721a9ffe173793d
  758. 3b877298150998de551ed5888b4f44c4aefed74f21252602b4812d8b1cc841b5
  759. 027515961c71ef138fb58fbdef999a3220ffca5539a919cdc2252e00503991de
  760. a5f628181dc9f2324041f3959266af57c133141c40016ecc98e7e506d9697e08
  761. 0325029ff4ae0db4f263b3514a71ae6bdaecff512a9cdf0d9c12f4bb3ddb9d3d
  762. 8c499deeea0b1e3c79f3f2c5e8448e52907b150038dd91c7d3b52c8b34f26c35
  763. 1de7c2c24d4481112a7fa71c646a92e4deec7603475630e318b645cd0ebb8ef1
  764. 5dc01e24b8216611827b24fd788b1f993bc383e5cbb7fad4f9d80f4ee4a4bf3d
  765. c85658bb3f574b17d721d850c4fdf0c70f74d9ccc935a95ea9e53076b6b2919f
  766. 8d2f7cae6c185a756e8edef7df03cb3ed2d5b38fbd82a5dee6bcd77c74c01db4
  767. 0a95dab3594a1d88580ddea96dbf9e51071bea815fb50798d31ad66df8166daf
  768. 8e2b14f966473e3d57962fca3aded4deb706c2f29e115b6e4eef5982eaf8c5b4
  769. 0a5ffe91e93aa44e93c8500bee173fd8f5abf6dc2839499ac21d662fa4411c93
  770. 15c066434b15fe7f3b2a36ed8ae129fee1794627232bd42840603ff22a3ab5fc
  771. 63c9f110415b70cff1b8f70d3ad4d70df1154873383d71ee944729b0dde65af1
  772. aff1c7deecca592915d7a25f29b5ff903e1b4ad9fe9d9e6e43b7173e2a1fce54
  773. 7ab9f57db983715b820ee8913514c99250676bce7c250684048bada95ff13f86
  774. ae19ca9d92f4835f2ae85ccb1c72fe425a1bd215c0f126439d93b6baece8cfde
  775. 9de85909cc4ee8e33e2dc275efd0caf4180d25e803f128a590f2ad22bcfd742d
  776. 1647667e5375233b1d8345a611e2a6d741bb19f12f5abb48b0a620a7ec642d6e
  777. 4419391bc65cdbf78b9637d7d0e4b8a2a41c76248179245c9b5ebe70f08ebbc2
  778. f780835ca46da955e013e9ce99d349c7698db58098e07ee5c93549f711f4788d
  779. e4ed7ad8c638d7e87fb53b90dac63f9fb24ccf7d43a7cd485a4f10d6cc8eeb43
  780. da25cf29e0cd1beaee8d1233d6c04731601709cb64d8dc1d5bea6befdab49cbd
  781. fc8f71a5d008f694f2ec2a2a9ad0e3d9cedb7c175c03faed256de0a5123ee264
  782. 995cb2ddd0b85aeeccb0b325c14ac7df06cfed3e5f92a80f8161d907792e5048
  783. 983a28295ccdedb59648d19c4dd3f7f6dcafcf17df836a475d7aa3ed27a29058
  784. 03e587d47d0c7da8804e5e4ac3eb76aba18e3733f806af58f766741785d5d37a
  785. d23e3182c44aac8dec5a4956e77e93ea1eddd57502a39331adcca76af506b295
  786. 3f8184918c4fbe173fd7abd3d90160428896f1765d81c56f1214704bcff53bff
  787. 71a956d958a1709f830885fb597dd376065e17d0bd449ce6a2df2fb78425c196
  788. 6313a14f5f2025df868fed397d0359ffd1099b8fe72fc7b00836d6f1f353385a
  789. b99d9d34584c709aab4025967a116e1199843f57d4e995573d3b6495ea61fbb1
  790. b53493fca6be28cbdf529f4b6b717769c7d1bc3977b96646d8d3cdd1a9dc4321
  791. 0a430c521e0b67b41fe962570eddc2f391c29bc0d9b688b2a35c834cd08a58ae
  792. 58d1710bae0a222ccf0055d9a920e279f5bffe7d28706d0f1be372ab7f5891e5
  793. b3e5bd637701c81e236118f2f3cfa9a6dda269466dda9d57d8e1c55d52825c88
  794. b651953d67fc88e645362198eb5b3bf7e2165b9c26e219e67849c74a6d84d199
  795. c3fb3f18de34a46a19603593876a8354c9295991046d21f28cfd2ce582a1a94e
  796.  
  797. http://81.56.198.200/vzDYQ0vT/
  798. http://sosh47.citycheb.ru/Epe9RyrbX/
  799. http://thptngochoi.edu.vn/3X1Gc99SU/
  800. http://fit-school.ru/zCBKJesoEs/
  801. http://diaocthiennam.vn/tcD61klP/
  802.  
  803. Creation Time   2019-02-20 19:52:00 (DOC Based - ENG - Unzoomed Indigo/White)
  804. SHA256:
  805. d7daa3e7d6af360eac911448d0cbd06a5c1091656f6f57947fea331539090c06
  806. b980a31be735ebd09c5fbefa980d6d391f524992ff6c318bcf41f45331700dc8
  807. 7a8a992ae41423cbe967a4ccad97f6651998afe3ca15c1a52d3d3ce54da01dd5
  808. 352f263aa6fb53c0af98d06b41715f2b95f22a552311590ea5274010bd0066ba
  809. 814bbe5c1a7870ce1c6daedc9c2bf2f0a06b427fb0fc2722282050dfc4d23aca
  810. 1ab482a9578a8ace5ddeb94fb2745990a3047703a5441a75e4441a834becaaa5
  811. 65469469d39b1269b8e5224581ce2ddb6dd2734146c6fc1dba84f6e73f3c0628
  812. f3e0613f8fff58cec7f7f845d16727720377c243bccf5f5c4c03d33cb6b24de0
  813. 7e46fc20ab6b868fc8882baa711a8a13627b6534d007b57d49836fede5980a3a
  814. 35bf063e6dd8b8206f4e9addd0d2b414f4af0219eb7be21fb177d9595dbd99e2
  815. 8f6bb521278717300a6540dae7aad647849ca1afdb473fc0c8948a6b076e6db0
  816. 466526f17bde4e439bd8d58a8699f0bdfdb74a4b432e05c328e831edfc28e3ab
  817. c80595119d5f4167df2556e02b2b398b85d68550f6e57ee290cc06b6e43c9338
  818. 72e2a2f62db74486dee49185e7d4ff4503d2e57fc6fdb38ca8c0283b102ac16e
  819. d7e4a682d070aa64b9e80e538be931a107ae0f09d8fe1f6cdd15399559dacdd4
  820. b54971d5b4972bf4b715a6824aa3dfe52c98d786976dd262797e6e1dad3d9cda
  821. 6336caf69c312beeb5c0990e869a216d9b5be107b7f95c451e1c4bcadefd27b7
  822. 44e4b3b3c3dbad182ca8337408a5328a9e931b82c53c536aaf36eab8b65c8e2c
  823. 5f3cc9185d40d87005f8ec69e0c3a6abe9383c472d208da942f9e0b4e519b43b
  824. d32e65963524e9358a3a923daf56c6297b37495e3c37c36503765caedb930e2e
  825. a60a1a8a7a3bbde83c23a92839052f017f3549e909f64e2fc24d70367418b836
  826. 321b254efa18e7ac7ec89ae066e3a7787523e5d8a9b1a0fdc3cf8c3d3d18cfe2
  827. 33aca259484d507602eb2ba31a1e82f329c2e22ca47ea42a7e1c2d55ec37d5c5
  828. aca0c9da888459f045866e8ad9b945c3ea194f727095673c156e7460a5a6b37b
  829. 9fbbd50581f7889d4b7558f23c2beb041884f1d94a448502b8d2fc4bf7195e1a
  830. 80a0f8f8f094769f13b070e3cb2ff774c4ee0e19fa3dcf6f520eed6e58b3bbce
  831. 4cf2b3c4a505e546eb8f8a2b6798507395ca7d19dc96c3209b09a28a2c17d04f
  832. 2c8c6c852a36878b83bad6b36b2f37d6defd31aa2cc56be765203a8b240eaaf9
  833. cf044e317b3b2a8e39d738da75adfc28f0fd0fffb3ebf5ac4ce21763e7c28f05
  834. e25d157a32adb2e424cfd00d6377821fc78af48904d0fcd1aa7bd77593bcc495
  835. 11e37fea71e99b05d6635f11db4e1b87bfb37952dc920a8a0e3197b68461968d
  836. a7b66e5010cde5cba839634299acd7cc7ccd750864bc6a64dbeff307dceddc79
  837. f033dbdf64cc673bb42c279aa5453f5f1685558d1299f824b5751c9b8774d428
  838. e4b42a06fdba7617cca99bf5d1c47bcb7369a35c5ba4d7de8aedd7047c7c6734
  839. c2a6ed736920ee11a237ef8dd9ff09172664a1a6860da660349b8ae5995f25c8
  840. 68a5b66ede664ab79755dc81a9dc1a2ad77af09051cdca4f343b3aa9f5451604
  841. 15a950da0a13747c19411db98f2008d357bee36309aec1a59526f03f76c36beb
  842. 1bde50567bdceed4b1eb98f395573b723c90894dc32178d4f92c8db7a927ebbf
  843.  
  844. http://portriverhotel.com/wlaSpzROD/
  845. http://developerparrot.com/od58PWJHeK/
  846. http://bk-brandstory.mdscreative.com/aEPEdU126g/
  847. http://view52.com/xWR3nltYA/
  848. http://bvxk.vatphamtamlinh.net/IVcDxFb/
  849.  
  850. ```
  851. #### SHA256s for Epoch 1 Payload EXEs seen on 02/21/19 ####
  852. ```
  853.  
  854. 87d882779340aecdda529abc74dbe37c5c0c4e80c5f4b1fb7c5de20f0a8b00d1
  855. 331c9274fa6c42c30642e3adca515f62978fbfeea6c960b84533e034eca781ed
  856. bd9dafd2ec4d568ab6f22dab072011ce270838bbde5832c0aa2c67d955c61644
  857. 1f47c39e3108a321006e977ce2a7152975e62fdd6dc8bc40accadfc44cf37e73
  858. 78e6743db855335f42501726ab727c48e8827c2f09044890440479813a273584
  859. 9593092048912561c63128bdbea649a70089e033f3bb675280e4b59cfa6dc0fe
  860. 69427ef96b8f7b00b94c6f4f94f893b247c02a25df3609cecbb1aee0c6284225
  861. d32967e1b865c1e0751e499f587da02da38174b80d62a1b04cf265b389b41aad
  862. 215ad70e2d6fa1c7321bc7f9f84f8a593e2db3345f6f93e2ecb84b31ad566a6b
  863. 057da781f68382e06cf90db8a7f9642c569d15c2c2e2d113599a6aab17c8cbfe
  864. 2eab3b3505d7212c37b6dfba9365d3fa41bd517a462f0647c3fe9370491c870a
  865. 1f7da8761c8d7354387d99b541f4c2879e70c8336379df9a4334f4398c607d8f
  866. bde9bd2d5877fcfa2cd83dd7d1ea89711d34f035318706ee2c4d208a995767d7
  867. 6b8f33f828ef9e6e8cdde4fc671c7d38e3711afcb8fcfadb92e958293bf79783
  868. 347aaa8d2a04d6670ad7a1049a8b9ab364c3fb24b8306ab4d272eac3e7750c95
  869. 941abfaaef1f3285e32891b28dfe09418f798b501c0ec6dc81f97e1f3eb0f095
  870. fd8e04a29e93ec49feab7fe5d8508cc56bb3d1cbbc9a64a83f740f76dbd2e663
  871. 9d6572891b5e0756b4927c2d524025ea9736b888ef36113252ad8b25f04ad3d7
  872. 3eff7e946bcb1190cd4eb94b532a4b41011e63e56db0779961a67ed16f20048b
  873. 3af198f08a100a4420df0899b073a82e4c706b645d115fdc10d20565c63b148a
  874. b3591959761fd908961a52283ea73d3c8461e8907003ec1453df84fad9cdcc79
  875. 298088d9668dc6f9221d39b5e8d4be342d9f948789543cfeddfd814db9acfbb6
  876. 4bbac2f6d477f2e79ba4463e1e454c235cec139f0c45ab95e2cff3d3d97db118
  877. 1f1601f3ff34650b14c849a101307098d4e12e0deaf3351fd6b41506665a1464
  878. 4c2cc7f138c6a33a8179ab23f425a31dccfe24941679b37534186a63b1c0d3db
  879. 341ce32962ae4fff6580a879122d02a41d2ac545627f05392ea433c8764c5f78
  880. 938d362c5f46c6db7ca7d10eafbfa2e08c66feb216ed53a5c7bf2637425faae6
  881. 315e62e87bc1c56b4944b9c14fcef8f496ad4ca9e07a8fa6ed9e43caaae6ad9b
  882.  
  883.  
  884. ```
  885. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  886. ```
  887.  
  888. Creation Time   2019-02-21 21:58:00 (Doc Based - ENG - 365 Blue Box)
  889. SHA256:
  890. 98c0ce92e61c133b514b58093e17ffa6df186e40ae7244c9cd6290ec7578b49f
  891. 695947db8e78b9520041c1b25b9de373eb1bf0c6aa184a4330d24cc086cd5623
  892. 3e8f09a00da64f471232c26c327cca6e04e939c6c11b34f451a0ed73b9e649fe
  893. 3a814aba071c0bb25158f9632f177d4f0bb79ebeb6c4184e750c9f1f5be7556f
  894. 6f00cb06559ee611ad863f052d203d645455ee83556361d9f3db0c68f6c944b0
  895. cf2d7e0c2bc39625f2aeebb6b8c0950963a8e51b1568c9fb5b4a2dc67e8b3cb1
  896. 50c5559035123f045c5ea46d600cf9135707a76519122d18c86b12a0f61e8470
  897. 00cd3678ea574e1f132cfa48aedd0fdf7b16879d7a5caa697980a9febec8c49b
  898. 96e2cc08140b91a7ea123eae11cd24977a0938193a727a73038ee9a28bedddf2
  899. 8f518f6ec04b7ac2c4b43176f0349ba3ced69453359e09948b007324e5af3a07
  900. 4b83a7cfd2fc2ef08fff2d87ff6afbcd42ee1d78d8375824fd16601f74bd322e
  901. 5fa2a97cd7e989eac9fc9a1ce98af71cc3b77078e8653c7ba9027bf9711ac59c
  902. d095edb1ebe403e34bb7e556d4d572f8adf4cf0a928f1bf78e9dbb2a09cb87a4
  903. 89e716291e1bdce7071afb523cef3c1d788bcc7ac5be5252fa4eae61864b1cc9
  904. 7e4a41ff4ebe8750f84a1eb1acab55c0e326246d045054888b6acb022d38578e
  905. 94243eac3290f53bd56478e0bef9e523060a9398d9f4f66953ea7749491f8cbe
  906. f2ae4e6272a6c254d9685c8b95cf28131e59555be218209c029f99fe05f6542f
  907. d1534d44023fc954eab8281a858ae7ac67ddaae7e369458c63764476a3fcca47
  908. 72e48be9ae480b705c2a9e4f6f41c4b18e159504d57a75409c7e4bc937c09384
  909. 59933f2acdec3c573634e29f631526a3feddc7899b68724b515a3259f9460b0e
  910. 1aa6fcee174dad4fc57da2996ce4881217dc26b34a8fd43f1934ba04a2e94cad
  911. cd168b2a2559b63a988969f95a897fec4cae3583b0867a82a79b8b0f4239e9a1
  912. 09885cd35d4a8ce2d2f14197a892dcea9b9164da1ba693bc83c874d2cb169874
  913. 1efc84de08d3b53a897fb9eba6e105bc3d0c4d21ed26e16d48d696f1210252b8
  914. 0d6804c5eb316f83de77541e46be0fe34438917cdf3e60e7f6980adc2346b07b
  915. 0d6a2fb81dadc4ee1338e648a92c62c8ec1520eab9e09d8b508c38e2047e4687
  916. aca925c5e72482417254a5f75b06221aeef8628b2097fd7ab3642fe65125fedb
  917. a448e1c4821fa9c9f41791a8c9d461e09f3d1a00f7ab29ca024175df9204653b
  918. 94d1ce79356e2213336f8cf874bc64b8be9303a07caa242dcc6707a49c2296ca
  919. dba985d5697186de88463d3058fec1067d53b31c4f72bde225800c178a70114d
  920. 53a3dae9cbee00d4a21c0b5406415757581ebd5fc8ee33602a52a2b5037006b8
  921. c69ffb0d1f57218768ebd8b691576d302580a7cb4a302adfb0718fdeef233b79
  922.  
  923. http://222.74.214.122/wp-content/9kj6qOXTF_aR9C/
  924. http://79.137.86.189/produits/poissons/zgLvIOdR2vvZj8_KnYC7/
  925. http://dmcgroup.com.vn/k0jINCbJj2n8TL9/
  926. http://english-run.com/yojDPG1mo5rmPXV_sxKAoEp/
  927. http://elk-joy.com/G4AFioRkP1t_oJSEWMw/
  928.  
  929. Creation Time   2019-02-21 19:22:00 (Doc Based - ENG - 365 Blue Box)
  930. SHA256:
  931. 5de54586abeaeedc494e16bbbfa76397dec77c4fa9465d6d41f272df814e486b
  932. d7e79a60d03e036e2db8e3a0ce3b8e8581ebb6863370be4a79f063b3d32ecfd3
  933. 52cf1ae1f78a210b6b56d8c8f3fd892da034e191461844cad170d5c0b19a1bfc
  934. 4ca7593903a273bb732e51f2e80ab590fca0dd65ea4b3dae4fb12f787979c2e4
  935. bb116a426c4b1c9375c405d3a296a89b27727b0b628069305eb8d2840cb30997
  936. e962d5f06a177b0a5590f72b6919e93f919d6b598e426c597511f60f2d30176c
  937. b8963425658336c6a4b32fb7c9571d4ce3a564dfb3e67b5dcd375795fcab3f9f
  938. 36267e58958c449f5f00c3734d461aaf72f2010c7e309c9b3df855ceedf09506
  939. 4f8bed1331aa4c29c280e8b30edfa2759fcdb9327624b07b9fc838d5480412dc
  940. 92c388f076c1eedfd22d410b2f15cb4a5a7fb0407b6394faac5efc815e9fc496
  941. c6c68b81ae90f6569b3f2d091198f3d5fd1bbe695824e2dbb5fd888279c4adec
  942. 1cc9692421e6fba14d694cf8d5d15d7d472ebffdbeacb6ac537e3cf61f71d83e
  943. 5f613ed8816c38aeb3a09f7a7f509c11352885e46d63f5e51e5849d5b4a853c0
  944. 6721e188fa1fb6c38616d35a57d64037884a7ef4d459ef0bb08c304fa37742a5
  945. 338e9bc950664f8018e7ebc241600d80e9b6f7eda2327e4b05a0d80388c47c15
  946. 8c63ef3a0c9dcfb30c658f77ad8602ceff72d0ae0d5fd5b04dd6f01a69253f65
  947. cc7e7f0bcc9d9230435e50886c2e24f649ebaaac0206bd0618571627cb7038bf
  948. 2cea91ced6c3c011e3fe32c8d306ff81da77287cb8623c331ab54f3574cb9a30
  949.  
  950. http://35.226.136.239/kMeVidkPdx_eqy/
  951. http://207.180.251.220/wp-content/uploads/h06UBpjeSmYg_t43psHriK/
  952. http://104.248.159.247/yMQqb3saPKBQWfO_Jlrk5N/
  953. http://3.82.177.144/wp-content/uploads/FeTXzsZnZ_dmlGzSfo/
  954. http://datijob.co.il/Q7YjN9wVlgJKJW/
  955.  
  956. Creation Time   2019-02-21 16:15:00 (Doc Based - ENG - 365 Blue Box)
  957. SHA256:
  958. 584698ea070c28bcf3bbe4ad5889bfbc7f4272107f00e89b75088ec83e2fdcec
  959. 7f78e313ef062cad5320d8f0168c43281ae20ae68d170b4c93d6fcfd8fda70af
  960. 1c6b7ee8515507be36f4a802929ca15bd1c14f4e6aaca6b2e8e93bb88788332e
  961. b5ba3cee1a89d439bddd3c244200b3b46ecdec4e86936966d55a29f1f464886d
  962. 590fd7b69550b64fc4d487754ce23d479f3ea803185767605f37bf63aecfc7f2
  963. eae23d5ce5c33b4dd55aa6fab24b024f903cb8f23fb2687b7f13827d763e90bd
  964. b03436541bfe32936608934c4465a5cdaf0ccb5fda46f62f119db742350ab924
  965. 7c0c36e434f22974ecbe100978933db027c870ff2b127d07362eec962a5d6273
  966. b7e55c101ec9974e8f730d1ed219cca9eb58348e7a6a65780e2f17f1cf851a04
  967. 6d21f6ce703f246305098ec09771d160463e57a1fd05f11d4e3f5b3c85b5534f
  968. 7be7dbc965a339854df3f6dabe040aa2841511e208050aa67c13562e8a27fca1
  969. e8b0e8c6dea39b3300d29c1b746426ce613b27fd447c587559e4cdec03ff8a2a
  970. 20f2f23b25328fd44d697713103834e908228438afb83a38ba8204eb1095dbe0
  971. 1bb6a87b0e8bcfc0dcce7ff29be0d8e9df547add8017a3b35e138cddc71bc7ae
  972. b79adfb88ed865b47fa7a72235711a580e8f8920c30341a77233b2fd6fafda8a
  973. 3020eacb8b2b18a9d188b232a6799591cd7ad437ff4f600aeb9eb184f18e65e4
  974. c764eabf079fc18b05d86b61daddb15ba565a9fc4beec761c7e1c8bb7d8944b7
  975.  
  976. http://35.231.137.207/fCED3bYaD1XTK_p/
  977. http://3.16.174.177/tKSRuSMFVNIr8/
  978. http://3.17.29.197/NWpMBO4ygIN/
  979. http://bradshawtits.xyz/wp/wp-admin/Ia3VO9qvjbvrF_01gkk/
  980. http://fisika.mipa.uns.ac.id/icopia/files/MKOeZ0aA7dRKC/
  981.  
  982. Creation Time   2019-02-21 13:47:00 (Doc Based - ENG - 365 Blue Box)
  983. SHA256:
  984. e6ba4bd149bfa84ab57c7926c7635e162e459d0e9e419bb3c8d8af8e41c043c9
  985. 0964f1d0c17993dd9042cea8c1f811f4a4282f5299f249347fe942c34849e7dc
  986. 352d1131fbc03ea999acc8c54dafc2030ac2a22ce0b184868518578fedadded2
  987. 0f62f1a90d98c2a406dc8a8c1236652e5eb493149fbae8612fa1bcb3e45c4893
  988. ea36df86bd0ef11800ce5135b8510a4d0e6139691a894361fc286302304c2498
  989. 38955e62de4cf0a2ea67c89821badae8bdf076185338f31e79f3a4ec3ee4dea9
  990. 2cdffcc8d9d6f3c95b097ca6ab4a24a57aa092734dd6efdfc53431f4160ff48f
  991. 50cae3ad5a58a4c52773cf8252ac8afef2ec987541c3313064295d0535969553
  992. 8efc1415e59648868a03ae54215350f07085e4b5c514be27c8d11b2b5cc41774
  993. b938e373f9f93b28a0f0e66d4c522d3c12b515d1b5c5f9cab56dd3427a1c7eac
  994.  
  995. http://neumaticosutilizados.com/1TI81PRQLORR/
  996. http://whiskyshipper.com/wp-content/A8BRS9sLl8i_P8DBsLho/
  997. http://geestdriftnu.com/gqXb3ghkRZJ6tjL8_Y/
  998. http://matex.biz//RQR0RaohiR_P/
  999. http://beepme.eu/OtwnseuMiQetfBs/
  1000.  
  1001.  
  1002. Creation Time   2019-02-21 08:10:00 (DOC Based - ENG - Unzoomed Indigo/White)
  1003. SHA256:
  1004. f6a299d5ea0c1559ab89f27f844fa8b6c7ac965bef9c903a58f0938f56bc2eff
  1005. e5eca8b5095baf26e740dbd6079b4fdd801e01df1389929595fe95fa47b0ce6d
  1006. e5f3f182d3c6ff7134adb6c91ceacc756d58dd2b666820622ea666f635b0c83f
  1007. 1f855c451fe8733b23c0936c074a390f53df32326a399129af54378ffb3f7476
  1008. 3d0e6da8c5aa11bd712f699333d6f5885e0de642cf698f21b3dd88d9347a1a62
  1009. 6e2f0cecf3e965a54c18310dfc7d907f5298cc931d3dcf9bf03600bdb2aa4284
  1010. 4a4160342e1169ebda52916e005f4c23529949e0ae95038e177f843250698217
  1011. 9c14f75986c02e2dcf860ccfaba2b99a1b648c75f3bfdcb6292759696ee1b0af
  1012. 9b7a9c4d25c55511116386ee0a4b0a392971e29e987a2f27fa8b84632609e2e6
  1013. 48f3020d0ed59f0b749906577bb0afa735a51feb909c208cde4f0cd436ac7407
  1014. ae586d86a8b3f69d8b678cbb30e11d592ac257e41e9f302f9756f568b715f783
  1015. 6eb29d5790b01793e31404cbaf1bf755e11ae0320fd77edbf61cc18824c9bae2
  1016. d7ec4e18e5414dc27d1876e7910ff4ce73759c88cbe857d975253e3c99ca6776
  1017. 2f1c728459ae97bab36fe1fe9bfbae1140e0b2cc290b8e1dfa72004c418387eb
  1018. 9c4d39c2c61b2e3fb5b76fb1ea9875fb1041805f85e6a9fcb7d7b91b720f5a7c
  1019. 9d956e2f9219145d9fcaece3ef7f37721c1b652129bb042962b999fe8a47740d
  1020. ef3919a0d672c284dddfde4dfea8731842a5811d4144425ecca6d0fdb33a9b75
  1021. 26b1712e7ec451a757e7d4e0c1b5313e8cbaccd37882646cb34ed8225608f42b
  1022. 7d2bd7127e553c0bbe1b97173d80e6e6e67c36edc0040eba08d2354f220ecea3
  1023. c9deee84d38dd3e151e2a5fbf26b52967dd9a2f9c87fca3bae20986fbd4ee044
  1024. ff5faf120dd73c7f7a18c99049c1a64cee886df98dcb4c168670efac82564c76
  1025. 179a92ba3314be573380de2049b467d29b33a87f5ee506e357d093e7d7e46f2d
  1026. fdb2eb069388b2c1611f5fa08f5924417a0f571811ed5bccb328d8ea951d62ae
  1027.  
  1028. http://188.192.104.226/wordpress/WLc3L83MPzz0b_Y5/
  1029. http://lojamariadenazare.com/ERoa6umx53Ycv0HN_jhVO7N/
  1030. http://bornkickers.kounterdev.com/wp-content/uploads/gUQNEoir/
  1031. http://www.51-iblog.com/wp-content/uploads/gPmnfbWc9Z9i/
  1032. http://mox-sped.pl/pYfGcvvnDu/
  1033.  
  1034.  
  1035. Creation Time   2019-02-20 22:40:00 (DOC Based - ENG - Unzoomed Indigo/White)
  1036. SHA256:
  1037. bd83ac5597219e3e35c6dc11a2e32d69b9604de5b3a091b3862134cb9a04ef95
  1038. 5fef45c36a230351dcd174107f3f6a541e2bcc2717fcc9206cca0f50b9dcade9
  1039. c7043a2969bb736fd7f871719de057b9e9a1e6fee382c926c33027c0bb662544
  1040. e66c9d3fb5cce953ae8a670782d051077b3df858bd699ebb84dc719798da78dd
  1041. 4684961b11df9664b74b84843f2d7b0b32568fa9c45e4ea92bc14a16c057fdeb
  1042. 8c16f59af76fa8f09cdde9aeb65bfb6edc8791eac5154165e897e72ef04c9896
  1043. 86256076aab53e597029235e4bce3a3efe9f71bbb7df11c59a65543279c1245f
  1044. 06c8637ad271aea1fa4cbd270ce643c8d630d3908df88398f06cad9b0813989d
  1045. b5b376647a8bff48124a071a71fbb081f78361695a6920b2e3d95f37c0f4151d
  1046. b22448c34f26a1e1cc0f2e608a6c1717b5e42ac5790d15be0ec8e5c4fede0e07
  1047. 11913692bdb0a4f07a8ae0d313687af38c25ee945ab223705d8e15a080c945af
  1048. 26f461da7b14255ac600d7a069a35e19f14f416721869ade8a2a9d690c67c699
  1049. 7bca9566cc5217da968b100c78b615851dec6c9d5a62f52414d8cf4a55ada654
  1050. c4d2d9e19df870795daacabb84ca9d8e5f400c30c0d92a64c3bfbfd933f07c86
  1051. 541d9778452f1406109122db15161ef577331da8f89cb38174e61d6cc7118f5f
  1052. 8aba440a8492331ec71a1570e3e2f63b8533aba5a22c6cb4be677987e5bf24c9
  1053. 2e7730080fb9693bad0ef805a4b380225ea5ab79b755eba621354fff1f57be88
  1054. 8c18249cbdbe4d709965db788358e9ec053fc2f4309c53a11e11c85c6ab86722
  1055. 65f06f1e554842c9137a397ab1035c7dd7f198b8b7f89dccf6d73e648b26d195
  1056. e88dd0545b70d9e2ab35edeb91b67fc9e8fd82e80716809697ac3d176b5ee018
  1057. 6c765fd57790d538cb5e1660946ddc30171395f22eea66a4c836cb28ae2632bf
  1058. 01d4d0fc3c4025fb1f570a677a834a5d337398d512c532d660d8fc9d053081f1
  1059. 8b94da4008ee7e958c9d6c5dba49ba6b9c7a7ddb61e85559e2ede128bb7f22d7
  1060. 92ef2b031335cf854f2652f244d988771fd32fca2192ee425a673791cf475711
  1061. 0ffa66af30c25de60b1235bfc329ceab6ffd038fef0873d0c2137befed58ed13
  1062. 6a3cc4922e3fd31458be04853a71293b1203538be2cf0b470aba5500069cba54
  1063. 04698d71fe7ba0bcb637c967064b6dbd4f58b726bd2e0f3f4f1d0ec2d07932ca
  1064. 42c4ae91d99e20371a32377a6a054ffbe13f5e589b0abc06edb62c88e6e2ef17
  1065. c60c0239798e85578c1a5a4bf91f5d03ce3e1d6e7df053be1a451756ee6110e8
  1066. e1556d5bcaa1b322442536aa8d8c7ec7f348d1412c42243c7f081855b2e8b183
  1067. dd8fc292e4a744bf2a649f653c8eb1443375de733234f72e0331c0843a155a82
  1068. 82fc4d3c376ced491b4a8331488900aa9e6cb262d3e68a1db9fea3bca314a6b0
  1069. c35dc68437a3fc08776276f1ac12e51f07c35a43b2820f10eca7081bdb3d9ef7
  1070. f08150bdc02648f4f70c6188a490590374a138c9eeb3df5f099cb449f51a6bba
  1071. 1e75c40c1a432f5751f395fafd6698443037f69432534a0ada185adb4b159580
  1072. f4484b82d0496ea55e89be8487b11828d6c2d30c92711a775f3dbb5963e61047
  1073. 62d371690a5ed65b7fe35c8193a82d5c406a3ab56eef4d1a3307aa4b180d9682
  1074. 59d867ae18e7749253e76deb4bb97a0e360126fa5b4b98eb3d574805b6b61a41
  1075. ddec9ee05008ace4b9c7a7689394b98feeda9f3ab7bacce101116184ad2f3f1f
  1076. 591ec51ca5a509f3bf8a7e3cc4dd66a6caceca8ca9bc9f7ef19a1ceafc9edb39
  1077.  
  1078. http://3.8.150.35/N1Beht0JmWT_60/
  1079. http://ifpc.ru/eKKi6q5YUC_WyPjVNX/
  1080. http://apkelectrical.com.au/wp-content/3MdEhYTTHULOUo/
  1081. http://mausha.ru/PQt3QofoXj/
  1082. http://aktivstroi-dv.ru/sIs2eNw5Woa0_fc/
  1083.  
  1084. ```
  1085. #### SHA256s for Epoch 2 Payload EXEs seen on 02/21/19 ####
  1086. ```
  1087.  
  1088. 74b6cd0c43f504e87c99a9878a5ad76a1ce013a962db2c10f925d47d77d5b5d6
  1089. ffe9637744f90a5ae50a76bb5636a6887a754d19c6a49000bc0ce0c3bad2091b
  1090. 27a04c08aabcc724cc54e3f6b621a96c925ac17d091f159da6801c90593bc6f8
  1091. ad6e4549189365a61aadf0d611c218431a8e5e477288e660d43e52daf4a3851d
  1092. 6bbf34e977b60578e41521b83a34306805040ec632e1202bbc3c0248f3f4c0fe
  1093. 45d080cae1115362dbf005838a7c25a19cdf7bda5bbc56280ea2c08ec360d27f
  1094. 50774a8041d4873350c63daf5d1aa41b03f82e7a43489a7acceb3f43973811a6
  1095. 2e9a3bd7689d51b80a1a00e24103fb8eaf9af758b4bdb3d0b4d4ca65b9480573
  1096. 4ac56bb4422ff328a0489b2471584382e89775c5c22e2a8b9b713f7f04d7596e
  1097. e64401291306cde44817746f46dee8812a27a16b9cf9946e2fac2fe992c34fcc
  1098. 38ad4a822b20d798bd551c1353a7da7ae9ee0e5fe70831e50da42de17269408a
  1099. 13def4daab618ae00752206182d8766e69a73349e7d81f72b6d10b0f9916d635
  1100. 649453b76d3046a9d773d04257aa6839817b7a1858b6980e727ef4907f0f3df9
  1101. 0baff85d10061c7d0c17023648f98f8ca6364d5f2722ae0aea92b3e8a59d20cc
  1102. d138b4bc0dafd951ab483196984d648ce96eb092262fdc8baf94991725bdb0ea
  1103. 2dc18b533e82b6bfe4ca849a61197806714d541d8a77ad8feeb02342baa83854
  1104. 8e29b15e2b889dc013adcfc78dafdd7c1d9acfa499032d8313d4f49fb9062a89
  1105. f3636bb58d13acf646e7f8bfb31565416b363b42360f50f81dd972b243ab63d2
  1106. f66e29332ca984a6792bcb1c8c7e6745187f96e288bc11fd719e1ece168fd299
  1107. f9b2f52fec02a03554fa7301f4f62ed2748c27332096530a1f8d583aeb01e82b
  1108. 504166cdbe6314f3325e7fd201a3cbca068eb92920adb2d6d91a641bb2c31404
  1109. b8db00d1606ac4324f710b92ef925dbd1337eff9df8f53160fe8fbd9d1288e85
  1110. d4c931fe54cfb972ba2e77440df680c64a63a225823d1194569d3cd956110cb0
  1111. 0053a19ffee99db2acdfbdf14ef9caffcc8e436cc29631b30f86b19eeeff46d4
  1112. 8a249737a7f87ca3281c5bf63255fa92e668a09b962e5642bcb990620491f2a0
  1113. 41ad241ce81789d1225e05b1fba7284aee28b52c9e6aeac9ec08be906aa3769f
  1114. 3aee72d5f12b96d1fd9dd265b13cea546c574201fcbed6006b26b0324276c6bd
  1115. 0eb3d1435feef1ffc20619ad461ebd4ca43f1baff06e98b21ea384d4d5c9e0bd
  1116. 121f14ce5c55cf2b55e3112cea88bc802a51c61a39479d39b63b3c07145e6449
  1117. 8162be8570ea994767a874eaac114e022fa6d84e7189b2ae7e09638b75f985c5
  1118. 942a93fe3b81398f5ad3b010760cd3cb7f1883118034755f4308be9f0aa119e8
  1119.  
  1120. ```
  1121. #### Epoch 1 C2s ####
  1122. ```
  1123.  
  1124. 109.104.79.48:8080
  1125. 109.226.196.123:53
  1126. 12.6.183.21:8080
  1127. 123.168.4.66:465
  1128. 138.68.139.199:443
  1129. 144.76.117.247:8080
  1130. 159.65.76.245:443
  1131. 162.247.42.61:80
  1132. 165.227.213.173:8080
  1133. 168.226.35.218:80
  1134. 173.68.169.16:80
  1135. 174.96.202.70:443
  1136. 181.168.123.241:443
  1137. 181.56.165.97:53
  1138. 185.86.148.222:8080
  1139. 186.10.243.34:21
  1140. 186.68.100.2:20
  1141. 187.148.77.84:143
  1142. 189.147.12.211:995
  1143. 189.173.176.115:443
  1144. 190.117.226.104:8080
  1145. 190.154.155.34:465
  1146. 190.191.218.44:80
  1147. 190.85.8.155:8080
  1148. 190.92.58.150:443
  1149. 192.155.90.90:7080
  1150. 192.163.199.254:8080
  1151. 201.122.94.84:8080
  1152. 201.212.113.14:50000
  1153. 208.180.246.147:80
  1154. 209.159.244.240:443
  1155. 210.2.86.72:8080
  1156. 219.94.254.93:8080
  1157. 23.233.240.77:8443
  1158. 23.254.203.51:8080
  1159. 5.9.128.163:8080
  1160. 51.255.50.164:8080
  1161. 66.209.69.165:443
  1162. 69.163.33.82:8080
  1163. 70.118.28.174:143
  1164. 71.40.213.82:8080
  1165. 72.47.248.48:8080
  1166. 74.45.170.110:80
  1167. 82.218.163.254:995
  1168. 90.63.245.70:8080
  1169. 92.48.118.27:8080
  1170. 94.155.113.12:465
  1171. 98.189.192.183:8080
  1172.  
  1173. ```
  1174. #### Spam/Stealer C2s ####
  1175. ```
  1176.  
  1177. 104.236.185.25:8080
  1178. 187.134.63.166:8080
  1179. 189.180.186.235:8080
  1180. 189.244.82.217:143
  1181. 212.112.113.235:80
  1182. 24.191.37.42:443
  1183. 50.116.63.9:7080
  1184. 73.185.42.52:8080
  1185. 75.166.252.40:80
  1186.  
  1187. ```
  1188. #### Current Epoch 1 RSA Public Key ####
  1189. ```
  1190.  
  1191. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
  1192.  
  1193. ```
  1194. #### Epoch 2 C2s ####
  1195. ```
  1196.  
  1197. 129.24.37.8:443
  1198. 133.242.164.31:7080
  1199. 138.201.140.110:8080
  1200. 153.121.36.202:7080
  1201. 172.248.21.6:8080
  1202. 173.21.116.239:80
  1203. 173.255.196.209:8080
  1204. 173.255.250.241:443
  1205. 173.63.66.10:20
  1206. 178.62.37.188:443
  1207. 181.119.30.28:80
  1208. 181.119.30.36:80
  1209. 187.137.179.93:143
  1210. 187.198.33.171:7080
  1211. 192.92.6.125:8080
  1212. 208.78.100.202:8080
  1213. 211.115.111.19:443
  1214. 216.255.17.231:21
  1215. 217.13.106.160:7080
  1216. 24.153.169.62:443
  1217. 24.185.185.187:443
  1218. 24.227.158.234:21
  1219. 45.123.3.54:443
  1220. 45.63.17.206:8080
  1221. 5.230.147.179:8080
  1222. 50.198.42.246:995
  1223. 50.31.0.160:8080
  1224. 58.252.57.205:8080
  1225. 62.75.187.192:8080
  1226. 62.75.191.231:8080
  1227. 63.116.14.206:7080
  1228. 64.19.74.49:8080
  1229. 64.228.72.40:7080
  1230. 67.1.149.24:8443
  1231. 67.205.149.117:443
  1232. 69.198.17.7:8080
  1233. 70.115.70.154:80
  1234. 70.123.237.77:8080
  1235. 70.64.76.71:8080
  1236. 73.186.92.178:22
  1237. 73.194.61.246:20
  1238. 75.99.7.18:8443
  1239. 79.75.233.224:21
  1240. 83.222.124.62:8080
  1241. 86.98.217.63:443
  1242. 86.98.45.135:7080
  1243. 87.106.210.123:80
  1244. 94.76.200.114:8080
  1245. 96.20.172.107:8443
  1246. 99.139.140.129:80
  1247. 99.242.223.226:21
  1248.  
  1249. ```
  1250. #### Epoch 2 - Spam/Stealer C2s ####
  1251. ```
  1252.  
  1253. 198.58.114.91:4143
  1254. 213.136.86.219:7080
  1255. 24.164.79.147:80
  1256. 47.50.128.85:443
  1257. 58.108.251.65:443
  1258. 66.38.64.143:80
  1259. 71.95.197.230:143
  1260. 71.95.197.230:993
  1261. 96.42.13.162:80
  1262.  
  1263. ```
  1264. #### Current Epoch 2 RSA Public Key ####
  1265. ```
  1266.  
  1267. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
  1268.  
  1269. ```
  1270. #### Credits and Notes Section ####
  1271. ```
  1272. Updated 7/13/18
  1273. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
  1274. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
  1275. https://pastebin.com/u/jroosen
  1276.  
  1277. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
  1278. I am providing them for your benefit in case you want to parse them to be sure.
  1279.  
  1280. ```
  1281. #### What is Epoch 1 and Epoch 2? ####
  1282. ```
  1283.  
  1284. What is Epoch 1 and Epoch 2? (updated 01/29/2019)It has been awhile since I refreshed this section so I wanted to update it and bring it up to date.
  1285.  
  1286. I have been tracking Epoch 1 and Epoch 2 since May of 2018. Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for
  1287. communications. Epoch 2 is currently the larger of the two botnets and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing
  1288. version of Emotet at one point in May/June of 2018. Now Epoch 1 seems to be the smaller of the two since this time period. Despite having unique unshared
  1289. C2 infrastructures, these two botnets have been seen to move bots from one to the other and show similar behavoirs seemingly controlled by a single
  1290. entity/group. Here are some observations I have noted since I have been watching these botnets:
  1291.  
  1292. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an Epoch 2
  1293. document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those being delivered
  1294. in maldocs on Epoch 2 at any time.
  1295. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
  1296. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
  1297. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on Monday morning/Sunday night.
  1298. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and Epoch 2 may
  1299. have a document hosted on host.tld/B.
  1300. - The RSA keys will change every month or so for C2 communications on each Epoch/Botnet.
  1301. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
  1302. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
  1303. - C2s are never shared between Epochs/Botnets.
  1304. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours to stay ahead
  1305. of AV defs.
  1306. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
  1307. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
  1308. - The easiest way to tell what botnet a sample is from is to find the payload and then check the C2s/RSA Key.
  1309.  
  1310. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
  1311.  
  1312. ```
  1313. #### Community Lists ####
  1314. ```
  1315.  
  1316. https://pastebin.com/XphvkZDD - @pollo290987
  1317. https://otx.alienvault.com/pulse/5c6f2266e3e3661d1fb952a7/ - @SecSome
  1318. https://otx.alienvault.com/pulse/5c6f45c8eca3b535184e3fca/ - @RedBear14679277
  1319.  
  1320. ```
  1321. #### Credits ####
  1322. ```
  1323. (OC from @JRoosen and/or combination work of the following)
  1324.  
  1325. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
  1326. @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial
  1327. @shotgunner101, @HerbieZimmerman, @Outkast_TI
  1328.  
  1329. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
  1330. @gorimpthon, @Racco42, @Jan0fficial
  1331.  
  1332. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
  1333. @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial,
  1334. @OguzhanTopgul, @HerbieZimmerman
  1335.  
  1336. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
  1337.  
  1338. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with this!
  1339.  
  1340. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
  1341. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch
  1342. and @Virustotal for providing services/software no charge to this cause!
  1343.  
  1344. ```
  1345. #### Daily Log ####
  1346. ```
  1347.  
  1348. Today was not as bad as yesterday but it was not good either. I received over 130 malspams with the majority of those being link type again.
  1349. Spamming stopped at about 19:00EST for both botnets again. Most of the malspam I received was during the interval of 16:30-17:45EST.
  1350.  
  1351. All of the link based malspam was once again the Freshbooks template. I did get about a dozen E2 type PDF malspams that refered to a bank
  1352. account being suspended. Just for fun there was another couple of Spanish based templates that were received.
  1353.  
  1354. Nothing new for me but it seems like some of the templates in Germany are very convincing for T-Mobile. CertBund released this notice:
  1355. https://twitter.com/certbund/status/1098619806402662401
  1356.  
  1357. Those are being seen in PDF and Link based malspam.
  1358.  
  1359. E1 C2s are identical to yesterday's report.
  1360. E2 C2s once again changed but remained at 51 total combos - Recorded above.
  1361.  
  1362. Notice: the @cryptolaemus1 posts may be a little chatty this week with C2s both saying they are from E1 when they are really are either E1 or E2
  1363. in disguise. The bot thinks everything is E1 right now but the posts are accurate and complete. For confirmation check these daily posts.
  1364.  
  1365. Thankfully tomorrow is Friday and we can put this long week to an end. :) TT
  1366.  
  1367. ```
  1368. #### Sandbox 02/21/19 ####
  1369. (all with fakenet and MITM unless spam/secondary infection)
  1370. ```
  1371.  
  1372. Epoch 1 C2 run on 2019-02-22 at 04:00 UTC - https://cape.contextis.com/analysis/39146/
  1373.  
  1374. ```
  1375.  
  1376. ```
  1377.  
  1378. Epoch 2 C2 run on 2019-02-22 at 04:00 UTC - https://cape.contextis.com/analysis/39147/
  1379.  
  1380. ```
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top