Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: ZLOADER
- SUBJECTS OBSERVED
- Information about invoice No610
- Invoicing No. 239 data
- Receipt number 485
- Your New service Invoice
- SENDERS OBSERVED
- elgythtooshnak4j@aol[.]com
- gunar.selithrarion1990r@aol[.]com
- haraaksi_gasha@aol[.]com
- sapperwick_soifurj7@aol[.]com
- EXCEL FILE NAMES
- pay-485[.]xls
- ref_75.xls
- Invoice-610[.]xls
- Pay239[.]xls
- EXCEL FILE HASHES
- 1298427cff5bfad131f4b6d0ffb9ab3c
- 47fc241830728ef70305b0cdb72e89d8
- 9efffe461acae3ee36418ebd5adb9b6a
- a7638350bc3c243028cfb46ff09335c7
- ZLOADER PAYLOAD URLs
- hxxp://merter[.]shop/wp-keys[.]php
- hxxp://pasca[.]fapet[.]ub[.]ac[.]id/wp-keys[.]php
- hxxp://pick20shop[.]shop/wp-keys[.]php
- hxxp://posviat[.]ru/wp-keys[.]php
- ZLOADER C2s
- hxxp://draminski-retail[.]eu/wp-parsing[.]php
- hxxp://duanyong[.]top/wp-parsing[.]php
- hxxp://eternalstarculture[.]com/wp-parsing[.]php
- hxxp://gh99[.]cn/wp-parsing[.]php
- hxxp://glossy[.]vn/wp-parsing[.]php
- hxxps://nalighpicseracha[.]tk/wp-parsing[.]php
- SUPPORTING EVIDENCE
- https://twitter.com/DynamicAnalysis/status/1281360949111382016
Add Comment
Please, Sign In to add comment