API tools faq
paste
Advertisement
malwageddon

ADP themed phishing

malwageddon
Jul 15th, 2013
141
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.16 KB | None | 0 0
raw download clone embed print report
  1. NOTE: Information is based on a sample of ADP themed phishing email seen on 2013-07-15
  2.  
  3. -------------------------------------------------------------------
  4. From: "ADP_Netsecure@adp.com" <ADP_Netsecure@adp.com>
  5. Subject: 2013 Anti-Fraud Secure Update
  6. Attachment: "2013 Anti-Fraud Secure Update.zip"
  7.  
  8. Body:
  9. Dear Valued ADP Client,
  10.  
  11. We are pleased to announce that ADP Payroll System released secure upgrades to your computer.
  12. A new version of secure update is available.
  13. Our development division strongly recommends you to download this software update.
  14. It contains new features:
  15.  
  16. The certificate will be attached to the computer of the account holder, which disables any fraud activity
  17. Any irregular activity on your account is detected by our safety centre
  18.  
  19. Download the attachment. Update will be automatically installed by double click.
  20. We value our partnership with you and take pride in the confidence that you place in us to process payroll
  21. on your behalf. As always, your ADP Service Team is happy to assist with any questions you may have.
  22.  
  23. [This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.]
  24. -------------------------------------------------------------------
  25.  
  26. MD5s
  27. ZIP: db0f32b419982fbf20c6b8984a65433d
  28. EXE: 628c73e429c630c38ea1abbce22fbe29 - https://www.virustotal.com/en/file/5bb6fc85658f9228c5c98938635829f8999108a9386075698127006132dcfb2c/analysis/
  29.  
  30. GETs:
  31. 00002nd.rcomhost.com/WMs9Lz.exe
  32. www.bansontrade.co.uk/ULiC.exe
  33. www.artwork.1stpads.com /ijiK.exe
  34. rabbisconsult.com.au/oGRFY.exe
  35.  
  36. POSTs:
  37. gfpshoppingcarts.net/forum/viewtopic.php
  38. imhungrynow.com/forum/viewtopic.php
  39. one2onebiznet.com/forum/viewtopic.php
  40. greatstockfoodimages.com/forum/viewtopic.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!