API tools faq
paste
ExecuteMalware

2020-07-01 Dridex IOCs

ExecuteMalware
Jul 1st, 2020
2,863
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.05 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: DRIDEX
  2.  
  3. SUBJECTS OBSERVED
  4. Past Due Invoice No. #519137
  5.  
  6. SENDERS OBSERVED
  7. Aila Melony <replyto@ereplysstrangelife[.]us>
  8.  
  9. EMAIL BODY
  10. Good morning,
  11.  
  12. Please see attached revised Invoice #928971, removing the Fourteen Day Notice Charge from both units. Sorry for the inconvenience.
  13.  
  14. Should you have any questions, please do not hesitate to contact us.
  15.  
  16. Aila Melony
  17. Grand Pointe Park Apartments
  18. 161 Clubhouse Drive
  19. Poughkeepsie, NY 12603
  20. Phone: (845) 486-8000
  21. Website: www[.]grandpointeparkapts[.]com
  22.  
  23. DOCUMENT FILE HASHES
  24. 892337[.]xlsm
  25. 836ee6f0431514cc7f31358c138020ad
  26.  
  27. PAYLOAD FILE HASHES
  28. flpaoql[.]exe
  29. 54e6654dec830080b8181b22b2f5593f
  30.  
  31. DRIDEX PAYLOAD DISTRIBUTION URLS
  32. hxxp://terracotia[.]xyz/flpaoql[.]exe
  33.  
  34. DRIDEX C2s
  35. hxxps://51[.]15[.]7[.]145
  36. hxxps://192[.]99[.]41[.]136:981
  37. hxxps://198[.]27[.]69[.]201:4643
  38. hxxps://198[.]20[.]228[.]10:3389
  39.  
  40. SUPPORTING EVIDENCE
  41. https://urlhaus.abuse.ch/url/406803/
  42. https://www.virustotal.com/gui/file/16236a7967ffcae726ad1c8fff934e7c852ea2216d28bd73f26beb4d74a30bc0/detection
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!