Emotet Malware IoCs 2019/03/26

1. ## Emotet Malware Document links/IOCs for 03/26/19 as of 03/27/19 02:00 EDT ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4. #### Epoch 1 Document/Downloader links seen for 03/26/19 ####
5. ```
6.  
7. http://104.199.129.139/wp-content/verif.accounts.resourses.com/
8. http://128.199.233.166/lib/secure.accounts.resourses.biz/
9. http://129.204.69.15/wordpress/trust.accounts.resourses.net/
10. http://165.227.140.241/wp-snapshots/trust.myacc.docs.biz/
11. http://167.99.225.204/wp-includes/secure.myacc.send.com/
12. http://199.116.235.213/wordpress/trust.accounts.docs.com/
13. http://1xbetgiris.website/wp-admin/sec.myaccount.resourses.com/
14. http://203.114.116.37/@Recycle/sec.accs.docs.net/
15. http://34.235.37.166/wp-content/trust.accs.docs.com/
16. http://35.193.167.184/wp-admin/trust.accounts.docs.net/
17. http://35.200.165.142/wp-includes/secure.accounts.docs.com/
18. http://35.240.3.207/7JzXexTmCI/verif.myacc.send.net/
19. http://40.87.92.185/wp-content/secure.myaccount.send.com/
20. http://4stroy.by/wp-content/sec.accs.docs.com/
21. http://51.15.199.46/wp-content/secure.accs.send.biz/
22. http://51.158.71.120/wp-admin/trust.accs.docs.com/
23. http://53amg.fr/wp-content-/secure.accounts.docs.biz/
24. http://54.234.26.113/wp-content/sec.myacc.docs.net/
25. http://a4shelp.etag.co.il/wp-admin/secure.myacc.send.net/
26. http://aapic.emarathon.or.kr/cnsadiczdy/trust.accs.send.biz/
27. http://about.pramodpatel.in/wp-includes/trust.accounts.resourses.net/
28. http://aepipm.cat/includes/sec.accounts.resourses.net/
29. http://ahimsango.org/wp-includes/sec.myaccount.send.com/
30. http://alcantaraabogados.es/languages/secure.accs.resourses.biz/
31. http://aleftal.com/wp-includes/verif.myaccount.send.biz/
32. http://altinlarinsaat.com/wp-admin/sec.myaccount.docs.com/
33. http://amaryaconsultancy.com/wps/sec.accounts.docs.net/
34. http://amismuseedreux.com/phpmailo/secure.myacc.resourses.biz/
35. http://amthanhkaraoke.net/wp-content/secure.accounts.send.net/
36. http://amusic.cl/wp-admin/trust.myacc.resourses.com/
37. http://andiamoproducciones.cl/wp-includes/verif.myaccount.send.biz/
38. http://ankhop.xyz/wp-includes/sec.myacc.send.biz/
39. http://annual.fph.tu.ac.th/wp-content/uploads/trust.accounts.resourses.net/
40. http://artizaa.com/wp-content/verif.myaccount.resourses.biz/
41. http://avsiti.in/website/trust.accs.send.biz/
42. http://batdongsanq9.net/wp-content/trust.accounts.docs.com/
43. http://baurasia.3cs.website/baur_asia/verif.myaccount.docs.biz/
44. http://bedavapornoizle.xyz/wp-includes/verif.accounts.resourses.net/
45. http://berinindustrie.ro/wp-content/verif.myaccount.send.net/
46. http://bermudaspirit.com/images/sec.myacc.docs.net/
47. http://beta.christineborgyoga.com/wp-admin/secure.myaccount.docs.net/
48. http://bike-nomad.com/oldpages/sec.myaccount.send.net/
49. http://biztech.com.bd/irpw/secure.accounts.docs.net/
50. http://blckfrdcreative.com/wp-includes/verif.accs.docs.net/
51. http://blockseal.com.br/pdf/verif.accounts.docs.biz/
52. http://blog.atxin.cc/wp-admin/trust.myaccount.docs.biz/
53. http://blog.livedareevents.com/dpeib4q/secure.accs.send.net/
54. http://bluesw2014.synology.me/@eaDir/Februar2019/privacypolicy/trust.accs.send.biz/
55. http://bmserve.com/mobile/sec.myacc.docs.net/
56. http://bmserve.com/mobile/secure.accounts.docs.com/
57. http://bmserve.com/mobile/verif.accounts.docs.biz/
58. http://brightestwash.com/jd1q7bs/sec.myacc.docs.biz/
59. http://brightestwash.com/jd1q7bs/verif.accounts.resourses.net/
60. http://caferestaurantnador.com/wp-includes/trust.myacc.resourses.biz/
61. http://caliandraestetica.com.br/wp-includes/verif.accs.send.com/
62. http://canicosa.net/siteadmin/verif.accs.resourses.biz/
63. http://cbdconstruct.com.au/wp-content/secure.accounts.resourses.com/
64. http://chaityaenterprises.com/wp-content/trust.accounts.resourses.net/
65. http://chaktomukpost.com/hm2inxr/sec.accs.resourses.biz/
66. http://cheheljam.ir/wp-includes/trust.myaccount.send.com/
67. http://completerubbishremoval.net.au/bywioej/secure.myaccount.resourses.biz/
68. http://confidenceit.com/viseuf24jd/verif.myacc.resourses.com/
69. http://corporate.letsbangbang.in/viseuf24jd/trust.myaccount.resourses.biz/
70. http://corporatecapitalpart-iso.com/yxuoaeq/secure.myacc.send.net/
71. http://courtssports.com/wp-includes/verif.myacc.send.com/
72. http://craftacademia.com/wp-admin/sec.myacc.docs.net/
73. http://craftsvina.com/testgmail/sec.accounts.resourses.net/
74. http://creativecollege.org.in/wp-content/trust.accs.resourses.net/
75. http://cryptoexperienceclub.com/a0honzc/sec.accs.docs.net/
76. http://d42494.hostde14.fornex.org/wp-includes/sec.accounts.send.com/
77. http://d9credemo33.co.za/wp-admin/trust.myaccount.resourses.net/
78. http://daladalaproductions.com/dznvi2d/trust.accounts.send.biz/
79. http://dapster.y0.pl/wp-includes/secure.myacc.send.net/
80. http://darktowergaming.com/l9ld-0dpofc-hiwewg/sec.myacc.send.com/
81. http://darthgoat.com/files/verif.myaccount.resourses.net/
82. http://davidfernandes.fr/aoxlmla/trust.accs.resourses.com/
83. http://deafiran.ir/css/secure.myacc.docs.com/
84. http://deathprophet.bid/adminmap/secure.accs.resourses.biz/
85. http://demo1.paeelectric.com/cgi-bin/secure.accs.docs.com/
86. http://demopn.com/lab/components/com_jce/trust.myacc.resourses.biz/
87. http://demoudi.cyberclics.com/cgi-bin/trust.myaccount.docs.biz/
88. http://dev.btccbloomington.org/tangerinebanking/sec.accounts.send.net/
89. http://dreamhouses.site/wp-admin/secure.accounts.docs.com/
90. http://ecasas.com.co/wp-content/sec.accounts.resourses.biz/
91. http://egtfiber.com.my/wp-admin/verif.myaccount.docs.com/
92. http://eklentitema.com/jiah/secure.accs.resourses.biz/
93. http://epsi.in/xjsotiq/sec.myaccount.docs.biz/
94. http://eritechgroups.in/wp-includes/trust.myaccount.send.net/
95. http://foodbakery.com.bh-in-9.webhostbox.net/wp-content/sec.myaccount.resourses.biz/
96. http://foodideh.com/wp-includes/sec.accounts.resourses.net/
97. http://framehouse.in.th/wp-admin/trust.accounts.send.net/
98. http://framehouse.in.th/wp-admin/verif.accs.resourses.net/
99. http://framehouse.in.th/wp-admin/verif.myaccount.docs.biz/
100. http://ftf.bythewaymart.com/wp-content/trust.accs.resourses.net/
101. http://genericsoftware.ltd/image/secure.accounts.resourses.net/
102. http://germafrica.co.za/verif.myaccount.docs.net/
103. http://gged.nl/geocaches/trust.accs.docs.net/
104. http://ggrotta.com/oakridgelibrary/JAghq/
105. http://globalera.com.br/arquivos/secure.accounts.docs.biz/
106. http://goodheadlines.org/cgi-bin/trust.myaccount.send.net/
107. http://hbsnepal.com.np/wp-admin/secure.accs.resourses.biz/
108. http://hbsnepal.com.np/wp-admin/secure.accs.resourses.biz//
109. http://healthandenvironmentonline.com/wp-content/sec.accs.send.com/
110. http://hellodocumentary.com/wp-includes/trust.myaccount.send.biz/
111. http://icaninfotech.com/wp-admin/verif.myaccount.docs.biz/
112. http://ichikawa.net/wvvccw/verif.accs.docs.net/
113. http://i-genre.com/wp-admin/secure.accounts.resourses.biz/
114. http://imageflex.com.br/loja/Imagens/Produtos/trust.myacc.resourses.net/
115. http://inforshift.com/sw/secure.myaccount.send.com/
116. http://irbf.com/baytest2/trust.myacc.docs.biz/
117. http://jaramos.pt/assets/sec.myaccount.send.net/
118. http://javierviguera.com/magnolia-magazine.tv/secure.myacc.docs.com/
119. http://jobs.achievercs.com/xvspgnq/sec.myacc.send.com/
120. http://johnnycrap.com/verif.myaccount.send.biz/
121. http://jointhegoodcampaign.com/verif.accounts.docs.com/
122. http://jpheywood.co.uk/cgi-bin/verif.myacc.resourses.net/
123. http://juzo-informatica.pt/parquec/sec.myaccount.resourses.biz/
124. http://jvalert.com/wp-content/secure.accs.send.net/
125. http://kalavayoga.com/wp-admin/verif.myacc.docs.biz/
126. http://kanon-coffee.com/large/sec.myacc.resourses.com/
127. http://karenamme.de/secure.myaccount.send.net/
128. http://kellydarke.com/wp-content/sec.myacc.docs.net/
129. http://kyaikhtohotel.com/backup/verif.accounts.resourses.net/
130. http://lacave.com.mx/wp-admin/secure.myacc.send.net/
131. http://lexusinternational.com/wp-admin/trust.accounts.send.com/
132. http://liamstrait.com/pro/verif.myacc.docs.com/
133. http://lighthouseadvisor.in/css/secure.myaccount.send.com/
134. http://logicmavenofficial.com/wp-content/secure.accounts.docs.net/
135. http://magashazi.hu/trust.accounts.resourses.com/
136. http://mahertech.com.au/SilverStripe/trust.myacc.resourses.biz/
137. http://mail.kalpar.in.bh-in-10.webhostbox.net/c49y2h7/trust.accs.resourses.net/
138. http://majidfarm.ir/wp-includes/secure.accs.resourses.biz/
139. http://makson.co.in/admin/sec.accounts.send.com/
140. http://mallcopii.crearesiteiasi.eu/bqrsiyn/secure.accs.resourses.biz/
141. http://maramahan.ir/wp-content/verif.accounts.send.net/
142. http://matthewdmorgan.com/RECH/secure.accounts.send.net/
143. http://mawandlaprojects.co.za/cgi-bin/trust.myaccount.resourses.biz/
144. http://maxindo.com/verif.myaccount.send.net/
145. http://mebli-stoly.com.ua/wp-admin/verif.accs.docs.com/
146. http://meliposhesh.com/cgi-bin/sec.accounts.resourses.com/
147. http://mjqszzzsmv.gq/wp-content/secure.myacc.resourses.biz/
148. http://mobilier-modern.ro/cgi-bin/secure.accounts.docs.biz/
149. http://moiselektronik.com/css/verif.myacc.resourses.biz/
150. http://moose399.org/ww4w/verif.accounts.send.com/
151. http://mottau.co.bw.md-14.webhostbox.net/cert/trust.accs.docs.net/
152. http://multitable.com/Marketing/verif.myaccount.resourses.net/
153. http://mwfurniture.vn/wp-content/trust.accounts.resourses.biz/
154. http://mwfurniture.vn/wp-content/verif.myacc.send.com/
155. http://naeff.ch/pics/trust.accounts.send.biz/
156. http://namellus.com/wp-admin/secure.myaccount.resourses.biz/
157. http://naps.com.mk/wp-content/sec.myaccount.docs.biz/
158. http://nazara.id/ghezons/secure.accs.resourses.com/
159. http://nk.dk/arcade/sec.accounts.send.com/
160. http://nojz.cba.pl/errors/secure.accounts.docs.com/
161. http://nolimit.no/_derived/sec.accounts.send.net/
162. http://oncoursegps.co.za/bill/verif.myacc.resourses.com/
163. http://oneindia.biz/DOC/trust.myacc.resourses.biz/
164. http://pacificsecurityinsurance.com/wp-content/trust.accounts.send.biz/
165. http://pasb.my/blog/sec.myaccount.send.biz/
166. http://pasb.my/blog/verif.accounts.send.net/
167. http://pratikal.com.my/4f6g1hw/trust.myaccount.docs.com/
168. http://prodijital.com.tr/wp-admin/trust.accs.send.com/
169. http://sanafarm.vn/Bx/secure.accs.resourses.biz/
170. http://superdad.id/wp-content/verif.accounts.send.com/
171. http://utit.vn/wp-includes/trust.accounts.docs.biz/
172. http://wcdr.pbas.es/pressthiso/sec.accounts.send.com/
173. http://www.kalpar.in.bh-in-10.webhostbox.net/c49y2h7/verif.accs.send.com/
174. https://4stroy.by/wp-content/sec.accs.docs.com/
175. https://completerubbishremoval.net.au/bywioej/secure.myaccount.resourses.biz/
176. https://healthandenvironmentonline.com/wp-content/sec.accs.send.com/
177. https://mhsalum.isinqa.com/tjsml4o/secure.myacc.docs.net/
178. https://noithatmt5c.com/wp-admin/trust.accounts.resourses.biz/
179. https://tapchicaythuoc.com/cgi-bin/sec.myaccount.send.biz/
180. https://utit.vn/wp-includes/trust.accounts.docs.biz/
181. https://www.ninepoweraudio.com/wordpress/sec.myacc.resourses.com/
182.  
183.  
184. ```
185. #### Epoch 2 Document/Downloader links seen for 03/26/19 ####
186. ```
187.  
188. http://104.131.247.50/wp-includes/UPS.com/Mar-26-19-12-09-01/
189. http://104.248.186.157/wp-content/wYIy-X87t_xkNt-TI7/
190. http://122.152.219.54/wp-includes/kbdX-cQqA2_uaV-naJ/
191. http://123.207.243.91/wp-admin/yWnuf-vd_ZFT-FE/
192. http://129.28.67.64/wp-content/kNHBH-K3_kVqaemy-VX/
193. http://134.175.229.110/wp-admin/gKTJf-hQP_IxMZmk-Gxt/
194. http://142.93.73.189/ufy1dmh/035833309323/VPSO-9BP_TYEzO-Ei/
195. http://159.89.162.81/wxr3nje/ssgm-bh_xjne-s5/
196. http://159.89.162.81/wxr3nje/Ssgm-BH_xJNE-s5/
197. http://165.227.166.144/wp-content/uploads/2019/YNDHf-ksCO_tDVddyujZ-fQ/
198. http://178.62.109.107/wp-includes/VEKkw-zVPi0_QULxvFEo-tZ/
199. http://202.28.110.204/joomla/3oa48-qo137-bltwgjh/
200. http://206.189.94.136/wp-content/eJzFn-rIm_OjARcxpTu-fSZ/
201. http://212.47.233.120/themes/XPmzv-RmL_gbQ-hII/
202. http://3.92.225.185/wp-admin/NZcxf-lFND_sBlzomWW-Aj/
203. http://34.197.118.180/fi-fi/frIob-27zD_m-Iwv/
204. http://34.228.167.64/docs/ioPyN-Bai_m-7XO/
205. http://34.238.82.111/wordpress/EsBv-gD_vuI-9bw/
206. http://35.193.108.240/wp-includes/frNB-Sy_KbdEtFo-Qdk/
207. http://35.193.39.77/wp-admin/bApg-EMBIk_vy-G8D/
208. http://35.225.232.34/managero/iHCt-JY_jL-Aq/
209. http://35.234.16.132/wp-content/dngj-25t_K-kS/
210. http://37.59.109.89/error/TeQK-AYN_zsye-tX/
211. http://45.55.213.131/wp-admin/SvEL-AF5_HBnKyzAm-sk/
212. http://46.101.102.135/wp-content/13533035824/RblR-Avv_bzyQXZuz-vK8/
213. http://54.209.134.154/wp-admin/mlgL-CS_kTjr-d6D/
214. http://66.195.138.88/wp-admin/bLzwX-81_YEpxhx-4u/
215. http://66.42.83.118/ycp3wby/LAFA-mO_Gi-iN/
216. http://74.208.225.37/androidapp/8767017/OTKl-qcw_AEYkGO-8r/
217. http://aasthatours.in/wp-includes/LlYuG-ljh_i-Vhj/
218. http://aastudios.co.in/Fun/8424161/mZCDL-es_imDces-tXn/
219. http://abc-toilets.ru/qmtii4e/cNFxb-GmU_nDvWMwYgm-Gs/
220. http://adequatedoubleglazing.co.uk/OLD-FILES/IyNpj-RRX_cyw-Tge/
221. http://akh.ge/webalizer/UPS-Quantum-View/Mar-25-19-11-59-04/
222. http://akmps-shop.ru/blogs/aAdai-toML8_XCwjR-qLG/
223. http://akudankanvas.com/wp-content/GhnEF-HSv21_NDGYlY-Sn/
224. http://alexfranco.co/wp-content/Ajiuz-iPzW_nZ-T7I/
225. http://algocalls.com/cgi-bin/UPS/Mar-26-19-12-03-02/
226. http://all-giveaways.net/cgi-bin/WOZiX-HoJ6_lDKvyXLj-nQg/
227. http://alpinecare.co.uk/kuw3vhg/jdkv-D7b_znS-g82/
228. http://alsaditravel.com/css/mUYw-lh6_HUnkpK-VNS/
229. http://amaraas.me.md-in-23.webhostbox.net/aijsh.in/UPS-US/Mar-26-19-12-05-03/
230. http://anmolanwar.com/wp-content/UPS.com/Mar-26-19-12-18-04/
231. http://asyaturknakliyat.com/wp-content/UPS-Ship-Notification/Mar-26-19-12-47-04/
232. http://avosys.co.in/bvnen6u/UPS-Quantum-View/Mar-26-19-01-25-01/
233. http://banzaimonkey.com/images/hb40-txgs0-venbudm/
234. http://banzaimonkey.com/images/u9er6tz-fjanvjz-bxljz/
235. http://baophulinhkien.com/wp-admin/ymnsv-HC8QO_Gl-Pjy/
236. http://baskentatameslekegitim.com/templates/UPS-Quantum-View/Mar-26-19-01-09-01/
237. http://battleoftheblocks.com/wp-content/iduZ-qBvK0_PZNHWj-Au3/
238. http://beavismom.com/aheu-jl0caf-hqfqryg/
239. http://besserewetten.com/bjxgoag/nvaYm-C7x4_LLWMpw-jya/
240. http://bietthulienkegamuda.net/wp-admin/LZLen-3Qd1_hl-L7U/
241. http://bioanalysis.lt/wp-includes/0055674142/hKaJF-PVL4_PqrMYBYjd-LRG/
242. http://biu.ac/d-apps-modern/86470641/gtii-oz_JegRa-M3/
243. http://blog.adflyup.com/wp-includes/u3ar-t9e0efy-rwmylk/
244. http://blog.adflyup.com/wp-includes/zslsmg-8vnzi17-wxby/
245. http://blog.agricolum.com/wordpress/UPS/Mar-26-19-01-32-04/
246. http://blog.bhconsulting.co.in/App_Data/LOiZ-AZ7h_VhhKbcoZ-h0t/
247. http://brightsidevs.com/wp-admin/685818926/pPplJ-RT_EZPOhMOC-ee/
248. http://butuhwaktu.com/dist/UPS.com/Mar-26-19-02-12-04/
249. http://bytecoder.in/styleswitch/Tracking-Number-7NCT59260654662915/Mar-26-19-02-18-02/
250. http://cama.io/wp-includes/UPS.com/Mar-26-19-02-26-02/
251. http://car2cars.pk/viseuf24jd/80314061/hbuAg-8LZi_UvHYhZS-vC/
252. http://casadeemaus.com.br/wp-admin/UPS-View/Mar-26-19-02-30-01/
253. http://centocorsi.net/wp-includes/UPS/Mar-26-19-02-22-02/
254. http://certs365.co.uk/cgi-bin/0597655/MhGd-XDEdG_ikZAZg-6s/
255. http://chekil.com/video/EQhI-Z45_Tw-QE/
256. http://chemie.upol.cz/wp-admin/QQKGA-Py5_Dta-8dI/
257. http://cinebucetas.com/wp-content/UPS-Express-Domestic/Mar-26-19-02-35-01/
258. http://cnp-changsha.com/wp-includes/IkwXo-zgbIX_VcR-2r/
259. http://communica.com.mx/images/XdmQ-1FxQt_Vvx-Fj/
260. http://consorciosbellamaniainvest.com.br/wp-includes/CUOa-yu_hTH-KuC/
261. http://core.org.af/wp-content/lOmHn-2a_zQyWYqcB-XPN/
262. http://corujaocat.com.br/font/Zqpd-OqpY_hOIPYw-ymU/
263. http://coworking-edr.com.br/v8snjkx/MIWqk-bhjzb_TfegwQ-55t/
264. http://cpvc.cc/tangerinebanking/mwQQs-7H8D_fsJfEZ-N3Q/
265. http://cutebabies.tv/css/6055400710143/aukIc-EK6Ez_yBdbiF-5tw/
266. http://cutm.illumine.in/reports/wHWA-an3_ZQq-X1K/
267. http://cyberchainpay.iamrans.com/wp-content/WaggN-FttN_rYHmQgn-7U/
268. http://cyzic.co.kr/widgets/DCZjP-0Ow_cC-IK/
269. http://cyzic.co.kr/widgets/mJlNP-Fl_OQfYAk-0c/
270. http://cyzic.co.kr/widgets/PjyG-q7_aHfTeMPCx-mY/
271. http://dashvaanjil.mn/wp-includes/kmiHE-Wh_EwGG-uS/
272. http://davinci.techieteam.net/wp-admin/941946913720343/Hguo-XU_wnBZ-8Y2/
273. http://ddstep.dignitasglobal.com/cgi-bin/bdTft-8dpwd_zzBslloL-NO/
274. http://deeprootlearning.com/demo/ipXXT-uW_UXqW-Eq/
275. http://deeps365.com/css/swhoz-HZA_ZguIu-LIJ/
276. http://dekormeda.lt/files/lhKHF-vS5_a-vo/
277. http://demo.nuclearpharmacy.org/wp-includes/sklkB-qSo0_srWOSF-l6/
278. http://demo2.sheervantage.com/vtiger/fpgs-yqxzd-glbra/
279. http://demo-progenajans.com/academialsc/05735575950691/Qxon-VPx_WVGKGZ-Um/
280. http://deoudepost.nl/wp-includes/ykTT-KL_REsKgwh-2Ii/
281. http://dev.ameekids.com/wp/yLFw-1D_vz-BJ/
282. http://dev.colagenulmeu.ro/cdcapbx/nSNqO-k0r_jqcZKAqo-BII/
283. http://dgstrainingacademy.com/y2ss2ru/ee2jwn-trbib-vstoh/
284. http://digitalcore.lt/wp-admin/UPS-Quantum-View/Mar-25-19-03-06-04/
285. http://dingbangassociates.com/wp-includes/wTDJQ-6dV41_a-5R/
286. http://dispendik.blitarkab.go.id/cgi-bin/iqMr-msB_djabJDQN-wGu/
287. http://dlink.info/wp-admin/UPS-View/Mar-25-19-03-18-01/
288. http://dlucca.com/doc/02391351193/WaZNS-WPoHo_H-xM/
289. http://doretoengenharia.com.br/cgi-bin/JDfb-QxC_GW-s3/
290. http://doretoengenharia.com.br/cgi-bin/TfEP-1q0_JlD-Fvg/
291. http://dortiklimyapi.com/wordpress/fpPpq-eI_qMaj-7Lk/
292. http://dothetuck.com/images/1f3qn9t-dfoecv6-fsyj/
293. http://dqtechlabs.com.md-ht-6.hostgatorwebservers.com/x1pv8ac/882381194954/SUoZZ-Yg7hl_LQx-Lw/
294. http://dqtechlabs.com/x1pv8ac/3i3hflb-u5bf4-lqhinze/
295. http://drlaszlozopcsak.com/administrator/jTyL-gld_OSAgkrB-YBX/
296. http://droubi-family.com/xmlrpc/DmHlf-cepdR_i-4LA/
297. http://ecellp.elmoyeldo.com/cgi-bin/ogwj-p08i4-hzvv/
298. http://educacioncontinua.udgvirtual.udg.mx/wp-content/uploads/wZXf-ob_nC-kn/
299. http://efectiva.com.ar/img/70dh0-lnu9yg-onnax/
300. http://ejemplo.com.mx/fejk5ey/tYBQx-kito_duzaVp-SlA/
301. http://ematne.com.br/wp-includes/ee157g-zft7h1-zlxew/
302. http://en.ibarmakina.com/wp-admin/ahh7d-1g39z-xqwhuz/
303. http://euelectrical.com/elect/EyyFQ-eh_QQPEllry-kG1/
304. http://evaksgrup.com.tr/wp-admin/2u9ng5y-tax5aa-uiiqllr/
305. http://exam.aitm.edu.np/wp-content/vmMTD-4qh_YkvYBmqnq-Qy/
306. http://fareastgr.com/vslaaky/336691252945/iGVbv-rd_F-7P/
307. http://fastech.com.tr/wp-admin/YfVSt-tD_wKMwbL-uQ4/
308. http://fiestagarden.net/wp-includes/wiunm7b-58hqzj-hnjrzp/
309. http://flaviamarchezini.com.br/blog/wizheo-klqtga-bxxa/
310. http://fondtomafound.org/wvvw/SPvNv-ykr_ZUDJVEXA-0yw/
311. http://forex.repairtech.website/wp-includes/k3j7u-oxeixt-ysoverr/
312. http://fpsocial.com/cgi-bin/imod6-d7efl-ryrsjt/
313. http://freebiano.com/bhahrre/5045085/rWCc-UfO_LuUdbgc-I6y/
314. http://fullstature.com/mid/1pux-o1blr-cjhqgqz/
315. http://galacelestia.in/oxbyfzp/r5glooq-d53qe-imod/
316. http://garudare.co.id/wp-includes/aTHm-VLRw_ueHcF-OuL/
317. http://geceliksitesi.com/wp-admin/jxvo18c-3jbuj1t-rrmgc/
318. http://gforma.com/invitado/47359524/NMXI-aWYt_MVgGrQ-r8/
319. http://goodapple.co.uk/goodappleleads/lib/Cake/Cache/4183564992470/sVLW-BkJ_EimFUHypV-db/
320. http://grandautosalon.pl/YVczT-5cXF_TzzA-LqD/
321. http://grupoaire.com.ar/eg/kzad-JIo_kpfTS-hz/
322. http://grupomma.com.br/divina/waoO-lMX_RxDiaEXI-wx9/
323. http://gsatech.com.au/ww4w/hWxN-MC4u_iCeiA-CY4/
324. http://haberweb.site/wp-admin/jdcK-IfMW_ILDnoUVm-iHn/
325. http://hacosgems.com/wp-admin/54340934088/DqBjO-v4_XE-aZC/
326. http://havmore.in/js/UNTSq-sHkQd_NMX-rUb/
327. http://henterprise.bythewaymart.com/wp-content/sKByR-ViU_HGRnc-bb/
328. http://hidakitap.com/viseuf24jd/naeyn-5jemej-jmdr/
329. http://highlandac.com/css/0735777770/HnyG-6uh_dXHIHc-UU/
330. http://himatika.mipa.uns.ac.id/wp-content/c2ac7te-znv1j-dnawm/
331. http://hishots.com.mx/wp-admin/EnQS-XVM_anyjKXJDZ-3u/
332. http://hnsdxbbzuk.gq/wp-content/1572655005070/yOGJe-Ov4SY_OXxpON-Im/
333. http://holiday-city.com/wp-content/XEcxg-tPGjL_DypsdPAi-6rW/
334. http://hostzaa.com/song/oEWG-13tBc_FK-aB/
335. http://htmediagroups.com/css/p2ba07y-892u7-otxc/
336. http://humas.lomboktengahkab.go.id/wp-admin/hywfax5-ybxzm-cpvyoy/
337. http://icei.pucminas.br/templates/ri2y-hip9a1-pzcxre/
338. http://igt.semseosmo.com/wp-content/6288723081893/MjsE-PFJ_ijDmRS-Pg/
339. http://ikramcigkofteci.com/wp-admins/87ylse-4twzt4y-xcpyop/
340. http://ill3d.com/loges/dpxb-mkoP_zgnZE-C5/
341. http://indieliferadio.com/loggers/vsBpB-ZS_G-p0/
342. http://indoorpublicidade.com.br/wp-includes/0950796060/rvHfN-TpIPV_XCFb-CK/
343. http://informapp.in/xvyf69e/ahlf9-pmyb86h-nqet/
344. http://infuture.id/Files/NTBPC-q8D_ebqMRXB-I1/
345. http://inhuyhieu.info/wp-includes/ay90o-ohlwrj5-ijhurzs/
346. http://insaforp.org.sv/administrator/dPPz-wl06_GShEDikH-qmT/
347. http://insightaxis.ditdev.net/wp-snapshots/ngHz-7RC_BbZsKzK-2n/
348. http://internationalcurrencypayments.com/viseuf24jd/PDoq-D7gH_fz-AQ/
349. http://invetreaks.jp/sites/Yycvv-nOG_FAQxFkb-bYL/
350. http://iqos.uni28.com/wp-admin/hf332t-d65ahzo-qisyqqv/
351. http://iwillnot.be/wp-admin/t487o-7wm0n8-hiui/
352. http://jimtim.ir/0/ml1c2w-qztfvg0-oiisav/
353. http://jns.dst.uz/wp-includes/jw460-bp2zo4-cswj/
354. http://joerectorbooks.com/tangerinebanking/KRDrw-xcHxx_dDsMoSBU-SV5/
355. http://jonaenterprises.com/images/555568790/Drta-4h_o-uT/
356. http://joshweeks.net/31visch/pGSwD-2Q1k_yDH-PKq/
357. http://jss.co.ir/cgi-bin/kcHk-gX5_JgnjGliZ-WNB/
358. http://jthlzphth.cf/wp-content/d2sk-b0h5zb-shgblx/
359. http://jthlzphth.ga/wp-content/IuTE-joJB_CLz-lh/
360. http://juefuouyang.com/wordpress/qvvh9q-qxod1aw-kcbhf/
361. http://justmail24.com/wp-includes/FTIZ-Rj_zTbnPPvm-Rr4/
362. http://kalpar.in.bh-in-10.webhostbox.net/c49y2h7/5blplu9-2876h-atqasaf/
363. http://kamel.com.pl/wp-content/fzp5513-5w3hlvh-tuiiwhe/
364. http://kapporet-e-learningsolutions.com/wp-admin/ailIw-2oaP_Ve-B9B/
365. http://kasonthailand.com/51655165g/nANNb-zvryZ_BHS-qaL/
366. http://kelp4less.com/wp-includes/OPrSS-QIc6_XanEmAAUE-r9/
367. http://kepegawaian.untan.ac.id/wp-content/hef9q-df32z-vxmpq/
368. http://khwhhappsb.gq/wp-content/QUuOJ-on_KGAoMfTLP-nfP/
369. http://kinebydesign.com/zeronahawaii-com/NInTj-zEJ_IsMtikfcX-6r/
370. http://kinomax.vn/wp-includes/TASv-P5jR_U-aX/
371. http://kmgusa.net/a2test.com/nnfe-t5fhmf4-bqvygs/
372. http://kottonhood.com/sizechart/ShLB-r2f7w_ocQH-UOn/
373. http://kovdal.dk/ww4w/xzc6g-o60oad-maey/
374. http://ksgroupglobal.com/wp/PCMYW-GT8_BF-fV/
375. http://k-thephotostudio.com/cgi-bin/19462638516834/ouWE-BVTy_lcqd-AS/
376. http://kudaminsk.by/wp-admin/434538013353786/SVQVA-Pm6_WRfVFgNs-Weu/
377. http://kursy-bhp-sieradz.pl/pub/CElUY-I6Lyp_rTXnk-LX0/
378. http://lanbien.vn/sitemaps/gzbkqbv-ljfl8k0-ucvc/
379. http://latenttalent.nl/vv71ypc-54vd1-pwqgoqi/
380. http://lauren-winter.com/winter-robotik.com/gkQD-Hc_a-Eey/
381. http://lemaitremanu.familyds.net/wordpress/5l50dwn-jrpcb-rwwxa/
382. http://leodruker.com/mail/lvba-vfq1sz-nxigwvs/
383. http://londonhypnosis.org.uk/media/hx2d4sp-90msizz-lyciz/
384. http://lpfministries.com/123/dDGT-wf_ciMUFJl-2i/
385. http://lutgerink.com/wp-admin/yNJks-jDlc_cEc-ymO/
386. http://magbine.us/wp-admin/0cke-1hgl7-skcvas/
387. http://mail.villavicencio.com.md-1.webhostbox.net/moodle50/8xtbd3-fce9p7-bxcs/
388. http://makhsoos.ir/test/uueewd-0pj4t8w-zxqlm/
389. http://makpar.net/cgi-bin/h4mlf-981ooi-kkmh/
390. http://malabarhistory.com/uyhgy6s/YnfSt-6VS_dMpWmyIN-8vP/
391. http://maravilhapremoldados.com.br/imagens/gtz9wql-5aucps-ywpgu/
392. http://marcofama.it/tmp/amcz-48ptq-ynjel/
393. http://martianmedia.co/wp-content/fonyz-zlq7_zTr-HZS/
394. http://mattayom31.go.th/financial/a0hg98-eus06rn-uqrhglo/
395. http://mcdonoughpodiatry.com/mnjnszp/620200373365449/soBb-Ssh_MtxvvDpO-U5/
396. http://mediariser.com/wp-content/NmKN-yQ9k_kdAcunW-PdO/
397. http://meghaparcel.com/backup30122018/App_Data/6440064257139/BVMx-vQE4_XeZy-E8x/
398. http://meiks.dk/VDbT-nY_iZxqN-fAx/
399. http://melondisc.co.th/47bd/160e0-ydv5d3-bakcx/
400. http://mersia.com/wwvvv/wr6x3f1-auqyh-awejizb/
401. http://mistcinemas.com/cgi-bin/ju5g44d-s6hr5b2-mamqdpx/
402. http://mkiasadmol.ga/wp-content/9ecof-kk5z3-esvker/
403. http://mktfan.com/admin/25528040/fzbY-BAv_NEkVwGQpV-5J/
404. http://mnbtbusinesstrading.com/css/s8xk-13irm-gbuph/
405. http://moefelt.dk/prototype2/p582t-1ac1tbx-uyybgjw/
406. http://moozi.in/wp-includes/e4tse-dv6rg-qyagggn/
407. http://mottau.co.bw/cert/aQGSo-ixW_cOhgpBfUK-jvj/
408. http://movewithketty.com/awstats/12ydwuz-ej3ls-fotjhr/
409. http://mrvine.com/doteasy-under-construction/pUPo-aq_boennvv-k7y/
410. http://musicmama.ru/buttons/AFmeU-QHN_maEsxNMr-RP/
411. http://musicperu.club/viseuf24jd/2p1o-350jz-evygz/
412. http://my-innovative.com/wvw/pCiZ-YYmx_ZLKuWjo-hPs/
413. http://mythosproductions.com/ttt/vsOG-pL_Vktqr-7L/
414. http://ncep.co.in/wp-content/uploads/tFjVx-YU_qjtTrSlM-sS/
415. http://ndm-services.co.uk/stats/lj486-0kquats-huco/
416. http://nehty-maki.cz/www/wp-content/qiaoq98-5ytsj-dcuqew/
417. http://nethouse.sk/isp/rrrh23o-zluodid-tftql/
418. http://neverland-g.com/default/063511605150/ayQi-rQGP_yaEAwvmTU-dB3/
419. http://new.hostdone.com/wp-includes/MejC-gEa_PX-FcF/
420. http://nirhas.org/g86abwf/72111355/HhXU-6Qv_EQgHh-FF/
421. http://obigeorge.com/publicfiles/3RRmiE/97893257003976/pTom-5Q_xlZmcTO-NAx/
422. http://okiembociana.pl/admin/gwru-3im4wb3-nppj/
423. http://omada.edu.gr/wordpress/PHVc-BN0_peYcoiWl-gK/
424. http://omega.az/IRS/142526965/HYnC-ppH_WYf-s4g/
425. http://onlinelab.dk/7mobw-hnwi83-heuixzh.malware/UANqz-UT_mHJ-yL/
426. http://ots.sd/language/oJroa-JtAuQ_zUTnYI-dtX/
427. http://pamelaboutique.co.uk/g83v7y-l00ur-dqvsn/
428. http://patrickhouston.com/beavismom.com/aheu-jl0caf-hqfqryg/
429. http://pennasliotar.com/wp-content/zCAFi-wC85_KAlJY-oH/
430. http://performancelink.co.nz/cgi-bin/counter/data/xnLTb-3fxs_tegXq-PL/
431. http://petcarepass.cz/wp-content/ZMMNZ-Ls_LRZ-9h/
432. http://phonelocaltoday.com/we5r87y-6aqlcpm-ylmc/
433. http://picdeep.ml/TARGO/zxAEE-CX_fxNkYB-KIY/
434. http://plugnstage.com/logo/zki2m0-x6xpv-uulypaz/
435. http://ristopietila.xyz/icon/FZiH-kwf_YX-qN/
436. http://ritikastonegallery.net/new/QLSj-4ja_FAok-RA/
437. http://rjk.co.th/wp-admin/imDm-1WL_Ef-CK/
438. http://skulpturos.com/wp-content/ILTi-ee_uTsgq-jS/
439. http://villasmauritius.co.uk/wp-includes/lplt-hYPP2_alzsSG-Vk/
440. http://whitedownmusic.co.uk/Choral/QQFtq-FMB_bgkwFX-5dj/
441. http://wpgtxdtgifr.ga/wp-content/nd7mc-a4xcm1u-ywlcf/
442. http://writerartist.com/images/27070379041/Vljj-8Ce_k-U7/
443. http://www.b010.info/wp-includes/UcGEb-6iC_ZuKbICJ-7I/
444. http://www.bilgiegitimonline.com/wp-admin/AVjrk-NrK92_GcagQlsXy-NO/
445. http://www.conde.bioscursos.com.ve/cgi-bin/DjWHX-cwPqS_WLj-5C7/
446. http://www.form7.sadek-webdesigner.com/wp-content/jtBHT-v5_jwYUB-mxB/
447. http://www.hurrican.sk/img/gCKah-vE8t_GKFY-R7/
448. http://www.kuy-ah.id/asbtrans.com/ep4250-m3pc58-sjcncxo/
449. http://www.monfoodland.mn/wp-admin/CUaMu-zx_iNtlj-fr/
450. http://www.vastenhovenmode.nl/pwnlvrxzvb/aSRW-uvW_HJnF-cde/
451. http://www.yufengzx.com/wp-admin/cFcJw-u1uCD_xaS-S2T/
452. https://abi.com.vn/BaoMat/1lh6-7fh1j-sble/
453. https://blog.adflyup.com/wp-includes/u3ar-t9e0efy-rwmylk/
454. https://blog.adflyup.com/wp-includes/zslsmg-8vnzi17-wxby/
455. https://catba.goodtour.vn/wp-content/plugins/adventure-tours-data-types/assets/fonts/vvHcc-22RyA_cWqyojuKW-bmg/
456. https://dialogues.com.br/p/dTcE-DY_kEgJDVdHt-dMj/
457. https://fk.unud.ac.id/wp-includes/GnQj-oof_abd-Vr/
458. https://grandautosalon.pl/YVczT-5cXF_TzzA-LqD/
459. https://hacosgems.com/wp-admin/54340934088/DqBjO-v4_XE-aZC/
460. https://haicunoi.ro/cgi-bin/s1dw-jirdby-tbvtxwm/
461. https://informapp.in/xvyf69e/ahlf9-pmyb86h-nqet/
462. https://intrinitymp.com/site/PMPwP-fVcm_aYAS-mw7/
463. https://praha-9.eu/www/wp-admin/images/p3z7go-nx6k4k-ayeli/
464. https://servinfo.com.uy/crm/f2ase1-uuyz6aa-wbley/
465. https://whitedownmusic.co.uk/Choral/QQFtq-FMB_bgkwFX-5dj/
466. https://www.kuy-ah.id/asbtrans.com/ep4250-m3pc58-sjcncxo/
467. https://www.la-reparation-galaxy.fr/wp-admin/iEkWT-qhPI_RuapExMKI-25w/
468.  
469. ```
470. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
471. ```
472.  
473. Creation Time 2019-03-26 19:55:00 (DOC Based - ENG - 365 Blue Box)
474. SHA256:
475. d6d376d37614aca98ed335758933ad30bba597f57e037c16456e17125053ee1f
476. 32b50465098b642879702c1a118a933d239466fed0cab72cfb595e0bcf20a4b9
477. 37fbdaac20f28e03fb0ceb7d6065042fad3d24c7c556ffdae6dd25159ff1a3d9
478. 36d51869688503d5854e7d2f888662620f237c3e316b50c92da4dbaa3f00f879
479. 3852f2f5e0d2ff022a57ba0058f7e30d0218383004233bb137120e558505e06f
480. 28558d1a2e24e5a4488d71b7ca4de29d553efae10b81d2a57cd35517cf0ae7e6
481. 0d10fe705e970034049229c93062cce13a3c212827b5a94aa9bd51764fac480f
482. 3566f8a0761166ae946b37a2fdbe138757ac498fc54036184907d1d69cd90ede
483. c61249e0be72032f2d7e5c7077675d4a8b727a4fc34939242138578ac36fe4f8
484. 1c0067ea78fd5dc7ec2e4e96a05a4d3ad3c2e549a17d24ee53dab9dd56debb01
485. 6461067f4cc442b618f615cb2550d49a22e3713cc8ded5c37e4c33790e6b3ac6
486. c726a571842a6a994426f89fceac37f0814be50027f5740eed06a67e99866718
487. 5bc71bb74dbe33abc468fd251e325c62d499668d3b5559064a46c8ed96be330f
488. 644fb6e3362074360b0ebe741c0f4b35db1056592ebe4ae87e3ad72da715b936
489. d33c2f96facfd8a2e38b608449676b53fb7816e319196208acc1c89f3aed6687
490. a8c972d20ee636ae08ea92cc42bf637b0b563120d0769fe624bfae2ca9fea616
491. 0a0868534ca307d017bf9e8100b64db110ec120c55672666b6971b18856a8348
492. f10851f56f0d72b44f10858d77f34b90554550c6c536a59814014c608da10afb
493. dbfc56024d39ca02603fe07af8e2c9296ab309fd35cad7f823a011d54c182ece
494. 3def65c76aaad7814e2bd400ddb6801b610afa0f7b5829302cdd46422851a236
495. b45d76d8d15602f881a3758aabc9803f085f804c2eb4b2365a6de844550adec4
496. 4652b3359429e592a38e7e4cc7abda60d86e502a8b834c774f2a435ee49f01c1
497. 8a72e9a09b39f3e902704a4773670aa9943a1bece3483a86a687c355c5a24bc8
498. f1bc63e5f837b29a1d4a8d3b7eea34e0ccce4c914183951d52fc4a176ed48f26
499. 64fe77df67c91877b8884e84c97b8265143847dc666884082155a6bf76735bde
500. 4c6eeeabdf7cd01e8b5eea4afd8aaa1196f891c9cca4d762225d014bb38200a3
501. 454de74ff184137a6aa46513ddf0e3a7fb5d80013a1604c2d7e162b3846122a3
502. 51eb2718354554ebb1d700d8ce340d517af0736c33c636414259ca8921ab3087
503. 9e8ac6505237d758b4045651762375bcc02fba42a18e4e1bb4a4826e2f35b728
504. 9bfebd2b118cdd5e106d6c86972cf3a14970889bd9342e57e6e471d1fbcd392d
505. 1bd1dcf49594afa742dd213a7c15f9cf8bb419478b81a74196ad26e6e1ba9bc3
506. 03465981951d923fc1a43510a9477f908736d666fa4a8c9369eab7e4b46a5455
507. 3b830090200e332b076c8cc1844a217be005a562aac2d27c4e355e74fc73326f
508. f9823331bd35b3d6261f188cfa806840203a16258ae986afb39ab1af3f0fd1cf
509. 666080a584f4ea6d25ed424b7911c2c0ad4de7c4f33efd402eb2094d06923852
510. 2374ec382a76e66bade5c869b9634f31863fdfb0ac2e92ce40609c29a37a5612
511. 5751b2a8d795d362f66a6e1ae7a5bc4d06cf242453667f7ac5600cc960b5444b
512. 69ea3847f4be1650782e07dfc4db91afa83bc8cb45338d2a07d8b239316f7420
513. 53a76c85fe1ccf2b8363c9456cbc5e88383760323b95b8aca19648749f2739e4
514.  
515. http://grcklasik.com/ytpawk3j4/qN3P/
516. http://eurocasinolive.com/test/paAQL7/
517. http://heuveling.net/9op/
518. http://haru1ban.net/files/Ep/
519. http://netwebshosting.com/whmcs/DjM/
520.  
521. Creation Time 2019-03-26 13:51:00 (DOC Based - ENG - 365 Blue Box)
522. SHA256:
523. 72c6b851599db0d4e364032d099218a8d5cd4ddc7a515e39f406c79a46974ca6
524. b1c7fb74a741ad220d6d40b0a6cebde3cdf0a44b23876ae633d8ba8898bc5d97
525. e1a7af29f2962985756c4008639a3382379d62692fbf4610ea46be579f04a7e4
526. 9be5058df2129c1748805d72561af8c6c4a1bd80f265adeed685cbc19b1ff2a1
527. 09834f37282dce31cab5092d125101773dc3fa089722c1b8863488a917987850
528. b2eb60826f06aed5ab872a82b0716861b3a3bae9cd780652ece22a8ddfdf98c1
529. 4d6ce0bb5d896890e8fdda2878a6e7c612e063dfd0051be3f31622d1aa5b80a8
530. 11b896195a088f1c607f69f0dc515f33e90e3e2c79fb61c6d497752350bb36ce
531. 6d5c5712555024da4599d1e9dcc9caa1e23e169746ec4c6c177ded06664e33bd
532. 94af0867b746ae464cff3cf16c6b8043ec2b5419f165e6b26c86d9aaa7cf2999
533. 4e867558dbe59b6e4930fae30fa396798583590c9d608dcd636f2523ce529a14
534. 7fbcedbcfbe3904e6099bdf1680ee4e953a24560c3ed84269e546e7f75345a12
535. 4e18fa50dbc36f5fd21c06da558ae4d85c968bbb8a1030b071c9e915202ea03b
536. e81c59e4ae58b1bf4dcacc060adc9c1cae74f5a8116fa14ed6a6c825edc1f125
537. fc373af8d2820d22bcff4f0961648b04bf5cdd56cbcacf3d6be42047efc69178
538. ae6cc633b50312b7b94090fe7b2eb08e07873d86039c9571eca760b75298de6d
539. 6c10a762ab0c5c468f697d8bed98e766eb10f6d80b29ab7feaeeb01d65e2a866
540. 733194d13fdd1dede98b9eb92d2208922419cea73d8bf0fcd8469362e72498f6
541. 1328d0eb80a0ba2bb7e2718af20554862827f393c0cdc6721c834f5dc4e55a58
542. bb9447cdc9d2e05ac8b66576bc252c6126f7849590a3d7afa316e3f9ba75f30c
543. d60993b0ac532bfe2823458d95f8704396071229b913fdca18021ff6dfc3e67d
544. 132ff695a95caba4432dfff0a14c4080ce4752c13b58d4e1f0e6af34c6496e4f
545. ef9fad01c71ba0eee99e2a19dd1af01ce5bb34e813b86499bc080e82b462d053
546. 1c8dfbf5036f434bb9f510c536cc045de114f44e03fbc06f95aa884b181d5bd6
547. 7eaee415b459b705f32056be57ae28451fb6d304973167d301684b646545b9fd
548. f65646ecbf84d1cf0c037bfe7b95aced71184d65979ca58fbbe4f50dc94a5c26
549. 22512f8a8f1872badfbf5e35ff9c7a145533a432802e924f17b8354f3852cecd
550. 1769fbb95876cbe71cf41acbcbb36989d4a25e7bf2c513ae87d5fe90d0be71af
551. c5982d921bcbe5a14d7760da871f02345da4946a0384fdc6c74655d6edfb64e0
552. c7dbb537f3d297e8999ba5e426ab43278750b789438ddf001f9e8d8cbb59114d
553. 4caee991d51aaa8af2dd9752e7e231e27484619886726c3154bb7a9134463cfe
554. b6f5ff4f3baed690e3b5d8c15744fde57f5c0908a8ca85905ee2771207a0db7b
555. 629d96814fc7ecd234696e531f6f4c0d603df0e3af7d30835d95a1faa0a4955e
556.  
557. http://imagine8ni.com/wp-includes/Ip/
558. http://holosite.com/3d/o1/
559. http://gsgsc.com/photoproam/ZPhX/
560. http://gurleyevents.com/cgi-bin/L8d2J/
561. http://ggrotta.com/oakridgelibrary/JAghq/
562.  
563. Creation Time 2019-03-26 07:35:00 (DOC Based - ENG - 365 Blue Box)
564. SHA256:
565. ffc63a976588733fab87921992737368ddc0e62f07d09645c00964cb5b454a16
566. be927e6dd88009d560d7a355e893f50f755b2ab46f018b4b48da17dff809c76c
567. d618ebaa786ad5b2b53a07a78ac5b60fe19dc44ec7a7553606cc7841fe5b0df7
568. 09501785bc10af41bf78d2cfd7acb36fdea13d06a31cf3f2f58c877118adc038
569. e4f471f952a135edf82a7f1d9709fafebfeb0b38a5979df947c134f62a92ff62
570. 94a38f3808e7b3d7d7205aeb5287364f867a8d4a9ca092ae48f247f63b42820a
571. 6ae93bc9199bc2209d15b68fa9309990e6b46aa85e1197db3de9f259fbd8bc6c
572. 4a02bff2a33ea354ed22106d7b2e7bc654199cdca14f82895abd8e188d6ec68f
573. 0fb209c2d5fe1cfc153344286a215b0d924e00f1d3b9f8133c8d5b5c5032991d
574. 0fb209c2d5fe1cfc153344286a215b0d924e00f1d3b9f8133c8d5b5c5032991d
575. 41d5a268b35c015be6306bcb598769f7e471a2d62bfe7df26cd8b5f7456421de
576. c27b5680883a133eebd24c877e21f6ee95aa2fccf56675fa5db4a0cfdb6b2ee4
577. a7dd6678dfc7d04519d0945751cdb09a6e221660bb0a39f292987653888fe784
578. 4b1c55d41462b8369c8eaa94cc41ba7bb3bd0b1b0efa892d31ddff12a51a09db
579. 877cf40e595d0b1442a095fc6aa153e402854ac5dfd12822173249af606d8dc6
580. 734a45ce2d060b3a1c926d9b69716f2b66d74efa4d97aef8607add730c3a8e22
581. 3b4768a3f8ce9d61d692e645c03cefccdbc8dc11750f94f4083ab07f6e65d9ea
582. c096cc80761606dbcd7fb3ed05e1aa1b5100da75bf69f1e37af2e8a0f7ea1e6c
583. dcec2e240b3233e2ed5a94b179a3a7e651c6811e25454b72897abf04ade240aa
584. 36b0bd030b2c00f3ecbc802411d8bd4e55c5e87c2d0de306c1e0957bb8f00af8
585. 7018ef9f363497b67075b43cfe897162d098ef71fc466c95bdd948c15538c471
586. e33d0fa2032bb1356e7fd6b1f85b90c0c4986fc7aa2382ce9a32440b123724fe
587. 8f1aeebc0607869d7593b5be602bb5830f71bfccdaaebf203327eb34892f3789
588. f57a003e67c14f5734c3913a028699803dab1bba7d599c0775a0a72a373fee90
589. faa9164284132d0d16c668fce50d76bc355bdf40d190f1d986a2254b6804f905
590. e19f8c0b116d82bf96e2fb00b7f49c9fed151ca7667963f963930b1c2a7c5295
591. 7b29dd60fdd75ec94b63a8f14e05a70495ffb97a0cfdffd6ab9135c836306f24
592. 7ec699913704ce19d279aad412f6e0912f694f49de61d924e0a7f99efcd0c9fe
593. d3bb50c740c958a6196d61e6e0d255da4fe1e459d919e9492be3a12352c5a106
594. 2c97e9ed49485fe7b6ad0bc04ae4fc3897ab40b30111c89ac23e574d984b4e16
595. 08d2dccc90d11a4d70f8bfd10c745f20704dd1563015e4f92ef344d7b7c6deb3
596. b32f791f042e3c3cb7c2d4e3059c33ae8c4a558d6aaace52217a13624f373e49
597. f51d91e5fcd527b42482ab5da03699ee88824fc0d8d6e4f0551c8fbe9ea771bf
598.  
599. https://yasammutfak.com/wp-admin/keP/
600. http://multirezekisentosa.com/wp-admin/KMFYwD/
601. http://algarmen.com/wp-content/l9o/
602. http://auroracommunitycare.com/css/cqMySB/
603. http://asktoks.com/parents/FHpR/
604.  
605. Creation Time 2019-03-25 21:38:00 (DOC Based - ENG - 365 Blue Box)
606. SHA256:
607. 26631b5dbe898f69faab0569c206afbfe56c545f0a7d39cd366337793c054114
608. 6bf54d3936d54dfde5764b7cce16e7b304db02f7083c6750e8a19fd132e7a2fb
609. c97c040837f629ff23ad1396e504031b273c4093f4ed4df577bdf74190f244a4
610. a114dec330c67b98168b31081f09d705dd917522445211bb1251aba1b4d14fc3
611. 3f710976d664e1d402805f2a4e3c1bb2752bd1582b30ee9009cd7d73109846a3
612. 94a8be375516974855f262b8b29e89e18a1ea0fb2628d139138cc2fe630f03db
613. ea4db41c1309b23df52092d6509e8ebe7af4899065b2b813e0890c968c827808
614. eae728af353c5720bb18d8498c19dd30f0cf5f3b8506dbc99ac9c989e9f6d4ef
615. 3ed8a8128b2acef055464d8a34ebb768837bdc06b3f8579fc315f1cf0c212d7d
616. bfddc7051768abb4e82261caede854a0a7c458273daad67114a6a8840427bb4d
617. f8cf1a9a809d1b2cabbc28223db88bb6fa742aea31765ee0736b943a0d76c0f8
618. 8049a195d1b0da60b57bbe5cf4903f6aeeb81f5f47136a84bba0c8424474f9a7
619. 6e25d736a080c0e49e0641bbd10ecf813ea83f72b270ac986a89ac8ece26679a
620. 9a27c38fe15c53f64e187ea1f08d0ddff28e6d4502dbd496ffcab3671f70dc7d
621. 4034afc1b1831fa4e1f25dfec04ab7385ff423e614afadcf1343796cc60b4ade
622. 777c5c4caae2f386e710747029127cb8ebab3d358bb98079c03686f8be566f1f
623. c35009fa2f862fa3fc7fb830c5bd1764da69bcb99ac9d642c854fe2b5022c927
624. 3c70e10c13a486c23873a73bd528d9484cb2b6a59f147908ed30bdbc16ac682a
625. 11535ddf2e94750df2d9ac8d7072e16f05aac85cd0acaa557ca33f8633622908
626. cf86e8a9560bdd0b84358ec9126187754ee3c8ffce76b2b5c873642f39ed38d3
627. a94755e9fc1f3918771abab773aa7558cff4ba185ed17b3bd73be7ab661037ff
628. 78c2f3240bf602d79f9351393d43fee884ff70f18045ef7fa510e0795796d39d
629. 78256cda612d217bf0c9e7c32e38c2aca1f9c4eccffbc89899b188c20a836b2f
630. 8122e402a3139767edb9c14c85b6736da329d6fb9d5514a2d7cafd39234474e2
631. 5a66441160e363ca0da3f977b0b1c4be95f8b75e6651c573c99ab988e57c81ad
632. 33a5a12564e7eb824b12a9ad3975141c0704700fad95b0f2dac5a25bdfc30d7a
633. af5ba0f80dc594b0a204b0ae984802d474a43edc347bddc0de7dedc2dffbb111
634. 53a74bb2f63595760126c323fc7f96c213585b487d03b31693caf6da1f777d23
635. 771e83367e47f5ec94b025004a6da4a9542d9efc5256d1799809fcb57dd1b5cb
636. cdee7a06fbf6c72a0b4560db98e31ed20205888fe4ca177315f735c2bfc6a630
637. 3c4f515f5a185d3ede94e55fc0ccbdee037939b27076e8ccd21ad7954e8013db
638. 1d92f6da28afd1890c3db78c128aa4824d199083d4354938756ddefa9992573e
639. 38ffffe3b2cf85ed44f5383026708f149ef8f5fb20c4220ba674040920d69fc5
640. 11f35334596c0f19584fc125af1360f7d15b6a26f90d307869f0cbab85f4738d
641. f8e2310d8f26bb77032a39f79715c4a27b846d9114c4395984027c5fc7e9369d
642. 2541824672b51338c9ad3ea38480355bd1c94e9b22486a3e3939aeb74a5f9a8e
643. ef326c83305b69412a8d4809f3b86336fee9b53083f96009771f554b1fc7f8b0
644. 450c882b4867f63cc84de4f139b3a3bb3f66c59027f17040c2739051501d5446
645. e1c82f8981aa93fc33656edd156b8e0b7ab47e2459a923401912287360e89da7
646.  
647. https://www.udhaiyamdhall.com/images/XGr4Y/
648. http://35.189.240.78/wp-includes/AFus/
649. http://178.128.25.132/00akhwu/wS/
650. http://lifestylescape.com/7njtmlx/Ew/
651. http://property-in-vietnam.com/cgi-bin/PlSl/
652.  
653. ```
654. #### SHA256s for Epoch 1 Payload EXEs seen on 03/26/19 ####
655. ```
656.  
657. 0036d294bf884f872215b29e2ef27e3c91c3414d78ed9254fb19cca8ea2f4e50
658. 7877998b0ef9b66305dca4366a986ba8d8ae20735485773ac3cf47e2f7eb23d6
659. 065428be49cfbbb0f6262b1ae634290d81eb7c52a45f99f81d08824118e56c01
660. 956dbaa09c145fb764c7a9809e2842c347558f0a3c23d75ac094dd54f7ae8ab8
661. 65aa217f9bb548616317875b6d3ef4ea027bf19e93214577277bb605745ed246
662. a88cd62b90994537a49a75fc2feeada8843bf59bd3b3f9f92194599a4a20adc0
663. 93d7c443b475fd6449c510de4919a3ecb4ea94d700c85b89038c840892107795
664. b9f0c3f50b10f8ab7bf493ea44ca669718f9501439b7b3e95c41ca23d2ea1458
665. 225b319b38c2ac9377732e63d8df099a9798475c30f054d364259858eb5e4e06
666. 5cad0863c8d3dd1caeb1c8494d4ed07d6728c0257735242bcf817557a6086546
667. 2283af861bf0308b86dbc60ccc89bb78465656c84800c88d7c9c44a15f8a67e2
668. c9c76ad1a80ac3cc4a0389d6d6635d92720cf37a753345d99624a52dc29f108e
669. 3e37b72ae95ece4127fc087fec417906af71ca098e70d0acb4b82ecf7d4165a0
670. cbc53b3b5950ddb6ac0e2066b5d8f34fb466fa9e4989c3a66d367c398212da79
671. ead1cb84fe1da8fa43b8ea83cfc90409a814cb17de1571df0af9fd3be6d1a410
672. 672a00af9ab01d4f4397b79e68dd75591bdf7a32bb7c7ea8d468d49565f4aa24
673. 96286ef10f2bf20a54722e8983b1db630a9a17c878378e00dd3a6bb91c8c842f
674. 0edfa22571949c887d005963fca5dbe10cc33a07d27edf9a706db99b13908aab
675. 97450dbc9cb903bccb065b29df0380ca430d18238475e55368644c47accba249
676. 43e8c2a4c220bf1a14700d9bfc0023c29efd51358f154c9e1aa755f1439215d8
677. f818e8a635ccd78d4df9a5728f2a67685a95ade65e84944c9823a0cc78734634
678. 827664425b604cac4f61653c1ac78de04c2b80cf8d95641a458f7f8ad28f4edf
679. 478d22c9401f8f4d39330e2a40aa1238339d48ce42785cb69acefc55f2a8f2aa
680. 34a973735f6c4b7c7d643e0a4b148d93f79b7ab915969c9e77d6fb0e7563070f
681. 8ccfa24c256a2633a867ccff9bd5a6c08c878aa15d0d7904765afa93872aca38
682. 0d96c19908b3b28c49dba0bae5ba64a091d3784eab217b33094e582c123797d7
683. 942baa982a10ba3787e9b5892c276fc356243c0b33d900dc42c350e7eb2d870d
684. c74a4e0a3faa7b298ebcbd0fa15890d47df338c83d18095645e038d3ab5cea87
685. 558ff5eb7ea28ee059785dbac75e13770d50f4577bb2a3a85544a7442f0bbf6b
686. 34ff12555cc2a20ea240140c21b86ac6f7aaa21cd3c6a7a1061b3233ae1429d8
687. 287329f155a42d2f232a0f2cfe08bb0dc21bf8294e146bab172e8b91acda0cb1
688. cb38b6fe77de4d6f06f1457431dd4c46ee3f20702d0e9bfa03c360d69740e0f3
689. 8f882664d8eed96a50c1bf088d3a9b57a64dcdbe85569aa2138188902d35ced1
690. f7add424455f00ca373ef0797f89b5bdb0115e225c08ed716fb9d4560c185b8b
691. 6af363d05756b0d8642970af790b97ec7b488fd11b5997d645edcfa3b333293d
692. 0045325f1fa4e10bb9e66d7336212ac9f40bec8195e8d81a1522f0d62d5ad692
693. 3decfa89d74bf133ff356805b3ecc9ad3b93fc9c222d8f41c8b3cd3378c02e00
694. 2d27412fcc3672f89cdd53635ba30b5ec5708461505e3304f500cd489198b26f
695. 394f1f41b7d32a558f03285875f186b33eab8b3a866117262d1cf6eb4a5d05a9
696. 9ba3323b1273f453291baa6c1d8ed76c32214939aa207fd646cad4eabb25ec54
697. b0690e282e77b51ce8f669aedf413ba3db486377ee2413423cac0581d4a7dfbd
698. cb169160f5edc75619241caba5432ecd15183b452ae919fb8fbd65fd2be0b209
699. 5796b5d0cc0af440fe1a5271d4c6e5bcd356a7c056212504b50b2ae12e4add10
700. d2dd86daf1c44e25056b707d3db14fbaa8a7ece47974fc7a916b34b2ee155f7b
701. c30ad35c43141812c30c78953b07f08dc5936b79cc3587b0d927b3c78e4bfbfa
702. e589340b09e0d750928ee295792058beb0c327a51283c5ef9d63795bfd285cfb
703. 767e81d1eab1970a04e8e56540423808746110714f96758670a5778b72c873dd
704. 47772ca417dfd4a6e25b6cd585f724085122df28f808e66b6d0b322317cf6b69
705. a5d49a21bb7ecfe5838c89773603f814434b41350a6fd3193c2c3fc0dd57f24f
706. 0e291d90a60860b215602988a218dd3e60c5a2c32f89032b647b14003f09e162
707. de2806cdcf1cc354d5de6b22261e7968f9e31fb4bc2e590f076d1a5c38d3fd30
708. 8c7c5a30a35e5352d8355f4a55a12ef8bb8034ef1b5b8537e05c695f1f8ea292
709. a5ba79503524f4a5112e7ca1efad72bb829698d8774a915dd8a186ed9be3886f
710. 77575b42fe7cc8e2f502bd3e0a4ab03c8112b4515cd9091295cfc459a8971318
711. a5950fe1c5e8faec680a07d4003b7f96fc752c9e3970367695a6b58bbb1e75a5
712. 992b81498806a3a87ede3f4384c14dc9725e808be0af6a9a9fb779a9f8c33ccd
713. 6d94b0b26ed31d312bb71fb9075bee547131ce3b8883bcb1575b5ae66bc223ac
714. 82fff61644d9641d7bade18b86e9610c5ba2e4f35b1f6ee6ce2d16768eade8f0
715. 3eb9400e2f00abb52d5f2edb7f431ce2d65998989a6dd614850a251a914ca38a
716. d8f7188ddf376d84fb9ccdecde94a9a6884733364f98b7fd31e003f298392a2b
717. 4b4ab456e00872e1624945794bcfc2dd5b51916eeb6ff88957e9a01a5e4e1d41
718. 4fb117f392ff430d8817e5a64dc0a5267ab6472b214caa476456e3221dfecec0
719. 99ab07ec28b8f10fcc83b61ec1553a4e347f6349683e387422cfb155aeb398c3
720. aae26d23d46c0594fabd4d382a2e2f3374d8745a1f4f0dac266a74770f0c88ef
721. 9a815aa5e392a4cae6ab24facd305c270eca314fe2e7ccfb569c0099b0b965ee
722. 21afdc9b71704d7dfbcaccae198dfefbaebcce46221ea658709a6f72aed6d96a
723. 0ad8586ab4070d910a5a00ff103137535fced805c710e4c73d566d9320ad5816
724. 725704177721b470532ac7f11ac7152a9e28dc642c909f2a16d4dddc9cf6b6fd
725. 52d8b28bed7c275700bff795689749fac121e75cf99ea56da42734ecbb9ce36c
726. d6361b1b3122c3333fafcaf8f224911165f78ceb8d3ff27765fcfe724558aec6
727. cfe31ce714975c77b9becdd1df7dbd93e33a56c06a7688c87fd405c9db55036f
728. 733c6104253b13cf1b745cb6b3dc44797354435fd9b06e60589eaed627913fff
729. aaf1535f58bb803f3bf3fcab509cd982c16b230b9e15485424f16fce62fe7ed0
730. 10f4f755f2ff3f4849a80339b0bb50489acc28af4be9de004a46741f66bc1657
731. ceba7624dd08d75f9670fd8e97c3e7eedff8a376dab9d682524655a0bcca6ca0
732. 3cb115f0ec71844761916bac36de053bf54b85de08206d8cca01281db01661a0
733. 0214ef4ace2b4603dcf42467150c1fab14978391012f1ad17d1fd5eab2c077a0
734. fff98479653036f25fc74d31487da9578db0234bcdd47225fdafc0ac752ca05f
735. f356b6ab20a3d70ccaad876a891ba9ba821de3b29f5c0c81b4d44ed98e56c609
736. d98edcaf8acdd135b38ad5d6ce503e59868555f5acb6aaa95017ec758a6603ac
737. d1687b1019115af0c1619f8fa1f129a4fe83de133a62f97c80f2aa11feeca2e9
738. 31dc52a0412cbf479654d7cb2f27ddce5671af08da5efd51d4149119cf37e38e
739. cc4b9a66457c1eb898e38ca5769536c75b4dc96c6ad8967955c525d2ea4ea173
740. 10eb94a2e0ba409a12cddb6125b031d65d0147c7fef5b34ab8175387f6ddd798
741. 2dd2c9473ff2c744390d5cb400c2b1053e5f11dc13a667c80b928475685b856f
742. 9485b88865d8733a2cd1d07e57dc47b5a054b0cd30703b0dba7014d80dad28f0
743. b9df99ea41756108765e0c536aa035c6cd9c7dc106addb04f3548928485ef4e8
744. e9b87e7dae6b5306a207f6e7fcda77c6a6e7799cbb2b1f1f4133df8acc513be9
745. def8de7e2c1c354e87cdabf7d82900a880c09b644e39b27856cbfbbeea6fc7f1
746. 8bdd92764c844318e641d80d184afdde3d27f7703f2f1697aa78f3a2f0963ee5
747. 6add32f406c5666a53d06d3a28b4a87d9b82ea84c746990dc29c615eb69cb4c9
748. cdade50f69094ec1457ea6802a43778c478ddfc86369e563674bcaf41276a15e
749. 5c4f5d81f6719777a2bedbead285ac351f4fa3e9561f1b066f1e4601fdcd20ca
750. 395c737145d4b587ee7d96583b3f2d579e0e55a8aa9cf11ecdc4ca97bc546925
751. 8d84236b5458eb00444d34d42b9f06e88cd3dccfc0357062226ef45f5e53c63b
752. 70c00214cec2c51f8dd406769bc6de55aa6846cc1c27f7ad538cd8db473bd1f0
753. f8878de362898bacad5ede78608ea093f923132e16224b4e7ef6a94747e51759
754. 12503b59d73eb648ae65ce2a211c0d92f288aeaf2032d692e19aa010067907dd
755. 1b88f248c6a66cf2f44146957c6d40b5bdc614c081274d73316aa7755736b3ec
756. cb0d5313f265344b90e9b1d4a0fed7905f422ad159f10437d64ce142e2b3afa9
757. 6f2b77d8f09834b50bfc335cd2d2d417f70b0a631c99c15e44a7e0693cfee38c
758. 322ea6917bd32694a9559ecd3141615b967556a14d8ec6c2851f6143d37a8f24
759. b6a707c0452f85d01734cd2f68157927d7162b054c7be23362907c6e0faac456
760. 66bcae44ea4780a3c4e6cc6b42ab915ea7dffb1b7091f065d7e7e43a8133783a
761. 8ce953c6862c7b71617f6cbd3b2b96657bf2a03dc2b801ba8ab3c04ab1e92601
762. 6061af2ed9faa3303a841ad60921de3779ddff805ae65e653f727d766534d1ce
763. 821521529f6f81c265e068596bf2674e2dce9b42c733d18deedb57a6727dc498
764. 3d62b806ba68c7d0cbaae2fc18e24e760aea6547b57c0b6c22b4287f26ef6270
765. ac6cfd3b86021cf6fc4726b7349829da4767c8ca823125734dbcab31825484e4
766. ab58c2c51e5ffa09fa525133154693d8766fb8c9ec85b787b1f7fd3cabd748b4
767. e90fbfeb6ac12f3b2c04bdeb0e15b03a4b0b939634dbcb6a618bf5d17b7c9d01
768. 5f5c605f026795c61a3620eff14492f2f2b028925c8d62a5e08f0dd7335a64ce
769. 697df7faaec85bfd7faa7da38567dcd314ffd5cf92a2e331e7b19a6bdd3c2700
770. 4505bf216af88e569a9f31f7c7ac89f5b5e4fd673aeccb82fa9a1b5be23c9118
771. b8b5f88d5f40e224d3864dc2041682fc44402f43c2b3f8ca9c88fa7c0ec89ca6
772. 80db65426c456cbb48d358e19814f9efa02c141f3c461aa7cd22a0c965e46811
773. cc9835170c34522318473885bb541ff40c7aeeb9599466e7380264a5483e0a72
774. 5115d791c2253289780cbdb154dbeecd079098eafba9ca026f325148a391a1da
775. ad5fa3bbf66e95caca8385de479b4163de12d6e4a2a13d3ee13f2ab1d4698a99
776. 96891b0891f7809a75c0c1eb1c21dba2a67332fbd197622637bfef1486d27fe7
777. aae4b040df8250d9c221e5cd03fac182928e300de926237583ba4cac6e6b01eb
778. bc6f83f9b10e6f7641c9589bb08c54cc08b16bc3c7364ac0f040a76f526cf400
779. 89e48e51e08bfd89b335451a71bcedba7c27f2997f2566a5fbf28138e17dd818
780. b3c95c042c413cced70bde9c8d8233acae03a00429a550cb0ee75634902133bb
781. 8b1875ab6396176c4f40d50c9ccf865042d625174755205e7b0b8fb445a9a43a
782. 5d3e726c8e0776a33cb38d3931dd60500b86764a914a4f0f0e7d366882cb0dc1
783. 5bae26a1c6bf45de543fc4fe49570e896877364893b600079b7e1a334b81c110
784. 032e7cc282534ef729a6d8e65bf033c6323b520aebbaebe14bacc8d512685451
785. 47d8c9886075add124adecf37aa6f050bc06e5e56b2900f8f72d032343f3c158
786. af5e59c54989446d0644bdcc0b751583c78888662b22c69dfea8ba8c138a9307
787. 42bdf813fc4efde696c6e4256fa42a36d75bfd00c848490167ff6fc0dcd2f13b
788. 71af46ca9b33dc1ea99f17a4e789bb209a248171e4eb4920463000bdc7ca14e6
789. 6a412c3ae9f0bd27929060299ab7d52b5f64e0f682684b4b0abef801ec037df3
790. b944dafa40c8627c7eef133c38412537a1e2344546066fc67414201487002004
791. 2db1710dcf397334091a5db89ad340f2ca1f20064ad958d6d3f6743e3a4ea8c3
792. a219c06497f6fdac7646a93300f7391e5d02f64711816b8ea7464bcb1b7a5312
793. fa9cbb317725d02323719bae52010f869dc213fdeb9d624c7252b0bb945cb812
794. c313f6e47550871bfc2e53f16c92566e187e8295bdb5501d333446f42f8625f6
795. 16064d8eec9f7d2cb06160603fdcfb19e188e1e67e2507b12e8a1225369191a3
796. 02ac69bc1d6a2165ce7ad453934ad5c86059a34ac9b97d622a045fd33af3e479
797. ead7e847f887d65a1c88bc25d97d3140adbc7079f4b645b265b8459de3d5b9c9
798. 29161ca6e12d89f90210a958b97fb45a3bbc73a73b71516b2ddc685d46af9035
799. 50c9341678586aa4c0a2fcd48ae43dd55d3a04619589dbf43e2bbf4b897d565f
800. b69f2be497150ba843087d23fea82ff032fca5ba9ffa2e38fa8fbebfcacbdff5
801. 957d69151e6266778571f8bbc03dd405cad6df0c6c023ac30d5ba30ee9d09309
802. b8c26038ef8db740897eb04ef941db3628fab1951fa95cfc215ee2682ac94045
803. 8d26955934d049d32d320f07d33639d755863f43ec73a460d31079d432e030d9
804. 255e1b66b1dd70e033331e8d422f79e6d4add63c93977a37b07dafb7acb9adad
805. 7dc2347fbc5d0a84dac95d46eb044bc95ee34c7cfc7f7cdbd8663d4c860d3b9d
806. 71c0aa9fceb5f4fb52b3e4fd6fa78ae317857c7e89c55198b1bfe3f8f91df445
807. dd80d137a4093dc429d55a6a4da359ac2c64edc9206bb26361fe0263995fc452
808. e3bae980613ce6c5ae13e75cdeb5d65f0a0f8422f196683a20cd28ba29db456d
809. e166cf7bd0d85b96059a9d91772aa403ea63dd7d74fde2e01212b8e9f9af271c
810. f4dbbd64360a1c156e82525340c5092a90da70fc8489dd7a2263e635cc370eaf
811. 069aa8bd5400b1771d7bc014b3961db7198f1e9d42b66ad82b01392b016f61ef
812. 002f30e1c18b0243b3bb2636399854847ba4990e918666970b84fae906a56377
813. 70fc9715cfd287e34a405148269524a07094c7a77a9894f0dc7cdf831de5de94
814. 900e3715f471168451eda48696085c7e85e6a3db5688930197e7745988480517
815. 88afec49ff60aff2b743b82fbab8f80b6a168d2d8a2c1462a3008bf1f7723c89
816. 8de013c864aa327ff6f8ddcc6dfc3d989f9f6e8ee5a1221bcd98b38da6af4155
817. 04214377b1b5f7b7b1df58676f92f4abb302840516170ba35159de746e0e7015
818. 7d49d3bbbb6704c27620c874aa4192de4b66a6a7dc3cce67fb6061bbdcb18272
819. c78279a704896e1407a97c6462a2c4a4cf2133034bd80ed1de31ba8421b203cc
820. 96f97226e43acdf29779e98a6f35aa28d68c9091a4dffe7ae63a31a4c0a5faa4
821. fdbf42caa9976d11e6f05f0cb177ccc24957797562e4db8a1a2ee80b61c38a39
822. 00b389bde1e9f2bd37324a666b9798066fb8fab7f7b9c018aba3ad99c17bdfa8
823. 425ae58e6ec500910eea984d6bf2a5dcaa11a31748fc48fb79533c080c2bb4a2
824. 8884b669fcd543cdcf3ba784b61902a5207c0156aaf7da215d4142fb12d49a12
825. efc8c266ecf573c866aa2f7709003533505683e8d108cf29999f1680786ae31c
826. 1839a337c0dac6ebf8b579677fff9545872196c361bf608a757926b00776ecb8
827. f60976e123ffbc9de3aec0fc03fd39b80f88a5060ddb2a286f60aa2af7f1ad67
828. 0378879a95f30d2a8e020867b2c3895e377103036e37bfc090312ee4c091380b
829. f595033c867e551ccb49b04bb6ac0832038d19d7fc5f90dc3bba0e3be4b380a6
830. 28aebc26d32d46fc8fc5bf17b0e663f2dfd58b77f09afddb2295db48c776e99a
831. 7bbf6f372e3a7f48c543436e2503723d2ca5481e377c9f8e5fab39069c49f441
832. 517e431354c0423c659fcad909804b2b9bf79ec15b2d4cfce54312acd37115d3
833. 3fde97d9a011e338bdf714e67d4a1b97800518258bc6cfa7fc72474dcc932e6c
834. 2fb5c93148bae59fa02d8d85ce736979eafc71ca1481d1955082fb804079a7cc
835. 0fb967e087d7b72b798bfdb8472ed5fd07abeeb6e9382d2926321fb79f24f1e3
836. dbd987511970b0e415989a559a3a9380f0356e1be91a7ba36b334f7171dd03c9
837. d316886c7dfd22aa0631ec548000769d8debdfe51ecb72e8a90b0090dc592e65
838. 302f084fa8c12c32788350bb1ac2736696baaf4a68ffd427b14daa8ea35443c8
839. 22469113ca2a075bb79fcb4d9b4ce4eee38c6f5a4659055ebf28d711e284743c
840. 0a6c4754acb654eb0c9bdd2edc2301518cf87219cb73e5d9a86385e775450ef5
841. daa9727d53c5d1aeb1a3a76ef989dab1911cc2f1900d2314674896a6033fcc1c
842. 9608a8309eb6bd517c707019f71e20092bd8b65a372240f10a013ddc53637480
843. 9f55c3f02b18fd7739736d7d607531b9abb432803f6a8b1df20c339558bd0fa7
844. 367ec77be9222c3703c0b8812ba69866281785a19e34adf901c65be3786c8984
845. 62086f79bfb50ed656a06a49a67a4c6abffdbbbd53a455dc5658b98ffc667337
846. 859fdd40944fa79d7a01449877e818ed36b29065bbd4e98312499e5a98033e82
847. 20e8ae226aac295fee54ce03ac62831de139f4db5da737fba1ec2c858c805912
848. 1de0319af6f116f70c5f3bbe3ad8c67b38a1e42a0b3d3fa0d65351820b213c4f
849. 8546c5dd34d062466377bfa078edbbbb9360362bbabb8b72994a97ec157dd311
850. 308e5a755cfaf97f0271718832f327b10a9e155dca2726a9d1ede08b2c814e49
851. 78a183c5900433848c9002fa0d8417f147c561933551ac5e2b1467d6797a5c38
852. 9e807ec1cc36822543fd14bf9ef075d164e4d1c22e83fcf37755499681b5de9b
853. 44e84c8d8b4c3f410cd5e49349af35b7fbbd77b674f9dc51972b416e7c531af2
854. 13bf16c5295df77cd915f323a71f8ddc1f14f882d45259e33df7246d85c0f4b5
855. a6ca7cf3d2b69b953fe8ddc25b00fa952dbcc2bd3d63502df0f9d6b09f7fb6b4
856. f17478486853d1ba2f9240b5a86dd538bb7c2ec63b8ab60c3a72098690b51a08
857. 8cc86aba24a72e6388e13dadcaf682d2056c8f8f0fb16a05bd0ff89777edf682
858. ac1a0785dce3812acbc90bd4c18f1ee4e08198784d4c6c0f7405aa03b50547a0
859. aab61f1938fc38ce220d0ae41e3e41478236434f6334014ca881349bdc641ce3
860. 36edda4ad1ba219853bbacb0ebdbe05e233886eaac4e7959e99dcd79cfdd8f04
861. dc61943e92af8276aad4565a8ba1e5c3a23d0fa70ab78b6dc8cdfab7a6468733
862. 2a2d541c7853a479a377145a834a4df5acf47b8cc9dcf9f79b25e6ccc6e5a9c1
863. adf85b03123265b8ea1bd7e410dfbbf01c6c074cc986071e945b34041ac8dc72
864.  
865. ```
866. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
867. ```
868.  
869. Creation Time 2019-03-26 18:01:00 (From ZIP - DOC Based - ENG - 365 Blue Box)
870. SHA256:
871. e51f057ce172ee70159a9fc7bc8521e6f6197831d054b8dc445e7f8ce0989d5a
872. 7718b1b4a6fcb490c5e5912dd0155a450de8a86586209b56695a1d77ca21425e
873. 7694d9fb1e7fe87f76527ae391e7b01fa017b7f27b42c9b92b889e03743917a9
874. 180bf19071710aa548394486ddfd9a2017d075c92f5404bee95db874407a6b57
875. 11c8c7925688057b16afdf4748708010c0825117287695438c08891ebaf3e188
876. 372238290f87df6fac0d3054454aec2c23d5996cf93aaeea4e9f941e4298462c
877. 8ca56f45320ae34538a0bef0318e6c28b758017ba91e157369363b7dfa3f2598
878. a9d21d20bbbb2d334dec6c21132fea22fbdcda22eb310ba33e9563c4922e6f86
879. 629ff8cb90bd2b3e646edab9e5e4352f0c13d3ec987d95e778e9bfd8009201e9
880. 4ca46c60a901a99b2fe3c6efb21874792aec4b7b0aef8066e31392c4c3b76360
881. bf3ac1d80daaf533b3af1f1c3b030803791374ac22ad5d4530d8c5b8b3a6c5c8
882. 4f910d9c86a9f647fc2c9ee8018925b2c7bc974cab6331e252d5d17485ec1e06
883. 618ffb4801042057ec632be5d3d3312c5a468774c45df3c98dd81776e2cac610
884. 6163a454f25dfacc796c48e2146379966021d53a4112f6943d2ccba979dc84fd
885. 4a2de059b24cde110ce822adef190218a365e9b41f0a96b06d5e45e6642faa23
886. 46946372c81802503f01b6d9739fd4dd9fe39225973c8b9c22ef625666d48deb
887. 6026ab30130b1065ac3d1bbd68b0d3eb29e79390ebd55e4d5c8e55313abfafc0
888. 6dc961267d310273be9c3755f9ddb21914619fa0b78a47f5a22594284a0e39cf
889. fd1ab287b966c90d87f1c0c82207b73227661fa18628a1ce00860293cd63c11b
890. 3ce066794ab4c20945fec02a742d62964f0439eb067abb7144df55770e2b3fe3
891. f8d23636c045e3ed40a552d3d37c81f46c2b885ed0dbfe789dbc9ee81dcf086d
892. 39359bd1fd059e7d75989074ca6356844a13145f2075dc6e2cafb20d101b12ab
893. 00792cc131f75e7f87f2c033780021fbec3eb2092d8bb7e6e9cf0ce9269eeef9
894. 78ad7fface477d0c80f8e451aaed8f325ea725dceb195d522daccfe1b8a5ec98
895. f0cad2a3dc988d1eb449f64bbcd58da2cb8d570b7acbf67a9272f8ccc98b7e53
896. cbf9cd66ccb6e969c0ad9878fd01a8122c73c7af7bac9a4518d9e26a38260e6a
897. 12801117100fff39edbbc870c6a21e4f180a7dabb92168a0ebfc0abdb2617f72
898. 07c63e38cb12e5e8e259602a0a04acb44cc372c7d09acd675b395be858adc06c
899. 48d5c64139acde1dc8c38574f629fde4d28d4ce056062897672e0b7fb825712a
900. b722d6b36059fec99ce7a4b6ccf982819f03f1118257117ea104ab9246b11018
901. d1088a3f28130c469fd7922ee9e0c86a8906a89383570cb103bbb242b5177515
902. 1e2d2671557feebad52345615fab7e476650a584dc9117be0f401bb441f08f8c
903. d50dafe82359c1310261a636fa955dece9019245eecf47147b8f35ac7cf498b8
904. 6551d4b043e9a9d4c95724fbbd9ee838bdce591dc23603e9c7438cb28cfbe77e
905. 5538a2481a1b136d55aea8bcd37393b7438d76a0db04385b9fe8ab61c5791261
906. f2a3fb74265fe14d74cdcfcbc96e59b58037e4de0a288a0253be7bf593359fe2
907. b7dc25eb170e014aa6332e47b981374360c7c96a3f887493d7b606d9fa5748c4
908. 6437e54cce2c515d0b802937715868468c6fd8fb41f56dde47952d676173a10b
909. 85982aa85a801279440d5782c60e42cf55348bf0c3011d7fb3144ea0c05a39b1
910. f4acd650bab0d94c962c57530abcfe59efc59529acf55930d34868670dfe9676
911. 8105ec977a583f71aecbbdc0b643111c569ccba023d60a26481bfb5231cd6679
912. 9d638e393cf9c49ee287c8580b501b52b0db09aa60e03668d04c25f608d70a9c
913.  
914. http://kompy.cba.pl/gif/lN_dl/
915. http://fisiobianchini.com.br/wp-content/uploads/2016/05/S_U/
916. http://dev.dimatech.org/wp-admin/Hu_jj/
917. http://juangrela.com/admin/bB_m/
918. http://coupedecheveux.org/yu71t1x/c_V/
919.  
920. Creation Time 2019-03-26 15:32:00 (From ZIP - DOC Based - ENG - 365 Blue Box)
921. SHA256:
922. bd6aaa4f4f6a69bf0c8db8e6d012e3f726279a47e8cbaaf04221b67eb3b54907
923. 29b6cfc5fbb2db654855403f0b61b299405d8632e1d92e11b7339c6a9bbe8478
924. 0482d68cb78abcc55e7c61dddb1ff54eac6e8759e49db72988844fc883ebba41
925. 739e7975f86108bca112651c61705cfc1ba9c216acdef15568f25dd9963d1b51
926. 58314a59072ac928b7a40847a606a1577c55a632022eb68f2ba781ddf7e4a210
927. 5c5e393edbaff8760c2c7dd1a13e371f61b615abfb806ec61b9387f4980b47fb
928. f1d7cce52fbb9e10cc1090cfe04a8ba64eb23c629dccfc079ae32b4cb2e2cbc8
929. f4bb0a77fb6c717f50197377af3a46c847b32ed3db1dd7183a5b1bd7059447cd
930. f6937263e6a09b3dd2c3e8428769cccee38c3911bae69df292dee3539d5f2974
931. e76c22723bbfc895f0e0c2adbcc0033e814b7cbe7b24b2bd0c05bc4cbc5b2a7a
932. 26f775f550eee9df1b6bdd8d2acf98450dfd498a814980f0e7ec36998576e2dc
933. 5d7f80bf16f2657801cf8c0ffdee5e6d3e777d8ef1bf75ca9f7eedbd35129eb0
934. 5497410d88f97c0506242afb86fc7137b59561a6b05cc46211bc9cf2ff084e23
935. f85d90987ffc5d8faf19ea24916c7ff1a3e1a37f2223de101ef6ce426ae810e4
936.  
937. http://hclled.com/aspnet_client/C_Nh/
938. http://i9suaradio.com.br/cgi-bin/N_13/
939. http://hcsnet.com.br/wp-content/4_C/
940. http://hyboriansolutions.net/wp-includes/v_6w/
941. http://hnuk.net/Og_K8/
942.  
943. Creation Time 2019-03-26 11:14:00 (From ZIP - DOC Based - ENG - 365 Blue Box)
944. SHA256:
945. 8aafeb01cbe557da657df58deefdf056304c22243632686fccd216af4abde932
946. 4cd43de8b247abe623922bc50241f50a70de5f85523c64b4e116418f2f62d811
947. aa5508db56dc6d3c6c7a4d4bb9dde36d3e18cab75ab442651337dcf8f6cf9201
948. 3c004e51041a1f3bcc89446520b38cfc2ef33fe9fbf06aa628c2f6a79e84eb90
949. b6a3b4a66a4a58b97f558b5430f1a9961f1508fdba68bc26ca6cde1dd3791577
950. 46c43a7f338ee9cc8945d6b670d639aa04dda84db69ae625bb3439539b4160f3
951. 3c9072cb1b62bf773ae610fb448e7ef3074d41d4a9ac6fa347a64c1dbe4547c0
952. 36b7e21bda5de7bfcf66cf36bb6120da1dd6407a09cd0b87efad126a92805763
953. 6dabde74d4a45a87d44eab8aeff826d354da81a9dee7977dbdccb8b09ecdd9f9
954. ee6a4736ba61242b7a64e6b9aed45d8fb8415223496108739fe3fb47d0ddcb28
955. 6775395dbfde5f44999e597df0ce607f01e4ee9e66995ccaaf9673b4658d12ce
956. 4aaf2d25cb111d1a61381ffdb51d647ed213fc243291fa884fdc89fec93bf8cc
957. b0654e7b378ed49cb1c189a380803e7f961bf8816c4f09838bc63a557fa85499
958. c51ee3fdaf7fb58bcc0705e6d04ed64faa8aad61ae1008f47a0b059108551b39
959. 82d6ab071361562a13145b076534df0bc3a903300f32ccffc1e5f062d7d0be6b
960. 07d612e48b9ac4ee55133a6140f67a3b68fbde719340df46c8503f3a002f7939
961. 4727ee2dacd8ec8188bafe79e3a11f3417ec20e035a02419fd74aa4ddc57e986
962. 0e6acac5f67373a3e888772266d6b1c50b0f19eb9123819be5a347702285f197
963. a00b3d986521642b3078a8cf7c70860e72ca055fb17f26e824d1b0d855eb7cc7
964. 23a7393bc43140e772fdbe93d456dbe5567d356b268a838bcf8a28a4c996e99e
965. eaea615c8200289a52a2678fe15e978009bef7523e74188cd49c0ca276594c8f
966. f08b0e4be6c4634c1528c5c7a6b0c8716749260fc314137d7a4e430f3f78074d
967. 96cdb66e55b040b6cbba7affe03427b935cfe378550c2a2560bb6744825e923c
968.  
969. http://www.bekkedekor.com/wp-content/uploads/R_b/
970. http://www.bayonetrobles.com/wp-includes/fi_g/
971. http://bekkedekor.com/wp-content/uploads/G_I/
972. http://association-bts-clim-souillac.shop/wp-content/T_q/
973. http://kannada.awgp.org/wp-content/uploads/eq_Q/
974.  
975. Creation Time 2019-03-26 11:14:00 (From ZIP - JS Based - Fake Error)
976. SHA256:
977. 00c9e1d04f492e0f615efa86a3df0f7b5860cad0448e1fcd5e12de3b4e4bb8b6
978. 0d9eb3b18e814aa1d68fd778456f22cb6cbca11c222e2cd6662703cadbc360a5
979. 77bc9d0a5ea09423107656a8d13bfd112c38310f95bcb4985abad4a316468dfb
980.  
981. http://www.bekkedekor.com/wp-content/uploads/R_b/
982. http://www.bayonetrobles.com/wp-includes/fi_g/
983. http://bekkedekor.com/wp-content/uploads/G_I/
984. http://association-bts-clim-souillac.shop/wp-content/T_q/
985. http://kannada.awgp.org/wp-content/uploads/eq_Q/
986.  
987. Creation Time 2019-03-25 21:43:18 (From ZIP - JS Based - Fake Error)
988. SHA256:
989. fa24322fb07a7df35f0be3c5f4e72f0b9456ce73f2049ec9ffc0b97dce5a4fbe
990.  
991. http://ap.dahrabuildcon.com/cgi-bin/cQ_9/
992. http://www.form8.sadek-webdesigner.com/wp-content/h_W6/
993. http://www.91fhb.com/mhjisei3p/P_Ip/
994. http://ticket2go.by/wp-content/oh_DU/
995. http://shoparsi.com/cgi-bin/RH_Gm/
996.  
997. ```
998. #### SHA256s for Epoch 2 Payload EXEs seen on 03/22-25/19 ####
999. ```
1000.  
1001. 8a51c30f9409656199fbd63991cdcb9ea300606f17c02063096f55974c162e60
1002. 12c2f47e2c2dfc04c4e53c4ac45bf4724924019dfea0276c9ce89230a0ff9d2c
1003. c4fad7f55a0f06049ba26eeeaf11eab1313d87b299af4e76951a9b3212dbf8dc
1004. 84c715f814f879e905e58322f5e24810b008a70215d449e364428839cd7e1388
1005. 2fd8366760fd036c17a022150a94a83290bb90407416e80e77daa5dfc45b7528
1006. 5c2724bf44bbfdf53adad448e142987466d5a041c2778bbfa58589c6df40df9c
1007. 51aaa895010e46425939a33d1d7b2c94c3ef704e76252b161b7f838193d71f38
1008. a3fe1df77ec40563b9a4774642e791eed2387f4e4e194fa4c07733050b0f0d8c
1009. 3f7f40337838fed31045186947a60ce01322e8859cdf509acadc5fd3b430b2d6
1010. 2158922895ebf50cae992e68dee30d8d46ae0c672b8d8af1e9b3c3402d4f2d0c
1011. cda786478e10a9bc5c5cd6987963406e23aec08ff55a1afd86334a494aa229a7
1012. 8dab3b96235805af061d9b808331c1d6fd856bd00d9251ebee88d20142adb184
1013. 91e619f0d34dbedc3b955391267edbd278c48a0afc75b871ffdb24bf80fc0b26
1014. 8b1d35d1962922ef9d2e3bd7d2825b79ea8a5ce6b17f915ca073d7c184f14a69
1015. ade0a5b7abca7ad81d5adf0865fdefbfff5f10faba7e7c2bfd8318bd26f58600
1016. ce72103b307cd5d869006d27a3c981f5c2759c97a4a9e24cbbc3d632a3039d10
1017. d412efa9f58b2b4146197fcc47190a1ae89ca855022ec5754e6db6d16350d503
1018. f099cef9c3c472b301e7641e62838f27b1e3e2541488f493aa18355575f09171
1019. 5f03fbdfa4709a5acded04069a829d519ad72768729f809dd882121966b35550
1020. b04cc9f527113ad3bc954569e6b67844956b2bb814fdf73e5173c35d0934c7ae
1021. 452a596ee093cdbf6b62101cd3144531b71485749c3ae2c97ca66558988f19f4
1022. e54721aaf76dd749c27338b18a4e2a668ab37b8f1ecfacaa6b61f63f0d5cd0a7
1023. a0271a36c8d56ef8d0836a7e481077c67df7845d2a4fd96fcee537a141a4625f
1024. 8757067ff0a1a4825072d0dc132ae8e1bd46ce6e9322f0e921d94d98046e5ab6
1025. 10b4373a975c9e4cfad3572432b7c332188aff38dcb128152a542ed4857f7451
1026. 487928b47df3bc519bf64308e98d5e125a7637520ee8f3f87c76d50863a8b233
1027. afecda65b5a2d239cf302d9d7bf40d6463702ba77f75605b2b35911c8849c2c2
1028. 0bb36601ffc3b699187c1630429308e29354514d1d262eb8b8d5cb27a601054c
1029. 86bd246db431fead70b8363b42d399d62624e6162532768104c96a59c0cfa30d
1030. f03a0ffda810b943077f8f053e58539bb5dcb3ca9a571dc6357d519b55a13054
1031. 97d70f7e9cb5aaca298dd328db4c2169d42a5a2f4783ee0f8f542c57c3542620
1032. dfa98c2092e99b1a3ccd9231501d1181a2d3d01b10daad2fdc4cddcb4ebe3a53
1033. ad95cdcdc29f48465aad93a63264656071d34dc4a7722382aa3a5892c0c0bf92
1034. 95ab461d02e9b56cb51e00f8d3e63441116c9d0b9424d649ac13db14f7901174
1035. 295396b167ffda4b4336ac9fbf16ced76446df6441530ed4ce0ff0ac632a6363
1036. 9ee63bd2cda53799b610ff1d960991bb8a399b94d0991bf85dcd32b2598fe3c5
1037. c2dad411179cba17c9d2f20d537f70c9368f4bd4dceac0928b5ae200a17a8f47
1038. bb452094f97e990ac8b8daa69078127e7429b6f6749ca2416250ed73c34f0c25
1039. ab4a02be6d497b2c2f3a9967bb02c1ed1cbc948b9be57dda210c27fc72f345ac
1040. 1e115c691564d5c803138895c73d14b7dd1814481ffbe7b607b21760c9f823b1
1041. 1db53135333d9ed38bdf8b8d64a8e1ab581813f2f1733319822d51b59e290705
1042. f9b5d45ce26fa56bf3d2fd46c84600699afa832b2240523e6853adeb6158b466
1043. 151326205a07238bef6a6180a199c42a457be8f3687edd8d8402666d4f57b20a
1044. 680173ac1b35dbdbb8a2cbf3d9286ef5e2a0e7ba7bfb404ff2e6d4d4f6f90214
1045. d2d2a4cdfd3de32d88ad6c9796dddd7e155d175a7612fe604f17cd8ad7bd2dfd
1046. 6abea9d665168482aa861f1840083764bafbabbe17afac6634c5456b8789f27f
1047. 3eb6a2c4ba99e2f234abcbd8faa1af3de219e795c9fc0d1b4d2bd88b7f6f7f67
1048. 0943bedbaa1d1a0451059d9ccdd91dc53cf9c0c12d7564ffc77dea50a7308773
1049. 5d9fd5766e7c3f91cfd28cbd908221ccc33790ee9005b72df3c9191c54f72466
1050. dd1cc533bdae5620c0d7c7cd0d9b7b25352124b6f8e22a397ca437961ab4d4b0
1051. a25e34879f733227b5c846ba6acef6d8dad8e769c3af788367bd98d419f356eb
1052. d61bf5ec4e2cb2b5e3ad2d392d6f28249299fc5f6537478d7d914c74b553ba30
1053. 18b241e73a3a68b8abeefcc337dddf476a042f0c3d1f43bbd7a22732d4281875
1054. 432910405550adbd0213bde7d94f205c673a3bdbc15e93a0e38d9271d2c2b87c
1055. 8cb5e48830e7d1c15d9f2c8b25064abd92fd5ec030f97ddf2979d1be02a42090
1056. be87b6c7afc14145e94fc33a3aa1e5aa7e0bc0ad6d579bd6d1ea2aefb02249f9
1057. 1184930cc7f27a8c9f2522146c4154184e4260d925cad85f85ad9e476eb2c81d
1058. 6aaa3d299e67234ee13f2cb7a12020268a077ba54980b3393f56d368a104dca0
1059. 657d1ca003616d233fa7bd5f1af71da084956b1f0a89d44929f13b37ab7cb79e
1060. 45aa82ba2f1446f29c8686e18a26f67682a7aad8181146d15171fc40ba354985
1061. 699dc0c9022312b72415d7ffa10114c59f9ae8f197cf66838466b3f51ec872c4
1062. de08abbf206e7fd97b682cd31a45b087391e72b3157b7847f59e57bd24c8b6b5
1063. 3cb64489a8841ccbe693cea9906ab35d17ed0af4062f2ffa6e6730be138a8208
1064. 16a8fcc894ec3e48611e72a1b7442c4bd7a905e6a1c0497ad2cce10e88cddeb6
1065. 3c7cf0f53e0145be8196f3f1457ecd617a07e18761892076bee8e3ea04b5d937
1066. 2ca74803cf60739ec227237b5df6481ff1afd843d8993bcc78017f3fdbe18744
1067. f7058417b08a50f6f2602d3c87cd6976b01ab4f7387c9cec03ff211619bd53b9
1068. f6ca633f1583494bd0cbbbd939ad9d64db2f72135ec9e650658a55ab106c6389
1069. df111f9672f58d7985d7c009f5b0f9e8dbe45fbe317fe12c3ae411fc9f1479c3
1070. 47f3bebedc8080e2b6e9d9af15fc8447669405834cbc7043a86b4ccbcc1d3d37
1071. 29d1e9f620be5d6a175fa3921fb6d83eb5378df8d8587729e6935af2927cd4f9
1072. ec0ecd88b1f2659d335963025fd3549898eb928895ad0b4a0004bd51aa5ae3bb
1073. 866f1f7ee7a3ec6bfe25a49dd7c12f349ae498cab3a5fbe566f9a170cdb452c6
1074. 60517a77411e0d11956d50312404d27e9474c64a7b5557fe051b568738b497e3
1075. 97f672b217bab9c36f00a7e6d6743858d3820a77866ae9c1e01d21074052fd1f
1076. 38ce05f33c42aeb5d753cf0a5fd48429c1bfdcb37b24e079c3af7b38ce5b9c57
1077. e1e2d3d72d616dc64773ad0490c11be022b0f48f54d06783b1144a0f50ac4dfe
1078. c723c812002dfaf633740737bdeb27a246c9457cd1e4c8f36ba89f299b1cd1a5
1079. 3c0b64b0d1c258888210f195d3eeb911ecf2a1041346f9f5fded7ae7fe812bc4
1080. c20ae9530748200716eb9e1d69b4aec275a62855c78e7f0977424f8b4f373003
1081. 3062ac472c86682848f8c1786bc912b2e6907c4cfb2ce8c7987916268852866a
1082. 9842e5fcd6d6ee2f22ef294128066d1e25699f06647d73cb947bab86c08a1a5a
1083. 45c48e272de997b83d2b246b6de12cc29b620a0b5bdf346e46d663cbdcf2e8f3
1084. 4c49d32c42865c1b69b048021f6d4dc7af9d093cb3a1519c73996ee61a842381
1085. 2a85ad41e7bda773f3b15276c6ed43ae185b250bdbed39b1117d9e4ec3ee4116
1086. 5176b6eaaa6208c4fe4db4e435ec257a9a4fa672374e667728ff9790ce5ca6eb
1087. 51246f7a2ebbf3e63c75de6b0cb31572cf8eb7128f6c84e593098ab4420c1664
1088. b637af76c790910f77b0cb2df528a7b24b8a6818e240221036f2f10d0744c4b6
1089. c43d7116f9bebc5c4b5b31769be71529c32757a68e2c03c39e934e709ce17e8b
1090. 0b06f5eb921a46064b637c61b2e464056cfdf3ac53b905b95052ae97301d6447
1091. 57b585e5f21720edf3bc190a1a7e95f8c9038f187d66686af3e9cfff66323ee0
1092. b4fd1b5ae226aff4885cf18d11cdce83c2a0689044cd5126849bbfa0bbf4091a
1093. d400e6027f5b49a2290b59c9cc7349cf5d4f15acc1ad48e5b73aa8774ae07056
1094. 2ba4325ec1407b21878b971eddfd2c71488e988200a9113641dbe4691bda3400
1095. f160107e1c0e7426a6ef9096990735b1fdfeefc83a04761d832e36c0b76d35c6
1096. f040951ce2cfb88c520cd85f123f10712e567b7db357e9d1469bb8af5c4a6553
1097. 1d357b569f464903fca86c642432e19337dc125738e337bce6c22b5334a6a1cf
1098. 5de9b36c779c6f48bb248259a8b478d0acb04b7815394086351406020279c08d
1099. 1348f789cf9ce677da6cbe5c758203a0a2643eead78d99e7d2b90709c0301dba
1100. 6ed0c37aca8b3b54995c19c396aa70cc8be2b85c5c1326df0691942a0e295abb
1101. 42d52869d3a5618252c7172fa2e8e528a837d186e2c6676a0fa59c5129a2b27b
1102. a25811195bdf3e66e2df49f3b6f01a85c0504511a65396415fe0804cf2d63866
1103. 4600b25374a637fb54dde2d98e782e9a39080a9993aba4fd5ef857dcc316ec6e
1104. 85d92c3fa59a0238daf0f3d9c59fa03e80f5ccdde5ab5dfc5a2ba478191f7576
1105. c7e2a06dec890933392bbf4ea4989505b1d72e5f408e2cbd2d90ededba13c035
1106. 72377e58600469f2072d868ac2dcdab709a6f160fbddb17c577adb119ff74128
1107. 2b678134f88c945b5859d1fc85d71cc4952e247254317fd7a8f2a5676b68a4f8
1108. 0a52ba6f34ba7b96341671f6118eed3d8a316d8b551867dd1b0723aa83ea92d1
1109. bb650268c7c85686895c0014fb79d513337827e92899b2657174129150304b72
1110. 91d59b2ea63dab21380ae16c525742372fa712cc2fb8beda55bf778bf45185fb
1111. 6bc57adee0e62d8946ea7b9ba0deb015a18de7d002b7f621e9a06ce0a6c61611
1112. bc53506e007cdf53a6307219066ccb30c3400608f59a2d58fea2a1a78f264c7f
1113. 1ce6445f45c40f3565e696338171d402c85c66e76ec85c41d255139e46765b5c
1114. 1cac8e079e7c335cf639fc8179d4d15b5e61e3bdb6b6fef05de8b48c4be9f77f
1115. 5596f2a2c366fcfb17c08239201384ec087f177d09b68ac25fcd56657f36aa59
1116. f22a805c987d4e6cb7bd05335d94f5eda55283b7ecf979859326ea9b6857d0d4
1117. 9b8d610d31fb4060472037b08a7f9e82d55efed17dc4cf334e9a2ccff3cd285b
1118. 8c171f0176e59a139a024ba60e98d2350d21f7ed09f9b461160be227522533c0
1119. af79edc1306e01381a31e5ca0890e8041531b030ad4ecf9665ddb3bbf84acff8
1120. 8acb418bd34e90a955af6931e12e52ea8f371ae583986bf21ff8db06e39e9679
1121. 91e1f11dc5cb937197e6e868168737a74dfc4054c49b59451baa9622b651abab
1122. 817cf52b8550bad9bfae9aaf78a020a1698ab38c9b9301ffef4eb06d496cb5d6
1123. fb2486e09bba004bbe827fad441c57e68948bfec63074439c8c6c676f4a8a88c
1124. 83d4ee0c007a32e44e5ef1388edbe0b1711f2aae6658b43115872e3df5dae823
1125. 170e57acc52225c684896093ebe2d23f29edc612a1e1364b5dd3a6bb3f3a9553
1126. b4a20f3766fdc87dc9f6defd780064602eedc5377000413beb79497f31f8dbba
1127. a88a1d6a36f5f4fbd04aa90b954f95e73c98c7786e92e22a7a93f77fcd33cdeb
1128. 7cb9ce7a6139d3de521753badc00d095013643e06e7b5a565366a074439832f0
1129. 8f41847e454b6b961d826b08a4db586705167f61e171799d1983d6907988162a
1130. 749a6b26a4fb6028b2503e4cd337752a48a335b564ca32c5e33b848827004ca1
1131. 87ea179eb98b8e8ff2616414b520afe39a3a53349ddedf6811d3396c23c71dd1
1132. ee6d76c87005bac6bf4e4fe2ddc3caa39246ff9b8383bac26f70ce2a155fe40a
1133. 4702b9d760d40b84f4a0086739e1ccade99a1e0d32d9ffd8dafa68f1e4e87fe7
1134. e4c94a78ef8a0f248d9e2e848f3aa13655c826cbecdb1d86c5366f60cf133218
1135. ce7f4542159b75e1da2affb55e83b0e2477f4f107b11395145faf42c94828387
1136. f97c0cbff585b1ab120ea99379d6cc6777831efc43318fd2ebb3a3a336281522
1137. c9fb8fff27462664cabfea478267cff771f82e1f94845b2b576f43f710bcf36c
1138. 5876c68e3f978c6c4f554217cec306412772528960d1ba8c12dd2098db28cd09
1139. 8889d7a8f95021e6fbbe00b01bcb86b7024cc37851123befe35ceaa0e8cdd997
1140. 6b1f71745b725f96f72999ff5e48ad8ef65f36a2c6c8737161688e680365ab51
1141. 4a74c6d5ec1531a3835d80fa8a96d9afeb8debe4a206ccfb31dd548a1ab95f7e
1142. b17339f6dcb69a38444073da63e136dfe7d3df2388430341639db8cefc482be4
1143. a82f662f129a3865d20b6362e35e968a3e5c1d86d33e9823b210e93cafd44620
1144. fc2d997d2c3e0e998fc788436b49be1c97fea45b87b2f6bf3b82c220d8a05a8c
1145. 7ceb9bc2e96acfc9b602a0aac29824390c5b358e19df244146935abc1c79ada4
1146. cefd0cb53240532fcb1807322f699fa3ac0ab8c0593cac2649bb70da50d286dc
1147. 2a81708d783aca54cdb3a1ad76fa9e2aa407c503ac000a210cedde6efd90a8e0
1148. 8846754cd018316c1ff52e94b60affe715dfb13eb3440c41f46283434a0753db
1149. ae5ada48168db8f7e2db1e1e1955985c263e2184a682c54cb4adb146a0161b19
1150. 09a9d7379d68fdedbc017cb190fcda5cc862f5b2ba1ec0085abf1f419615d585
1151. 2b88e735f506bbef06c3e52e3ce4bbcf7360693085d8398ed9490c3009f33061
1152. 9d3b8428c6427436658711557c941653f661a89049c45a7fa70684f732d5f065
1153. ba74caae9a2dc224ad5d6b6e1e599d0f758fd148f145b4098791751d1ce8c576
1154. ee3b98ab0fbccf50640b5dded626bdced81416b76c9ba7feefe4cf17d5117f64
1155. b30342e3980fbac1b50a2aca1c8e4daaa9a19dba8973b30200e13932e2338b78
1156. 2b0f4354914e39e2a114c756d4d304756284ec5b3dd37fd2cfa970fcbef52256
1157. c7dcd0f56640aa8fa01ae8e546560bad6c50975bf546971aba5105654c675bec
1158. 485b2340ac611ea1a0adeff9440ca051be8246e8f64cb77b6db8ba620d934643
1159. dc432096f745c14f5314f50c366fbff78e318a92a86cb43126afbad133b1cdf5
1160. fbc1046e295edd9fd5d9f9062a770c6881ef3198df8b84465abecb0d38f2642d
1161. 9abda7c429b7eb310af72e60b86baff78b6fb3d6c995c2ba6b7c4037139c3c26
1162. a9a7965e8ad3d7ac259904ed6166accc64738c7e0ecd7095bd34540df9d6267a
1163. 0441cddea576611f232fca22378f763f53a62c9ff6dfaa1e375079116f73cafe
1164. 789909bc9ef6725339ce2e3df52c4be8584a6095416fa4c1ab3e2cda5835e57f
1165. 04485d4575e85800fb8d98b369e0f68d2ddc1aa4907fe13a03046e496f41c88a
1166. 1e2eef978238f97163bad277a189f53946a38a4979de72d960714936537001dd
1167. b69b9774b21191ddbfba36b960e27657d23afc26f733e7d12b90f5b4c85d47c6
1168. dbd7cd9074ca4aceac1d6041ca7e17c8da2aaf1ae2682af14a22717aa305c251
1169. f0f47e220242aa0cb5355d7ae890882473be3630d69c20e689b4c1cc2f33bd9c
1170. ff55cdd91a1959b1bca40bbdf76f95fd0916d7965e260a126c41362a75b0fa71
1171. fc893066646a2ceb874864362c7af8f772f45882ceb11030be0b07b8147b78c3
1172. 045d9c178d06d3aca8787efa3b3bb804891a58f380955756326056a4b139aafc
1173. 5bdf41fba6499f9e8cfc855c6c4bdf923b9f41b7c02d5ed3c7a3fc3f59d84297
1174. ab703b463d769d2ffa1248e14e642f2952a518f3fa4512ca5910eea9247c9c27
1175. bc211f08fc4b33edecb4c6736cadad17df8b7fc1d9e40e15372715d158d4b106
1176. bf8d0de65e7f2a071523248f8d5359a34d5b8f402e961187b1ea525f3c9b53f7
1177. 1fee673f2f0886b07b0a3e1bdc660fed0b2903976613e21e39910d779ac07d82
1178. 1c6441f08fcef4b9bdeef147ee011411ba8fa0cba1c857c1112746d9bca4ad1d
1179. b90daef3e7b51b69ec5c1c5706b720acf73769619fa43fc896817beb0415575f
1180. a489abe430edb85b7bc3da0c79ff18d2f645707bedcc1941ce082371326754cc
1181. d8cf091ca37b773eedf3939ee690228776f32c9f1bdb13621e88f753451d8670
1182. c3b2086ab3a24b22d94b080c8e3c8654cd9f548baf2129675cda22c88070ff21
1183. a91e8d916b465a14f7a6183d7a72ecb4f1f006ee1764fe4875c5808eb4c52445
1184. 129168e507dd465b079bf816332dcb3b2a94b03edfe7952e4c39f98f00ffe58f
1185. 5a89017fe8798f4f64249c5f4044970818bcad09281635fcca5fb345d7655c9b
1186. d0f505d18198e3071e4d01440befa8cf3a01e870fa4c7406b1a143a5a3373627
1187. 17e8d6b76938293fb07c7abe95703ede40845541c15d39eabb9dc30b29599cab
1188. 4d1931052a0303066101509e3323ae3db5510f1f8f0677976409b4c9a224a0a4
1189. cbfdf98f857f700c176a5d530adc8828616a9fac11c0c1ea9cb0b120ec310829
1190. c6d78529f5559ac9d210ccdf7b534d14cd63f0c27e34c0ab017a7b056ba06421
1191. 918628d6347a4043554ba888beb45dfc6b1afd7dbae4ce4fbb9e07ab2022ee57
1192. 3680c76cb301bba036e7310e5c8ee478acdb825966c6d2dcb602ddbc8eb60146
1193. fac1e7e29a975787c12feacbb9ebd0763854ce93e49228cc3be5c08d76c68e12
1194. bdee4aadff9e048a0748b94d499a68eb6d07cb0fab9db0f9094af7db85d8a095
1195. c982d5a7d337ac8eff98f2beee5e52454c4923152a27c27defddbd67feac6247
1196. 087a7d4f2bfab1c0939263224c078757fcbbbc70b78d02656729666719f9388a
1197. fde6f90e96a542e8937bec5042131d5c59e276cb8ea730985d99fbc2d3b07dcd
1198. c7491d9120b643ab330317928acea7277d4b1f7fdd379abe506d45efb6e7b02b
1199. 39dd20fa32e9cec2efac96d6be23b096d182b57f0c7987322429db23b17953ea
1200. 502926392e7ecd45c597a89ce3cac6e4130fd0d879d16b51827a7da15df233e0
1201. 6a368c819d1d5d39df70b5497b11a5dbbd457e37d9584740cd68c868bee65739
1202. 5e52da498cac60b54af538d0c7ed85a00a0924368ee0d195a6f0838333b04cd5
1203. b12ab38bca99131dc7132e0b7664fcbe291a720c6d8b97aca42c98ff53b50085
1204. 30e56670094a35d0b0610d3832ec05c4e48103080da20f40226ffc349cfad2f6
1205. 7caa69f1aa1770bc9cd79b0a892be95ad60f14f9ded7044fa216a5742fdf2f84
1206. 3b222ba834b3fe841c0bfb2f35d3673139d0490bbeea576cb27c6888530aed26
1207. 39aa3311373ef6f02591109e99a39855a42da021b52ad795d24c5961a8548bbe
1208.  
1209. ```
1210. #### Epoch 1 C2s ####
1211. ```
1212.  
1213. 109.104.79.48:8080
1214. 109.73.52.242:8080
1215. 138.68.139.199:443
1216. 139.59.19.157:80
1217. 144.76.117.247:8080
1218. 159.65.76.245:443
1219. 162.104.1.255:443
1220. 165.227.213.173:8080
1221. 173.248.147.186:80
1222. 181.129.83.122:80
1223. 181.15.177.100:443
1224. 181.16.4.180:80
1225. 181.170.252.83:80
1226. 181.44.231.127:443
1227. 181.56.165.97:53
1228. 184.95.192.237:80
1229. 185.86.148.222:8080
1230. 186.138.205.189:80
1231. 186.3.188.74:80
1232. 189.208.239.98:443
1233. 190.117.206.153:443
1234. 190.146.86.180:443
1235. 190.15.198.47:80
1236. 190.185.241.151:443
1237. 192.155.90.90:7080
1238. 192.163.199.254:8080
1239. 200.114.142.40:8080
1240. 200.116.26.234:80
1241. 200.125.190.126:8080
1242. 204.138.46.166:7080
1243. 208.180.246.147:80
1244. 209.159.244.240:443
1245. 210.2.86.72:8080
1246. 216.221.73.45:443
1247. 219.94.254.93:8080
1248. 23.254.203.51:8080
1249. 24.137.254.148:80
1250. 5.9.128.163:8080
1251. 51.255.50.164:8080
1252. 66.209.69.165:443
1253. 69.163.33.82:8080
1254. 71.11.157.249:80
1255. 72.47.248.48:8080
1256. 74.36.4.206:80
1257. 82.226.163.9:80
1258. 82.73.220.225:80
1259. 89.211.193.18:80
1260. 91.205.215.57:7080
1261. 92.48.118.27:8080
1262. 99.243.127.236:80
1263.  
1264. ```
1265. #### Spam/Stealer C2s ####
1266. ```
1267.  
1268. 31.172.86.183:8080
1269. 104.236.185.25:8080
1270. 50.116.63.9:7080
1271.  
1272. ```
1273. #### Current Epoch 1 RSA Public Key ####
1274. ```
1275.  
1276. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1277.  
1278. ```
1279. #### Epoch 2 C2s ####
1280. ```
1281.  
1282. 103.11.82.67:80
1283. 104.236.135.119:8080
1284. 105.186.65.21:443
1285. 108.188.116.179:80
1286. 133.242.156.30:7080
1287. 138.201.140.110:8080
1288. 147.135.210.39:8080
1289. 162.243.125.212:8080
1290. 167.114.210.191:8080
1291. 173.255.196.209:8080
1292. 173.255.250.241:443
1293. 178.62.37.188:443
1294. 181.39.51.243:21
1295. 185.94.252.3:443
1296. 186.4.234.27:443
1297. 187.189.195.208:8443
1298. 187.207.136.230:990
1299. 189.155.72.127:8443
1300. 189.159.143.134:443
1301. 189.250.182.236:20
1302. 189.252.15.206:443
1303. 190.211.207.11:443
1304. 190.97.219.241:80
1305. 200.113.185.229:8080
1306. 201.220.152.101:80
1307. 201.236.95.82:80
1308. 201.239.154.191:443
1309. 203.143.86.111:8080
1310. 208.78.100.202:8080
1311. 212.122.71.196:995
1312. 217.13.106.160:7080
1313. 217.165.126.204:443
1314. 45.123.3.54:443
1315. 45.33.49.124:443
1316. 47.202.17.6:80
1317. 5.230.147.179:8080
1318. 50.31.0.160:8080
1319. 59.91.24.244:465
1320. 62.75.187.192:8080
1321. 63.77.201.245:443
1322. 64.13.225.150:8080
1323. 66.50.29.185:8080
1324. 67.205.149.117:443
1325. 69.198.17.7:8080
1326. 70.57.82.196:80
1327. 72.161.250.4:443
1328. 72.161.250.4:80
1329. 78.186.5.109:443
1330. 83.222.124.62:8080
1331. 85.104.59.244:20
1332. 86.42.246.197:993
1333. 87.106.139.101:8080
1334. 87.106.210.123:80
1335. 94.76.200.114:8080
1336. 95.65.206.248:465
1337.  
1338. ```
1339. #### Epoch 2 - Spam/Stealer C2s ####
1340. ```
1341.  
1342. 198.58.114.91:4143
1343. 213.136.86.219:7080
1344. 91.205.215.10:7080
1345.  
1346. ```
1347. #### Current Epoch 2 RSA Public Key ####
1348. ```
1349.  
1350. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1351.  
1352. ```
1353. #### Credits and Notes Section ####
1354. ```
1355. Updated 7/13/18
1356. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1357. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1358. https://pastebin.com/u/jroosen
1359.  
1360. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1361. I am providing them for your benefit in case you want to parse them to be sure.
1362.  
1363. ```
1364. #### What is Epoch 1 and Epoch 2? ####
1365. ```
1366.  
1367. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1368.  
1369. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1370. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1371. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1372. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1373. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1374. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1375. time period.
1376. Here are some observations I have noted since I have been watching these botnets:
1377.  
1378. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1379. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1380. being delivered in maldocs on Epoch 2 at any one time.
1381. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1382. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1383. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1384. Monday morning/Sunday night.
1385. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1386. Epoch 2 may have a document hosted on host.tld/B.
1387. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1388. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1389. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1390. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1391. - C2s are never shared between Epochs/Botnets.
1392. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1393. via C2 to stay ahead of AV defs.
1394. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1395. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1396. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1397. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1398. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1399. spam template, word template, document type and even payload.
1400.  
1401. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1402.  
1403. ```
1404. #### Community Lists ####
1405. ```
1406. https://pastebin.com/k6bJ8a3r - @pollo290987
1407. https://pastebin.com/Wx73XHJ6 - @pollo290987
1408. https://twitter.com/ps66uk/status/1110690318859550726 - @ps66uk
1409. https://pastebin.com/fHG3sSCb - @ps66uk
1410. https://otx.alienvault.com/pulse/5c9a9f69106a4e067e7601eb/ - @SecSome
1411.  
1412. ```
1413. #### Credits ####
1414. ```
1415. (OC from @JRoosen and/or combination work of the following)
1416.  
1417. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1418. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
1419. @papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1420.  
1421. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1422. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial
1423.  
1424. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1425. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1426. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman
1427.  
1428. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1429.  
1430. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1431. helping out with this!
1432.  
1433. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1434. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
1435. @urlscanio and @Virustotal for providing services/software no charge to this cause!
1436.  
1437. ```
1438. #### Daily Log ####
1439. ```
1440.  
1441. Short on time. Quick update:
1442. Only received a dozen malspams and most were invoice/payment templates with links. E2 is still going nuts with 10 times the .ZIP
1443. files of .DOCs that were labeled as .JS but were really .DOC. E1 is doing straight DOCs like normal. As a review:
1444.  
1445. "Each of the ZIP files on both epochs were really cycling hashes at the same moment in time. 10 different sites would give you 10
1446. different hashes at a point in time. Then all 10 of those hashes would change in 5 minutes. This effectively created a huge pool of
1447. noise with the hashes for .zip files and I wont bother to put them in here but I have them if someone wants them."
1448.  
1449. EXE Rehash is still going nuts and we are seeing new hashes every 5 minutes.
1450.  
1451. C2s did change for E1 but stayed at 50 combos in total. - recorded above
1452. C2s did change for E2 and increased to 55 from 54 combos in total. - recorded above (lots of replacements and new IPs)
1453.  
1454. Time for sleep. TT
1455.  
1456. ```
1457. #### Sandbox 03/26/19 ####
1458. (all with fakenet and MITM unless spam/secondary infection)
1459. ```
1460.  
1461. Epoch 1 C2 run on 2019-03-27 at 03:30 UTC - https://cape.contextis.com/analysis/55236/
1462.  
1463. ```
1464.  
1465. ```
1466.  
1467. Epoch 2 C2 run on 2019-03-27 at 03:30 UTC - https://cape.contextis.com/analysis/55238/
1468. ```