Advertisement
MalwareBreakdown

06/18/2020: ZLoader Campaign IOCs

Jun 18th, 2020
15,831
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.72 KB | None | 0 0
  1. https://twitter.com/DynamicAnalysis/status/1273673818654064640
  2.  
  3. #ZLoader #malspam campaign with .xls attachments:
  4.  
  5. https://app.any.run/tasks/b58e610b-817e-4dd9-aa8b-45791c8d5f6c
  6.  
  7. Downloader URLs:
  8.  
  9. https://wireborg.com/wp-keys.php
  10. http://zmedia.shwetech.com/wp-keys.php
  11. https://datalibacbi.ml/wp-keys.php
  12. https://procacardenla.ga/wp-keys.php
  13.  
  14. Redirect to DLL located at:
  15.  
  16. https://gueberzehngemoonde.tk/rqh3h51.php
  17.  
  18. #ZLoader C2s:
  19.  
  20. https://neomithirdseman.tk/wp-parsing.php
  21. https://fernmasucsavidi.cf/wp-parsing.php
  22. https://wireborg.com/wp-parsing.php
  23. https://secretele-naturii.xyz/wp-parsing.php
  24. https://legendcoder.com/wp-parsing.php
  25. https://tiilearaphefanpa.gq/wp-parsing.php
  26. https://sutoverlaopers.tk/wp-parsing.php
  27.  
  28. A DLL sample that was submitted to AnyRun by @luigi_martire94 (https://twitter.com/luigi_martire94/status/1273687602747584520):
  29. https://app.any.run/tasks/e24f7fab-12ae-4f06-8748-0ea3e9ab21a6/
  30.  
  31. Information about the sample collected by @ThreatHive (https://twitter.com/ThreatHive/status/1273691021935890432):
  32. "marker": "18/06",
  33. "botnet": "minik",
  34. "rc4_key": "dh8f3@3hdf#hsf23"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement