2020-10-30 ZLoader IOCs

1. THREAT ATTRIBUTION: ZLOADER
2.  
3. SUBJECTS OBSERVED
4. Additional information about Invoice id 2091
5. Additional information about Invoice number 9814
6. Agreement 1155 details
7. Delayed account friendly reminder #: W710
8. Delayed monthly bill friendly reminder #: E30
9. Delayed monthly bill reminder ID: P01
10. Details about Receipt No. 6295
11. Outstanding monthly bill reminder ID: U142
12. Outstanding payment message ID: P942
13. Past due account reminder #: I80
14. Past due payment notification CODE: P21
15. Payment # 8187 info
16.  
17. SENDERS OBSERVED
18. [email protected]
19. [email protected]
20. [email protected]
21. [email protected]
22. [email protected]
23. [email protected]
24. [email protected]
25. [email protected]
26. [email protected]
27. [email protected]
28. [email protected]
29. [email protected]
30.  
31. EXCEL FILE HASHES
32. 25ac4c15d4d14bea82577d5e7b55458e
33. 356b5f6e2a2daa8b74a28f48288a61d0
34. 43cb32046de416192df108145c9625cb
35. 86b16147f0c864a4d88cc0d6f7bb742e
36. b31eb610d51dce4bb45ee49a3e2e31a8
37. b5b631a0148c11a571a8e0098a23e541
38. c8a5b3c6e5e120b5afb202564e9fe68a
39. f5004a15365709fb2e2a1dcd3c8d69e6
40.  
41. ZLOADER PAYLOAD
42. https://access-one.us/aym3vh.php
43. https://amazonuniverse.in/a1cunn.php
44. https://creditoacumuladoicms.com.br/njcnt1.php
45. https://longisland.casa/wp-data.php
46. https://morgadoent.co.za/tizmel.php
47. https://payment.fashion/wp-data.php
48.  
49. access-one.us
50. amazonuniverse.in
51. creditoacumuladoicms.com.br
52. longisland.casa
53. morgadoent.co.za
54. payment.fashion
55.