Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Gootkit Banking Trojan is targeting Germany
- Indicators of Compromise
- Compromised websites downloading JavaScript loader:
- docs.anscommerce[.]com
- ellsweb[.]net
- entrepasteles[.]supercurro.net
- m-uhde[.]de
- games.usc[.]edu
- doedlinger-erdbau[.]at
- 3rd stage JavaScript C2s:
- badminton-dillenburg[.]de
- alona[.]org[.]cy
- aperosaintmartin[.]com
- Variant 1 (Gootkit):
- NET loader [973d0318f9d9aec575db054ac9a99d96ff34121473165b10dfba60552a8beed4]
- Delphi PE [60aef1b657e6c701f88fc1af6f56f93727a8f4af2d1001ddfa23e016258e333f]
- PE stored in resources [327916a876fa7541f8a1aad3c2270c2aec913bc8898273d545dc37a85ef7307f]
- Variant 2 (REvil):
- NET loader [0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f]
- Delphi PE [d0e075a9346acbeca7095df2fc5e7c28909961184078e251f737f09b8ef892b6] – the ransomware
- PE stored in resources [a7e363887e9a7cc7f8de630b12005813cb83d6e3fc3980f735df35dccf5a1341] – a helper component
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
