API tools faq
paste
Advertisement
DarthInvader

March 7 2018 Emotet indicators of phishing

DarthInvader
Mar 7th, 2018
831
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.33 KB | None | 0 0
raw download clone embed print report
  1. March 7 2018 Emotet indicators of phishing
  2. Some of these sites came in late March 6 2018
  3.  
  4. From addresses
  5. [email protected]
  6. [email protected]
  7. [email protected]
  8. [email protected]
  9. [email protected]
  10. [email protected]
  11. [email protected]
  12. [email protected]
  13.  
  14. Subject
  15. New order
  16. Document needed
  17. Invoice
  18. Outstanding Invoices
  19. Invoice receipt
  20. Open Past Due Orders
  21. Paid Invoice
  22. Past Due Invoice
  23.  
  24. No payload http://www.se-beach-karting.at/Overdue-payment/
  25. No payload http://www.cultravel.it/Invoice-Number-01350/
  26. No payload http://стоматология-на-алексеева.рф/Service-Invoice
  27. No payload http://rebus-metod.net/2-Past-Due-Invoices/
  28. No payload http://автогазсервис34.рф/Summit-Companies-Invoice-483821/
  29. No payload http://educational.academy/Sales-Invoice/
  30.  
  31. Unverified URLs
  32. http://khabarovskstroy27.ru/Past-Due-Invoice/
  33. http://spastikengellilerfederasyonu.com/Important-Please-Read/
  34. http://agrologsa.com/XGT4x/
  35. http://restaurantemexicanofrida.com/Paid-Invoices/
  36. http://website1.italix.info/wp-content/UPS-Express-Domestic/Mar-06-18-08-48-54/
  37.  
  38. The sites below serve the same payload file, just different file names
  39. https://www.virustotal.com/en/file/11837a032823b811d66754917b7ae99ec2315ea5b7bfd659a2c16625e94bd099/analysis/1520435368/
  40. https://www.hybrid-analysis.com/sample/11837a032823b811d66754917b7ae99ec2315ea5b7bfd659a2c16625e94bd099?environmentId=100
  41.  
  42. Site Active file:Invoices attached.doc
  43. http://kil-more.net/Open-Past-Due-Orders/
  44.  
  45. Site Active file:Past Due Invoices.doc
  46. http://web-courses.com.au/Invoices-Overdue/
  47.  
  48. Site Active file:Paid Invoices.doc
  49. http://strawberryfields.info/Invoice-Corrections-for-82746759/
  50.  
  51. Site Active file:Paid Invoice & Credit Card Receipt.doc
  52. http://kil-more.net/Open-Past-Due-Orders/
  53.  
  54. Site Active file:Outstanding Invoices.doc
  55. http://rkn-it.net/Invoice-for-you/
  56.  
  57. Site Active file:Outstanding Invoices.doc
  58. http://www.stocksport-natternbach.at/Service-Report-64203/
  59.  
  60. The sites below have a different payload than the sites above
  61. https://www.virustotal.com/en/file/9ff75bc185bcb9f01cac41dd0679cd260fea02b9145c95230e2c08c3f8bc3452/analysis/1520444572/
  62. Site Active File:Service Invoice.doc
  63. http://gustavorique.com.br/Invoice-for-f/l-03/07/2018/
  64.  
  65. Site ACtive File:Service Invoice.doc
  66. http://anuradhaseneviratna.com/Outstanding-Invoices/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!