SHOW:
|
|
- or go back to the newest paste.
| 1 | *Email sample* | |
| 2 | ||
| 3 | - | _Subject_: Re: |
| 3 | + | _Subject_: Payment |
| 4 | ||
| 5 | _Body_: | |
| 6 | ||
| 7 | - | Dear ...: |
| 7 | + | Dear [NAME], |
| 8 | ||
| 9 | - | Please find attached our invoice for services rendered and additional disbursements in the above- |
| 9 | + | Our records show that we have not yet received payment for the previous order #A-532173 |
| 10 | - | mentioned matter. |
| 10 | + | Could you please send payment as soon as possible? |
| 11 | ||
| 12 | - | Hoping the above to your satisfaction, we remain. |
| 12 | + | Please find attached file for details. |
| 13 | ||
| 14 | - | Sincerely, |
| 14 | + | |
| 15 | - | Doyle Alvarado |
| 15 | + | Yours sincerely |
| 16 | - | Divisional Finance Director |
| 16 | + | Jeremy Jackson |
| 17 | Operations Director (CEO Designate) | |
| 18 | ||
| 19 | - | In attachment a zip archive with a javascript file. No difference from previous campaign [1] spotted. |
| 19 | + | |
| 20 | In attachment a zip archive with a javascript file. | |
| 21 | - | Javascript sample - MD5: b83ef684529156e0bce902dc8da9c72e |
| 21 | + | |
| 22 | - | VT: 2/56 - https://virustotal.com/en/file/58854ba6819996ab0700f4ccb95ed7b8cc72ff57ac6b89f3d4c93ef6a6219d70/analysis/ |
| 22 | + | Javascript sample - MD5: b217ece3ecf33fd6fc624af5d25f0840 |
| 23 | VT: 1/56 - https://www.virustotal.com/en/file/a7e93e059bf53885110dddb52b5029e4e5c0b35f98ab3981a26b80a47118905d/analysis/ | |
| 24 | ||
| 25 | *Compromised domains (47)*: | |
| 26 | - | akdenizozalit.com/ ixoxi |
| 26 | + | |
| 27 | - | allchannel.net/ lue6c4 |
| 27 | + | 98.131.20.17/ o41d3 |
| 28 | - | aloprint.com/ bk0f2 |
| 28 | + | bbmarilu.it/ f7x1378 |
| 29 | - | arabian-star.com/ nay7jq7 |
| 29 | + | bbvogliadimare.it/ h573kdg |
| 30 | - | beluxfurniture.com/ 0jcxx |
| 30 | + | bolanoid.ru/ vjqraq |
| 31 | - | clerici.info/ g1sd5d59 |
| 31 | + | btgnj.com/ a6308b |
| 32 | - | depaardestal.nl/ z5htsm |
| 32 | + | caseificiodesantis.it/ bmvl5xz |
| 33 | - | ding-a-ling-tel.com/ bazk3kao |
| 33 | + | centrosportivoiunco.it/ c42en |
| 34 | - | easysupport.us/ fl85xie |
| 34 | + | cm-seia.pt/ 0q6d4ej |
| 35 | - | ekonova.nazwa.pl/ wc0coj |
| 35 | + | cond.gribochechki.ru/ zibni |
| 36 | - | ft.dol.za.pl/ ymsikgp7 |
| 36 | + | control-seduction.private.pl/ eu5c1q |
| 37 | - | fuji-mig.com/ awcigpa1 |
| 37 | + | darts-pr.ru/ 6m5hl |
| 38 | - | futuretech-iq.net/ koqpy |
| 38 | + | deangelis.co.uk/ 9189x |
| 39 | - | handicraftmag.com/ mrihc |
| 39 | + | dice-design.com/ 9cotr5w |
| 40 | - | heavenboundministry.com/ i7a59qj |
| 40 | + | dugganinternational.ca/ jlv43q0 |
| 41 | - | hrlpk.com/ s5ibqz1 |
| 41 | + | edilperle.it/ b354kx0o |
| 42 | - | hyip-all.com/ 9qwmc65 |
| 42 | + | fastmoneyloan.info/ 0h1vsa63 |
| 43 | - | iminlife.com/ cqoanbzr |
| 43 | + | fitnesclub.ru/ oc7xhbuc |
| 44 | - | infocuscreative.net/ didt48j |
| 44 | + | folkchata.pl/ wmm4i0 |
| 45 | - | innatesynergy.com/ mrgdve3 |
| 45 | + | follyfoot.org/ todl3fc |
| 46 | - | jasoncoroy.com/ szlzqni |
| 46 | + | garnelenfarm.net/ jixh4iz |
| 47 | - | kitchenconceptagra.com/ 5s9xb7j |
| 47 | + | genius-versand.de/ 9kme7u |
| 48 | - | komplettraeder-24.de/ w61qx92 |
| 48 | + | hate-metal.com/ hre8fqo |
| 49 | - | marxforschung.de/ tt18a |
| 49 | + | hoosiernetwork.com/ 6oa4xhk |
| 50 | - | modelestrazackie.za.pl/ zfww8nx |
| 50 | + | hotstreams.ru/ o1cri71 |
| 51 | - | otolocphat.com/ bv2n241r |
| 51 | + | hudebiah.net/ uhpdylx4 |
| 52 | - | passagegoldtravel.com/ bqugo3qb |
| 52 | + | ilbalconcino2011.it/ bzukq |
| 53 | - | pawelbuczynski.za.pl/ z1q8u |
| 53 | + | ingstroymash.ru/ m92xv |
| 54 | - | percorsipsicoarte.com/ 6gz707c |
| 54 | + | itc.slav.dn.ua/ w4b7m0 |
| 55 | - | pub-voiture.com/ dcsjrjm |
| 55 | + | karl-lee.se/ x23ft |
| 56 | - | racedayworld.com/ 808k8pd |
| 56 | + | marchandedidees.fr/ o1236qw |
| 57 | - | reginamargherita96.net/ hhtvomcw |
| 57 | + | maydenehotelblackpool.com/ 4qjb81gs |
| 58 | - | rzezba-bierowiec.za.pl/ y7fbo1a |
| 58 | + | modband.com/ a4jw2if |
| 59 | - | samrhamburg.com/ jrh9b |
| 59 | + | mr2peter.de/ myu3a6ge |
| 60 | - | scpremiumbikes.com/ 3y1b0n4s |
| 60 | + | namifitnessclub.it/ c6y9dcms |
| 61 | - | searchforamy.com/ 1fz0k9kp |
| 61 | + | newgeneration2010.it/ cx6uxxg5 |
| 62 | - | stbb.pt/ z59ifwj |
| 62 | + | newpark.co.uk/ 54yp9 |
| 63 | - | stckwt.net/ p4jlk |
| 63 | + | oavb.com/ 9hh3ybox |
| 64 | - | testfacility.awsome.pl/ zc73v |
| 64 | + | potolok-profit.ru/ od0xz9xv |
| 65 | - | totalsportnetwork.com/ kpbrp2mq |
| 65 | + | redpower.com.au/ xlkdld |
| 66 | - | ugmp.nazwa.pl/ xkhhf2n |
| 66 | + | saintkatherine.orthodoxy.ru/ 5uj4u6 |
| 67 | - | unitedprogamers.za.pl/ ylxt67 |
| 67 | + | staffsolut.nichost.ru/ qimiiud |
| 68 | - | vantagenetsvc.com/ a7xssz |
| 68 | + | turniejkrzyz.za.pl/ fz0i11 |
| 69 | - | vinabuhmwoo.com/ 69udv |
| 69 | + | uas-aas.ca/ 4bwbk5 |
| 70 | - | wasearch.us/ 6mm3hk |
| 70 | + | usdavetrana.it/ c474o |
| 71 | - | wbksis.com/ 5mxl28il |
| 71 | + | vonenidan.de/ kdwytr |
| 72 | - | yourworshipspace.com/ a3py3w |
| 72 | + | www.johnlodgearchitects.com/ fx89v |
| 73 | www.puertasjoaquin.com/ nl5tl | |
| 74 | ||
| 75 | *Sampled downloaded and decoded*: | |
| 76 | - | File Name: 1pqsLqX45.exe |
| 76 | + | |
| 77 | - | MD5: 0bf7315a2378d6b051568b59a7a0195a |
| 77 | + | File Name: fksdOKooVkA.exe |
| 78 | - | VT 7/55 - https://virustotal.com/en/file/653fb7c2c76c68d7a71307863f5025ee0f28faf850ca91e1581e3746695ecd55/analysis/ |
| 78 | + | MD5: 8137DC850A9F2593F331A149D6CC17CF |
| 79 | VT 13/54 - https://virustotal.com/en/file/6f292ac37fb327ce7223f4e7d58b93f0f3038f279ac54348c2cef430aacc44d8/analysis/ |
