SHOW:
|
|
- or go back to the newest paste.
| 1 | *Email sample* | |
| 2 | ||
| 3 | - | _Subject_: Re: |
| 3 | + | _Subject_: Updated |
| 4 | ||
| 5 | _Body_: | |
| 6 | ||
| 7 | - | Dear ...: |
| 7 | + | Dear [NAME], |
| 8 | ||
| 9 | - | Please find attached our invoice for services rendered and additional disbursements in the above- |
| 9 | + | Attached please find the documents you requested.. |
| 10 | - | mentioned matter. |
| 10 | + | |
| 11 | ||
| 12 | - | Hoping the above to your satisfaction, we remain. |
| 12 | + | |
| 13 | King regards | |
| 14 | - | Sincerely, |
| 14 | + | Kaitlin Walton |
| 15 | - | Doyle Alvarado |
| 15 | + | Financial Director - Multinational Group |
| 16 | - | Divisional Finance Director |
| 16 | + | Mon, 27 Jun 2016 20:16:52 -0200 |
| 17 | ||
| 18 | ||
| 19 | - | In attachment a zip archive with a javascript file. No difference from previous campaign [1] spotted. |
| 19 | + | In attachment a zip archive with a javascript file. |
| 20 | ||
| 21 | - | Javascript sample - MD5: b83ef684529156e0bce902dc8da9c72e |
| 21 | + | Javascript sample - MD5: 37897ae64a236238d7eaf00021b78849 |
| 22 | - | VT: 2/56 - https://virustotal.com/en/file/58854ba6819996ab0700f4ccb95ed7b8cc72ff57ac6b89f3d4c93ef6a6219d70/analysis/ |
| 22 | + | VT: 4/55 - https://www.virustotal.com/it/file/e52bcee840a8e6270a25d6e9a93984409e29a9e84970f105e99960ce9d2910d7/analysis/ |
| 23 | ||
| 24 | *Compromised domains (47)*: | |
| 25 | ||
| 26 | - | akdenizozalit.com/ ixoxi |
| 26 | + | 933666.net/ 7q4e3lyp |
| 27 | - | allchannel.net/ lue6c4 |
| 27 | + | addonworks.com/ ncwx0b |
| 28 | - | aloprint.com/ bk0f2 |
| 28 | + | allchannel.net/ nk5jbh |
| 29 | - | arabian-star.com/ nay7jq7 |
| 29 | + | aloprint.com/ f216w5 |
| 30 | - | beluxfurniture.com/ 0jcxx |
| 30 | + | apotekroxy.com/ slc93v1 |
| 31 | - | clerici.info/ g1sd5d59 |
| 31 | + | asliaypak.com/ 355ip |
| 32 | - | depaardestal.nl/ z5htsm |
| 32 | + | bani-shehr.org/ fzvog |
| 33 | - | ding-a-ling-tel.com/ bazk3kao |
| 33 | + | cnn-generics.com/ k0m9wru |
| 34 | - | easysupport.us/ fl85xie |
| 34 | + | cond.gribochechki.ru/ 3sh2zhp |
| 35 | - | ekonova.nazwa.pl/ wc0coj |
| 35 | + | easysupport.us/ i62i9r |
| 36 | - | ft.dol.za.pl/ ymsikgp7 |
| 36 | + | ecomuseedelau-dela.net/ w2mb4 |
| 37 | - | fuji-mig.com/ awcigpa1 |
| 37 | + | empiredeckandfence.com/ x0xio |
| 38 | - | futuretech-iq.net/ koqpy |
| 38 | + | fitmag.org/ sts28g |
| 39 | - | handicraftmag.com/ mrihc |
| 39 | + | fpg.com.my/ t5dsdw |
| 40 | - | heavenboundministry.com/ i7a59qj |
| 40 | + | fuji-mig.com/ drl01 |
| 41 | - | hrlpk.com/ s5ibqz1 |
| 41 | + | futuretech-iq.net/ n9x1p2b4 |
| 42 | - | hyip-all.com/ 9qwmc65 |
| 42 | + | handicraftmag.com/ sriu1n1f |
| 43 | - | iminlife.com/ cqoanbzr |
| 43 | + | hrlpk.com/ soaoxmo8 |
| 44 | - | infocuscreative.net/ didt48j |
| 44 | + | hudebiah.net/ ibmw1psh |
| 45 | - | innatesynergy.com/ mrgdve3 |
| 45 | + | hyip-all.com/ b42yt4a |
| 46 | - | jasoncoroy.com/ szlzqni |
| 46 | + | iminlife.com/ ggu0m1s |
| 47 | - | kitchenconceptagra.com/ 5s9xb7j |
| 47 | + | infocuscreative.net/ i1paaw59 |
| 48 | - | komplettraeder-24.de/ w61qx92 |
| 48 | + | ingstroymash.ru/ al8z1 |
| 49 | - | marxforschung.de/ tt18a |
| 49 | + | innatesynergy.com/ sjkxwu |
| 50 | - | modelestrazackie.za.pl/ zfww8nx |
| 50 | + | innogenap.com/ tyob8uor |
| 51 | - | otolocphat.com/ bv2n241r |
| 51 | + | livecamstrippers.com/ 4y98s3ha |
| 52 | - | passagegoldtravel.com/ bqugo3qb |
| 52 | + | olgastudio.ro/ zw0g38 |
| 53 | - | pawelbuczynski.za.pl/ z1q8u |
| 53 | + | pakar.com.my/ waohxzq |
| 54 | - | percorsipsicoarte.com/ 6gz707c |
| 54 | + | passagegoldtravel.com/ ffi5dton |
| 55 | - | pub-voiture.com/ dcsjrjm |
| 55 | + | potolok-profit.ru/ maill2sw |
| 56 | - | racedayworld.com/ 808k8pd |
| 56 | + | pub-voiture.com/ hvik6d |
| 57 | - | reginamargherita96.net/ hhtvomcw |
| 57 | + | racedayworld.com/ 86ks8fhf |
| 58 | - | rzezba-bierowiec.za.pl/ y7fbo1a |
| 58 | + | sevvalsenturk.com/ 41l8xj |
| 59 | - | samrhamburg.com/ jrh9b |
| 59 | + | srilaktours.com/ 3sh2zhp |
| 60 | - | scpremiumbikes.com/ 3y1b0n4s |
| 60 | + | subang.go.id/ ui64jy0 |
| 61 | - | searchforamy.com/ 1fz0k9kp |
| 61 | + | summasolution.net/ t12u2h |
| 62 | - | stbb.pt/ z59ifwj |
| 62 | + | systemalu.com/ he9g1 |
| 63 | - | stckwt.net/ p4jlk |
| 63 | + | techproconsult.com/ m2q3u |
| 64 | - | testfacility.awsome.pl/ zc73v |
| 64 | + | titaniumequities.com/ t44df6bl |
| 65 | - | totalsportnetwork.com/ kpbrp2mq |
| 65 | + | totalsportnetwork.com/ niohzxc |
| 66 | - | ugmp.nazwa.pl/ xkhhf2n |
| 66 | + | u-flats.com/ 3q55hs7c |
| 67 | - | unitedprogamers.za.pl/ ylxt67 |
| 67 | + | vantagenetsvc.com/ bbeleqj9 |
| 68 | - | vantagenetsvc.com/ a7xssz |
| 68 | + | vinabuhmwoo.com/ 9w9pgdi |
| 69 | - | vinabuhmwoo.com/ 69udv |
| 69 | + | wbksis.com/ 5r167if |
| 70 | - | wasearch.us/ 6mm3hk |
| 70 | + | webcam-newzealand.info/ 7ikowb |
| 71 | - | wbksis.com/ 5mxl28il |
| 71 | + | williamsbreak.com/ vvekuwj |
| 72 | - | yourworshipspace.com/ a3py3w |
| 72 | + | yourworshipspace.com/ aj33f |
| 73 | ||
| 74 | *Sampled downloaded and decoded*: | |
| 75 | ||
| 76 | - | File Name: 1pqsLqX45.exe |
| 76 | + | File Name: u9U6k2s20gNVR.exe |
| 77 | - | MD5: 0bf7315a2378d6b051568b59a7a0195a |
| 77 | + | MD5: 24729418d1cc26644c2aac3144946857 |
| 78 | - | VT 7/55 - https://virustotal.com/en/file/653fb7c2c76c68d7a71307863f5025ee0f28faf850ca91e1581e3746695ecd55/analysis/ |
| 78 | + | VT 15/56 - https://www.virustotal.com/it/file/927045894644c63d2df702ca6121fd6d3464fd5efd661d91726d6e3e662e9a49/analysis/ |
