API tools faq
paste
Advertisement
GAmr1203

Lista actualizada Canales junio

GAmr1203
Jun 7th, 2018
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.54 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #Emotet Malware Document links/IOCs 06/07/18 17:30 EDT *Notes and Credits now at the bottom*
  3.  
  4. Document/Downloader links seen for Epoch 1 06/07/18:
  5.  
  6. http://zenenet.com/FILE/ACCOUNT889247/
  7. http://chris-dark.com/FILE/408063/
  8. http://kadatagroup.com/ACCOUNT/553737/
  9. http://www.sarinsaat.com.tr/FILE/tracking-number-and-invoice-of-your-order/
  10. http://plgmea.com/Invoices-DOCS/
  11. http://baute.org/STATUS/Account-25013/
  12. http://vagrantcafe.com/css/ups.com/WebTracking/GHY-062476711/
  13. http://ieasydeal.com/DOC/Invoice-0832814/
  14. http://www.dronetech.eu/STATUS/Invoice-03742462555-06-07-2018/
  15. http://aharoncagle.com/Client/Please-pull-invoice-81866/
  16. http://miracletours.jp/FILE/Invoice-22581/
  17. http://royeagle.com/_dsn/ACCOUNT/Direct-Deposit-Notice/
  18. http://www.markos-art.dk/ACCOUNT/Invoice-06-08-18/
  19. http://etchbusters.com/ups.com/WebTracking/GO-084528073696903/
  20. http://skydomeacademy.com/Data/DOC/Direct-Deposit-Notice/
  21. http://autoteile-cologne.de/DOC/New-Invoice-VV0691-JX-60669/
  22. http://trevorchristensen.com/STATUS/Account-08994/
  23. http://wiliangomes.com/ups.com/WebTracking/ITT-536356715267909/
  24. http://amazingmike.net/Client/Invoice-2274976/
  25. http://moomi-daeri.com/STATUS/Invoice-195444603-Invoice-date-060718-Order-no-49493163275/
  26. http://www.luminanza.com.br/FILE/INV382318060786/
  27. http://triround.com/ACCOUNT/New-Invoice-CR2418-UA-44569/
  28. http://glasneck.de/DOC/Customer-Invoice-IG-1757272/
  29. http://cpmccc.com/FILE/invoice/
  30. http://hade-noh.de/ACCOUNT/Invoices/
  31. http://solvensplus.co.rs/DOC/HRI-Monthly-Invoice/
  32. http://velo2max.com/wp-content/themes/Client/INV042284215829084515/
  33. http://kevinjonasonline.com/Client/Direct-Deposit-Notice/
  34. http://www.istanbulsuaritma.net/DOC/INV9098788/
  35. https://silke-steinle.de/ACCOUNT/Account-24258/
  36. http://super-filtr.ru/ups.com/WebTracking/MY-815412922/
  37. http://sarahmpetersonfoundation.org/STATUS/Payment/
  38. http://backdeckstudio.com/DOC/ACCOUNT01811367/
  39. http://gagat.am/ACCOUNT/invoice/
  40. http://robertrowe.com/DOC/Past-Due-invoice/
  41. http://nepapiano.com/ACCOUNT/Auditor-of-State-Notification-of-EFT-Deposit/
  42. http://muybn.com/aspnet_client/Client/Emailing-P94754VT-447035/
  43. http://bbdsports.com/ups.com/WebTracking/DB-9570901/
  44. http://soundshock.com/DOC/Invoice-90715/
  45. http://ravefoto.de/wpp-app/ups.com/WebTracking/HE-23359205661508/
  46. http://www.prkanchang.com/ups.com/WebTracking/QHY-07891091555/
  47. http://feltbobs.com/ups.com/WebTracking/WRU-812159019/
  48. http://meta-designs.com/STATUS/Invoice-50418617-Invoice-date-060718-Order-no-3169541221/
  49. http://wildpete.com/ACCOUNT/Auditor-of-State-Notification-of-EFT-Deposit/
  50. http://own-transport.com/pub/ACCOUNT/Invoice-702750935-Invoice-date-060718-Order-no-4720107772/
  51. http://villematti.info/STATUS/Past-Due-invoice/
  52. http://miyahashi.jp/Client/tracking-number-and-invoice-of-your-order/
  53. http://parisel.pl/ACCOUNT/Invoice-16229538-Invoice-date-060718-Order-no-1184763202/
  54. http://wojones.com/Client/Invoice-06-07-18/
  55. http://geely.emgrand-shop.com/Client/HRI-Monthly-Invoice/
  56. http://golfcorporativo.cl/DOC/Invoice-06-07-18/
  57. http://sleepsolve.co.uk/account/services-06-07-18-new-customer-tb/
  58. http://appraisalsofwmsbg.com/Client/Invoices/
  59. http://airmaxx.rs/ups.com/WebTracking/OTZ-23561915786/
  60. http://detss.com/ups.com/WebTracking/FSD-48222800/
  61. http://bunt.com/phpmyfaq/xml/ups.com/WebTracking/OA-7033272/
  62. http://sandwichpicker.com/ups.com/WebTracking/EL-9320270/
  63. http://lasagneria.eu/OVERDUE-ACCOUNT/ups.com/WebTracking/LC-832298544533553/
  64. http://uk-et.co.uk/ups.com/WebTracking/PHS-45772614/
  65. http://ontracksolutions.com/FILE/Past-Due-invoice/
  66. http://eurofood.net.ua/ups.com/WebTracking/UT-667634924614246/
  67. http://ptgut.co.id/DOC/ACCOUNT73637535/
  68. http://aspaud.com/Client/Invoice-268772/
  69. http://healthdataknowledge.com/datadownloads/STATUS/Invoice-861937/
  70. http://solarreinigung-volpers.de/ups.com/WebTracking/OG-415450703176/
  71. http://thecentralbaptist.com/ups.com/WebTracking/SMJ-697192525515168/
  72. http://maxlaconca.com/ups.com/WebTracking/VH-48952942813/
  73. http://generalgauffin.se/ACCOUNT/INV258052823058271/
  74. http://hoxen.net/ups.com/WebTracking/ZN-17214160971575/
  75. http://skyviewprojects.com/DOC/Pay-Invoice/
  76. https://unsignedonly.com/ups.com/WebTracking/HC-11303672500/
  77. http://profiles.co.nz/ups.com/WebTracking/BIW-52734101302269/
  78. http://djceejay.de/20180524/ups.com/WebTracking/WO-36518774273295/
  79. http://gladwynecapital.com/STATUS/invoice/
  80. http://fatafati.net/ACCOUNT/Auditor-of-State-Notification-of-EFT-Deposit/
  81. http://radioplay.ro/ups.com/WebTracking/RDB-010718759810/
  82. http://electriquestew.com/ups.com/WebTracking/PT-41866471/
  83. http://eliaswessel.com/STATUS/Customer-Invoice-AL-01962289/
  84. http://ukstock.co.uk/ACCOUNT/Invoice-06-07-18/
  85. http://smind.com/ups.com/WebTracking/RU-5174264233597/
  86. http://stroysvit.com/ups.com/WebTracking/GXY-01219011/
  87. http://sweatshop.org/Zahlung/Rechnungs-Details-045-1653/
  88. http://techidra.com.br/FILE/Customer-Invoice-IG-0599125/
  89. http://top4pics.com/FILE/Emailing-S65496BD-03328/
  90. http://ternakikan.com/DOC/Account-33957/
  91. http://totalsigorta.com/Rechnungsanschrift/Hilfestellung-zu-Ihrer-Rechnung-002927/
  92. http://verlagsakademie.de/ups.com/WebTracking/EB-82153990/
  93. http://wilmesmeier.de/ups.com/WebTracking/KK-21670391802/
  94. http://yenibanyo.com/DOC/Rechnung-scan/
  95. http://shop.goldcarp.sk/DOC/Pay-Invoice/
  96. http://rolandkurmann.de/ups.com/WebTracking/RRE-9394255877275/
  97. http://reidsprite.com/ups.com/WebTracking/PG-85714871584/
  98. http://photographybyamandak.com/ups.com/WebTracking/JDO-9716256221246/
  99. http://onenightlife.com/gallery/ups.com/WebTracking/CKF-934329952/
  100. http://mgtc.dk/ACCOUNT/Past-Due-invoice/
  101. http://nemocadeiras.com.br/ups.com/WebTracking/ZC-3912932659455/
  102. http://ncp.su/ACCOUNT/Payment/
  103. http://mischief.com.my/ups.com/WebTracking/KEC-7464938676981/
  104. http://mactayiz.net/DOC/Hilfestellung-zu-Ihrer-Rechnung/
  105. http://jctvlive.in/FILE/99250/
  106. http://scd.com.gt/ups.com/WebTracking/EM-8912820698/
  107. http://oilmotor.com.ua/ups.com/WebTracking/HDX-0486799569428/
  108. http://yenibanyo.com/DOC/Rechnung-scan/
  109. http://www.scottwellington.co/Rechnungsanschrift/Rechnung-0784-354/
  110. https://frankfurter-blumenbote.de/m/pdf/ups.com/WebTracking/YC-309053861/
  111. http://hajdamowicz.com/Rechnungszahlung/Rechnungszahlung-020-2435/
  112. http://vodaweb.jp/ups.com/WebTracking/KXB-240051680025342/
  113. http://jana-spreen.de/ups.com/WebTracking/WTL-360524599/
  114. http://i-call.it/RECHNUNG/Zahlungserinnerung-vom-Juni-003-8780/
  115. http://hajdamowicz.com/Rechnungszahlung/Rechnungszahlung-020-2435/
  116. http://wbauer.com.br/STATUS/Invoice-269844/
  117. http://romancech.com/ACCOUNT/Emailing-Y781182NC-465289/
  118. http://floriculturarosadesaron.com.br/ACCOUNT/Emailing-V520100YO-739783/
  119. http://familiekoning.net/ups.com/WebTracking/SFV-301427341868751/
  120. http://coimbragarcia.adv.br/RECHNUNG/Fakturierung-Nr022859/
  121. http://arnedspb.ru/ups.com/WebTracking/WD-497413213212/
  122. http://124.com.ua/ups.com/WebTracking/GTZ-620807656/
  123. http://sagunpapers.com/DOC/Services-06-07-18-New-Customer-ZH/
  124. http://fourtion.com/Client/Pay-Invoice/
  125. http://anzo.jp/DOC/Invoice/
  126. http://vinastone.com/FILE/Invoice-663900/
  127. http://vvegroep.com/STATUS/Invoice-06-07-18/
  128. http://webpathfinder.com/DOC/Direct-Deposit-Notice/
  129. http://giftofdivinity.com/Zahlungserinnerung/Hilfestellung-zu-Ihrer-Rechnung-Nr01042/
  130. http://arditaff.com/Client/Invoice-6147810/
  131. http://vermaelen.be/ups.com/WebTracking/YJ-8322172060/
  132. http://reborntechnology.co.uk/ups.com/WebTracking/QE-9427310841/
  133. http://hotshot.com.tr/Client/Emailing-C21622FS-818612/
  134. http://charihome.com/DOC/264053/
  135. http://tovara.cz/ups.com/WebTracking/YX-041648071/
  136. http://nerdtshirtsuk.com/ACCOUNT/Invoice-9174944751-06-07-2018/
  137. http://www.ravirandal.com/ACCOUNT/Invoices/
  138. http://broscam.cl/ups.com/WebTracking/WM-680441900/
  139. http://s-kotobuki.co.jp/ACCOUNT/Past-Due-invoice/
  140. http://geonatural.ge/DOC/Invoice/
  141. http://swapbanka.com/FILE/Invoice-56996/
  142. http://zitoon.net/ups.com/WebTracking/YUP-017500832043/
  143. http://orzessek.de/STATUS/INV02880911/
  144.  
  145.  
  146. Document/Downloader links seen for Epoch 2 06/07/18:
  147.  
  148. http://westyellowstone.nl/Service-Report/
  149. http://hermesfortune.com/Past-Due-Invoices-June/06/2018/
  150. http://familiekoning.net/UPS-Available-invoices-June-02I/17/
  151. http://macrospazio.it/Service-Inv/
  152. http://sjbnet.net/Invoices-DOCS/
  153. http://c-daiko.com/topics/Sales-Invoice-June/07/2018/
  154. http://emmagine.com.br/Service-Inv/
  155. http://uscoinsnut.com/Paid-Invoice-Receipt-June/07/2018/
  156. http://stezhka.com/Rechnungs-Details-06-Juni/
  157. http://srediscezdravja.si/Rechnungszahlung-06-Juni/
  158. http://tutorial9.net/Paid-Invoice-Receipt/
  159. http://pssquared.com/Available-invoices-June/
  160. http://vedapeople.com.ua/INV/
  161. http://yequjun.com/Rechnungs-06/06/2018/
  162. http://srediscezdravja.si/Rechnungszahlung-06-Juni
  163. http://sitymag.ru/Rechnungs-scan-06-Juni/
  164. http://frcs.com.br/Inv-Documents/
  165. http://nincom.nl/Rechnungs-Details-05/06/2018/
  166. http://mbtechnosolutions.com/UPS-Service-Report-7003/
  167. http://le-meur.net/Rechnungs-scan-06-Juni/
  168. http://istanbulsuaritma.net/Past-Due-Invoices-June/05/2018/
  169. http://ilpets.com/Zahlungserinnerung/
  170. https://viewto.de/Invoice-for-downloads/
  171. http://columbiainstitute.org/Rechnungszahlung/Rechnungs/
  172. http://citylog.net/siad/wp-content/Rechnungs-scan-06-Juni/
  173. http://pulseman.ru/Rechnungsanschrift-korrigiert/
  174.  
  175. Payloads epoch #1 by SHA256:
  176.  
  177. SHA256: 340a996d634c9cd1d83432d3fefaf1adc7faa4a2868e1fefdec102b4020787f3
  178. 295c1c62c655ace3adb3a63ef4f808c493feda5542b50f0c64e790c155827088
  179. 63b07f7cd5b9e6f5ccbf193ac9a0f55aff39dc40ffbdc29f530e0996a093796a
  180.  
  181. http://launchcurve.com/KyawzUU/ - 74.220.215.83
  182. http://429days.com/fwR0r/ - 50.62.26.129
  183. http://seege.de/jt4itV/ - 81.169.145.156
  184. http://jc3web.com/gj5o4ke/ - 216.15.245.208
  185. http://zonguldakescortbu.xyz/kvc8/ - 5.196.34.252
  186.  
  187. SHA256: f2d0be0cb95bbf73b7818048b1f082966d95ec2f9429453306384b51d4794646
  188.  
  189. http://castlewinds.com/9T8dz/ - 216.117.135.198
  190. http://vircom.cz/vsPjbD/ - 85.118.128.38
  191. http://shabab.ps/vb2/attachments/RLkR/ - 195.201.117.248
  192. http://jasoncevera.com/KCWt3P/ - 45.40.183.1
  193. http://rumsto.ru/image/6sYG7/ - 213.133.111.12
  194.  
  195.  
  196. SHA256: 28a4bf4772910c48b256e42192c648b251b5d923e0f3ade34b1f448be3b6132e
  197. a60d662aaccdfb5ad852975bbdc7513fc28b1b2d68b3ebab079d28637819a29d
  198. 2b3638961858e5b86d503b393b541b589b439a392b40227a8bb78dcd16faa841
  199.  
  200. http://hynek.eu/iByAcPe/ - 95.168.198.164
  201. http://classicink.biz/lXyzJa/ - 173.254.64.82
  202. http://rashev.org/qnp7xg/ - 79.124.76.20
  203. http://indepmo.com/qKE3/ - 192.243.109.168
  204. http://walley.org/YXtlJ/ - 80.79.21.60
  205.  
  206. SHA256: 84186dd72b75a7e8eb6d0835d42591ea34abe9ea8ff8d3bd5843c74424c9db4c
  207. 9d689446eb0c3d55da0b92ed552d963d3adbb14396722d2abe6d520d2b250d10
  208. 08c29031ae7ca3c57078963e8339039d25b90b3fc7fc5053dd4c49797063d62d
  209.  
  210. http://jameslumgair.com/WlOOE/ - 208.113.175.60
  211. http://motoracer.fr/XnZdh/ - 213.186.33.18
  212. http://madding.net/VNAknZ/ - 72.34.47.254
  213. http://poswieciekuchni.pl/qVsDJGT/ - 88.198.46.26
  214. http://lewistonsports.com/wqvx7ge/ - 173.237.136.21
  215.  
  216. Payloads epoch #2 by SHA256:
  217.  
  218. SHA256: f2bf755223c742a1fcf22b0b04dce33f08365d94bab97e1707f6bb2e240ebd9d
  219. 9f3076ee74ddde143821de914418d9b481bb804c306e378e6c1b7f961ad334c5
  220. e4e2ae9ea40907daafbf1fc151922862dc1a4f00a43d6e77c0db89821b2e762e
  221. 8ed0f2ebab985e79047971e2f6365e947805ed2ce96213e87acb7d9710c64836
  222. 6de0fac1020a02d0810136b4a8391f6f3ecf0bd64fb615f114f79ea037e58dde
  223. 3e1ea2abbd9c410e9ffdbee02453c59eeb213868dd7767d33143b571046a2341
  224. 261ad571891ef9e20698955e012fc828b63dc9ebd24b3693a930de0131ceddda
  225. be8a12b8dc41a705fbf85de252a27aacd995a65050f105d4faa7afa3b84df483
  226.  
  227. http://l7.si/6gfpfd/ - 146.247.24.82
  228. http://solarne-svietidla.com/X8Ak0fz5/ - 46.229.230.35
  229. http://raffaelli.com.br/lu3UF5Uff/ - 158.69.162.72
  230. http://sileria.de/4eo0Ri2DLD/ - 81.169.145.150
  231. http://lglab.co.uk/CdNcx0A5/ - 69.163.185.97
  232.  
  233. SHA256: b035f568772a4adda8514de9640117687b0c8fe2449032584d04b58bd6ff650e
  234. e67c4c17f3a2afd4b948731c7b62903f7190c0476aa843ef311bdcb1fa1316a1
  235. 585fb966ebf3b4dbbda0bde553774c351d6ea58ceb5846636081beca3dbe6fd2
  236. 2094db722ec4fc390788b50f1f913ceab5402a57b0c974f243054f8ec5440e3e
  237. 851dcf5eccb972b282832ebdd06a2306dc13c0749914f037337ebeca9ea7fd01
  238. 1712c2a61bba4e05a1b2bbbfec3c5eef8f0fd66289d3f83fb8bcc7aac0f57a2d
  239. 530e6e71129c87ad12251065a8d1adbeff9e85ba0a06cef1951e3ac1464bbb5a
  240.  
  241. http://vana-events.nl/a3BcMo2/ - 46.17.2.32
  242. http://mirusstaffing.com/DfEyHWL/ - 132.148.51.145
  243. http://rostudios.ca/ZaxcX41VAh/ - 69.28.199.230
  244. http://divergentsight.net/BPPdCo20K/ - 208.113.186.94
  245. http://willemjan.info/x9L1bBbn/ - 84.244.139.15
  246.  
  247.  
  248. SHA256: 71457b9bfa1730cc0f82037be3b50ce5b635fae2be071c298e870984ee6913e0
  249. 3a256eeeeaf3dcb506fb8b361561f5ab5df23731c5691efa8b5de6ab1d801115
  250.  
  251. https://eqwolf.com/VM6vU2i/ - 174.71.200.210
  252. http://laurelhillinn.com/NRooitjL/ - 70.39.151.44
  253. http://mbignell.com/t6FDuI/ - 143.95.41.176
  254. http://meister-spec.com/nz5fMF/ - 157.7.188.240
  255. http://silentjoe.ca/iwaX88CvEu/ - 72.47.212.119
  256.  
  257. C2s by port:
  258.  
  259. 20:
  260. 151.237.93.131
  261. 62.159.33.122
  262.  
  263. 80:
  264. 108.51.20.17
  265. 119.18.8.51
  266. 121.135.19.214
  267. 125.99.157.3
  268. 142.169.147.106
  269. 166.130.140.213
  270. 179.42.195.195
  271. 179.52.236.96
  272. 184.186.78.177
  273. 187.162.64.157
  274. 189.152.34.255
  275. 189.199.94.178
  276. 190.99.34.60
  277. 190.213.120.246
  278. 199.189.228.60
  279. 206.248.60.218
  280. 206.255.140.203
  281. 217.8.51.144
  282. 222.112.169.133
  283. 24.217.117.217
  284. 24.248.225.107
  285. 50.84.214.74
  286. 50.84.95.206
  287. 59.100.1.89
  288. 65.34.131.135
  289. 65.41.38.155
  290. 66.61.15.55
  291. 67.176.238.209
  292. 67.187.20.176
  293. 71.246.52.87
  294. 77.72.254.210
  295. 78.246.224.252
  296. 80.227.184.182
  297. *81.28.204.179
  298. 87.191.131.208
  299. 87.248.77.159
  300. 88.249.182.27
  301. 89.217.155.84
  302. 91.205.122.42
  303. 92.129.84.121
  304. 95.154.148.38
  305. 96.242.234.105
  306. 98.172.71.14
  307.  
  308. 443:
  309. 12.162.84.2
  310. 154.0.171.246
  311. 175.107.201.101
  312. 177.99.167.185
  313. 191.242.178.46
  314. 194.88.246.242
  315. 217.160.20.223
  316. 49.212.135.76
  317. 60.243.114.122
  318. 62.113.223.234
  319. 74.139.102.161
  320. 81.28.204.179
  321.  
  322. 4143:
  323. 119.59.124.163
  324. 162.251.81.235
  325. 216.105.170.139
  326. 71.244.60.231
  327. 82.211.30.202
  328. 91.134.186.49
  329.  
  330. 7080:
  331. 132.204.161.158
  332. *217.91.43.150
  333.  
  334. 8080:
  335. 106.187.91.235
  336. 115.160.247.148
  337. 125.129.212.89
  338. 139.162.216.32
  339. 149.62.173.247
  340. 158.181.186.171
  341. 173.78.254.86
  342. 181.41.88.6
  343. 187.162.170.206
  344. 202.142.47.78
  345. 203.198.129.4
  346. 205.178.137.221
  347. 207.68.223.75
  348. 208.84.149.100
  349. 216.230.231.74
  350. 23.239.2.11
  351. 37.210.210.225
  352. 37.59.51.53
  353. 46.38.238.8
  354. 46.4.100.178
  355. 50.31.146.101
  356. 50.84.214.74
  357. 5.9.252.80
  358. 70.183.98.85
  359. 72.52.216.110
  360. 77.154.197.178
  361. 89.186.26.179
  362. 98.191.195.92
  363.  
  364. *50000:
  365. *66.220.110.56
  366.  
  367. Credits and Notes Section:
  368. Note - The doc DL URLS are in non alphabetical order because it is the order I find them. I leave the most recent finds at the top.
  369.  
  370. Community Lists:
  371.  
  372. https://pastebin.com/hc0qSRPH - @pollo290987
  373. https://pastebin.com/STwnUgyc - @DecayPotato
  374. https://pastebin.com/aCjWbCWS - @James_inthe_box/@fewatoms
  375.  
  376. Credits: (OC or combination unless otherwise noted below)
  377. Doc DL URLs - @infernalTwin_ @James_inthe_box, @fewatoms, @JAMESWT_MHT, @c_APT_ure, @DecayPotato, @_ddoxer, @Techhelplistcom, @executemalware, @JAMESWT_MHT
  378. C2 info - @pollo290987
  379. Payloads - @RealRalf9000, @pollo290987, @AmirRedh
  380. Daily Log:
  381.  
  382. 06:45 - new payloads for both epochs
  383. 07:15 - mostly old emotet malspam that was sent 6/6/18 was coming in over night but as of a few minutes ago getting some freshly sent malspam with links.
  384. 07:22 - already a new hash on Epoch 1 but same payloads
  385. 07:30 - already a new hash on Epoch 2 but same payloads
  386. 09:30 - new payloads for epoch 1
  387. 09:45 - new payloads for epoch 2
  388. 10:15 - new hash for epoch2
  389. 10:45 - new hash for epoch1
  390. 11:15 - new hash for epoch2
  391. 11:30 - new hash for epoch2 again
  392. 12:15 - new hash for epoch2 again!
  393. 12:20 - I think some of the sites that were hosting one epoch are now hosting the other epoch and vice versa. Interesting. There is some consistency but it is interesting that a couple are moving around. I wonder why.
  394. 12:30 - Looking over @pollo290987 IoCs and noticed that we have a new port being used again for C2, 50000 which I have not seen before. Very interesting. Added all new content to C2 section with * denoting it.
  395. 12:45 - seeing new hash for epoch1
  396. 13:00 - yet another new hash for epoch2 with the same payload.
  397. 13:20 - new payloads for epoch2
  398. 13:40 - new payloads for epoch1
  399. 14:30 - new hash for epoch2
  400. 15:15 - new hash for epoch2
  401. 15:30 - new payloads for epoch1
  402. 15:50 - new hash for epoch1 already but same payloads
  403. 16:05 - new hash for epoch2
  404. 16:30 - new hash for epoch2
  405. 16:45 - new hash for epoch2
  406. 16:55 - new hash for epoch1
  407. 17:00 - since about midday, I am only seeing attached file versions of the malspam from emotet and most of them are referencing Payroll or Tax documents or a combination thereof.
  408. 17:10 - new hash once again for epoch2 but same payloads
  409. 17:30 - new hash once again for epoch2 but same payloads
  410.  
  411.  
  412. Sandbox 06/07/18: (all with fakenet and MITM)
  413. Epoch 1 as of 06:45EDT - https://app.any.run/tasks/a6ae832f-870f-4d8b-ad81-62d98deebf76
  414. Epoch 2 as of 06:45EDT - https://app.any.run/tasks/fb4cbe2a-916a-4533-b85f-864ad513fd64
  415. Epoch 1 as of 07:22EDT - https://app.any.run/tasks/4614394e-d45e-4435-9005-dad01b631ae0
  416. Epoch 2 as of 07:30EDT - https://app.any.run/tasks/cc7318b8-b22c-4d9c-8582-b7c5b2dd4315
  417. Epoch 1 as of 09:30EDT - https://app.any.run/tasks/e740f8fe-59c7-4469-a3e3-d142202750d3
  418. Epoch 2 as of 09:45EDT - https://app.any.run/tasks/38d388e4-a1e1-433a-b0a2-a1733cb39cbc
  419. Epoch 2 as of 10:15EDT - https://app.any.run/tasks/111e81b7-05cd-422c-b772-6f1a30f37b60
  420. Epoch 1 as of 10:45EDT - https://app.any.run/tasks/bbd82847-8064-4ee1-a876-8dee42d43bb6
  421. Epoch 2 as of 11:15EDT - https://app.any.run/tasks/45484d5f-e980-4e10-9f6c-e34537a86b69
  422. Epoch 2 as of 11:30EDT - https://app.any.run/tasks/3f1fec31-a8bd-4be8-a51b-66e795677d5d
  423. Epoch 2 as of 12:15EDT - https://app.any.run/tasks/0b9f9558-0a56-43b5-ba3f-813dbb1a06e1
  424. Epoch 1 as of 12:45EDT - https://app.any.run/tasks/bcdb06e5-8ff1-4aed-8fa0-8261be217c0e
  425. Epoch 2 as of 13:00EDT - https://app.any.run/tasks/63760f10-d0a5-40c8-a8ae-4f946427da72
  426. Epoch 2 as of 13:20EDT - https://app.any.run/tasks/08baded2-404c-4ec0-a086-4ea153f20d1d
  427. Epoch 1 as of 13:40EDT - https://app.any.run/tasks/728e43a8-431e-4fa1-b585-8583f3db5208
  428. Epoch 2 as of 14:30EDT - https://app.any.run/tasks/6547bfb2-a440-4f9f-9697-45a7e1fe9472
  429. Epoch 2 as of 15:15EDT - https://app.any.run/tasks/59658385-d0b0-4b86-9f2d-48995bb95561
  430. Epoch 1 as of 15:30EDT - https://app.any.run/tasks/f68e8d29-75f1-4dc2-b6b9-e147e0c280ab
  431. Epoch 1 as of 15:50EDT - https://app.any.run/tasks/6df1323d-6a60-4607-b025-58bda484b7cb
  432. Epoch 2 as of 16:05EDT - https://app.any.run/tasks/cc9ad40d-8349-42bb-8472-1936a3976012
  433. Epoch 2 as of 16:30EDT - https://app.any.run/tasks/2ea294f7-bf96-40a4-b1b8-dd2bb167c2a8
  434. Epoch 2 as of 16:45EDT - https://app.any.run/tasks/903e9e51-3142-4c40-976d-20404f156494
  435. Epoch 1 as of 16:55EDT - https://app.any.run/tasks/06a39eeb-758d-4b73-b0e2-8bc1f2498ef2
  436. Epoch 2 as of 17:15EDT - https://app.any.run/tasks/1b5268c4-77f6-4872-a9ec-2e1a6751dea5
  437. Epoch 2 as of 17:30EDT - https://app.any.run/tasks/90418780-8ae2-483c-8a19-b89085c20183
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!