API tools faq
paste
Advertisement
ExecuteMalware

2021-04-19 Dridex IOCs

ExecuteMalware
Apr 19th, 2021
15,453
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.11 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: DRIDEX
  2.  
  3. SENDER EMAILS
  4. quickbooks@notification.intuit.com
  5.  
  6. SUBJECTS
  7. Reminder: Invoice 714873
  8.  
  9. MALDOC FILE HASHES
  10. 714873.xls
  11. 5c3a1b785f532a889980751123e3ffce
  12.  
  13. PAYLOAD DOWNLOAD URLS
  14. https://vegasvulkangermany.veronafoodbd.com/nteqdu5.rar
  15. https://sydwaltcrmfrontend.khholdings.co.za/d5mvar80.zip
  16.  
  17. PAYLOAD FILE HASHES
  18. nteqdu5.rar
  19. 340994098deb6bf6fa91f73350af7c15
  20.  
  21. Renamed to:
  22. trtsivqq.dll
  23. 340994098deb6bf6fa91f73350af7c15
  24.  
  25. Also:
  26. d5mvar80.zip
  27. 17d87654aea66ba8a0d416be95fac1b4
  28.  
  29. DRIDEX C2
  30. https://146.185.170.249/
  31. https://62.75.251.60:6601/
  32. https://185.148.168.25:2303/
  33.  
  34. EMAIL BODY
  35. Your invoice is attached. Please remit payment at your earliest convenience.
  36.  
  37. Thanks for your business!
  38. INVOICE 714873
  39. DUE 04/19/2021
  40. $1,330.00
  41. Review and pay
  42. Powered by QuickBooks
  43. If you receive an email that seems fraudulent, please check with the business owner before paying.
  44.  
  45. © Intuit, Inc. All rights reserved. Privacy | Security | Terms of Service
  46.  
  47. SUPORTING EVIDENCE
  48. https://www.virustotal.com/gui/file/da81aa0dd37baccdbdc7f7f9a3619d6e85155f8bd67fcd2fafdbe534443fdc0c/community
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!