Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet Malware RSA Key Change 2019/11/07 - Updated 1530 EST:
- RSA keys changed on all 3 botnets at approximately 1930UTC.
- e1:
- -----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOmlscqbEIhLjVsj9r3eYacKi6C+Qrua j5TlU+pn3zc0k06qCoahFXBBGnYMotHQc6OwfBKwHWm831LIVg29kEjT8UYxnN5v fzNGgqXTe25QARf78CsQqqN/ImKdXo+GFwIDAQAB -----END PUBLIC KEY-----
- e2:
- -----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKl4M80uy0jcxUiFIaJJyxgHVVnFtCq6 bi6f2xXPh/XUZNyN8UXDe5HzhTc4kwon9MBZffNwFOIc61QfV3K3YzEI/ktcyNqK LS67ONxsVep769QdiVQJXrIaFjMXKz6viwIDAQAB -----END PUBLIC KEY-----
- e3:
- -----BEGIN PUBLIC KEY----- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMqZMACZDzcRXuSnj2OI8LeIYKrbUIXL faUgIJPwYd305HnaBS2AfA0R+oPxT32r+3BbayI3KguqAn3E+rbwtLhqhOXOlTnY 7yvG4ufmwCCkRzc6Sq8baToxmd6y523AIQIDAQAB -----END PUBLIC KEY-----
- At this time we noticed the EXE naming convention changed too. The new names will be 2 of any of the following list of words:
- “FileNames”: “delete,band,ipsm,sspi,div,rdp,whole,dir,privacy,make,watched,pano,which,goto,wnd,rep,ceip,date,render,bag,vsc,vsa,mouse,counter,tech,wheel,ranker,iterate,store,sum,package,timeout,idebug,junos,site,trc,url,coffee,poller,remote,gapa,changes,duck,ppl,tlogcm,tlb,cube,hexa,vol,paint,star,nav,grp,avatar,center,cipher,brm,resize,markup,pausea,loan,emboss,vsperf,teal"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement