Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: ZLOADER
- SUBJECTS OBSERVED
- Appointment inquire letter
- Followup letter to our dialogue
- Information about compensated purchase # 2235
- Reports you have wanted
- SENDERS OBSERVED
- perallasilverwheels5@aol[.]com
- avebysignus@aol[.]com
- c.clark92@aol[.]com
- wulda_ironarrow1993y5@aol[.]com
- EXCEL FILE NAMES
- V[.]246[.]xls
- 2235rzi[.]xls
- 9551du[.]xls
- EXCEL FILE HASHES
- d361840ecbad5367afa7ee3432fb86fd
- a6633b2391698adbc145273e29a71f79
- a8468fb62bbcc0758eea1dcee1becc73
- ZLOADER PAYLOAD URLs
- hxxps://ashok-poudel[.]com[.]np/wp-keys[.]php
- hxxps://atemschutzmasken-schutzmasken[.]de/wp-keys[.]php
- hxxps://aulaabierta[.]agoranews[.]es/wp-keys[.]php
- hxxps://ballista[.]vn/wp-keys[.]php
- hxxps://bdvan[.]com/wp-keys[.]php
- hxxps://bitcoincasinoreview[.]com/wp-keys[.]php
- ZLOADER C2s
- hxxps://33x[.]us/wp-parsing[.]php
- hxxps://adealbox[.]com/wp-parsing[.]php
- hxxps://aeronchairbyhermanmiller[.]com/wp-parsing[.]php
- hxxps://bitvshe[.]club/wp-parsing[.]php
- hxxps://bkk-wertgeschaetzt[.]de/wp-parsing[.]php
- hxxps://bothigolfscuron[.]tk/wp-parsing[.]php
- hxxps://buydeel[.]com/wp-parsing[.]php
- hxxps://caixabanktalks-bancaprivada[.]agoranews[.]es/wp-parsing[.]php
- hxxps://cardskool[.]com/wp-parsing[.]php
- hxxps://cloudguchenleteli[.]gq/wp-parsing[.]php
- hxxps://tiawildlidapu[.]tk/wp-parsing[.]php
- SUPPORTING EVIDENCE
- https://pastebin.com/raw/bb0RtM1u
- https://app.any.run/tasks/3ec42809-fca8-42f9-b9c9-6bf45425e564#
- https://app.any.run/tasks/735f5ec6-fb18-4c92-9d3f-bacf30a50083
Add Comment
Please, Sign In to add comment
