Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2016-07-26 #locky email phishing campaign "okp987g7v"
- Email sample (recepient and sender addresses are the same):
- --------------------------------------------------------------------------------------------
- From: [REDACTED]
- To: [REDACTED]
- Subject: [16 random characters]
- [No email body]
- ---------------------------------------------------------------------------------------------
- Attachment <16 random characters from Subject>.docm
- Attachment is MSWord document with macros that downloads from:
- http://art-kollag.nichost.ru/okp987g7v
- http://bettina-mikulle.homepage.t-online.de/okp987g7v
- http://gautyon.web.fc2.com/okp987g7v
- http://ilanscool2.vov.ru/okp987g7v
- http://mond.50webs.com/okp987g7v
- http://nichudousoukai.web.fc2.com/okp987g7v
- http://svc026.wic011v.server-web.com/okp987g7v
- http://tonerliber.web.fc2.com/okp987g7v
- http://tulapoligrafist.ru/okp987g7v
- http://www.annamariapanarello.org/okp987g7v
- http://www.anti-gewalt-training-sh.de/okp987g7v
- http://www.grassofratelli.it/okp987g7v
- http://www.hfs.url.tw/okp987g7v
- http://www.marina188.com.br/okp987g7v
- http://www.tinayr.go.ro/okp987g7v
- http://www.trapallan.com/okp987g7v
- http://www.zenemuzeum.go.ro/okp987g7v
- http://zoologiczny.cba.pl/okp987g7v
- added:
- http://joseptarradellas38.com/okp987g7v
- http://marionawe.homepage.t-online.de/okp987g7v
- added:
- http://w84o8npua.homepage.t-online.de/okp987g7v
- malware: https://www.reverse.it/sample/35a9ffbbe20f8d4ed483916e15052df53714b7d5fb57fa0326cd0b138c4b73a6?environmentId=100
- C2s:
- 91.234.35.216:80
- 31.41.47.41:80
- 217.70.184.38:80
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement