Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: REMCOS
- SENDERS OBSERVED
- CitiBank_EFT-advice@Remit-Citi.com
- MALDOC FILE HASHES
- Remittance Advice.xls
- 571f988258963aff38ef1bd06a36bcaa
- JAVASCRIPT LOADER URL
- http://augustair.com/log/remit/edi.js
- JAVASCRIPT LOADER FILE HASH
- edi.js
- 5f82fde65dfd751c2b602541e36ae6d7
- Renamed to:
- outlook.js
- 5f82fde65dfd751c2b602541e36ae6d7
- PAYLOAD URL
- http://augustair.com/log/remit/edi.jpg
- PAYLOAD FILE HASH
- edi.jpg
- f7c5a6c6a3ddbe780d9d8bfe36911557
- REMCOS C2
- I did not see any C2 traffic - I only let it run for a short time.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement