Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT ATTRIBUTION: REMCOS RAT
- SUBJECTS OBSERVED
- JPMorgan Chase Payment Report - 00010202020
- JPMorgan Chase Payment Report - 00010212020
- SENDERS OBSERVED
- no_reply_alert@message-jpmchase[.]com
- no_reply_report@message-jpmchase[.]com
- EMAIL BODY
- JPMorgan Chase
- This is a secure, encrypted message.
- Desktop Users:
- Open the attachment (Payment Advice[.]xls) and follow the instructions.
- Mobile Users:
- Open the attachment (Payment Advice[.]xls) on your PC and follow the instructions
- Need Help?
- Personal Security Image
- Your personalized image for: emailname@domain[.]com
- This personal security image will appear on secure email to you. If it's missing or unrecognized, please contact customer support. Learn more
- Disclaimer: This email and any attachments are confidential and for the sole use of the recipients. If you have received this email in error please notify the sender.
- Email Security Powered by Voltage IBE(tm)
- Copyright © 2015 JPMorgan Chase & Co. All rights reserved
- MALDOC FILE HASHES
- Payment Advice[.]xls
- 2e114b34a6062b0771d1cb73fec4273b
- message[.]vbs
- 06466e239d3389ff30cfeddb71624bed
- PAYLOAD FILE HASHES
- hades[.]jpg
- 9347e2e42a25c4354d28d9da4b6adc49
- MALDOC DOWNLOAD URLS
- hxxp://185[.]172[.]110[.]201/dkhh/message[.]vbs
- PAYLOAD URL
- hxxp://185[.]172[.]110[.]201/dkhh/hades[.]jpg
- REMCOS C2
- jollymorgan[.]myq-see[.]com
- 185[.]244[.]30[.]225
- SUPPORTING EVIDENCE
- https://urlhaus.abuse.ch/browse.php?search=http%3A%2F%2F185.172.110.201%2Fdkhh%2Fhades.jpg
- https://app.any.run/tasks/eb86765d-b1c4-4c34-bc0a-f61a21be8008/
Add Comment
Please, Sign In to add comment