API tools faq
paste
ExecuteMalware

2020-08-24 Remcos IOCs

ExecuteMalware
Aug 24th, 2020
3,378
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.16 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: REMCOS
  2.  
  3. SUBJECTS OBSERVED
  4. Payment Advice Notification
  5.  
  6. SENDERS OBSERVED
  7. JPM Chase Payment Notification <donot-reply_notificationsr@alert-jpmchase.com>
  8.  
  9. MALDOC FILE HASHES
  10. ACH Payment.xlsm
  11. 3b155af3c5f8cb9dcda8e4566d27abe4
  12.  
  13. MALDOC DOWNLOAD URLs
  14. http://oficina24.online/king66/Protected%20Client.vbs
  15.  
  16. PAYLOAD URL
  17. https://oficina24.online/king2/hold/manti/filet/uoyert/searty/Attack.jpg
  18.  
  19. REMCOS C2
  20. UNKNOWN
  21.  
  22. EMAIL BODY
  23. JPMorgan Chase
  24.  
  25. This is a secure, encrypted message.
  26.  
  27. Desktop Users:
  28. Open the attachment (Payment Advice.xlsm) and follow the instructions.
  29.  
  30. Mobile Users:
  31. Open the attachment (Payment Advice.xlsm) on your PC and follow the instructions
  32. Need Help?
  33. Personal Security Image
  34. Your personalized image for:
  35. This personal security image will appear on secure email to you. If it's missing or unrecognized, please contact customer support. Learn more
  36. Disclaimer: This email and any attachments are confidential and for the sole use of the recipients. If you have received this email in error please notify the sender.
  37. Email Security Powered by Voltage IBE(tm)
  38. Copyright © 2015 JPMorgan Chase & Co. All rights reserved
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!