Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Emotet Malware Document links/IOCs for 10/08/19 as of 10/09/19 00:00 EDT ##
- *Notes and Credits at the bottom.* Follow us on Twitter @cryptolaemus1 for more updates.
- ### Document Downloader Links ###
- #### Epoch 1 Document/Downloader links ####
- ```
- <none>
- ```
- #### Epoch 2 Document/Downloader links ####
- ```
- http://awgpf.org/wp-admin/LLC/dUDBARshweY/
- http://blog.safary.ma/fwl503/INC/vEVxmeCyUmCQtogaMolBfygoR/
- http://clients.siquiero.es/hizv5v9/paclm/afcse9eba1qsn_owbo6-69170965/
- http://ctni.co.uk/wp-admin/esp/bBItbZBcBQOoEwafxb/
- http://decorstyle.ig.com.br/wp-content/languages/Scan/za7w63pg79e_f4ia5-01669369/
- http://disdostum.com/blogs/lm/khtnAGvipOpDnzbCFMC/
- http://earthpillars360.org/vgok990sf/cavTByhbMbs/
- http://emilrozewski.pl/emilrozewski.pl/INC/o2i1pmac2kkr5bo5mx2nl2at4_6dc3fvvq-66548834332/
- http://gonouniversity.edu.bd/sociology/lm/InNCDfrRIDqnLjHrOFEhBGhRGFQsX/
- http://hurtowniatapet.pl/wp-admin/zqVHnvSXXoiFCasKkuFaUg/
- http://infraturkey.com/deletecomment/parts_service/daaMnHeDzR/
- http://ismashednc.com/cgi-bin/z551rm1hmrv373_e8hs2-7538061518636/
- http://kbkevolve.com/wp-admin/zjmxgadhuv4pnbzp7ynpdoik56795_gwb8z-673046389663526/
- http://nuevocorporativo.canal22.org.mx/wp-includes/s0r6nqec8g68xjnbfnttar7_t805e-24701676/
- http://ostadtarah.ir/wp-content/paclm/MpIiyqCdWrsLPjbMjiDqBhrZOq/
- http://overwatchboostpro.com/ynibgkd65jf/sites/2bmfkc0j7qe8_58yyhd4-3344823406/
- http://parscalc.ir/academy/RKWgiuSOZGpFVpIf/
- http://peruphone.com.pe/5hdf7b2/DOC/XGxZhPXkNKqiiGFnKeIH/
- http://taskforce1.net/wp-admin/paclm/b33w806gu34ln6s_o75jzedoh-7204931873/
- http://wizard.erabia.io/cl67i3t/Document/HcRzSepVgfWLviFFzMVzUFePbuvUH/
- http://www.bresbundles.com/hunwdgi/esp/vml11lb8y0nqu244jmd1ulfcj_533mn-795717924/
- http://www.earthpillars360.org/vgok990sf/cavTByhbMbs/
- http://www.elibdesign.co.il/wp-content/yKiXqyQZcygxYAAKT/
- http://www.endeavouronline.in/cgi-bin/3ag3ls9kvd4ot6j1njug1nq8k_2v9rsq9-5699212626798/
- http://www.goaribhs.edu.bd/wp-content/A3F9NVJS9BB3F/NMCmgnzScSetktYTdGLDfyPsqZEleA/
- http://www.lavinotecaonline.it/wc-logs/yHlKCeOlqUfc/
- http://www.omniaevents.co/wp-includes/LLC/im4r213qj3jgqq04kcp722irmm_n7331-313199097437/
- http://www.saleemibookdepot.com/hpkikf/LLC/fqj2uihuh9te8_bculdpib-726470310041/
- http://www.salviasorganic.com/license/INC/0fbsvvw1uzkhc8nf4x8hiqoa7obf_8flumf39v-3657734246364/
- http://www.sweetpeahaircollection.com/sssu/FILE/lnnet2pb1tnl5rl0onl4gy_8vehv5y-920842041/
- https://ctni.co.uk/wp-admin/esp/bBItbZBcBQOoEwafxb/
- https://ecklund.no/pdf/NS89IQMMUCSS/jFcOZtnMxKGeacejiwMwAlDzKeQNGa/
- https://iglogistics.in/sitemap/sites/ycfxuqsv_ay7m3lcrv-140179245879158/
- https://medias.chavassieux.fr/ithemes-security/63jgcgvb8jr68pcwazhl5h1smav79t_yyckjzwlc-316327566722032/
- https://milwaukeechinesetime.com/function.cheese/vHmHUDKXBfcgYtvnXicxWt/
- https://norbertwaszak.pl/tmp/LLC/BQpvwHGKCQDvKNpfIGhqse/
- https://parscalc.ir/academy/RKWgiuSOZGpFVpIf/
- https://roshanbhattarai.com.np/audio/LLC/0yxb1xel1ydl_nve0nvqu2-4052856905/
- https://www.bresbundles.com/hunwdgi/esp/vml11lb8y0nqu244jmd1ulfcj_533mn-795717924/
- https://www.earthpillars360.org/vgok990sf/cavTByhbMbs/
- https://www.elibdesign.co.il/wp-content/yKiXqyQZcygxYAAKT/
- https://www.kairod.com/wp-admin/2mnbyvwluikqcptooc6zgqi5x_n0iovu4-89107313/
- https://www.nxn.one/u3pgsx/lm/ja4cwgjfnn3d1pay5s2ltjk8_qije8-44560606469579/
- https://www.sweetpeahaircollection.com/sssu/FILE/lnnet2pb1tnl5rl0onl4gy_8vehv5y-920842041/
- https://www.zhycron.com.br/admin_ldown/paclm/TrZdUfcnfIvF/
- ```
- #### Epoch 3 Document/Downloader links ####
- ```
- <none>
- ```
- ### Payloads per Epoch by Document ###
- #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
- ```
- Creation Time 2019-10-08 21:38:00 (Attachment Only - Doc based - Product Notice)
- SHA256:
- c84664a344e771be41969912556336d2c897a4dd251d26eeacac6bc5fc319e65
- 2bb1527ada1ac7fce2025798130e3ac21a83e0ebb27e85d281d89a07f87e48ef
- https://www.skullbali.com/bk.wp-content/311/
- https://aceontheroof.com/i0oni/gzx5550/
- https://aaplindia.com/harder.inc/odw8xth96/
- http://cheematransxpressinc.com/wp-includes/shm5djl4638/
- http://www.dgxbydamonique.com/fr4jt/cache/init.upper/h8914/
- Creation Time 2019:10:08 18:28:00 (Attachment Only - Doc based - Product Notice)
- SHA256
- 76ef4c5e6b2d96ff9992ab0d9dd1c8d6c0e48c2f48e8ab5337244d7e4e398d59
- 4ba60a908543cc1f480f87434465c287ac01aa59fb8ee0624bb7afc95b40976c
- 4606cded1cd857878be98306ae150c475140628faf97043dad10b55109dae430
- 22786a80be851c33176da8bdcb875dba920504e746ab613b72e8d19df3b49207
- f77a7fc2633d5ce15948a5bd43728d4d81ee760683e04c0dabd853fccbe4064e
- 5a64821814566d26f15e3e0fd920cfc693f14c0d173ec9317365d9198a40b789
- 5f6d4bd72bb15c1a031d7222594711e4d5eeebd4a61fae15d2cbeb57bd60f42c
- e6dd9f9f3fde62281e294f157e382eb3ed5f991c011ec01f81d5b2a845d4a101
- http://www.denedolls.com/wp-content/upgrade/oghujlu568/
- http://www.divinedollzco.com/wp-content/upgrade/sl3d205/
- http://www.exquisiteextensions.net/5kjc/cache/8so9319/
- http://www.reviewchamp.net/wp-admin/4394/
- https://fayedoudak.com/cgi-bin/2iz3/
- Creation Time 2019:10:08 13:47:00 (Attachment Only - Doc based - Activation Wizard)
- SHA256
- 09e3f1ff1ec66936904a806cf06813299f6c384b992a602cacb705685f75a8ff
- dfb1e346662ac3ae6cb9e65f2f1a0fc1e5e3aa3a0ff21192f397da5a3b728546
- d1ef500a7b1aff742788631513009ca71d0906eb08727d97147d4c96008960b1
- 5117c58f361b830d502545c2077b8a29278338beedc2efc16ba4edb4523a4a0e
- 96e7ce575a722ebc6cf285358a0005416b9f505bd600d5379eb49a8df6e99cfc
- 8f9be82007620f3680a644ca679aa300ea74f521291ae234a64538b8cd2e3040
- 6ff109f90f476cdeffcfa71dd381b88e3185ebe748e780e73445927884c48c54
- e53f55229f9aee823651551b00003a8c59848c34f58b1280245bb5db39e9826a
- 9ff35a3741e7fb9f0474f526ef078b4ff15f99573e048750e7a9870925d2892c
- 004903745336e5147226d46758defdb972f22e307160a0196915b7b013c24e58
- e51373435a0f464a47bf3a4de14dfdaf827e226074bc20eac97f911be073b0a2
- 58d5550f324f0d5463564ccff185f054c30f0ab66942f7e7e3cdddde7faf1b82
- aaf885e5ed3829808e0835936ad42368ed03a628283650d1d72fa5151fecbf5e
- c12361239e6ff1a51e08bbf75e348de338134646a3a19ac3df69bd9a581578af
- 55e848d4e413c3d55c37d40bed6a313dbe5d7297f11f6104518de94a3295b021
- http://suse-tietjen.com/wp-admin/u442/
- http://www.vanilla-extensions.com/wp-content/0hb3292/
- https://sahajanandmart.com/Android-RecyclerView-code-generator-master/hba97650/
- http://arabiasystems.bubaglobal.com/crm/f8i6/
- http://maolo.net/8qv20/73z86/
- Creation Time 2019:10:08 09:55:00 (Attachment Only - Doc based - Product Notice)
- SHA256
- e61d2fe49874eb995cb47c51e4cb2ece281694a6fb721d7eefdd0d7732902b83
- 9f5bf3feba0b44c527e234b18589d307c224ce14b37633a3609e7eb02a20dd33
- 8933c0e6c9faa660545f4d5e100cb9fee10aa168f9421f3351709b593f2fe63d
- 387741d6c128b8f9d84a3590e0442d534632e52f5536999e15fe5a55422a9112
- 264f266fbaabca45472e491ae814d60fb580b10a9c88c9c15745913b50004c1e
- 9c7b267f9c013cefaefbaeea7fa1ea3303d605791dbe48d12f06b000ca6a491a
- a3144c9b86feaf93ac583c933262ba0bf0c8dc59b5bc09ac897d4bb57170bcf2
- 3539d8f2e173735561a612028e02612232317a7cdcce78b4677a6e4a3ba976c5
- 7e38ca829889fbf67f57d37930a2ae34b469c1c1464d3a865129f3b0242bac9e
- 042e0cf3fb053e052c8b7adfb2be6b96a313e006ed08a23eaf8ed1e80baec29f
- https://retos-enformaherbal.com/wp-admin/ty8c0/
- https://georgereports.com/wp-includes/slus46762/
- http://scribo-cameroon.com/css/2f3142/
- http://junengmoju.xyz/wp-includes/m50168/
- http://anjietiyu.com/wp-content/d5256/
- Creation Time 2019:10:08 06:22:00 (Attachment Only - Doc based - Protected View)
- SHA256
- b1b08b80e5eb2f08375f0c7a6cc814e2b500f1110f4a3ab6aa5ee859ff384271
- e9d96541c874cad22dcdb71431b313c386ec45672d54354a412b7d65c334b353
- 6c9b3ccaa6f5d490eb0e602cb85b6a1059bfa18118ad53031a279961480a9b10
- 93522f9d5dd7e4488ab0797c1d83f3aef283daecd2479ca2f66a88e40a43abf7
- 355044d564d0ec88045a81feda619cd7d76ceee25bb4ce1b13a1117fb6416d50
- 3ddb7a79bed76211b93491519a3473c8b84e6fb21777080f5f8c04c68c217078
- 101c4a5a34a58c6b7186893a04de32f8dd0165510889fa873ea3287c5ba72e9c
- 97dbd71dc62d6acbd0d1e41d9c82066dd0650e902e7d8fdf5626b9495847daae
- 86b3be02e700fddaf207643893e364f52a7619bc72e3c0a04df2ba1dbac6122f
- 4cc2c2c09d03571a111d7e1643eb4ec6540495ba83c738d0f9a1507bf0626597
- b9b2e4954a7904934d27d5792292a3f00694faa16494d3efc1062ffd0a532779
- 979223117d4ce4eacdc30a4e87c519b9a87a7507a307dcdcef2d0da5448325e5
- 091856924e5c1c3c2503b1560dc0255ef1d2c4fb17095225a6184d00525437ac
- 238f3102d47c8744f86edcd268c1c9fe260c9b5ff547872b2ce6d376f5ba8d88
- 9b87c9414666aeb43933db2208588bd8a3853a969a08b38e03f2674366be0af4
- 2ae0f71b14bdda233b42e00879c88c419c466002f634e576648053c63ed388f2
- 8012b3c9b6f181878b569add8cd98257486487eaca0f6cc92f4433ec73b61f12
- 4ab4140a716dd5553bd084ea24062d14948ed200ce794b58e886492e8aed43db
- https://halloweendayquotess.com/wp-content/5o40y5w7760/
- https://pentechplumbing.com/wp-content/ovp35378/
- https://joangorchs.com/5tvk/gy6154/
- https://physicaltrainernearme.com/yabu/9xnjf4183/
- http://yensaogianguyen.com/wp-includes/rp802oi00/
- Creation Time 2019:10:07 21:38:00 (Attachment Only - Doc based - Product Notice)
- SHA256
- 565accdaa30ecd3ee09cf5ffcfb28a941a35ad8b85b8a174478caf9fa02fca13
- 13c6abc718f08b6fa59813fc62dcc3c8eae62d89c430b5e8b80a2683da93e4ca
- 706d6c8d6a1c6a5a4b48f373fcf08b42900e0d19ec558a59778e7d7998ffaaec
- 55004ce3122e1c50902978e57a9ac04c211e1ac9ac5391daeccabc2a453817f2
- 67e4943ef8826325d01d6e076ab404f82769ebac651265087619b844803c7234
- c4898b54830c2fc8f6d19b1030f545826de52927dc0636e525a95ecf74c0ecf8
- b7d0a0a3e852bc0f35c3808ee61bb38e953a95bc599f1e8e9d99e6f54b078561
- 08d5cea1dae8c4c59758c50afd5bb3a15bf855bec29c3c9ba0c3818551306bb9
- 6a34d6c923698fb5d00d62cfc6278a5a8d5184b62c4d43bbb095f1d120982d92
- 2670be25f7b3dbd3412cf41188e844fb7eba1a12c472fd1b47c780c6b1801500
- 869e03adb7f76845e98af484c5ebea2977ae220b629d031d4bdd737c515d2f2d
- 902441cb72c2fe170c7d7e15b4357ffc7124245354272d4b9a33be1f63f26578
- 7b9df8530c0d7af5ba382179a31269ef2df7fbed52aa5ffe1321b9c869a3eda7
- 6ac7095c3d3064078e4a49f85da7ecb39cf358e4c3ebdcf257820caf883868f7
- 64d6c044ec17d331d20257ca8bafd35919ddce3e868c6feaf66a26c8724357a7
- 6cff812d845f1514d0827c1f4fd49524f668d362f5d94c23c15ca835a80016fa
- 78812d6432bfcadff5b05498870aaa3682aee7e7d6c094c8c4f7adcf67b1b676
- 9b6073ac8279fcbfdca106cfd26c07fbfa2b099d2ad20aa13b7b29d2bb51c99b
- 84c1559f749859f3ed107b45bbcfc30766721f2d9f8b60c2b89bf244800d30a5
- 4d04802476cc425554b3b058e96e9ae75e96837c0b54df54e9fdd4432aeb85fa
- fa8e0da0177dd895d75ff09dc95a5d607258bc18f29116d78beb3081c96cbbfb
- 5ac269a21b049768d69ba079d88ae0eb1aa2e21802a4f1c3194ef4fb1cd54c98
- e0ce302f51797ec57a1e7ffaa10989a92eb6578a75b572aa8c2f2dc4ddb6d798
- 4fa9fb02c767f4b548ad305e01fee44b837edc5d7a795048ad08baf3cc688697
- 1a2e298202890a73aa5296cf2889a2894faf4abfe73bde35c7bc0d46b7c22d73
- 7fec8a34bd9f20a430d7fb58239ff02c74d17f10020f1dbb7c818e86eb225d10
- ef8e90b64bc9e22c1867ca2f083c5f60eab18ca78af85895e2144260e9cda564
- https://milanoplaces.com/wp-content/g50845/
- https://wolfoxcorp.com/wp-admin/fu942q6290/
- http://mbaplus.tabuzzco.com/wp-content/3v04/
- https://www.juriscoing.com/wp-includes/debv8rb82/
- https://childsupportattorneydirectory.com/wp-includes/5yg88/
- ```
- #### SHA256s for Epoch 1 Payload EXEs ####
- ```
- 6808bb2428b7b02a97ed9cbf170e1bf1e8e8202200354bb696da4a1f241b5d8f
- e0500e097c7d93b3f0d3d57bc239ef376f73e872f1d2971f2054ab36735439fe
- 5b65d3f6a6930d275e27e073896d642b7de3e4974d43b9086dcba15d11831bb7
- 666ce592dfd6f4265c7d5c56c48d44ad24f0aa5861b785a39ec63dedf97e716d
- 9811a33a497366e62bb30d5b08a2e755ac8b25e0a891412717b18c5a09e55bdd
- c8edebe8678c48c5fd79479f8db37557c755e0a456a351cf9479d1ff79079991
- 424d6e0da1f00ddc0bd604692e0a5e7d103f1276e11061bebdbbc046edd5846b
- d8c56552e6e122050cadb07cb9b62a61a21c69429462af3709bd78c5d6ab02d2
- c0960cf6d1496d13836548bd28c0e8fc05f2779cef4aa8de55afd735ab61e4d3
- adb5e93a390f70dd1b4d2cab64b5987e4698e9e11bd4fd03fdc5858ca82e3c9d
- 87cfbcb7d1bcc3936785ce717649c4de58e058b2626bc882610e74babb051a13
- e64d3e2fbc8e3f359a694973381e239e638a69e9dfe00f63eb62ff1c3d07d622
- 369ff8804c1fafc3bbbc80f030779d99f9d10719d0d0cf02d3eeb42c2d16ffcf
- 82ed33b3b862b93f1dc880fb4bc655ba24e36dcd59e20e508a077f5346d03d97
- ```
- #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
- ```
- Creation Time 2019:10:08 22:16:00 (URLs - Doc based - Activation Wizard)
- SHA256
- e87bb68914c0ef7b9f18211e433f91bc4a6c4d82eba8436d98dce32167ffc1f9
- 50d4d9c884c8c505660b74aea5b4b05dcaa370e2dc270d1b9f3dc59c899f297a
- 45a37122a13d5b02f5bd64ab60e1f9421381738c19fb4a13cb19b51b41a1f88b
- bf5d456a15fbe96b05e8feb12b535a70214f5bac3e56e96a20dfcac60b29d006
- 8b60b7de0518d45996047862812f6641abe43a34cc8c561668bb6259c45ca712
- 28abf284985f77c70b387fa760ed8854a0114b05f7de24a8fa97920808af0234
- 5885b3c1fec0db76b168afaa9338cfbf9a7f546adac07d2dec3dac0f8684b6af
- d1d4f66f4e00f1a78b7d3738cb268067cbb40d7cbb0f710c9f68596fe3dbaa6d
- 51583c7646007e7491706c652f15feb0219febdba42ff614beb0cb98a3ba3204
- e40f3ef25f436b682659426c4a0090784fba521b368fe0591f88e5bf65c4dba6
- 751c3b522de8f2045d9ce84096455e30ef73985f618e33e79a39f12284363f88
- 56b71d9545a14b080ab7eb2036a9b004d693f6190e4b616a2b2bee977152c24e
- 936259c6c919bd5f3271486b487fd320c443e047af82335b84bc6f533647efeb
- 8b9f82b44c7fec0426c9adddd0719466f867ac98a21fc5648d87d5df5e0bdb83
- 0665e059a85f577a38ca57b3328ffcfdd591eda4421aa857a5b9535e7710bc50
- 541db291479f192cd190e996437b706ee472b08871e4a89bf425a5f77e757054
- e428c1e1cacb0cca50c1eec571d89176ce6b4a630cc49e9adfb04e12eb45d31e
- d492595de7a67e6c46ff5ae335725a0553ad904a0534ed20bf29b67ece4e873a
- 4dcae0fae1cbb18f9c0b6c044f79a8d1b86b4343bed077c2c94a8896f7bf4bd8
- b66a93c6f054c3dd576b518846ea162c3b490b0214368b9530e4a0e4ac2f5867
- b64a15991bce0d746e47a8c7fd6cfca5dc81b323990801076870096762e1ed7d
- 3740c5c3a725f093c7895d056f6e09e817911f7d0a43f1ee67ed3d06f0a8ce6e
- 08c30c1f4782ddd30911fae1e23a29f115386454df794dd1ffdde226bacc3aaf
- 53b342834f0b0477b3cf000d45cb4363814e572a741c8f004377a5c88b8a9a41
- bb016b2097482bd176b2f7da455d474f5d9b791e3b8671e4a9c539b25aee45e5
- 7b0b8d45e3d779abc31f490bd2d955810bc6e10c057206ef0326e97057f84dad
- 9ac6f2c48c6b6c14edb941ee27e7ffdf436054f2d5351bb6b4285c0857259e85
- bc6df43e2f78abf8acae5e072b9dc69411ac1a0147b2b8730863d6f0ed3b9102
- 29c97acc2777eb6d00e02923cdb120fdaffd0f1f4adf2e58961b5034889d34be
- ee53338e4f0083d901a4f16494c53161604654842ef71caf59a7db986ac54d92
- b808bc7ca3d26aa8bb213695326842a4b5d26dfa9a8f3a46dfcc283a381c7b04
- 8bcb2e800ab8e95556dacc816bd7a0d59050b29b5cdc913a54bc8167d84abdb1
- d65945fb4473439916daee8b9a277aa3473b8183eecdd37da76b17b8aba61c64
- 6866dabfb8c2596e95a4b36b70b2d097a618810291c4f7c9faac83a9f5624bb2
- 23dcead775f62f66bc7033cbb68e30329e5fb095504d7d3a42a1b71453988308
- f10e99aae65c36b2a922124f399a2df8800ee000f723007633f809a0b98aa72d
- 9f8475b622b49ceaa4da6f78c4bf3722ffa560f251b3897af9931ac7a085fb2b
- 47e2c63ed46a89cf1e49c2e734d47761e31794629a6a60e9f3642590320c49a4
- 918ea7f950d3688dfcccf3e98140537aa69862f794caa147866381ff41290d3a
- 2246910bd51fa53ddad6f2e71b323c1223010656a848293539028cee0b738433
- http://www.bundlesbyb.com/tracker/wem3_yldu7bdho-3397265/
- http://www.crookedchristicraddick.com/b6lco8b/fjJlPxAE/
- http://flyadriatic.co.nz/wp-content/upgrade/kNNrBpkb/
- http://boomenergyng.com/ejtvcw8t/nnqryau_eicqc-2236624/
- https://flowerbodysports.com/wp-admin/LyKaednUE/
- Creation Time 2019-10-08 19:09:00 (Attachment Only - Doc based - Activation Wizard)
- SHA256
- 5aaaa80d5d41587dd1f10f00fe87284a2dafb4e223a4b938d8798ae46b762f8c
- 2246910bd51fa53ddad6f2e71b323c1223010656a848293539028cee0b738433
- dc1327d8f801351e82553ff8b6b62d0f5b3da21290a9351fb82d758636ba4f52
- a97f0bbbc6396be92690461a19325e3910635ecad17e7392de525cd7ba9e3fc4
- 5860d6611e227a16a33bc88ceca0b0229f8589b2529494c20b37c662fbbf5616
- https://1greatrealestatesales.com/therobinhoodfoundation/5f3tn_ty5y3o-150740682/
- http://www.medyumsuleymansikayet.com/yhofles/UUEakcVW/
- https://www.stonergirldiary.com/wp-content/t2ukj28t_6v9999efvl-0/
- https://abcconcreteinc.com/delete_assoc/fuedRytyy/
- https://sandbox.iamrobertv.com/ynibgkd65jf/STaOjpfGj/
- ```
- #### SHA256s for Epoch 2 Payload EXEs ####
- ```
- 0819a3cd3245e1348b0044b9fbc03d7a63449b0454a10baa8dd83c604adf718d
- 108dc570ca53f3c58723bd9ccc4a9ea521e2f160d658c5ce09fa6ddc4e87afda
- e3f941f1ac56fd58b6a11081aa33e46d27e7795438511f71a92e73b96f464ae6
- 308b8072ffc142d8aeb9e53d05f7c0a77da0ccc9cefbcf306794afaf70775fe8
- daf460173fb28788aff06ec8e766d4d58f39819b870ecfc7c9061c8a4cd3504d
- ae694cb80da86747b4cd4209dfea162635679c00fe6bf81c5d4a9ea15df18fdb
- ```
- #### Epoch 3 Payloads by Document SHA256 - All Times UTC ####
- ```
- Creation Time 2019:10:08 21:22:00 (Attachment Only - Doc based - Activation Wizard)
- SHA256
- 47e9b5a0b1186463980089bc086fa67a825ec11f6f59c9f41c3e7baab4f3d59f
- 16e1a596042ee81b42006b1198e32c03506e8f803cf9faa576f8c2c128a63587
- https://quantumneurology.com/c9wpulh/jzb28h8-nb0rnw46-3014549325/
- https://www.xuperweb.com/og6pj/nekIilY/
- https://www.openwaterswimli.com/roawk/9qjxjxwea-lruswyx-465183521/
- http://www.evextensions.com/wp-content/upgrade/ruyjko/
- http://www.diamondegy.com/wp-includes/wuksdgxg9n-pcm-6870/
- Creation Time 2019:10:08 16:53:00 (Attachment Only - Doc based - Activation Wizard)
- SHA256
- cbb1c0fe8eb8c62315dbb98a8928337ac2a0fbd7b5a8fe34276c495c7b4e3bac
- 4bd47a3fe4b9ed8dd19eefa7e7c2e6f35dc48cb004f8cffd17469185dc63538b
- https://www.noblesproperties.com/calendar/FmjmLwf/
- http://astrametals.com/wp-content/ewhsu4nj-kxd9cd4z-2535853371/
- https://skilmu.com/wp-admin/qQWxrLq/
- http://ladariusgreen.com/eb2hb/qx7nvp-cba-24081725/
- http://www.virtuoushairline.org/h7vz/NRUGvE/
- Creation Time 2019:10:07 16:32:00 (Attachment Only - unknown)
- SHA256
- a09c02fe7eac9a93e0b67d403ffdf0ce39d24e5f1aeaced29d7c0030035d95e5
- a624f2d4a130fab943d60aea67fa267a4002f7eba584513c3f17fbf6145e799e
- e805ac98059d49d8e928cc242e38e6d75ab1d2f658d8670a547abec4af1b8563
- 37c8e34625de1e16090384e7a2aefe70a5c72228b5526388e988a7eda062af79
- 564ea749c21d8184f1273c13da96ac855ef4d34ee9b4c4c10b03498df5b4a47e
- 7ef172a6242c7d49f2f013f9b118876e6aab08ea3043fb4d8cce78d9c7e40f97
- 7c99358a9100df75f9bab44700b907a5d04a1040814d15a221b0490ab5e55eb0
- c6faeaaecc0caef3d1e70a88ee3390db1d6992d80676be1266856848f9c746a1
- http://maisvisitados.com.br/pedido-online/arm-pn8-90/
- http://www.anhjenda.net/rocw8hy/adxa51-5l50l7tfl-923/
- http://hometownflooringwf.com/birthday_popup/14sm2euha-9ynnd7-0791/
- http://lapakmanis.com/wp-content/KnjtZj/
- https://www.copiermatica.com/sox62c/ZTGZhF/
- Creation Time 2019:10:08 11:03:00 (Attachment Only - Doc based - Product Notice)
- SHA256
- d092ea1ded448999687361e02a30cd8060cc8970871302d3ae27aa33a5d1aafc
- 72702e08e450ec04669ce011a8c94c5dda6690029f6a9e0f4bda95eb30b523ef
- caacfce1118ab1d01e3e2b27470d478d7cb24f11ee440da096345e8649bcb9b0
- 5cd30545f2fe2c32715a66f53e53ec4e9eab131ef0a5510ec03baca0bc113897
- 8f5dec209c1b35ac62146d7461cf603933d354baa0e337a9a8ed991664fb3648
- 34beea5d8ab46644a7002cbcb2e4dd9292d9048472c8769b517c306b6bd7eee1
- f159fe22161c6ce50576ef49507f950d73d68af8e5dd5d6b1b287e695fe5ec4a
- http://toofancom.com.np/wp-admin/UniRvomr/
- http://goldindustry.tech/wp-includes/ram2ul0he-5p8w-3956122/
- https://rotaract3131.org/wp-admin/kHOUYts/
- https://gogogo.id/wwsli/l09zna98-0mcw5s-684431/
- https://www.petrousortho.com/wp-content/kixdl16gj-hx62-31/
- Creation Time 2019:10:08 06:25:00 (Attachment Only - Doc based - Protected View)
- SHA256
- 5b830f40fa91c4a5d758b1e4ac3ac1f53e52030e6f87cb41b240855bf8d1a0de
- e0281d0e78469cb6bc4cb7aa65e2d03270e647a1d31000ad4f0f38ddeeee56ae
- ad7d49202a57894b8722f40ab8d1f08cfe1319dae9d25d291ebf12847207e5b8
- 66d6e4e702bad99756ee00f70b15f0d5d8a48e4e84da55f1536def122afc4a06
- 5bdc00a98cad2ce7a716d23541c0032f5504398205f68627787d523b68094943
- 9601ff9783e82b35c9d1270c85a3ea40de9c6094bfc8d40772776bf64b5da62e
- 659edeee1cf29107bc0fcb9f74c86902fb1f29035f4f2f72f78f661f043e9cbe
- 0063bc99652c2bebd67f84fd38d1ef31336ede37464a5a00e6f062114a1ad0e8
- f734575992b721dd2628a8df8912373ca0fe17e72b698e5f3c1a2e2a735736d6
- 306689d97a54a67570f2ff225172bfcde4cc3b232bde6ef6f8714607e1917846
- https://norbertwaszak.pl/tmp/4atc-8hp2m48nye-47/
- https://nguoibeo.info/wp-admin/fr6zuhw8-c7x3edchvw-939375125/
- http://www.farmersmarket.qa/eshop/22q8-4cqz7itsj-313/
- https://www.myparacord.at/wp-admin/hoqrn61-ivix-8688459/
- http://immiagents.co.uk/wp-admin/fib8h7vpqm-3pv2nc-22895734/
- Creation Time 2019:10:07 21:56:00 (Attachment Only - Doc based - Product Notice)
- SHA256
- b8cd4285febf2be2ba385bbcf69b629299aa5a97606edaaaa929c3fd0f30b44f
- b2d00e681b29e78f2ec7387bb77040c78109b55ff475b9a0883bb39001bdb822
- 844f41933b244a53013c52575b5dd1b29f40df434d15ff26c3830eafc2c575aa
- 369e2614a5288d1af155340d92ac95c8bc42405af0da861b7d7413a0f1451515
- 15c992538dc03d9d02bac40bc85cf65f2fb3dca2fbb95779f38d83ae1f687877
- ca36a62c69a7b65545db0fddd1c5a98ea4c43dd8baba14f8f4166482221f6cb6
- 70d090bbf43b17e1e34ebdb7e1a6ec08021a1fc56fc2dc755bdeb3ea0472e77a
- 4ad5049359b145a16d869330f03987655181cbcdbcef0a81618e2f9591c6b788
- ac83cc5243edcdd36d11019eddd643da5232be08b5d87a98bbd85a6c1d4e7fb8
- e062443063649ca2d9f377843e89448a1f927e7f46e3331cdb5d6a4f58ca3498
- c8b915fdc5b9e9a3151f68c0d017de6dea06207c1918af54eafa5f75abb841e7
- https://roskillhairandbeauty.co.nz/cgi-bin/DuTLRwv/
- https://amiworld.co/wp-admin/yISGyosZ/
- https://pharmonline.space/fulnfkk89/phGDtDK/
- http://embalagemparadoce.com.br/wp-content/YILCbSs/
- http://www.fernandaeberhardt.com.br/cgi-bin/0dt5i43uo-09jzhg9-196884589/
- ```
- #### SHA256s for Epoch 3 Payload EXEs ####
- ```
- 694a164eb59921f83961b5ce41a706ac730d912210eb4c2e1fc77edd2744c175
- fb6bba0d6f9cf2158f770451f1fbda37d1b48b5e999f930c4be0184d9d3b35ac
- 995e6803e886ed5ec0affcf26803bb6cb4157953a2f3f9d43768b7a3430a414d
- a7d4e5a49d72ebfe3970d430a9dbeb51e548b8b25dfb8132af6dd2fe33ab36e2
- ef69021e812d47672a5e4d551b0f601102c4c5d5b470e3ca875c82fd0f02bb0f
- 130ab31bff278089bef2ca2b4d45c2f25dc34f564a2e64ce95f2dd040f83a508
- ```
- ### C2's Per Epoch ###
- #### Epoch 1 C2s ####
- ```
- 103.31.232.93:443
- 109.104.79.48:8080
- 109.169.86.13:8080
- 113.170.129.113:443
- 114.79.134.129:443
- 119.159.150.176:443
- 119.59.124.163:8080
- 119.92.51.40:8080
- 123.168.4.66:22
- 138.68.106.4:7080
- 139.5.237.27:443
- 142.93.82.57:8080
- 149.62.173.247:8080
- 151.80.142.33:80
- 159.203.204.126:8080
- 170.84.133.72:7080
- 170.84.133.72:8443
- 178.249.187.151:8080
- 178.79.163.131:8080
- 181.188.149.134:80
- 181.29.101.13:8080
- 181.36.42.205:443
- 182.188.39.68:80
- 183.82.97.25:80
- 184.69.214.94:20
- 185.187.198.10:8080
- 185.86.148.222:8080
- 186.0.95.172:80
- 186.1.41.111:443
- 186.83.133.253:8080
- 187.188.166.192:80
- 189.160.49.234:8443
- 189.166.68.89:443
- 190.1.37.125:443
- 190.10.194.42:8080
- 190.104.253.234:990
- 190.158.19.141:80
- 190.221.50.210:8080
- 190.230.60.129:80
- 190.230.60.129:8080
- 190.38.14.52:80
- 190.85.152.186:8080
- 200.51.94.251:143
- 200.57.102.71:8443
- 200.58.171.51:80
- 201.163.74.202:443
- 201.183.247.58:443
- 201.184.65.229:80
- 201.199.93.30:443
- 203.25.159.3:8080
- 212.71.237.140:8080
- 217.199.160.224:8080
- 46.101.212.195:8080
- 46.163.144.228:80
- 46.28.111.142:7080
- 46.29.183.211:8080
- 46.41.151.103:8080
- 5.1.86.195:8080
- 5.196.35.138:7080
- 5.77.13.70:80
- 50.28.51.143:8080
- 51.15.8.192:8080
- 62.75.143.100:7080
- 62.75.160.178:8080
- 68.169.49.14:7080
- 68.183.170.114:8080
- 68.183.190.199:8080
- 69.162.169.173:8080
- 71.244.60.230:7080
- 71.244.60.231:7080
- 76.69.29.42:80
- 77.245.101.134:8080
- 77.55.211.77:8080
- 78.189.76.2:50000
- 79.129.0.173:8080
- 79.143.182.254:8080
- 80.240.141.141:7080
- 80.85.87.122:8080
- 81.169.140.14:443
- 81.213.215.216:50000
- 86.42.166.147:80
- 87.106.77.40:7080
- 88.250.223.190:8080
- 89.188.124.145:443
- 91.205.215.57:7080
- 91.83.93.124:7080
- ```
- #### Epoch 1 - Spam C2s ####
- ```
- 37.187.5.82:8080
- 45.55.82.2:8080
- 185.94.252.27:8080
- ```
- #### Epoch 1 - Stealer C2s ####
- ```
- 75.127.72.18:8080
- 190.115.18.139:8080
- 66.228.32.31:443
- ```
- #### Current Epoch 1 RSA Public Key ####
- ```
- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOzoTryw1r9RxRJPFKalO4+q7JaDZWSB
- KZlEc22H6ITuE06tvJspue42TF1yk8xN+1bqW++QeV6Clm1uRswA/qoao/6p4eN0
- h4zIO8PEaJ0C/9EO4cx9yfRLlVpjdEkP0QIDAQAB
- ```
- #### Epoch 2 C2s ####
- ```
- 101.187.237.217:20
- 103.255.150.84:80
- 103.97.95.218:143
- 104.131.11.150:8080
- 104.236.246.93:8080
- 115.78.95.230:443
- 124.240.198.66:80
- 136.243.177.26:8080
- 138.201.140.110:8080
- 142.44.162.209:8080
- 144.139.247.220:80
- 149.167.86.174:990
- 149.202.153.252:8080
- 152.89.236.214:8080
- 159.65.25.128:8080
- 169.239.182.217:8080
- 173.212.203.26:8080
- 178.254.6.27:7080
- 178.79.161.166:443
- 179.32.19.219:22
- 181.143.194.138:443
- 181.143.53.227:21
- 181.31.213.158:8080
- 182.176.106.43:995
- 182.176.132.213:8090
- 182.76.6.2:8080
- 185.94.252.13:443
- 186.4.172.5:20
- 186.4.172.5:443
- 186.4.172.5:8080
- 186.75.241.230:80
- 188.166.253.46:8080
- 189.209.217.49:80
- 190.106.97.230:443
- 190.108.228.48:990
- 190.145.67.134:8090
- 190.18.146.70:80
- 190.186.203.55:80
- 190.211.207.11:443
- 190.226.44.20:21
- 190.228.72.244:53
- 190.53.135.159:21
- 192.254.173.31:8080
- 199.19.237.192:80
- 200.71.148.138:8080
- 201.251.43.69:8080
- 206.189.98.125:8080
- 211.63.71.72:8080
- 212.71.234.16:8080
- 217.145.83.44:80
- 217.160.182.191:8080
- 222.214.218.192:8080
- 24.51.106.145:21
- 27.147.163.188:8080
- 27.4.80.183:443
- 31.12.67.62:7080
- 31.172.240.91:8080
- 37.157.194.134:443
- 41.220.119.246:80
- 45.123.3.54:443
- 45.33.49.124:443
- 45.79.188.67:8080
- 46.105.131.87:80
- 47.41.213.2:22
- 5.196.74.210:8080
- 62.75.187.192:8080
- 63.142.253.122:8080
- 67.225.229.55:8080
- 78.24.219.147:8080
- 80.11.163.139:21
- 80.11.163.139:443
- 80.79.23.144:443
- 83.136.245.190:8080
- 85.104.59.244:20
- 85.106.1.166:50000
- 85.54.169.141:8080
- 86.98.25.30:53
- 87.106.136.232:8080
- 87.106.139.101:8080
- 87.230.19.21:8080
- 88.156.97.210:80
- 91.121.116.137:443
- 91.205.215.66:8080
- 92.222.216.44:8080
- 92.233.128.13:143
- 94.192.225.46:80
- 94.205.247.10:80
- 95.128.43.213:8080
- ```
- #### Epoch 2 - Spam C2s ####
- ```
- 46.105.131.69:443
- 185.187.198.4:8080
- 46.228.205.245:4143
- ```
- #### Epoch 2 - Stealer C2s ####
- ```
- 209.141.41.136:8080
- 46.29.183.210:8080
- 198.58.112.7:443
- 185.42.221.78:443
- ```
- #### Current Epoch 2 RSA Public Key ####
- ```
- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhALk+KlHgOKXm9eDkWu2yN9lanjwOm6W2
- PV0tgr4msNVby2pOJ6S1MZQnQwxl7y6WWzT4kveAQhLmW8JB2M2PDOxZOgVMJH2C
- AtkVW1p/P9jNJWVvjK9SmrbLdIeiKNtRfQIDAQAB
- ```
- #### Epoch 3 C2s ####
- ```
- 101.187.237.217:20
- 103.255.150.84:80
- 103.97.95.218:143
- 104.131.11.150:8080
- 104.236.246.93:8080
- 115.78.95.230:443
- 124.240.198.66:80
- 136.243.177.26:8080
- 138.201.140.110:8080
- 142.44.162.209:8080
- 144.139.247.220:80
- 149.167.86.174:990
- 149.202.153.252:8080
- 152.89.236.214:8080
- 159.65.25.128:8080
- 169.239.182.217:8080
- 173.212.203.26:8080
- 178.254.6.27:7080
- 178.79.161.166:443
- 179.32.19.219:22
- 181.143.194.138:443
- 181.143.53.227:21
- 181.31.213.158:8080
- 182.176.106.43:995
- 182.176.132.213:8090
- 182.76.6.2:8080
- 185.94.252.13:443
- 186.4.172.5:20
- 186.4.172.5:443
- 186.4.172.5:8080
- 186.75.241.230:80
- 188.166.253.46:8080
- 189.209.217.49:80
- 190.106.97.230:443
- 190.108.228.48:990
- 190.145.67.134:8090
- 190.18.146.70:80
- 190.186.203.55:80
- 190.211.207.11:443
- ```
- #### Epoch 3 - Spam C2s ####
- ```
- 185.187.198.5
- 41.185.29.128:8080
- ```
- #### Epoch 3 - Stealer C2s ####
- ```
- 198.46.150.196:7080
- 178.32.255.133:443
- ```
- #### Current Epoch 3 RSA Public Key ####
- ```
- MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM426uN11n2LZDk/JiS93WIWG7fGCQmP
- 4h5yIJUxJwrjwtGVexCelD2WKrDw9sa/xKwmQKk3b2fUhwnHXjoSpR7pLaDo7pEc
- iJB5y6hjbPyrSfL3Fxu74M2SAS0Arj3uAQIDAQAB
- ```
- #### Credits and Notes Section ####
- ```
- WARNING - Some links may have been taken down shortly after I reported them to URLHaus.abuse.ch
- because they rock and report everything to ISPs as it is confirmed to be malware. Additionally,
- this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
- https://pastebin.com/u/jroosen
- NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
- I am providing them for your benefit in case you want to parse them to be sure.
- ```
- #### What is Epoch 1, Epoch 2 and Epoch 3? ####
- ```
- (09/17/19)
- With the find of Epoch 3 that split from Epoch 1, this section will be rewritten to reflect these changes in time.
- ```
- #### Community Lists/Samples ####
- ```
- https://twitter.com/dms1899/status/1181415428779847680
- https://twitter.com/P3pperP0tts/status/1181489101406691329
- https://pastebin.com/YRFuXAYZ - @Paladin3161
- feed of module hashes
- https://twitter.com/EmotetIndian
- (sorry if we miss anybody, make sure to send it to @cryptolaemus1 in your tweet and we will try to include it!)
- ```
- #### Credits ####
- ```
- Combination work of the Cryptolaemus Team - https://paste.cryptolaemus.com/about/ and/or specifically the following:
- Doc DL URLs - @devnullnoop, @p5yb34m, @malware_traffic, @dms1899, @Paladin3161
- C2 info/RSA Keys - @devnullnoop, @MalwareTechBlog, @lazyactivist192, @VK_Intel, @Paladin3161
- Payloads - @devnullnoop, @MalwareTechBlog, @lazyactivist192, @TheHack3r4chan, @p5yb34m, @malware_traffic, @Paladin3161, @ps66uk, @abuse_ch, Anonymous :)
- Spam Templates - @devnullnoop, @lazyactivist192
- Special thanks to @lazyactivist192, @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
- helping out with this!
- Very special thanks to @Binary_Defense, @lazyactivist192, @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project
- https://github.com/decalage2/ViperMonkey, @digitalocean, @mploessel, @anyrun_app, @unixronin, @hurricanelabs, @MalwareTechBlog, @KryptosLogic,
- @0xtadavie, @MsftSecIntel, @abuse_ch/urlhaus.abuse.ch, @urlscanio, @BlackLotusLabs, @TrendMicro and @Virustotal for providing services/software
- at no charge to this cause!
- ```
- ### Daily Log 10/08/19 ###
- ```
- @jroosen here and I am back and struggling to get back up to speed with all that has changed since I left. @ps66uk and the rest of the
- team did a great job filling in and we will hopefully make this more of a tag team effort going forward. Here are some notes from @ps66uk
- from earlier: "E2 C2 were not responding this morning (since ~2019/10/07 19:00 UTC) but kickedin around 19:00 today. After an initial DOC
- only run, URLs were seen again." In fact, I noticed that there was a transition to links on E2 even before the 19:09 series switched to the
- 22:16 version. @ps66uk did most of this post and the work on it so thank him. :)
- ```
- #### General News ####
- ```
- @luca-nagy released the slides from her emotet presentation:
- https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Nagy.pdf
- ```
- #### Drops Report ####
- ```
- Not a lot out there today on this. I assume Trickbot of the gtag: mor* variety but unknown. The amount of Dreambot has been interesting
- also. Hope to see more on what people share soon now that I am back in the office.
- ```
- #### Email Template Report ####
- ```
- I noticed in the past few weeks there has been almost entirely attachment malspam and rarely any links. When we do see links,
- we see them on E2 and no other botnets. It is curious why they feel this is a better tactic as anything with a macro attachment is likely
- getting blocked in the filter by default. Oh well. Also, I noticed I have been getting malspam finally again but most of it was German
- based the past few weeks while I was out. Additionally, I saw some reply chain type emails constantly using the same basis subject with different
- senders. Once you see the reply chain type email, you may as well block that subject if you can because I literally got a dozen emails based on
- that subject. Again, I don't understand this method but there must be some reason behind it or bug that is causing it to mainly stick to one
- chain of emails. I did get a few other reply chain ones but they were usually only a single attempt in contrast.
- DOC releases:
- E1 ModifyDate: 2019:10:07 21:38:00 CreateDate: 2019:10:07 21:38:00 milanoplaces.com
- E2
- E3 ModifyDate: 2019:10:07 21:56:00 CreateDate: 2019:10:07 21:56:00 roskillhairandbeauty.co.nz
- E1 ModifyDate: 2019:10:08 06:22:00 CreateDate: 2019:10:08 06:22:00 halloweendayquotess.com
- E2
- E3 ModifyDate: 2019:10:08 06:25:00 CreateDate: 2019:10:08 06:25:00 norbertwaszak.pl
- E1 ModifyDate: 2019:10:08 09:55:00 CreateDate: 2019:10:08 09:55:00 retos-enformaherbal.com
- E2
- E3 ModifyDate: 2019:10:08 11:03:00 CreateDate: 2019:10:08 11:03:00 toofancom.com.np
- E1 ModifyDate: 2019:10:08 13:47:00 CreateDate: 2019:10:08 13:47:00 suse-tietjen.com
- E2
- E3
- E1 ModifyDate: 2019:10:08 18:28:00 CreateDate: 2019:10:08 18:28:00 www.denedolls.com
- E2 ModifyDate: 2019:10:08 19:09:00 CreateDate: 2019:10:08 19:09:00 1greatrealestatesales.com
- E3 ModifyDate: 2019:10:08 16:53:00 CreateDate: 2019:10:08 16:53:00 www.noblesproperties.com
- E1 ModifyDate: 2019:10:08 21:38:00 CreateDate: 2019:10:08 21:38:00 www.skullbali.com
- E2 ModifyDate: 2019:10:08 22:16:00 CreateDate: 2019:10:08 22:16:00 www.bundlesbyb.com
- E3 ModifyDate: 2019:10:08 21:22:00 CreateDate: 2019:10:08 21:22:00 quantumneurology.com
- ```
- #### Link Regex Report ####
- ```
- Seems like only E2 is doing links. I am going to make some regex tomorrow as it seems like some of the old patterns are there again.
- ```
- #### Payloads Report ####
- ```
- process list - executable names are built from these based on client characteristics
- engine,finish,magnify,resapi,query,skip,wubi,svcs,router,crypto,backup,hans,xcl,con,edition,
- wide,loada,themes,syc,pink,tran,khmer,chx,excel,foot,wce,allow,play,publish,fwdr,prep,mspterm,
- nop,define,chore,shlp,maker,proc,cap,top,tablet,sizes,without,pen,dasmrc,move,cmp,rebrand,
- pixel,after,sms,minimum,umx,cpls,tangent,resw,class,colors,generic,license,mferror,kds,keydef,cable
- EXE releases:
- E1 - 9 drops between 06:00 and 07:30, 4 drops between 08:30 and 20:15
- E2 - 5 drops between 06:00 and 20:15
- E3 - 5 drops between 06:00 and 20:15
- ```
- #### C2 Report ####
- ```
- 86 combos on E1
- 88 combos on E2
- 39 combos on E3
- E2 C2 all went silent 2019:10:07 19:00 UTC, back up ~2019:10:08 19:00 UTC
- I found this interesting when it went down and seemed like the back end was dead.
- ```
- #### Closing ####
- ```
- I am really grateful that the Cryptolaemus guys were able to work on these reports while I was gone. I want to especially thank @ps66uk
- for all of his time spent on these. Hopefully everyone is finding them valuable still and remember we are always open to suggestions.
- It was nice to have a vacation but now it is time to get back to work, TT. - @JRoosen
- ```
- #### Sandbox 10/08/19 ####
- ```
- E1
- https://capesandbox.com/submit/status/2504/
- E2
- https://capesandbox.com/submit/status/2502/
- E3
- https://capesandbox.com/submit/status/2500/
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement