Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ***ORACLE THEMED MALSPAM CAMPAIGN (CVE-2017-11882)***
- NOTE:
- Distribution method & targeting currently unknown, sample ID'ed via HA
- RTF DISTRIBUTION:
- http://oracle-russia.info/Oracle_RDBMS.rtf
- (109.236.89.194)
- DOC DELIVERED :
- Oracle_RDBMS.rtf
- a7ed424cf7c78e31bfbd0915b841c6e2
- c0026bd9402185eec8a1c7ef5639684a7ae0cd56112b23012225d6f07b5ff866
- OLE OBJECT 0:
- GhfG.py
- fc08285173975a38e9be791036f03126
- 548f8671d13486bf1c51ea62f85ac5a6d110def6c1bd44bf8e821eeb0a94b08b
- OLE OBJECT 1:
- cmd /c powershell - < %tmp%\GhfG.py
- DECODED PE FROM PS1:
- Akt_sverki_2017.scr
- 74b113e6fae947fe9ced001432d6f152
- 391038713033ad9d90f32cc0f2680f62c362e369bba32fdf6009dccaa4bc6fa7
- PE ASSOCIATED URLS:
- http://oracle-russia.info/Akt_sverki_2017.scr
- C2:
- teredo-update.com
- (185.68.93.26)
- LETSENCRYPT CERT FINGERPRINT:
- 15:f3:5e:c9:d3:10:25:c2:37:47:85:55:d6:bc:2c:01:95:71:d1:b5
- REFS:
- -RTF
- https://www.hybrid-analysis.com/sample/c0026bd9402185eec8a1c7ef5639684a7ae0cd56112b23012225d6f07b5ff866?environmentId=120
- -PS1
- https://www.virustotal.com/#/file/548f8671d13486bf1c51ea62f85ac5a6d110def6c1bd44bf8e821eeb0a94b08b/community
- -EXE
- https://www.hybrid-analysis.com/sample/391038713033ad9d90f32cc0f2680f62c362e369bba32fdf6009dccaa4bc6fa7?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement