API tools faq
paste
Advertisement
Racco42

2017-09-20 Locky "Your Payment # NNNN"

Racco42
Sep 20th, 2017
2,284
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.82 KB | None | 0 0
raw download clone embed print report
  1. 2017-09-20: #locky email phishing camapign "Your Payment # NNNN"
  2.  
  3. Email sample:
  4. ----------------------------------------------------------------------------------------------------
  5. From: "Lou Drennan" <Lou.Drennan@[REDACTED]>
  6. Subject: Your Payment # 5505
  7. Date: Wed, 20 Sep 2017 08:24:27 -0300
  8.  
  9. Your Payment is attached.
  10.  
  11. Attachment: 7596_Payment.7z -> 7873_Payment.vbs
  12. ----------------------------------------------------------------------------------------------------
  13. - sender is forged to come from same domain as recipient
  14. - To: field is missing in the email
  15. - subject is "Your Payment # <4 digits>"
  16. - attached file "<4 digits>_Payment.7z" contain file "<4 digits>_Payment.vbs", a VBScript downloader
  17.  
  18. Download sites and malware are same as in previous "Status of invoice A217NNNN-NN" campaign https://pastebin.com/F5K6BKQX
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!