API tools faq
paste
ExecuteMalware

2020-07-15 ZLoader IOCs

ExecuteMalware
Jul 15th, 2020
2,418
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.63 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: ZLOADER
  2.  
  3. SUBJECTS OBSERVED
  4. A warm hint that I never receive your reaction still
  5. Contract 809 info
  6. Full summary of the Invoice id 482
  7. Given invoice clarification
  8. Paperwork that you can review
  9. Paperwork you have asked for
  10. Receipt important information - ID # 625
  11. The proposal tip
  12.  
  13. SENDERS OBSERVED
  14. bampbanerignus11@aol[.]com
  15. basur_edradriemire@aol[.]com
  16. cenberttruink1967@aol[.]com
  17. edwinepoourk1986x@aol[.]com
  18. leemary234@aol[.]com
  19. osonelimerodecan11l@aol[.]com
  20. pehtherehoodish2@aol[.]com
  21. robertslisa917@aol[.]com
  22.  
  23. EXCEL FILE NAMES
  24. 764[.]xls
  25. att[.]xls
  26. BHK-543[.]xls
  27. BO625[.]xls
  28. inf[.]xls
  29. WLR[.]809[.]xls
  30. work[.]xls
  31.  
  32. EXCEL FILE HASHES
  33. 154097bca6632db44faa4a198d2eb58e
  34. 34356f7a005696baa293c321d346d979
  35. 467262ca59bb3c552775ec7dd256823a
  36. 7980c9c41ae19ac8678104ade5df1e86
  37. 866898bb8429b8fa0db31fa9937ed075
  38. d95015f6a443d81df694c80853f93f8f
  39. e140c4a6bbbb058e08c2b81fc4216742
  40.  
  41. ZLOADER PAYLOAD URLs
  42. hxxps://quuik[.]com/wp-keys[.]php
  43. hxxps://theincrediblebihar[.]com/wp-keys[.]php
  44. hxxps://tlcid[.]org/wp-keys[.]php
  45. hxxps://tvxnoticias[.]com/wp-keys[.]php
  46.  
  47. ZLOADER C2s
  48. hxxps://chwasinsvolanrosti[.]gq/wp-parsing[.]php
  49. hxxps://epaweb[.]cl/wp-parsing[.]php
  50. hxxps://mediavision[.]se/wp-parsing[.]php
  51. hxxps://minkumarsapkota[.]com[.]np/wp-parsing[.]php
  52. hxxps://modernchina[.]org/wp-parsing[.]php
  53. hxxps://newwavechairco[.]com/wp-parsing[.]php
  54. hxxps://noithatnhathoang[.]vn/wp-parsing[.]php
  55. hxxps://stanapabserdoni[.]tk/wp-parsing[.]php
  56.  
  57. SUPPORTING EVIDENCE
  58. https://pastebin.com/k1VcQ33c
  59. https://app.any.run/tasks/4b351baf-4476-47f9-afbc-6faba28f0fad
  60. https://app.any.run/tasks/adfb6cba-3189-4836-aab6-db388360d766
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!