Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-19: #locky email phishing camapign "HERBALIFE Order Number: 6N0100NNNN"
- Email sample:
- -------------------------------------------------------------------------------------------------------------
- From: "Herbalife" <svc_apacnts_2661@herbalife.com>
- To: [REDACTED]
- Date: Tue, 19 Sep 2017 17:42:27 +0700
- Subject: HERBALIFE Order Number: 6N01000673
- Thank you for your order
- Please find attached your tax invoice for 6N01000673
- Your order is now being processed.
- Attachment: 6N01000673_1.7z -> 6N01006808.vbs
- -------------------------------------------------------------------------------------------------------------
- - sender is: "Herbalife" <svc_apacnts_<1-4 digits>@herbalife.com>
- - subject is "HERBALIFE Order Number: 6N0100<4 digits>"
- - attached file "6N0100<4 digits>_1.7z" contains file "6N0100<4 digits>.vbs", a VBScript downloader
- Download sites:
- http://arsmakina.org/JGHldb03m
- http://asiaresearchcenter.org/JGHldb03m
- http://bnphealthcare.com/JGHldb03m
- http://conxibit.com/JGHldb03m
- http://cxwebdesign.de/JGHldb03m
- http://diakoniestation-winnenden.de/JGHldb03m
- http://download.justowin.it/JGHldb03m
- http://ecofloraholland.nl/JGHldb03m
- http://felixsolis.mobi/JGHldb03m
- http://foodbikers.ch/JGHldb03m
- http://g-peer.at/JGHldb03m
- http://gui-design.de/JGHldb03m
- http://highpressurewelding.co.uk/JGHldb03m
- http://housecafe-essen.de/JGHldb03m
- http://isiquest1.com/JGHldb03m
- http://secureleads.com/JGHldb03m
- http://teracom.co.id/JGHldb03m
- http://ycgrp.jp/JGHldb03m
- http://zionbrand.su/p66/JGHldb03m
- Malware:
- - locky, .yckol variant
- - SHA256: f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317, MD5: 43e9190f8f18e52dc361f775cc02b2ce
- - VT: https://www.virustotal.com/#/file/f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317/detection
- - HA: https://www.reverse.it/sample/f8e7dde2601ebeb7e30af4c54016223f1c42298176e1f2f5c4945ca6b8b88317?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement