Home Phishing Phishing: Jaff Ransomware campaign through PDF > DOCM

Phishing: Jaff Ransomware campaign through PDF > DOCM

by VT 01:42

Phishing emails with PDF attachments that contain an embedded DOCM have been doing the rounds.

Decompressed DOCM:

Here's a list of known first stage URLs:

http://tiskr.com/f87346b
http://julian-g.ro/f87346b
http://phinamco.com/f87346b
http://trans-atm.com/f87346b

http://panaceya-n.ru/77g643
http://geo-zamer.ru/77g643
http://bellevillenorfolkterriers.co.uk/77g643
http://etadjewellery.com/77g643
http://jisrcenter.com/77g643
http://villa31.com/77g643
http://taddboxers.com/77g643
http://demelkwegtuk.nl/77g643
http://ws.osenilo.com/77g643
http://kitchenandgifts.com/77g643
http://takipediliyoruz.com/77g643
http://enboite.be/77g643
http://prystel.com/77g643
http://biolume.nl/77g643
http://koreancars-club.ru/77g643
http://thegoldclubs.com/77g643
http://pgringette.ca/77g643

http://tutmacli.com/hHGFjd
http://rooana.com/hHGFjd
http://ppapmoozamiz.com/hHGFjd
http://hrlpk.com/hHGFjd
http://hncdc.org/hHGFjd
http://dovahosting.com/hHGFjd
http://boolas.com/hHGFjd
http://bianshop.com/hHGFjd
http://byydei74fg43ff4f.net/af/hHGFjd
http://5hdnnd74fffrottd.com/af/hHGFjd
http://sjffonrvcik45bd.info/af/hHGFjd
http://fotografikum.com/hHGFjd
http://dcfarbicka.sk/hHGFjd
http://bizcleaning.co.uk/hHGFjd
http://dsintergrated.com/hHGFjd
http://vbplan.de/hHGFjd
http://diasgroup.sk/hHGFjd
http://ecbuyjp.com/hHGFjd
http://urachart.com/hHGFjd
http://ecuamiaflowers.com/hHGFjd
http://energybalancecenter.nl/hHGFjd
http://oyasinsaat.com.tr/hHGFjd

No comments:

Subscribe to: Post Comments ( Atom )