Comments

more invoice malspam delivers malware using wsf files — 1 Comment

  1. “… download Locations for the malware
    (obfuscated in the WSF file using base64 encoding & extra padding):
    78tguyc876wwirglmltm .net/af/8yhf2ui > 119.28.85.128
    e67tfgc4uybfbnfmd .org/af/8yhf2ui > 119.28.85.128
    sacrecoeur.bravepages .com/8yhf2ui? > 66.219.202.10
    ythongye .com/8yhf2ui? > 103.249.108.128
    sheekchilly .com/8yhf2ui? > 103.21.59.174
    lamartechnical .com/8yhf2ui? > 216.97.233.44
    syrianchristiancentre .org/8yhf2ui? > 103.21.58.130
    skveselka .wz.cz/8yhf2ui > 185.64.219.7
    svadba-tamada .de/8yhf2ui > 81.169.145.148
    aacom .pl/8yhf2ui? > 193.239.206.248
    smartzaa .com/8yhf2ui? > 103.21.58.252
    …”

    //

Leave a Reply

Your email address will not be published. Required fields are marked *