← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Teslacrypt Spam Campaign: “Unpaid Issue…”
WHITE AlienVault 2016-03-21 Modified: 2016-03-21
30
IOCs
MEDIUM VOLUME
Cyber criminals continue to use exploit kits to infect victims with ransomware but they also use MALSPAM emails to lure possible victims – a key vector into an enterprise environment that lacks the proper security controls, and one with insufficient information security training for end users. Some examples are email messages claiming to be in regards to an overdue bill or invoice, utilizing such terminology in the subject line and given file name, such as invoice.zip or payment_doc_298427.zip
Teslacryptspamransomwaremalwarebytes
Indicators of Compromise (30)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain soclosebutyetqq.com 2016-03-21
domain controlfreaknetworks.com 2016-03-21
domain vtechshop.net 2016-03-21
domain witchbehereqq.com 2016-03-21
domain howareyouqq.com 2016-03-21
domain sappmtraining.com 2016-03-21
domain lenovowantsyouqq.com 2016-03-21
domain invoiceholderqq.com 2016-03-21
domain mafiawantsyouqq.com 2016-03-21
domain hellomississmithqq.com 2016-03-21
domain helloyoungmanqq.com 2016-03-21
domain multibrandphone.com 2016-03-21
domain tele-channel.com 2016-03-21
domain fromjamaicaqq.com 2016-03-21
domain arendroukysdqq.com 2016-03-21
domain blablaworldqq.com 2016-03-21
domain thisisitsqq.com 2016-03-21
domain isthereanybodyqq.com 2016-03-21
domain hellomisterbiznesqq.com 2016-03-21
domain mafianeedsyouqq.com 2016-03-21
domain lenovomaybenotqq.com 2016-03-21
domain goonwithmazerqq.com 2016-03-21
domain yesitisqqq.com 2016-03-21
domain itisverygoodqq.com 2016-03-21
domain hellomydearqq.com 2016-03-21
domain joecockerhereqq.com 2016-03-21
domain shirongfeng.cn 2016-03-21
domain blizzbauta.com 2016-03-21
domain gutentagmeinliebeqq.com 2016-03-21
hostname www.thisisyourchangeqq.com 2016-03-21
References (1)
↗ https://blog.malwarebytes.org/intelligence/2016/03/teslacrypt-spam-campaign-unpaid-issue/