General
-
Target
https://d.adroll.com/2015-12-11/emailsubscribe/?sendroll_payload=%98%92%A4sr_a%B6BUXZCWIKHVAIFFLIRHZCED%92%A4sr_c%B6TYUKLTQEUNHHHKQWLK8SEN%92%A4sr_e%B6JBJMUOOD35DMXLRJEZ8SEN%92%A4sr_r%BCpikachulol%403getnede.com%92%A4sr_d%B67SKUXUDSJZDHFMZVN48SEN%92%A4sr_u%DA%01%ADhttp%3A%2F%2Fwww.onlinesalesconsultancy.com%3Futm_nr_link_xpath%3D%252Fhtml%252Fbody%252Ftable%252Ftbody%252Ftr%252Ftd%252Ftable%255B2%255D%252Ftbody%252Ftr%252Ftd%252Ftable%252Ftbody%252Ftr%252Ftd%252Ftable%252Ftbody%252Ftr%252Ftd%252Fdiv%252Fdiv%255B1%255D%252Fdiv%255B2%255D%252Fa%26utm_source%3Dadroll%26utm_medium%3Demail%26utm_campaign%3Dnewsletter-campaign---2%26utm_nr_campaign_eid%3DTYUKLTQEUNHHHKQWLK8SEN%26utm_nr_campaign_email_eid%3DJBJMUOOD35DMXLRJEZ8SEN%26utm_nr_delayed_email_eid%3D7SKUXUDSJZDHFMZVN48SEN%92%A5sr_cn%B7Newsletter+campaign+-+2%92%A5sr_es%B2%5BKYC+VERIFICATION%5D&sr_sg=SR18G6ZRZIV4G3QVBZZHBVUCPUIDCU8MWQEWNI
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: sraBUXZCWIKHVAIFFLIRHZCEDsrcTYUKLTQEUNHHHKQWLK8SENsreJBJMUOOD35DMXLRJEZ8SENsrrpikachulol@3getnede.comsrd7SKUXUDSJZDHFMZVN48SENsruhttpwww.onlinesalesconsultancy.comutmnrlinkxpath2Fhtml2Fbody2Ftable2Ftbody2Ftr2Ftd2Ftable5B25D2Ftbody2Ftr2Ftd2Ftable2Ftbody2Ftr2Ftd2Ftable2Ftbody2Ftr2Ftd2Fdiv2Fdiv5B15D2Fdiv5B25D2Fautmsourceadrollutmmediumemailutmcampaignnewslettercampaign2utmnrcampaigneidTYUKLTQEUNHHHKQWLK8SENutmnrcampaignemaileidJBJMUOOD35DMXLRJEZ8SENutmnrdelayedemaileid7SKUXUDSJZDHFMZVN48SENsrcnNewslettercampaign2sresKYCVERIFICATION