ZIP File Containing HTA File Leads to Locky Ransomware

IOCs: 121.200.60.26 – onushilon.org/56f2gsu782desf – GET request for payload Hashes: SHA256: a48ef938b06ce335f1560836cae24ff11c445a10ccdc75c459507115c9bdf3a7 File name: 20160920034329138280504.zip SHA256: b08bca7d704d2bdf7db5b542eda84f5b9cd27ddfcbea33843ec1c08d7d240f66 File name: QL5LY62838.hta SHA256: ec44b16f4806c37a83fecee4fd68cdea830e046eaa451a212ec519613248c27d File name: iIrfSCB1