Juniper Threat Labs have identified malware campaigns relying on legitimate paste services like paste.nrecom.net to host the malicious payload. The service is based on an open-source Pastebin implementation called Strikked and has been operating since 2014. Using Pastebin-style services to host encrypted malicious code in plain sight works in the attacker’s favor as these sites cannot be easily blocked by policy due to their legitimate use-cases. The malware campaigns leveraging the paste service to distribute encrypted payload include Agent Tesla, W3Cryptolocker, Redline Stealer, and LimeRAT.
Source: https://www.bleepingcomputer.com/news/security/malware-campaigns-deliver-payloads-via-obscure-paste-service/