Skip to content

Instantly share code, notes, and snippets.

@silence-is-best

silence-is-best/gist:177d5540f10cf10990af41e4aea27b61

Created March 1, 2024 18:36
Show Gist options
  • Save silence-is-best/177d5540f10cf10990af41e4aea27b61 to your computer and use it in GitHub Desktop.
Save silence-is-best/177d5540f10cf10990af41e4aea27b61 to your computer and use it in GitHub Desktop.
Download ZIP
February Malspam Campaigns
Raw
gistfile1.txt
Date,Details,Payload Type,Users Targeted
2/1/2024,SOA PAYMENT SETTLEMENT; r01 -> dbatloader -> remcos,Attachment,5
2/1/2024,Request for Quotation; z -> originlogger continued to 02/04,Attachment,8
2/4/2024,Re:New Order; 7z -> originlogger,Attachment,2
2/5/2024,Quote; z -> origin logger,Attachment,4
2/6/2024,AmBank Remittance Advice/SOA SETTLEMENT/BL-FEB-2024/APPROVED; tar -> modiloader -> remcos,Attachment,6
2/7/2024,Header from [email protected]|[email protected]; pdf -> wikiloader continied to 2/8,Attachment,162
2/8/2024,FW: Re: Quotation Request - Feb 2024 quotation.// New Supplier; lzh -> originlogger,Attachment,25
2/8/2024,RE: RFQ - 07.02.2024; xla -> doc -> vbs -> remcos,Attachment,3
2/12/2024,Payment remittance from Our Client/ Your Customer; 7z -> originlogger,Attachment,2
2/13/2024,Quotation-PWTC-0939-2024; lzh -> originlogger,Attachment,18
2/14/2024,Invoices 5611549092 - JHT0573001; z -> originlogger,Attachment,4
2/14/2024,metodo de pago; rar -> originlogger,Attachment,2
2/14/2024,INQUIRY 2024-SP0006-B(01) INQ24-012207; zip -> img -> originlogger,Attachment,2
2/15/2024,Header from: [email protected]; pdf -> zip -> wikiloader continued to 2/16,Attachment,196
2/16/2024,Turkey shipments / MSC -An?l Nur // MSC SHIPPING // SHPSI42-08643; z -> originlogger,Attachment,4
2/18/2024,Urgent Confirmation Required; rar -> formbook,Attachment,6
2/19/2024,New POs# ST-2312180; z -> originlogger continued to 2/20,Attachment,8
2/19/2024,Quote for tender N� 02/2024; z -> originlogger continued to 2/20,Attachment,8
2/19/2024,Re: Enquiry letter - RFQ No. : 1060; xlam -> originlogger,Attachment,4
2/19/2024,Payment Order; uue -> originlogger,Attachment,4
2/19/2024,Payment..; zip -> img -> vbs -> xworm,Attachment,6
2/20/2024,purchase request; z -> originlogger,Attachment,4
2/20/2024,Urgent! BW | Quotation Request - 20 Feb - SFO/WRN/5; z -> orioginlogger,Attachment,4
2/21/2024,Request for Quote--FL202306200039 SWP| New PO; z|zip -> originlogger,Attachment,8
2/21/2024,Attachment name is Vessel Particulars.zip; zip -> snakekeylogger,Attachment,4
2/21/2024,RE: Shipping Documents - Order No. 24250011/ACCULAB/MOH / Invoice 535; xlsx -> originlogger,Attachment,2
2/21/2024,FLF7992/22 // Shipment / Urgent!!; zip -> snakekeylogger,Attachment,2
2/22/2024,INV 2146217615 [ ref:_00D0NiQj0._5006M2RcSm9:ref ]; z -> originlogger,Attachment,4
2/22/2024,RFQ (PO 20225181); z -> originlogger,Attachment,3
2/22/2024,Header from [email protected]|[email protected]; pdf -> zip -> js -> wikiloader,Attachment,495
2/25/2024,Quotation FT-QFL-2024-048R// SOLINOID HYD.220V PARKER; zip -> originlogger,Attachment,2
2/25/2024,FYI: ATTACHED PAYMENT SLIP; xlam -> originlogger,Attachment,3
2/26/2024,RE: Purchase Order - PO 0000010231; lzh -> originlogger,Attachment,3
2/27/2024,RE: PI-236031 RE: Incorrect Bank details/PAYMENT OF EUR 92,320/PO881620-2024/JAN; gz -> modiloader -> remcos,Attachment,6
2/27/2024,FYI: ATTACHED PAYMENT SLIP; rar -> originlogger,Attachment,5
2/27/2024,Re: RFQ - PROJECT 893MTR Awaiting approval; rar -> originlogger,Attachment,2
2/27/2024,For the accounting department; lzh -> originlogger,Attachment,4
2/28/2024,new order 32724; z -> originlogger,Attachment,4
2/28/2024,Quotation Request - Feb 2024 quotation.// New Supplier; zip -> originlogger,Attachment,4
2/29/2024,lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,3
darkgate, a164125faae1d9972f4d98821ce2e8490424812824e0ea650f262f4405c9a46b, remasterprodelherskjs.com
dbatloader-remcos, d4a1ca32710ef43fd6033182cb178c3bf32c6c6d5294f78f2c450d2b1d0b3146, 192.3.101.8
formbook, 2d8467103cc2a2c613c8b04a174839f339c793f2a4b05f872c538e06d5e89a78, dp77.shop/he2a
formbook, 5cffcbea55270dc431c4838acdfd6f2a12b7b3e7671674816fc717653abe577c, guninfo.guru/he2a
formbook, f73f985bf2f74cc1006a5e911bbd7940073809b01da2823a6bb1db85288c0926, connectioncompass.store/he2a
guloader-azorult, d4965c645437bdfb5eaf7eed2175fe89501fd437bede13cc91de0f36a3c745cd, http://bmld.shop/BM341/index.php
modiloader-remcos, be1735fad8254f619d83a8e80803cfcb2b17f74161e831f5004829f0bc9db83c, www.volcano247.online:1282
originlogger, 02a690404a3d82ed7aef87f8518cac02809384d6b0550a36fc837c8552255d3d, mail.2sautomobile.com
originlogger, 07f7e9bc869b416cdb600550826db5eeea94a6ea8214364e0a042f549d6da42b, https://api.telegram.org/bot6466189294
originlogger, 0e1c77e4b230515368f3da9e4c79de3b2d8d0a8d9597b03e05995a3cb41f5ef2, ftp://ftp.elquijotebanquetes.com
originlogger, 11bcf2b20ab604c6d246d863411a86115e18480d64062c5e22747c7c7e78b014, mymobileorder.com
originlogger, 18685cc299f03f907413c789321ea1131326fec4a71de97194814685ba0dba38, mail.ronaldsmith.loan
originlogger, 189b5f3cb70793fea771d2e0b5db4dc2fd2695f1c7510e35437e3a2f634e9536, mail.2sautomobile.com
originlogger, 23a3247e51724797e335acdb0e40a154a38f8b8365e1fbf0e8635a6464688f35, mail.khenghong.com
originlogger, 2721334b6e632df9c325337f43656c1e2ed4afb5e0e1e1b74a55055346d3200e, ftp.elquijotebanquetes.com
originlogger, 2aa5dbdfca727b54d217cb452c424d8b8a8fe071d6d9b3c0ee9eed6c1563ac16, mail.cfomto.com
originlogger, 2c42f0b638e46ffc233200f45ca9436c78fb424fc409574512774dfd3a0621a6, mail.elec-qatar.com
originlogger, 2d5b681c72ec342d041fccca1bba191dc4bd69e91cd8d56c8298ae3cc0bd8148, mail.gasplants.quest
originlogger, 326068aa434690c190e1784ac4eef5198e550e41b7189738879ed042ed97e732, 20240221_112832_lmB4xMnFTRP1VNMEef2Hy6IdGM0RzElD.eml
originlogger, 344bb8ae2d9afbf9f666a844f6e9a7606eaa226a0383b84cf173f0f3725fabff, mail.wassadadvogados.com.br
originlogger, 36f7c0474281b6494bb36b89ce4ac4db2eac9ea7403599c938b61b8f78c1dd1c, ftp://ftp.amtechprinting.com
originlogger, 36f990f3ff5b7bcdc7eac8910ecd305e03b8e988a0a341f244b16a298e331b80, mail.tadbirdrilling.com
originlogger, 36fc325a5d6b8766479d0ab84c7cbbde42a55dc2dbb1937c33b0e465497718ab, https://discordapp.com/api/webhooks/1209470613249593395
originlogger, 377f3bdb1667a8274086c2a8ac348b0d1f13d10a097dccbb5e4f48700765f21d, mail.ronaldsmith.loan
originlogger, 3a200eef1d0d1a77c93e3198796b8a9320794758b487ae2569d567792644d49b, mail.tadbirdrilling.com
originlogger, 426fc26ec06cf82b6ebd0f6480c94d03e87c6115d9c665a740f6b106a2baff99, mail.dmsinnovative.ro
originlogger, 42b875ba2d7d655249fb6a50f8106b7070fcba963a9030f72558b1632e0c6a6c, webmail.missiontool.net
originlogger, 4416b9214d72b07c657a7916e033c4e5487e6049eb263c7a813ae673026a6fea, mail.tadbirdrilling.com
originlogger, 46d8a62c1eb783055f088db45577025b48710ed5e69976ca8f6a055841c6b7a2, mail.udpl.top
originlogger, 47c804d46a50ee31a41a5ce6f83fe6bae0536df92a622495a7af843f22955b2e, mail.oceanskylogistics.in
originlogger, 48e88039e0b5d0cc07353a12d5aa8c3ca418cf1a021b8123b9cfdf3e2468ffa2, host2069.hostmonster.com
originlogger, 4af4e807a39641a52d870358fa8b6486927f7f5daeb94a2a75d9e117ba41a3ea, us2.smtp.mailhostbox.com
originlogger, 4c17e4d9c3a7736be5e5ee6bb8c414e9a66a397fb81e3185b5d2360a84a084f0, mail.2sautomobile.com
originlogger, 4e6f22754b821f8870cc30809cd60cd3535653072f22356d7958fae2fe48df78, mail.sdlbd.net
originlogger, 4ed9be9db41627b4511f5568a48e1815377488ae802941622d30664dd386b6e5, mail.gasplants.quest
originlogger, 538cd3678e9c81c66318b58451a3e690c87c3397b30f2587caf90e91d13e62e8, mail.gasplants.quest
originlogger, 56608ce3c12c4502fcab65948d4e2bb6c49809d76901c05faea38ad75ef56f21, mail.ronaldsmith.loan
originlogger, 5bed20739f13f9e82e3ea63a13440fc71a94fbd38ec7c23c72839f16ef2a16c1, valleycountysar.org
originlogger, 5f57f52adae6c2bc66134b12af0f88354d3efa874598c8761984bcc71b0995f8, nl10.nlkoddos.com
originlogger, 60e8b003440b080a51356349e2fd177d7b6c9d9661b22540462d0d01598f4a49, mail.gasplants.quest
originlogger, 6363c6f85a5ee95ea3fd025374e8ad16aebc513f56ade341476d1e2be045479d, mail.atec.com.tr
originlogger, 63cbf8a0edc294245e2e379283862d7e87e13a559c5493bb1f217e2d660c30e0, [email protected]
originlogger, 63df257d05c5ae9f6e76314a3a44c2fb7bf1a1ef78ffa687fc0bf35f331639e4, mail.favatrading.com
originlogger, 643ec0d1bf2ed36dd15a6eae87f1a570c88be0cae6ccdf7179f705edd3291d38, mail.elec-qatar.com
originlogger, 67362222dc4dae93f62f984771afb1b9d319ea23335bd4bb4e941f5e1248edc2, [email protected]
originlogger, 719b90e90ec80dc97228c3bf8116c9a45fd3636a93e4d0c6917fb8de7f719ef8, mail.awelleh3.top
originlogger, 72a4247f1cf52075a0bedff1719a72e37866f69c0b44921bbb8f8a7ee5cdc795, mail.oceanskylogistics.in
originlogger, 72aa3b6f49cb6e40559bcaeec0a209959e55a6b47671b45581acd2e718b76dc4, mail.tecnosilos.com.py
originlogger, 72dd6cebbc5ac0e9620bbe787f15b692987cde6a09d3ada3c17bc6cb48c93e9d, mail.coperwire.com
originlogger, 73e0732124b786a80d0cf5723d7946267338cb2cd92a547dd7f2bb1d77d1d366, mail.clslk.com
originlogger, 78ea44a5a67769917b600543b0a1fffd621e086dec6fddddf438080e89ba4ea1, mail.awelleh3.top
originlogger, 7b67d0a145d4a5d7c1743269452d08bc56bfcb91d93786a375e288f94dd265f8, https://discordapp.com/api/webhooks/1209058275480445018/
originlogger, 7bed94215dac7fc8384499ede4ce30c17b50e0ea12a09992605b37629fb5d7a8, mail.showpiece.trillennium.biz
originlogger, 886f846b4e04fd7074fcffe077c857f75656c41a8fb08d7738b1b5fc64e77aba, mail.awelleh3.top
originlogger, 8999bcd7dd6b2772cd1a2c541833cef7a0188c7a69cb1480304cab14b987ce2a, mail.karmanorbuling.org
originlogger, 908c852e62f3c069dfbfd4ee9459bab100e23f84edba24a8d2b5fc863eb649f8, mail.gasplants.quest
originlogger, 92577c8e971b84aa753861bf7af9b4c1c986bcb1a4ccb40663398a1cf0fa99c2, mail.tadbirdrilling.com
originlogger, 95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b, mail.sgbumperscar.com
originlogger, 99c0f1545a2b7f7480d4ff714d1874fbaa873ca035e4b85547248cecc2aefea7, mail.sdlbd.net
originlogger, 9ab4e40477f73cc56c6f1097a6e334cb5acdf4f26523fcbd4f994eaa05886fd2, [email protected]
originlogger, 9b5d43208622a92db4dddf29bbac0d0a468e0e78565da10363ec7b3654c98a79, mail.tadbirdrilling.com
originlogger, 9c98d6fbc6bbe6354c1dc7fa3791df167c648f30f6397a584f1c1d45839ef2e2, mail.ronaldsmith.loan
originlogger, a3389d421ad67e0668b58bca73585ae641047e2b9b0d798060b96f4ad0648477, mail.elec-qatar.com
originlogger, a471005428df2b40174de80a9d27db29284fb99c8a6a0b167d3e441f8357ea65, mail.alnahdhagroup.com
originlogger, a66e4f51630922d4131baab37ffb114b872b8dc5116c9821f7407edb98035803, us2.smtp.mailhostbox.com
originlogger, a7dde43b3408e3ab1086ea528f9957f043fe95e5e5801caa6a619179f0c94064, mail.tadbirdrilling.com
originlogger, a85fd479d4d8655f30a83ecb0a53cc937f900ecd6bba52e0e568543711f287aa, mail.itresinc.com
originlogger, a90ffb3f85b478d28ed7af356c5260ff06b3d68936a118b3021da687a2767c33, mail.cyber.net.pk
originlogger, ab0ab872b074e41bc8391409aaee38fcae8a8814fdd5b0cf26ffb6da8cf9f55c, https://api.telegram.org/bot6466189294
originlogger, acc3af1d99c5b30de20a7c6c669401990ea4a9e15c101eb73b3efe86815d9c14, mail.uzmbc.com
originlogger, adbe581ec41ac78ef2de9a64ca464839d23dfc5790027a8bb8464df3dbda4a02, mail.itresinc.com
originlogger, ae5ce9879c731a569c6bb64ed814691cabf46e5612f209a53fbab041d9898488, mail.gomaprotect.com
originlogger, b1ad93234db4861f0594fd5fefa9311c0686bf49d0a280563e62bd3d57cefae9, mail.atec.com.tr
originlogger, ba9c0fc610a435fc11f48caf932a52f15e418d45e9ec21c83e08e624b28a8b90, mail.mcmkimya.com
originlogger, bdfa1e10a23595bbddaaf73a1c45bd6e7f9be2b94020ba251d06ec5467858b92, mail.awelleh3.top
originlogger, bec40e9e4bc9018106ccb3da5ebc4714cac1f436e421714cc8d76470ffd6edd6, mail.commtechtrading.com
originlogger, bf3c9018cda0a86ff2b2db9acb0ebd132c496a8652f0bd7eceede49259c60b81, mail.awelleh3.top
originlogger, c12a4ab95d9caaf2f1a68db084dbfd38ebd65391041925d0417b08e50489f353, ftp://ftp.elquijotebanquetes.com
originlogger, c22a9bb9deef5ea604ec792b755ba95212644f028b52f30629ff297d0dbed6ef, mail.emulines.biz
originlogger, c907b5ee8b9aae5ad661042f2aed0338df90653b95dad072ef8d8c0b582bc46b, us2.smtp.mailhostbox.com
originlogger, c9241559f23410420e3cc5aca086d56b5b09f6f93dfa00a89c3596f2b4d80a2a, mail.gasplants.quest
originlogger, ccdcff0537e3089aa3432d5dbaa9feca918cc8a8b172e1e0ed79600a0ed88f60, mail.mcltransindo.com
originlogger, d57bd0f4e9c749e3236908ed76d66c9d28f3d0d29809a90a95c9b90ee166f141, us2.smtp.mailhostbox.com
originlogger, dcbd4ccc44f8e25f19fba42304e8d4c7e491b85459cc7885dd65d1de31f6ab8e, smtp.doogeee.com
originlogger, df8a906a6a3fa7a3631b68f28d05854dbdf920ba3b16215049d8e1f020f82c75, mail.cfomto.com
originlogger, e161c75413a00f6538b93cea7c5790a132eae426149758f2018bde3a699d603c, mail.tecnosilos.com.py
originlogger, e4097233fec4adb5cb99489005e6beaf15b6f7e7c3040432b11b65e49a9cf55f, mail.commtechtrading.com
originlogger, e5ba47d37554211c555170329555afae35d41989297a18bddbf33bfb2d30a6f0, smtp.doogeee.com
originlogger, e68a0da390baf3802baa117bce98b4b3bcbd4f0d0f1355df483d1c5366206921, mail.itresinc.com
originlogger, e975fa2f23bd0915d807f163a8cb25eaf6701e1c699bdb038b479d35601bb952, mail.amtechprinting.com
originlogger, ea76924a61dd9fd2555d3b7ed0e1cfe95fc952784370326699b2e594028a8490, mail.atec.com.tr
originlogger, eb0552adb1393fe7dab33128821e15ff49a4d3b0f9c086da3ca65f04fb19937e, [email protected]
originlogger, f7114a6cfdff9d50e7e2f210f9c5d8e3c37dcd88e1b5da444a1ffa6874962354, mail.tadbirdrilling.com
originlogger, fa6a90868be9524a1fb67ac98548f0cbbd4d4254b375c118c5e638c64147e953, mail.elec-qatar.com
originlogger, fae7151f524b89162d3d71388b8274edc0f7877701de404d509b2a5f17157fae, mail.tadbirdrilling.com
purestealer, 15c0af687add0ba5fe93a98e6096ab3e55e6d422b63325018aa8745a9ce3f5bf, 45.137.22.173
remcos, 2abeff254e174f364e72d2fca098b33b899cb39b40c3553f766258edfccc8fd5, 185.236.228.203:2024
remcos, 31b21fc7da99f2257db5afedb6165fc4735c1d8b51f515c50210ab91dd11842e, 155.254.24.167
remcos, 4edc1f0904f3ea0305ff2ca311db86ed8abb8b05aadef0599e0015fff0620403, 185.222.58.252:1992
snakekeylogger, 7161d933e8ce30fc8824cb3532294905ca0582760a306254ad03318619519c04, varders.kozow.com
snakekeylogger, 8fd20cef7ac3cda0ae24789bbc1b4a8fb6c6bc7d37c8f35d1a30a0ab5625b9dd, valleycountysar.org
snakekeylogger, b5fe6421c3088686eace4973a13c181cfdeb91580f83dfc49377eba12bd294df, valleycountysar.org
snakekeylogger, bb76efebcd4a82f8a51e25e2bb4bd63625db2e6f03d07452d1cfa060918c62f0, varders.kozow.com
snakekeylogger, e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8, valleycountysar.org
wikiloader, 0de42118dd0cd861bea13de097457ccb407aae901b14e0bec59b0abe660cdf1f, https://jubileemovement.org/wp-content/themes/twentytwentyone/3jubhh.php?id=1
wikiloader, 1c1d739f0282bfd9367e29ca81c61ed4a731e5150a836d0371e5e9d0121c9dfd, https://www.joannamalecka.pl/wp-content/themes/twentytwenty/u7arje.php?id=1
wikiloader, a001642046a6e99ab2b412d96020a243a221e3819eaac94ab3251fad7d20614b, https://osakaimchk[.]com/wp-content/themes/twentytwentythree/ovqugo.php?id=1
xloader, 3361d8646db858354977b6ee72d7f08a4587a01c38d36918c758ca813af96530, http://www.thegreenpenmedia.com/af45
xworm, 10875f69e0911f8aced75c992993d60e1f5e38a1de53fe63436b7913ffccaa24, febxworm39090.duckdns.org:9090
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment