Created
June 3, 2024 19:36
-
-
Save silence-is-best/1b672b44563901fa3d55065436cc4716 to your computer and use it in GitHub Desktop.
May Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 5/2/2024,Malicious email campaign; morning,RE:AW:AW:AW SHIPMENT ARRIVAL NOTICE AWB5889829680; zip -> formbook,Attachment,6 | |
| 5/2/2024,Malicious email campaign; morning,Fw: MT103 Failed /Returned; zip -> formbook,Attachment,6 | |
| 5/2/2024,Malicious email campaign; morning,Re: Telecon follow up / Purchase order; zip -> formbook,Attachment,6 | |
| 5/2/2024,Malicious email campaign; afternoon,Aw: Proforma Invoice; rar -> originlogger,Attachment,4 | |
| 5/3/2024,Malicious email campaign; morning,Request For Quotation; lzh -> vbs -> originlogger,Attachment,3 | |
| 5/6/2024,Malicious email campaign; morning,PO 211436; zip -> originlogger,Attachment,4 | |
| 5/8/2024,Malicious email campaign; morning,"Eurofins Tsing Hua Environment Testing Co., Ltd Purchase Order; lzh ->",Attachment,20 | |
| 5/12/2024,Malicious email campaign; afternoon,Pre-production Samples; img -> originlogger,Attachment,5 | |
| 5/12/2024,Malicious email campaign; afternoon,NEW PO DTL20-041 FOB Quote Best Prices; doc -> lokibot,Attachment,2 | |
| 5/12/2024,Malicious email campaign; afternoon,FWD: damaged during last shipment; xlam -> originlogger,Attachment,4 | |
| 5/13/2024,Malicious email campaign; morning,Quotation Request May-2024; z -> originlogger,Attachment,2 | |
| 5/13/2024,Malicious email campaign; afternoon,Invoice Clarification; doc -> formbook,Attachment,3 | |
| 5/14/2024,Malicious email campaign; morning,Re: shipment information; txz -> originlogger,Attachment,2 | |
| 5/14/2024,Malicious email campaign; afternoon,Fw: CR Approved Proforma Invoice; zip -> originlogger,Attachment,3 | |
| 5/14/2024,Malicious email campaign; afternoon,EFT Remittance Notification; iso -> lokibot,Attachment,3 | |
| 5/15/2024,Malicious email campaign; morning,Échantillons de pré-production; img -> guloader -> originlogger,Attachment,6 | |
| 5/15/2024,Malicious email campaign; afternoon,SHIPMENT ADVICE; lzh -> formbook continued to 5/20,Attachment,23 | |
| 5/15/2024,Malicious email campaign; afternoon,RE: RE: RE: RE: RE: RE: Payment; txz -> originlogger,Attachment,14 | |
| 5/16/2024,Malicious email campaign; morning,Re: FW: Payment For INV00874; xlam -> originlogger,Attachment,4 | |
| 5/16/2024,Malicious email campaign; morning,Proof of payment 03948292; zip -> originlogger,Attachment,4 | |
| 5/20/2024,Malicious email campaign; morning,Re: Invoice Request INV9019849; 7z -> originlogger,Attachment,2 | |
| 5/22/2024,Malicious email campaign; afternoon,Shipment Schedule; lzh -> loader -> formbook,Attachment,2 | |
| 5/23/2024,Malicious email campaign; morning,RE: ADVANCE TT COPY; lzh -> loader -> formbook,Attachment,8 | |
| 5/23/2024,Malicious email campaign; morning,Revised PI; lzh -> originlogger,Attachment,4 | |
| 5/27/2024,Malicious email campaign; afternoon,Re: Fwd: INV-M673778.01_CRM03283275; cab -> remcos,Attachment,4 | |
| 5/30/2024,Malicious email campaign; morning,DHL Express Shipment Confirmation; lzh -> vbs -> guloader,Attachment,22 | |
| 5/30/2024,Malicious email campaign; morning,PO72100020; z -> originlogger,Attachment,4 | |
| 5/30/2024,Malicious email campaign; morning,"SWIFT DOZNAKA RADIJATOR-INZENJERING DOO EUR 19,588,22 20240530142528; lzh -> vbs -> guloader -> remcos",Attachment,4 | |
| 5/30/2024,Malicious email campaign; morning,Request for Quotation; 7z ->remcos,Attachment,2 | |
| 5/31/2024,Malicious email campaign; afternoon,Re : Drawing specification and Issued PO #07329; jar -> strrat,Attachment,4 | |
| 5/31/2024,Malicious email campaign; afternoon,Re: RFQ# Pending Approvel; xlam -> remcos,Attachment,2 | |
| formbook, 2d5daabb83d7407227101b599776df1c21b3914c6ba0fa6d0d6ee7ff7aa88403, www.fcelectrodesign.com/agbg/ | |
| formbook, 2e0c808b08f36e34e0e37530c8b5d4080fb654bdf12cae1e17a2adbdace21cd7, http://www.futuregainers.net/l4k7/ | |
| formbook, 32b0bf7343d19bff2f4d6ab44e6c5fa825e605563a64b0808eb906b951263aa5, http://www.nurenose.com/md49/ | |
| formbook, 3ef009e7f463f7547633cf58782dc38fe61e38e9e4fcbedf2f70311c6fa0e5a7, www.pricekaboom.com/88is | |
| formbook, 4370788ad82210cce76bddf545e9960804076e5313eaeebe998e9898f26a2c4c, http://www.vegus24.org/gzu1/ | |
| formbook, 481fe3840d515d4d19d6fb16143aa6845b9df798fe8d6c843297d34219cb14d0, http://www.terelprime.com/ufuh | |
| formbook, 6a220dfe065da94494e1f5a94311bdba17f6f56d66f40ca39af817798fea09af, resetter.xyz/ij84 | |
| formbook, 71f72ce2762a449ca22338ff1035ba11b86ea974f39b7779eba2a8c480b1893e, http://www.trabnyvideosx.com/n1wh/ | |
| formbook, 8ec69eaf10a3043817f153a9ac99d113884d1fe657709b759512b688c5014b8f, http://www.terelprime.com/ufuh/ | |
| formbook, 9d3e2f47c9e19eb3dd2ad6ff1b00ae5e7b429c4c997268a42b3f75c6d448090a, www.pricekaboom.com/88is | |
| formbook, b64f36a2219ecf76454ceb92b2e56bc14143cf0cc9d9f2c356b2b982cb66ec98, www.luckydomainz.shop/pq0o/ | |
| formbook, b7655834193fb61b60219d43d88d8c87795eeb5fd8ffb43f9ff3e0f818f53b0d, http://www.solesense.pro/n1wh/ | |
| formbook, dabc79a064aa9838ad06d11311ff4c72913d9a7e7c1016cc9e12dcc46d474b8a, http://www.solesense.pro/n1wh/ | |
| formbook, e154f78539b295e3755ce2a8aaeb11018e35c6471c4584da66260f0365afcd9e, www.pricekaboom.com/88is | |
| formbook, f8fcc607a0e63d040f026594919f3e699389bdaae59d9a62aa9180f531ebba41, www.shopnow321.online/41br/ | |
| guloader-originlogger, 1d10713238e6d48ee5b8e78207c73d9cb1149012d33101f32478793db23862a8, [email protected] | |
| guloader-remcos, 720d5e29e7249eea52bd04ba585b9e18908356bbc3cea37920f44b1673ca9ef6, paygateme.net:2286 | |
| guloader-remcos, 959ff39efb0b3116c80c02902eb4120b5e7e1e12bd8cfbc83fc811d8091d0309, chukwuonye.duckdns.org | |
| lokibot, 120cacb24dddf38d691c51a2f8fcce313574c5edbe35d00bae9d654968d7389a, http://spencerstuartllc.top/evie2/five/fre.php | |
| lokibot, a1dd7d24763249bcbf451a5c7e58b950e04f365757b627b57546ad80ac00c028, http://sempersim.su/d2/fre.php | |
| lokibot, bf69d7e6dc53d7406f9ca42a77aab58d4fab67d8c0778f71efc77a9fb653e4c9, https://franccoisfreres.com/PWS/fre.php | |
| originlogger, 05b60524cb82eb522b46db014a5ec190e35d9fd433e7624232b53f142b3ed1a1, mail.springandsummer.lk | |
| originlogger, 0899638cfa6353884fd28f5e4e99d61439ad14e53956b68e1b37253eede542a5, ftp://ftp.kurtogluendustriyel.com | |
| originlogger, 0b684d20eef9e48b778bac66117cc1c62ae648dc2fdde1f8ced3ce68873ccc74, ftp://ftp.normagroup.com.tr | |
| originlogger, 112155b5d86084bb43a49f7f4e3b20d7a9e6798040ef3ed438ea25cd7b159390, proglass.com.sg | |
| originlogger, 137dba4596af3536acacb3ce1190517061eecc9703c1e3533b35319b99fcdc60, mail.rapvision.co.id | |
| originlogger, 14cd851e42923eb404d071c555a88567054dab30ee487ef513d63962bb542fb0, 66.29.151.236 | |
| originlogger, 157aaa2c069a7be7c83f88b97b9b47086cd5e99f5e6be6185f8ea1d06e6c4095, mail.cash4cars.nz | |
| originlogger, 16ea08651c3db7583f2cf9b3579a4afecf41161f081d2ac4611fc7771a19a628, mail.mapsenzymes.com | |
| originlogger, 19faeafd87bf62719caf8e3a73e532a08aa7cb773ba38591a57a75d787b6cfb9, mail.maternamedical.top | |
| originlogger, 1add0a3d216b76b0cd334a613c1d95e3af818af5b08b4afc9d4314c28a7c842f, phoenixblowers.com | |
| originlogger, 1c47eba374d49cd0a1a90cbd1668854b0fff5dc9b774db190acfc6d15f753dec, https://api.telegram.org/bot6937426667 | |
| originlogger, 1ccd4bde08beabbb7628115eea1f098e0c32fbc468d410a3474e530824aea835, mail.azmaplast.com | |
| originlogger, 2a16328087b5c71db96d37131a09e8f4aaf36019f3181b52f0bc21739d40c1fe, proglass.com.sg | |
| originlogger, 30118db79f45d9e495d85d5188ebc4e010a2bc33258b8b0d0d1abfd1f056502f, mail.iaa-airferight.com | |
| originlogger, 341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159, mail.kino2.top | |
| originlogger, 376cfdc4a0a3cb51334e62515ecb7d3ca3bfbdc0843d1066411c71a205ede03f, smtp.hsbv1.nl | |
| originlogger, 3c4a62274eaf166916621a82f252b2dcdbde0fb6b477682943ef60128f0a82c3, https://api.telegram.org/bot7138223592 | |
| originlogger, 3cf1272bbb24cd63faf26b69ab0eaeec8ce789a9e59030cfa79e40150d8ae286, mail.azmaplast.com | |
| originlogger, 3d18d539bce573477ec1562c88686d43dbdfe29c4556946af482c3e5aa2e9e75, mail.ipr-co.org | |
| originlogger, 452f10de6f5dd60f4ced6c16027dca4a6f1fd8770601d46a610095c398c3266d, mail.metalsbox.com | |
| originlogger, 4a79dca8bc76dd26f46d047a2a1f559208c5a3525b10b5b62d0c1a7ceb80a5a7, mail.springandsummer.lk | |
| originlogger, 4deb0f08ddd189fab483b1efcabcaf507e43a68d255ca87e1ffa32f248f1f8ac, 66.29.151.236 | |
| originlogger, 506fdcc4444cd91f71713b3335a02f6612f0ac3821b5b098fac837a676aa1c04, mail.unitechautomations.com | |
| originlogger, 55ca6e3bbf1d36f43fb873b3956d9e9ede7586eed508551d463aef4b56ed709f, us2.smtp.mailhostbox.com | |
| originlogger, 56088522db96e61f4e534f229e445803b21aa9e475e03d2071ef552a39338de0, mail.sara.ind.br | |
| originlogger, 6335b9e2204cdd0a2c6cbd39296aa6b409e46a3ec9ccec992423e65ddae20f30, mail.chachitos.com.mx | |
| originlogger, 6b86431fee8164deabca966d65622db819989c40c09f940137b4cb5a7825c1fd, mail.nsatech.co | |
| originlogger, 7367eff3b16932de2ac2572e09b905aae4ecb3e7dfd68b73f9a2dd917c03af72, mail.armos.ro | |
| originlogger, 74bc25305325ee41319153323e722fb21fa052f0e5b0006d12894e906efcd838, mail.azmaplast.com | |
| originlogger, 7fceea4595b755fbb229e382c964e9ffe917b148348e998c01ad1362f9caed5c, mail.armos.ro | |
| originlogger, 82c5ba35af0e660be9e5811632fc88530156fc5ada8f52251dd412bb420d25f6, mail.vasantslabels.com | |
| originlogger, 84db7fcbb569f116ac6645fd77b0c23057c4ac48432207d4cd03e669d679b40f, mail.awelleh.top | |
| originlogger, 86d74d655679ee232b8fcf1a0013a17972b6b93aed25ae8beccd5864a9a1ecbe, mail.showpiece.trillennium.biz | |
| originlogger, 940089bbf36611ee87fd96805eea9e203b94d6c2052c5fdb1c8db8ffdd044a14, mail.oripam.xyz | |
| originlogger, 975b3a06001714b6ba678a29cfaaf9709b8667e6e027f643589a1cc59027f8dc, mail.metalsbox.com | |
| originlogger, 994fa755944555aa46ecbf95958ee92c732100468d2fe3b436292c769cb86b46, mail.diginetbd.net | |
| originlogger, 9b8e0604abf0a5de3a291a1a6af15b073c8e92834c673f98ba27ff3693e52495, fiber13.dnsiaas.com | |
| originlogger, 9cbd6f353523ae3df7bc1014ceeb7ba74c1805495f1842b921cd0d7797c10a6c, mail.kino2.top | |
| originlogger, a0647e96c90413554f57ebc66f22617ead1b6572eb2c0977104ec0482c68d71c, [email protected] | |
| originlogger, a143da5889aa739a18399bf2d4fe6352191eaa06ed7ef2568dfd57983eaa416a, smtp.trisquarespl.com | |
| originlogger, a73bde5818cf35b57af18ef482d69a39cf93ab332eb5a1301042c9b69e74dcc9, phoenixblowers.com | |
| originlogger, b3f8261addf5c790f042a51bb1a890a061f12e2b5a69fef4fd096312968129b4, ftp://ftp.kurtogluendustriyel.com | |
| originlogger, c4e0d8ae7e8574576dcae763e892888f741dd72178aa61e31cde60c17af6683c, mail.thelamalab.com | |
| originlogger, cae157e91a9e0a4ea660d3650ab18710272f87d440ee2106b652a55e8d927590, 66.29.151.236 | |
| originlogger, d143a45b206be512dc5a025ac805775067e03a52fbfaec11ac553da4f0eab011, mail.100demoras.pt | |
| originlogger, d6ac0eeecda07bab17a4dde0ed70aae89398fd8a85c5cfc419b3e548711f43d0, mail.armos.ro | |
| originlogger, d773db3acad368a5e51b2ea6f4cd5feb904c3255d3ef79cfcd07935a46400e38, smtp.trisquarespl.com | |
| originlogger, d967ab9c69606d614df05823f3fcb76d436dbda3f1306db4d132acbda8aa8cb5, mail.clslk.com | |
| originlogger, de8e969262354abb8f4bcc774639973c44d0b84611f6622dd5f0464c760e2ebc, mail.kino2.top | |
| originlogger, e0e366834de34a6e93035842b46662c2b1b05d350c1218953f8faab632ead3ae, mail.springandsummer.lk | |
| originlogger, e10e48b11573e8fb2e81811d9ac5a32d47e88021e452ce6ebc98c38765dbd8de, smtp.safakenjektor.com | |
| originlogger, e34a0f638032121ee380aea9978261e25775097cdb5ad197e87a2cfa40a9e1a2, phoenixblowers.com | |
| originlogger, e89f30e4e2bb0c61f89cb3a321043d10d305413954da2464c28c5606cc12656e, [email protected] | |
| originlogger, e8f449b9786d98a8030318f1db933037c01f77e7ffe3acc649191360c5e758f5, us2.smtp.mailhostbox.com | |
| originlogger, fc8b42b5a959695c8f1965545c08d1b7cdcabc0be9d489590041aff51ef0be60, ftp://ftp.prokemsc.com | |
| redline, 6631d2f9331c2b5c717d8c99dc60b1f48a9da1c8224099a0a8046deff4153f54, 147.78.103.101 | |
| remcos, 69c53b0abbc6660f000766b4e978ceec0a0647e135ea40bd3f8ded1c88ae5241, zakriexports.com:1988 | |
| remcos, ce780b54c89a5fe2c0fe7fa6ff246b00ca4e15ee84b80c4d6730f30f345912ed, mypersonrem.duckdns.org | |
| remcos, e28c8fc4052dbd472cc6245f605064f85ebb36371b43246066fdbeca547cbd17, yuahdgbceja.sytes.net | |
| remcos, f4085b40140a0500b17b6b1b20698af8c68a096ed072252d1e65d05286724972, yuahdgbceja.sytes.net | |
| snakekeylogger, 03eaee082ee63bf79525e2edeb6f406d2ffca6feab4aada8f03dc98740d28a44, valleycountysar.org | |
| snakekeylogger, 635aae400f0b0e14d49a827928371d84cd097bb9b3b405dd911c138f232ff812, valleycountysar.org | |
| strrat, 0f359450e399eff8b4b9ae323a4e7a6569426735f3824a13756972f1b10d2606, jnmanymen.ydns.eu | |
| strrat, f0699de74b6274011f91036c3daafc4aae3e49e2210be14ea06a8d478248c151, jnmanymen.ydns.eu | |
| wshrat, cc10da7e2a5c074cc559ed0f19a4880ae171a44b0039a5d3caadfd326db714fc, masterokrwh.duckdns.org | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment