Created
September 4, 2024 16:13
-
-
Save silence-is-best/252f23cff687506a22f36b6286794b23 to your computer and use it in GitHub Desktop.
August Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 8/1/2024,Malicious email campaign; morning,Purchase Order; rar ->,Attachment,3 | |
| 8/1/2024,Malicious email campaign; evening,SIGNED ORDER CONFIRMATION FOR; zip -> xloader continued to 8/5,Attachment,4 | |
| 8/1/2024,Malicious email campaign; evening,ARRIVAL NOTICE FOR YOUR; zip -> originlogger continued to 8/5,Attachment,9 | |
| 8/2/2024,Malicious email campaign; evening,Purchase Order PO0001277 - N34 PAX SUITES SO0002124; z -> xloader,Attachment,5 | |
| 8/3/2024,Malicious email campaign; evening,RE: UPDATED SOA FOLLOW UP PAYMENT; rar|zip -> originlogger,Attachment,3 | |
| 8/3/2024,Malicious email campaign; evening,Fw: PAYMENT NOTIFICATION; zip -> snakekeylogger,Attachment,2 | |
| 8/6/2024,Malicious email campaign; morning,DHL BILL OF LANDING SHIPPING INVOICE DOCUMENTS; lzh -> originlogger,Attachment,2 | |
| 8/6/2024,Malicious email campaign; evening,Re: Payment for Proforma Invoice 0000000056789007689-pdf; zip -> purelogs,Attachment,3 | |
| 8/7/2024,Malicious email campaign; morning, PI-J/005 : PFI for Netazox 500 mg; rar -> snakekeylogger,Attachment,4 | |
| 8/8/2024,Malicious email campaign; evening,Payment Advice - Advice Ref:[A1WBFVjTVOhi] |SOA - 2024 ? 8 ???-PL&IV-1219-23A; rar -> snakekeylogger,Attachment,4 | |
| 8/9/2024,Malicious email campaign; morning,PR # 3000005991 - Quotation Required; rar -> snakekeylogger,Attachment,4 | |
| 8/9/2024,Malicious email campaign; morning,???SOA - 2024 ? 8 ???-PL&IV-1219-23A; rar -> snakekeylogger,Attachment,4 | |
| 8/12/2024,Malicious email campaign; evening,Invoice; docx -> xloader,Attachment,3 | |
| 8/13/2024,Malicious email campaign; morning,QUOTATION REQUEST FOR VALUE-48764-FBU8; rar -> remcos,Attachment,2 | |
| 8/15/2024,Malicious email campaign; morning,Document Awaits Your Review & Signature for ; link -> zip -> lummastealer,Link,7 | |
| 8/16/2024,Malicious email campaign; morning,Payment; rar -> guloader continued to 8/20,Attachment,2 | |
| 8/18/2024,Malicious email campaign; evening,"Request for Quotation (19 Aug,2024); rar -> snakekeylogger",Attachment,4 | |
| 8/19/2024,Malicious email campaign; evening,Invoice numbers 112 and 113; rar -> snekekeylogger,Attachment,4 | |
| 8/25/2024,Malicious email campaign; morning,Quotation for Blue DMU Spare Parts; 7z -> snakekeylogger,Attachment,2 | |
| 8/26/2024,Malicious email campaign; evening,New Shipment - Order 103; lzh -> xloader,Attachment,2 | |
| 8/27/2024,Malicious email campaign; morning,request for quotation : rfq1310; rar -> xloader,Attachment,8 | |
| 8/27/2024,Malicious email campaign; evening,RE: Urgent Request for Proforma Invoice (Reminder.); rar -> guloader,Attachment,5 | |
| 8/27/2024,Malicious email campaign; evening,DHL SHIPMENT NOTIFICATION; lzh -> xloader,Attachment,3 | |
| 8/27/2024,Malicious email campaign; evening,Re:Fwd: Re: Purchase Order; lzh -> xloader,Attachment,4 | |
| 8/28/2024,Malicious email campaign; evening,New PO - 230102; z -> xloader,Attachment,4 | |
| 8/28/2024,Malicious email campaign; evening,ENQUIRY REF NO: 2024003; zip -> viplogger,Attachment,2 | |
| 8/29/2024,Malicious email campaign; evening,DEBIT NOTE July 2024 // PART 2; rar -> xloader,Attachment,4 | |
| 8/29/2024,Malicious email campaign; evening,PO-2024-00069; rar -> viplogger,Attachment,3 | |
| guloader-originlogger, 82ee5c8372f9bc8ac9cfac2833c19d238fa8a60fa32e6d27d9fc781d2e64dc25, nffplp.com | |
| guloader-snakekeylogger, cae5d52bb56e392baab2b81722461e13bcf266f7c3d1520ee3cfa911e6d2890e, https://api.telegram.org/bot7453999531 | |
| lummastealer, 3d41b5711c676681001ba6e507142336b926c88aba41232514c0da8befe67bb1, https://mennyudosirso.shop/api | |
| originlogger, 08a3597e4284ae295e34dbac9193cc53d8a1aa9106e9eda71d0f4724af42ecc3, mail.unitechautomations.com | |
| originlogger, 0d045677fbab19a80b17225c90ecca8fb973f67db71e7f86df8af5c25e0ac7a6, mail.mahesh-ent.com | |
| originlogger, 15aab7af44a87536d4b928f5cc2b4888107adf5302374bd6ebf912620251d502, cp8nl.hyperhost.ua | |
| originlogger, 31ed160a5d6da518efe41113124db5c203316a965ccce18cca9e0ead7bac96f6, mail.mahesh-ent.com | |
| originlogger, 3f084903c5b689b3d88e36e524bd3fcbda689a2b6d2446b8b10fbd97b145db7a, phoenixblowers.com | |
| originlogger, 468fdf7f7ac681b8ad34959240f8a8dfebaaddcbd2a0915a762ee086f23fd4eb, ftp://cash4cars.nz | |
| originlogger, 567d0908ac95f5cffcc257768220ed029f66dec64ebe65cdd1dbf01d33e9f3e0, cp8nl.hyperhost.ua | |
| originlogger, 5dd25e32ca50fdacf6b304cfebd5d222141b9a13d9120c3a61342ff4588c85f0, mail.mahesh-ent.com | |
| originlogger, 621a363a147f420089dabc6f28709f6882f0c4bf1247aba30f8a8e88f75225d1, mail.azmaplast.com | |
| originlogger, 6659e8c041d7b2bf5ca0756ea730d0f8cfb7a81da170c1e4c4210df200b0dee2, phoenixblowers.com | |
| originlogger, 6d4a4773e58d272f90abdde88661ce929741814276e20ea43384114f6e6cbbe9, mail.showpiece.trillennium.biz | |
| originlogger, 7a43feca0b94dac643e10cc217a4dd5d519399791611fb9629aa186ba277ab00, phoenixblowers.com | |
| originlogger, 7bc7edf2f2fafaa8457fb596cbbcdedafd23544d75e739e777b73790965df6bb, mail.azmaplast.com | |
| originlogger, 7ff50e2ac12ad29d4b4d13feb4464a768a11b2081167ee6010062ec98c106b28, phoenixblowers.com | |
| originlogger, 87044fd80bd4cb7069021fa48e337e1ffc5d6f192932645045536ffccab8c4db, mail.mahesh-ent.com | |
| originlogger, 8cc7f9ea751b48b63f76db2a3cff30f22a341aaff8ec2d44d1d4d5ce41b0a21a, mail.wassadadvogados.com.br | |
| originlogger, 96d2a9befbbed1913469d5e03f50cbbd700311f7cb8d87dc28d325be258cf35b, mail.mahesh-ent.com | |
| originlogger, a76d6e19ac59db6afea91b625c29f06f25316ccb74e1b7bdd59c68cb0aefac34, mail.azmaplast.com | |
| originlogger, c8bc2a9c8544716a04976357e3e6f338ae0c788bb0986912f07524ba36b6b3ee, mail.azmaplast.com | |
| originlogger, cd0ad4d29a0d644a39002797c2942a4ea94cdbffbf0e8eeff45649b2875a53fd, ftp://ftp.fosna.net | |
| originlogger, d54abd6ac9348ed05c33f77ae723cb262bd89fcce7d4d449f16b31ed01f401f4, mail.thelamalab.com | |
| originlogger, d640346d2d3a0a345d2186701a0a619eba72c1f7dee74f5ae7833ee4b66776d8, ftp://ftp.fosna.net | |
| originlogger, e4d1908e539f5c7bcc6960d7616c88db9a0382e76186f28026e4f659b1ae058d, mail.mahesh-ent.com | |
| originlogger, f1f0bec966133d4ded3564bb3202346d671bd38b843375e542055b31a7b01acc, mail.controlfire.com.mx | |
| originlogger, f9898f9bbef6d022dd0ce4343009f8d8ec465322ec384723e565a7ff0db259e7, mail.mahesh-ent.com | |
| purelogsstealer, f6dc4037a3d8dd7578e952a0c714814046c92cbcad459f3efc93db909c32a489, 88.214.59.166:7702 | |
| remcos, 3b97b5da457f961783873c0c1f09924e4e1b16931811a9118a6185290103b918, 45.95.169.139:2403 | |
| remcos, 643392c6e6e08f0b36bebb32b6c14a32185db723dabbb36b910dd65025522b3a, 178.23.190.118:52499 | |
| remcos, ffcfe6a6032cdcef4790afe356d82939369b5e49ba72719b3e592a4de7fd9890, whitelend-ind.com:30901 | |
| snakekeylogger, 13f0a05e86fdf85e8891b494574421ff3da0be5e7a71e48f7e32f6c9f35eb2f7, us2.smtp.mailhostbox.com | |
| snakekeylogger, 21531c1129b59b72fb5edb736ae88b8037b8f3ff09aa5632e3191b607efb6e03, us2.smtp.mailhostbox.com | |
| snakekeylogger, 328a09676b78f9b7b5686511b491f3d16dd6e58783a051e45fa49377eb8b8e81, https://api.telegram.org/bot7356382775 | |
| snakekeylogger, 3a9871ede5f830a6a8f55061045d4f4697632abec7cb138cd94c6bf831066f69, https://api.telegram.org/bot7303457820 | |
| snakekeylogger, 4152197ecd541c3b62d3ada6ff29bf7bb90edf2e57f96f27980f802513420897, https://api.telegram.org/ | |
| snakekeylogger, 5d691afca26ebbdcf9bc73673667580f07a47cd63b5061831ad1a8fb5eccd1d0, https://api.telegram.org/bot7356382775 | |
| snakekeylogger, 60aa6a070f260883351f22982529cf5ae022d11621b6fdb0655eb7cc0b8fe917, https://api.telegram.org/bot7303457820 | |
| snakekeylogger, 7d50338fe1feeb6944bfd552e44f266d764dafc089b853a6ee24f67ef322c124, us2.smtp.mailhostbox.com | |
| snakekeylogger, 8e10e309a71f3819d28b56e936d4ee3d3f8302de39ebebb0cec97166e941b8a7, difeba.com | |
| snakekeylogger, 921ec74f64c67534a59a595ab238dd0274100bb5f66ba0597984fe289b120886, us2.smtp.mailhostbox.com | |
| snakekeylogger, b8d723a1c3a3fd42eebbf246571cf7704bc34001cf1a7599b0e2838957537140, mail.ghostfilesuccess.com.ng | |
| snakekeylogger, d9863b7b710599bc2b308a0b78970da8c42ee5bc6d3dcda05c2de52a88125726, us2.smtp.mailhostbox.com | |
| snakekeylogger, e5797ef4bea22b1d24a9147c48726e9960ffa1b5866e04c11de117531483fe9d, us2.smtp.mailhostbox.com | |
| snakekeylogger, e71b1065a4b1b0fc1174cecf0963797fd2cb8a0dc4d0b5e7166ecc8722071bee, us2.smtp.mailhostbox.com | |
| snakekeylogger, ec828ec2fbfe987cf12c1556a14e1eb0e1d84e66d5392011d95860ce2783789d, bisttro.shop | |
| snakekeylogger, fa3abba5968db877ff3aa4341799f3ae6b88f874373e973ec7d4ed04446ef78a, https://api.telegram.org/bot2135869667 | |
| viplogger, 08b172741a85d073da0d29b5291a588030a4d145a7db4458e3647fc5dd591acd, us2.smtp.mailhostbox.com | |
| viplogger, 7f8b4ff72b5a59f4c7bc7ce3d38bb959fe5773e98a9996b92bdc901e56a49ce3, mail.bellstone.in | |
| xloader, 156f46b40abc916927a1b178418b0dc9d96ae445ddd88a3ddda75d6329d6363c, www.u9games.xyz/5p8u | |
| xloader, 1587c4fd9dae065e7798d27b9b5a482a92b53386cea1a362ac903bfe0d0b68dd, www.u9games.xyz/5p8u | |
| xloader, 24442a381dd7b787104241b7e26d1377053a607ea042fe1a3dedbe608f25c4b6, www.teandone.buzz/byzj | |
| xloader, 339faca706c98cf8713cd3b56122442461c3810ab69988b1ef1ecd2275e33b41, www.jiyitf.top/rua4 | |
| xloader, 4ca5781d934fdeadbc12e6be77fc48ff210818354bb4d10dc2978115c3a56b48, www.bahrainproperty.net/cqz9 | |
| xloader, 5d11fdb4cd576bd6d6785cc8fb787a36777347d69861c465797fb8b9875577f2, www.psychicseraphina.info/8ez3 | |
| xloader, 6139902e3873552385dfc103fe1db9ba336bbce8d3db180cbfb588352c055776, www.izen.group/kg2d | |
| xloader, 6664b2f256e822c8576d023fb1e11714d47b00c26ead3e1e7049d71367bf48d8, www.jiyitf.top/rua4 | |
| xloader, 8485bf03cc8dcae3bbd2a1a7abfb54a91a6590e8f4da85c834c58c9debd4c07c, ursociotheory.xyz/bi05 | |
| xloader, 8ac8568934d1a0ab9a9923449bf11c0d44d97abca0bcabd60b94348642f046ac, boinga.xyz/oi12 | |
| xloader, 8bb2d8c3017d5c13c41ae3a6793a1eec65b313bef854ec4130d2e33ee43502f8, www.rajveena.online/wptv | |
| xloader, 9a3e01c0866b7052796e2baf554cf507efcd0f773a68ab5dfa78be73e5f25f69, www.ordient.net/kd3b | |
| xloader, 9b5230cce5bbf44aa307fc0be0a6f17cb2c3a4c60368abbe1a1fb420c29f131c, www.kej-sii.cloud | |
| xloader, a5edb017a2c0bf9834ff392e81d47ed90dade6e41c0549a8b3e9522e76d2c8c2, www.u9games.xyz/5p8u/ | |
| xloader, adb39641974266e1efaceacdf7ef0eb7508dfaea9e385cd3725d80e7543ee694, www.jobworklanka.online/c85h | |
| xloader, bac08253e102c87b2ccdf9f495fd934418ab784ec88951fbf30ee47475f266e4, www.gloryastore.site/6oc5/ | |
| xloader, cc73d75eff5c3d7a4a1e40777695f259593403492dda902ab4486c8dd9c8398f, www.u9games.xyz/5p8u | |
| xloader, d289da91e981e0e9e025cfa0d3dd4eaac6e0c1bf19724f90808e8e3521b1dbe4, www.gloryastore.site/6oc5 | |
| xloader, db87b7e683d92aa8d013663c6bc6ba116023af2cb7f9ec6c2ad88694235f2b12, www.hotelswithpools.org/w88n | |
| xloader, e32676eddc6b5971701a8fb044715f8becc13e0285d23dea5f5f005c4ccac2a4, www.mondoor.life/q6ss | |
| xloader, e801fc69d4d730346c6ec81d9c9ab0bfc8471a345faf8cce76737115dccd87dc, lytracker.xyz/bi05 | |
| xloader, fbe048c713eda8c6d74504c440ecba4507760aed537fbba6171a4566b6452455, www.care-for-baby-1107.xyz/ixvk/ | |
| xloader, fe985b1cc581849d8bf8a73c1e09c2ff6ef636ba836deff5d045723456333f0e, www.teandone.buzz/byzj | |
| xworm, 49d0a1bc300d325c3fa9bbfa24300b83ac6b9557980a4e1229fc96abdccdafbb, wiz.bounceme.net:6000 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment