Created
October 2, 2024 17:14
-
-
Save silence-is-best/2efe46038a58d20e173fb5ca0a3f7f43 to your computer and use it in GitHub Desktop.
September Malspam Campaign
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 9/2/2023,<email address> You have an incoming invoice; rar -> formbook,Attachment,3 | |
| 9/2/2024,QUOTE - REQUIRED ITEMS_4001244; rar -> viplogger,Attachment,2 | |
| 9/2/2024,Business /lease agreements.; 7z -> vbe -> snakekeylogger,Attachment,2 | |
| 9/2/2024,JUSTIFICANTE -Carta de pago; rar -> viplogger,Attachment,3 | |
| 9/2/2024,Quote #011698; lzh -> xloader,Attachment,3 | |
| 9/3/2024,New Order PO#86637 03_09_2024; lzh -> xloader,Attachment,3 | |
| 9/3/2024,Re: Urgent; 7z -> vbe -> snakekeylogger,Attachment,3 | |
| 9/4/2024,New Shipment - Order 103; lzh -> xloader,Attachment,3 | |
| 9/5/2024,New Order PO 011824; lzh -> xloader,Attachment,3 | |
| 9/8/2024,Re:Formal Salary Revision; rar -> snakekeylogger,Attachment,3 | |
| 9/9/2024,Bill of Lading & Invoices; 7z -> bat -> guloader -> remcos,Attachment,4 | |
| 9/9/2024,RE: AW: WG: AW: PO 09110124 EXPRESS SYSTEM-SESB24066; lzh -> xloader,Attachment,2 | |
| 9/9/2024,Request for Quotation; txz -> remcos,Attachment,4 | |
| 9/9/2024,Thank you for your online payment.; link -> bat -> xworm,Link,12 | |
| 9/11/2024,Request for Quotation; rar -> xloader,Attachment,2 | |
| 9/11/2024,Shipment Document No - 100184429; rar -> snakekeylogger,Attachment,6 | |
| 9/11/2024,AW: Addition to Order 2024/Request for PI; iso -> xloader continued to 9/16,Attachment,4 | |
| 9/11/2024,shipment doc; rar -> xloader,Attachment,2 | |
| 9/17/2024,RFQ#z0055-09062024 SJGYNIQKMJl ; img -> xloader,Attachment,22 | |
| 9/18/2024,Re: R: R: R: R: R: new orders; iso -> xloader,Attachment,2 | |
| 9/19/2024,Request for quotation; gz -> xloader,Attachment,2 | |
| 9/19/2024,RE: Request for Proforma Invoice; lzh -> xloader continued to 9/20,Attachment,4 | |
| 9/20/2024,RE: AIR SHIPMENT// SGN-FRA///|Signed Contract for order #23312|PAYMENT FOR AUGUST SOA; zip -> xloader,Attachment,3 | |
| 9/22/2024,QUOTATION; gz -> remcos,Attachment,3 | |
| 9/22/2024,PO For Bulk Order; zip -> xloader,Attachment,3 | |
| 9/23/2024,Re: Purchase Order; gz -> remcos,Attachment,4 | |
| 9/24/2024,NEW ORDER; 7z -> xloader,Attachment,2 | |
| 9/24/2024,Request For Wire Details; 7z -> snakekeylogger,Attachment,4 | |
| 9/24/2024,RE: FW: URGENT Purchase Order Oct-2024; lzh -> xloader,Attachment,2 | |
| 9/24/2024,Ref_0120_03_0015 PNEUMATIC ACTUATORS SERIES 929; 7z -> vbe -> snakekeylogger,Attachment,2 | |
| 9/30/2024,RE: UNI SOURCCE TREEND INDIA - SMILEY WORLD TRIMS 30.09.2024 UNI SOURCCE TREEND INDIA; zip -> xloader,Attachment,6 | |
| 9/30/2024,Invitation To Bid (202411/000100/418); gz -> originlogger,Attachment,2 | |
| originlogger, 103df9c2f3a2592830ff9d610176280942829477f2b89a36d9695248f0f4f843, ftp://cash4cars.nz | |
| originlogger, 245ee760d71dc45da0f6df037798b8b5beaa01850483a35cc340a916cce946af, ftp://ftp.fosna.net | |
| originlogger, 2e9d474f90a5c43d767c73004a0461ab4375e969fa4f1c30aa6fc3262042f91c, ftp://inhanoi.net.vn | |
| originlogger, 317d4b1683e217b6af80de147bbeb8581255f320dd11ca5c13b0796f837d42aa, mail.mahesh-ent.com | |
| originlogger, 4753f11e296430bb40e328ad38fe44ecf72aafcdf12cfed22bf16d3f8a0ade34, ftp://inhanoi.net.vn | |
| originlogger, 5fc47ca65df767fcb09cc074dff3d5d02ab6c61ffff00b409ea2fa4107e080ce, techniqueqatar.com | |
| originlogger, 67a8b2077a1aa43d393b1f843e556fd030c13dbe7a0e041d41c86fe233bddb38, mail.mahesh-ent.com | |
| originlogger, 88d3cc80c59d933c2e6305771e60a4ed5171b0b63431aee31bba315e43625669, mail.chemsareus.com | |
| originlogger, a60bf25d5fe0114b515c2989851b95ca25e1fd474f83b640fac77bba2b80834a, phoenixblowers.com | |
| originlogger, c4152d490edfcc1620c4579bc9e9455b8cb71cb9efecb38140a22385ea95a9ce, ftp://cash4cars.nz | |
| originlogger, c41893463c861e8d6274f2d5f5335ba4d23dfe4c6d6d65d8bc08eec140b4890d, us2.smtp.mailhostbox.com | |
| originlogger, d94771673d1423312105db073fd108e8659ea22c7fabcf413ca9a1c1ab5c216b, mail.naveentour.com | |
| originlogger, da049cf547f66a701590bd333a9d61d0f7c448e3b798018f3d50497cc94445c7, phoenixblowers.com | |
| originlogger, db7308540dbe1895e72ec124ae574fca2b219afbf13924d1e52b06c1b535b9d6, ftp://cash4cars.nz | |
| originlogger, fd9725ecc7ed625c2174660e7f51f647fff9474f4c21c8ed84e0608bbcc5a409, mail.mahesh-ent.com | |
| purelogs, 1003f84d9b7d55fed67cfc07dfab36c949db35a2db71f44805d5c9d913004585, 154.216.20.37:5888 | |
| purelogs, 9de43c4f64870d45e1c753095d0edf49ed4ef763bd86f27f8688789f5e513cfb, 154.216.20.37:5888 | |
| redline, 55dd90013201853f29bb56e9e832f1a6483da1d154e500b7d08c86335e7f037b, 198.12.90.244:49780 | |
| redline, 7bfbcf807fd0a90ba6ab963cfae6a7921dbbc7482995d80fb316423ab3d67013, 212.162.149.159:37004 | |
| redline, 91d247506a8b08669201d3309ab9d9977cd711452ccde0c20647c2ec77a42855, 198.12.90.244:49780 | |
| redline, c2c6b39213e84adde43e4a8a5ee1c8fa89035812e1f2d373545bc63b479b2534, 198.12.90.244:49780 | |
| remcos, 1c022ec2400c0c5197aa32cef3182a09a13213dedfe1db71fc18c6d399571ed9, spacesave.duckdns.org:14645 | |
| remcos, 699ab96ab77fb83fb6468bfc51531a91899fe94048e526ae232fb6fe9ac52290, 192.3.64.152:2559 | |
| remcos, 8f2c4543e4bc9194d1c1a9bc946a75d49162b0eee2715df4ba626980892107b5, nnamoo.duckdns.org:59321 | |
| remcos, cd76524a5a1a193336ce0a72efa54af99367743c2d380d0416a1d09a516fad8b, nnamoo.duckdns.org:59321 | |
| snakekeylgoger, 9392f0f0a6118130802e67cee0597d20dd9891b426ccf34893e8ff6f5d2bbf5f, bisttro.shop | |
| snakekeylogger, 2708fc0dd1f37e545533dbe8565658ff819ded88f33b3856cebb0b3a531965ad, https://api.telegram.org/bot6523340491 | |
| snakekeylogger, 365b8dab76c07e3c7ea3cd4a9d683265db5210b6b9a30e9dc520f358b829d30d, jertcot.shop | |
| snakekeylogger, 505741d52f89c89dc156768a0714a0e500d1ecae923de1eff6cea7b393cace78, api.telegram.org/bot4579221711 | |
| snakekeylogger, 643ce59d197d6910d9bb5f5f24ffb95e57fa3c9ad93a8548a5ffa1cb4917df4d, alphagasea.com | |
| snakekeylogger, bf8ed8b44d90746ce366918ac669a952de5e84864520565ea2644648f3fe8a88, bisttro.shop | |
| snakekeylogger, d4b8fbd59d002c8c6f147ace0ec43bed581b761b231ebc843b019827df2cc909, ftp.lifechangerscare.com | |
| snakekeylogger, eb7b6182f2f6ccd5b150c810e5eaf94b7e22a638e6968e566d96f8f5f1ed85b1, pakcentar.ba | |
| vipkeylogger, 0003cf72e0eda9f0e4b36d4fdb7017c9d56260f37b8f0e114a9cadb0a57b9ce4, us2.smtp.mailhostbox.com | |
| vipkeylogger, 4ffad08e9b831394159944b7c719bd9a80efcde000ebfa788de1a23f64007b91, us2.smtp.mailhostbox.com | |
| vipkeylogger, 68917e12e63c559b219ea1d2a032a684d28eb43feaf12ea6a2210cac1e774116, mail.sogicarafa.com | |
| vipkeylogger, 8d2f607c12b2b959f829346e3aada4c28bee98c7ddcc0719b6d18883df69c415, https://api.telegram.org/bot6647096303 | |
| vipkeylogger, c803bffcf528efc9a204a34a6a9285128f9dce25d165020fc37198d16ee50c11, mail.jhxkgroup.online | |
| vipkeylogger, e40aa2ac74b12d2b000617839127a60a5faa81d7cae5087b738ba2b45c040537, https://api.telegram.org/bot7985888771 | |
| vipkeylogger, 9db5bbb69dd91dbd2c917316fd724814ee5c5207540d66c8e1e2de1cf1a5dbfc, https://api.telegram.org/bot6514469045 | |
| vipkeylogger, e17d0c2ad100bd30c86f2e8f5416b7f669a0267ae51f004c7c8879cf6b85908a, mail.bellstone.in | |
| xloader, 1a52416bc054c0f2a46f2fd215d73d3285334fcdacf02ed449935bd93fb70863, ftersaleb.top/c89p | |
| xloader, 1dab7f07bfa344e601226bc0657decbabd3b421fd207e031ae99ccfbc5637414, ftersaleb.top/c89p | |
| xloader, 1e9749562a2a6f8c1369071ba34ed60bb57d42fb3493f841015694dcea7ccaf4, www.syvra.xyz/h2bb | |
| xloader, 220527f91eba446d157c6ef8b0d29b0a47907f6e74e5a4a307efe667be6b084b, ellinksa.shop/e62s | |
| xloader, 3333f033f3cc296e233ad4b64e5116994e5fe2595956999052daba5f70fb58a6, www.mardin.xyz/wlme/ | |
| xloader, 36421bdf90ea83d4e677a54710f4d35e2bc15a1222c4abb17e78996029f53c97, ftersaleb.top/c89p | |
| xloader, 42758436a8d96f2920b1488154897758fd30cb1240e86715642c4ac7954bdf92, www.route4.org/65ev | |
| xloader, 444c7700cea589c8eadd8a51a9253cc1889900faf0eef882fb31bff858e34350, ellinksa.shop/e62s | |
| xloader, 46ebc69cda5d6bc3414f2cd289c8a703d42ca315aaf1374ffe142d53f9ea0405, ellinksa.shop/e62s | |
| xloader, 4a29c020657514662d82cf92cf660922d45184e961473f08326817611afbbb94, edplanethomes.homes/g29o | |
| xloader, 4fe0627df409d563c49daaace6f559559c940ccf1d19e73dc3480a33f86ed9a3, ollow-the-bit.online/bi05 | |
| xloader, 6cc54bd57057a1fc07c2726c351a42f47caef4ae05a2693fbf6b9f693c6761c6, www.academy-training.xyz/1ki5 | |
| xloader, 70038b71f248dc262f64149d12a08c94e07a73e7bd72502b541a4dfb155446e0, www.eworld.org/ire3 | |
| xloader, 76fe69849ddbda008d54ff757bf77599f77c33245dd8f28d3b1c53e3940980f4, www.route4.org/65ev | |
| xloader, 85e703636c2e5c837b37714c02a838dca4f2ac440d45c0bedfbf56b8e01c4820, www.productanalytics.pro/dgxo | |
| xloader, 86f8d817d26e2a9566ac4500033855f9b17e50ad4276b9d488acbc53894edd91, ftersaleb.top/c89p | |
| xloader, 874c6faee7e17445012c0f573c29dde997a71cc86e15fc3152a22365cf83bdf1, enjamin-paaac.buzz/b31a | |
| xloader, 8d83a9a3bbd6e63e37b6d66c4febdbcf17a48fe77fabdd52c5bfa01a661a33da, ftersaleb.top/c89p | |
| xloader, 94c55903ef74aca098146433a27fd5c90f3cf3f92c661591f33eb422b77f6b73, www.serverplay.live/bm51 | |
| xloader, 9edae2a8ff98921959db5b0838fbb3aecf892f701061ad93c489d78ca1ef71ba, www.elsupertodo.net/7xi5 | |
| xloader, a6e7bc88ba8f280ff9de60e1454d5c086bb352dc6d151ea2a23b48b077e756f8, www.route4.org/65ev | |
| xloader, af4f28ed9e5d8205220c60f42668e6576233f54885c63fcaf43c2315328f45f1, enjamin-paaac.buzz/b31a | |
| xloader, b120727ce78f5de370b91e1f0016740d3e9d57a105b54c4e265e94db40c045ef, www.coffee-and-blends.info/v35v | |
| xloader, b481fd78d0f715aaf7d7446c33e2bdf500e52e1c0d58ce5f81efae25ff9a8fd2, ealthbridgeccs.online/c24t | |
| xloader, cad71f61562fdc34dafc567081d21ff6044322ff75b67c3b5172fba7f4ee1e5d, www.technectar.top/ghvt | |
| xloader, dd81acfcf7274df705c2e1a99e0484f710b7349a36c9156230fe505153fd2039, www.freepicture.online/xcfw | |
| xloader, ecde745484cbfc4aa7ff0de292907acd4bab3b772641f09815030a2d0887073f, www.freepicture.online/xcfw | |
| xloader, ede8ae39d91066365f959fc9c98f0b47add88604ce95829a9618a15274faef3f, ftersaleb.top/c89p | |
| xloader, f2a1f35386c3cb3ef8b58888980c57747019a6474739778e76989cdfc9ad0816, www.93187.xyz/jd6t | |
| xloader, fd98700a7e9ace0a863b0392d688b7ad07f47bb5c40685916f3ac4bb34e51448, www.smilechat.shop/ih4n | |
| xworm, 657b68666c2b79d65d51a403dd7fa0e35b1109156290efd69a681777eb6e4107, various-wages.gl.at.ply.gg:55202 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment