Created
August 1, 2024 14:29
-
-
Save silence-is-best/36613184c0cd98db1aa6fd78f79f98a1 to your computer and use it in GitHub Desktop.
July Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Category,Sub Category,Email Payload Type,Users Targeted | |
| 7/1/2024,Malicious email campaign; morning,Top Urgent Order; 7z -> vbs -> guloader,Email,Malware,Attachment,4 | |
| 7/1/2024,Malicious email campaign; morning,Re: Solicita��o de Pagamento - Fatura Proforma 924318184; 7z -> formbook,Email,Malware,Attachment,2 | |
| 7/1/2024,Malicious email campaign; evening,Urgent files; 7z -> vbs -> guloader continued to 7/2,Email,Malware,Attachment,3 | |
| 7/2/2024,Malicious email campaign; morning,INQUIRY 2024-SP0006-B(01) INQ24-012207; rar -> xloader continued to 7/8,Email,Malware,Attachment,16 | |
| 7/2/2024,Malicious email campaign; morning,Re: Revised Proforma; tar -> vbs -> guloader,Email,Malware,Attachment,3 | |
| 7/4/2024,Malicious email campaign; morning,Attachment name is revised pi_2024.lzh; lzh -> originlogger continued to 7/12,Email,Malware,Attachment,8 | |
| 7/8/2024,Malicious email campaign; evening,Re: Your Proforma Pending Payments; 7z -> vbs -> guloader,Email,Malware,Attachment,2 | |
| 7/9/2024,Malicious email campaign; morning,Delivery Notice:Inv#WH-2E0865; iso -> snakekeylogger,Email,Malware,Attachment,22 | |
| 7/9/2024,Malicious email campaign; morning,Samples Attached; zip -> snakekeylogger,Email,Malware,Attachment,3 | |
| 7/10/2024,Malicious email campaign; evening,"RE: Swift Copies �162,024.40; rar -> xloader",Email,Malware,Attachment,3 | |
| 7/15/2024,Malicious email campaign; morning,RE INV-JULY/2024_FUJ03288440; gz -> remcos,Email,Malware,Attachment,6 | |
| 7/15/2024,Malicious email campaign; morning,(#Inv_P_8218045) has a wrong invoice; lzh ->guloader,Email,Malware,Attachment,7 | |
| 7/16/2024,Malicious email campaign; evening,RE: QUOTATION REQUEST; 7z -> snakekeylogger,Email,Malware,Attachment,3 | |
| 7/16/2024,Malicious email campaign; evening,NEW ORDER #573088817: 22 pcs For a Trial; rar -> guloader,Email,Malware,Attachment,4 | |
| 7/17/2024,Malicious email campaign; morning,??: Re: PO# DBNote - CRNote _ DRAFT MBL / HBL KGNSA2212999 // ETD /SHIPPING DOCS; r00 -> xloader,Email,Malware,Attachment,2 | |
| 7/17/2024,Malicious email campaign; evening,PR-241000993 - ( DRAWING ATTACHED ); iso -> guloader,Email,Malware,Attachment,2 | |
| 7/17/2024,Malicious email campaign; evening,New PO-2024151; gz -> xloader,Email,Malware,Attachment,6 | |
| 7/17/2024,Malicious email campaign; evening,new PO-24721; lzh -> guloader -> snakekeylogger,Email,Malware,Attachment,4 | |
| 7/22/2024,Malicious email campaign; morning,DHL Shipment Notification : 7021929821; lzh -> guloader -> xloader continued to 7/23,Email,Malware,Attachment,4 | |
| 7/22/2024,Malicious email campaign; morning,QUOTATION REQUEST; rar -> loader -> remcos,Email,Malware,Attachment,3 | |
| 7/23/2024,Malicious email campaign; evening,Deye Union - PO # 23081377; rar -> snakekeylogger,Email,Malware,Attachment,4 | |
| 7/24/2024,Malicious email campaign; evening,PO#O_0140724; r00|r15 -> xloader,Email,Malware,Attachment,3 | |
| 7/25/2024,Malicious email campaign; morning,DHL Shipment Notification : 41603793540; cab -> remcos,Email,Malware,Attachment,4 | |
| 7/28/2024,Malicious email campaign; evening,New Order; rar -> xloader,Email,Malware,Attachment,7 | |
| 7/29/2024,Malicious email campaign; evening,RE: Please confirm; zip -> xloader continued to 7/31,Email,Malware,Attachment,8 | |
| 7/29/2024,Malicious email campaign; evening,Daily PO Checking list 20240725; zip -> xloader,Email,Malware,Attachment,4 | |
| 7/30/2024,Malicious email campaign; morning,Payment Advise CIMB BANK Transaction Notification : Success; 7z ->,Email,Malware,Attachment,3 | |
| 7/30/2024,Malicious email campaign; morning,FLF7992/22 // Shipment; zip -> snakekeylogger,Email,Malware,Attachment,2 | |
| 7/31/2024,Malicious email campaign; morning,Request for Quotation (01 Aug-14 Aug,2024); z -> snakekeylogger",Email,Malware,Attachment,4 | |
| asyncrat, 5dc26c504cc3b9c5bf1150e0b6a577ee75ca878f24a47269f72c933697049635, 144.91.79.54 | |
| formbook, 80b9b09d79c390fb55a56fcd01f0189e85e8cd8272befb7f35ba2a19ff9ae30b, http://www.wb515.com/cyri/ | |
| guloader-remcos, bcdac7905393303943a3615a6ba4fd14825579c9d18edad04dd02ff0ea9f8f93, 178.23.190.118:52499 | |
| guloader-remcos, f988bb851d04575c9e9280d6f0aba489073d990963f3bd0594cb87e7f97ca210, 45.95.169.135 | |
| guloader-snakekeylogger, 09b1a225ed5534d42692f1434cef1621f313cef942026754c6833d09c807ee8d, https://api.telegram.org/7294256876 | |
| guloader-snakekeylogger, facfc2e03ba3c860fc934e6d883a37f2cefeeac970b6ffb3aabba6f1b3cc7b9f, https://api.telegram.org/bot6422013421 | |
| guloader-xloader, fc05fdf749e25a693cb4383da91dd2d726b2da3d2b3833c1b203659b000c5f77, http://www.fnx-group.net/m1n9/ | |
| originlogger, 32466f826a01ddab2a6b6b02e74101cb0905db8ab9579c4412b69c517bb762c4, cp5ua.hyperhost.ua | |
| originlogger, ba84ff47581d052e6fefe8f380126d6f770b6307b7d512388907225b576749d2, mail.mahesh-ent.com | |
| originlogger, 044bd666c83a8a9550b7396dddc1a31947fed990842c57c112f7abb4e19ecf33, mail.chachitos.com.mx | |
| originlogger, 1fbcae8d4a90832715ff4fff39141aee8afcb2c8a09d7fce0cb2c882c79b4b27, mail.showpiece.trillennium.biz | |
| originlogger, 3d6439c7ba37b19bf8f477a7fa9fce39ebf5677f2e54b6df79ebee4668312ce0, investms.vadavo.cloud | |
| originlogger, 4d1527ce09d716a68f0a548a3fab80d2223028460e036f43b579f211b91b0ff3, mail.showpiece.trillennium.biz | |
| originlogger, 584b6e279cccf8b9faedfbc68242f158f19f881643fc79614f3cd96d4c50cf89, phoenixblowers.com | |
| originlogger, 636943f682f71370760679bd6afb382f5e0aacf31995624007c6541eddd62f53, smtp.brianberrills-ie.com | |
| originlogger, 6f1ed81b6af31a6e858609bbbdf8cc857b0f203c20ac60a695128f42589f73b8, cp8nl.hyperhost.ua | |
| originlogger, a9c8d11356ed9ebe1af6bf385fa99fc7562aeab068499e3920844f551b8d4508, mail.accgirl.com | |
| originlogger, b5bf98deb2ad67ebbb31ba454d2add74f668f9975c766e8f10591da1021a730c, proglass.com.sg | |
| originlogger, ce47ccc820d244b5a55bfced33779fc1262758c2b8212c0f63b614cc85381973, mail.commtechtrading.com | |
| originlogger, e95df2cc1ac0d157ac28cec5b9ec404298d65bff11c6da736072a394dd541f79, mail.showpiece.trillennium.biz | |
| originlogger, fdf11dc1585e1062c299ee652e789da5091b836f2fc999c99f0e6833e9d0db6b, nffplp.com | |
| originlogger, feb7b9b695fa6e3d5c9d19b4309aaadada0b15529364e17781e91553dc7e3406, mail.mahesh-ent.com | |
| redline, 213681de7f4ab18c2338f5aa57c7aae1d2082f369fa557167b11e5b5ec2b69db, 178.23.190.118:1912 | |
| remcos, 18f679a41695816dc45091ee43ebb682ffc901a09211548cada55ea87f79bc84, 91.223.3.151:4508 | |
| remcos, 31fdf75cd3cf71f770eb158141183b08ed0845b27ecd2e90ce20eb3c4e4642c0, 178.23.190.118:52499 | |
| remcos, 47ae5e8821f923b9b7f2ae71662b47ddad143af408d04ab3c75469a51d440c50, taysour6lakut1.duckdns.org:1960 | |
| remcos, 5a06da89d65a9ee2823551d73c4fe1fd59c0eb8109089d3c6d9c355dd2d64127, rnnfibiteammony.duckdns.org:4233 | |
| remcos, afe8d155653226189e7ea885670ee4be38bc8d672519765ab64b4c5c43435eee, latestgrace2024.duckdns.org:56765 | |
| remcos, d07cfaeced4e8bba1c9fdc8006dc80105cf654759c4d74d4d2d2964a0f6e9230, 178.23.190.118:52499 | |
| remcos, e1cc60c0b6a0586a186cc1928b826e69809bb05afe585c2d7e2cb429b7d00c4a, 178.23.190.118:52499 | |
| snakekeylogger, 026722d98d68645cbffa896e2c7d0d59a90d079688834422f5c97f379d4ab720, https://api.telegram.org/bot7434591587 | |
| snakekeylogger, 04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12, https://api.telegram.org/bot7211864747 | |
| snakekeylogger, 0ad95ed2b0723a76d01c630ec2ae19c21170d962f89d1a930de7c1b32f021a6a, https://api.telegram.org/bot7219608947 | |
| snakekeylogger, 121de22078536795f06ad23e6db6d1627f4cab617a6264b44820839c13e4c2d3, mail.cash4cars.nz | |
| snakekeylogger, 267a95b7715bba494b96ff9d7bf29dfd8ee2c73c5312964b5039962826ce6fc7, https://api.telegram.org/bot7467340824 | |
| snakekeylogger, 2d9583611ee795427ef4e72124fb2d2d8b0a1c90a18de74de9621b7c9b6ecbe4, https://api.telegram.org/bot7403026399 | |
| snakekeylogger, 31c28bce87bf83996ccbd1e7bea5de7a75b5f840df1e108f6792d5b17185da66, mail.lenteraandalan.com | |
| snakekeylogger, 3629d34fdcf6679f6baa6bbb4f95c3f4c193022b9188218606b6832fc1f861e2, mail.instalacionesverticales.com | |
| snakekeylogger, 432ed4f549a0d6e1e674e3542ede6f59027c26586f9497192312bb778bc1f889, https://api.telegram.org/bot7356382775 | |
| snakekeylogger, 552ec910ab15e94277c6211423d6a3f92fd96bcd8d84695c6adf3a36e9d366ba, mail.cash4cars.nz | |
| snakekeylogger, 59845a7473f44415217508e3393bd0a17ae561913fb44577e7bac61479e461b6, http://varders.kozow.com:8081 | |
| snakekeylogger, 6388fa8777c9af8707bbf9c908cfa4fd5ef6222a290be88397a5eee66b098d41, valleycountysar.org | |
| snakekeylogger, 75128be2810392ee9cb9f4d4c847332bd943a321179bb3bc13395bf546caa2fe, https://api.telegram.org/bot7273236608 | |
| snakekeylogger, 88e81b3ce5ac8ea73503bda113bf3e8df80928b7521c349e5e4cf46d118ea419, https://api.telegram.org/bot7484269182 | |
| snakekeylogger, 9fe3f6e61bbc383003fb8e46784ee0b4ed92dd0807f3b57510912a186ea8d589, https://api.telegram.org/bot7219608947 | |
| snakekeylogger, a2584975149658da70c801f79fbfdcdd66eddf114b84332d401d2ad6a0ddbf78, https://api.telegram.org/bot6422013421 | |
| snakekeylogger, b92825019cbc1d89521e0c8e0463e5c248a48c03acb4554979e8b12295cb073f, valleycountysar.org | |
| snakekeylogger, bc4f2cd8e722506956f7ddfb942f1d3e8b3e6fa15e6bdcc596717a822cf715d4, http://varders.kozow.com:8081 | |
| snakekeylogger, c124677b62dde195f2df9174342199aa456dc61be86c6e3b1fba48a25ce8d9a5, us2.smtp.mailhostbox.com | |
| snakekeylogger, d742fb7077c4643099b2a969537ec53cd326af9388c063f86db018fc925b1e30, us2.smtp.mailhostbox.com | |
| snakekeylogger, dcb01286ee2c09ec6a16e582d76e4d26a5dbf7b20c81d813fabfd3bf975cbc01, https://api.telegram.org/bot6867349972 | |
| snakekeylogger, e33548bc81a2f69b86174b679d8a8537f0266bb7dfac2bb1f248f7a7275d588e, https://api.telegram.org/bot7351654760 | |
| snakekeylogger, ec0cb53f3f7dd573b6449bed509234445870faabe3134f554f48ac150ae99de2, mail.merrtaxi.com | |
| snakekeylogger, fddb2e3244a031741a1da8a0a5086890cb02ef24bd93b7df8971b42d65b1a03d, mail.merrtaxi.com | |
| xloader, 017c0924b30725568f948c8976ea50802c946cb429cf4d160620354741b754fb, www.toppersbusiness.net/hugu | |
| xloader, 0fa96a236a25fde80f38b81f8901463c7bdba9c9e98bfcd07364e0a8c0963eb8, http://www.mhtnvro.lol/cqkx/ | |
| xloader, 31e1c395cf3662749751a3c26bfb48d8c02c68270f24c8267d38f203318c0f8f, www.washio.world/jvdm | |
| xloader, 34ef233e777b23a565463af851cf6fe96cdbe3783eefe34fc32d7339f70bfe88, www.gloryastore.site/kd3b | |
| xloader, 48bae1515ac732f33a6fbd725dfb29fe55132b1f446f0efa201c1ad10cf0b1f6, www.u9games.xyz/5p8u | |
| xloader, 4c9e2f87c09a1bdc7d993529f0f6b98374ca26c389b48c559c66223deef501f7, www.toppersbusiness.net/hugu | |
| xloader, 5caa5dddcf2a4b84e0280a606151dd4c2bb4729c97ca6fa944ac002180e54c2a, www.toppersbusiness.net/hugu | |
| xloader, 60590527a11cde51827a5534142be786eb4bd7781ffdcdd4515e2b9fd3200194, http://www.tongkhohatgiong.store/m0v4/ | |
| xloader, 623b3eaacef60fbb1157e0b9f56688971f31385374ea3a9584aea342a2638366, www.u9games.xyz/5p8u | |
| xloader, 62914cd85f5bd0026644248087ef8618bdaaf4bafe55854b88292c22556a4955, www.drippyoneth.xyz/e2hv/ | |
| xloader, 6a56cbb193f28d62f0fa7f1ecbd0835e95e1aec40e2c08d9b2f839a0c4d76fab, http://www.goodneighbor.club/rk1u/ | |
| xloader, 741abe81188897ed8f037a7b4d7aaa689884e85a8a00a4b3b12fc1027b96964f, www.6666111p.vip | |
| xloader, 7719d43974124fe2a5053ac36eb223bb6deb6452edfc80afd615a288afcc6317, www.nostramuz.xyz/4106 | |
| xloader, 9c3042d68209e7b4411a2585a31366321c7d4f0466502f32295b8413c9351cf8, www.pqnqxn.xyz/fku9 | |
| xloader, a073edb1dacc3f6cbb7b416c6196f7d56a8d6d195a337952524e1e8ee5921461, reunioncoins.com/hc58 | |
| xloader, a94ee8ea98674e1714740123c2564eeac148992b5a1596972ace096bc8d9aa4a, automatiza.xyz/mu94 | |
| xloader, ac162f990dd540c5b295e5c8dfccc04374519feaa70ed0439292f70761a034cd, http://www.6171nvuhb.rent/hqcp | |
| xloader, b34a29ed998a2f15eef4c4bbd8c1554c75b5782cc8c41dd7e9898f246235b07e, www.tongkhohatgiong.store/m0v4 | |
| xloader, bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd, http://www.stellardaysigning.com/xb5p/ | |
| xloader, c5326bc842fbad18e4007398dc3a3ac6e8bd118b2e67ab315e4a97b3b66609f0, http://www.pqnqxn.xyz/fku9/ | |
| xloader, c817017095f39e4b56e21bf67ee4f1dc9daa062cfd9f6baa2b6e7bd49b06a5eb, http://www.toppersbusiness.net/hugu | |
| xloader, d270c8a2103434ec8902b1d192f8907c2a36389e7657fca3dec2cfd5bbeaa917, www.fullmoonbird.com/c8sr/ | |
| xloader, da2ff4dcc816f9cf370622ab8143a11bedf02c20c7b40a357ca469b3a51b5623, www.u9games.xyz/5p8u | |
| xloader, e4df2b6cdbd85c5cd1a54e8dad5652471650d8590d896d185707822feef3d469, www.pqnqxn.xyz/fku9 | |
| xloader, e85ea93dc4669d3eb1342f61a3efa344e930ad12eb521fa539a6bac74ca5ae1c, www.ddi828media.com/m0v4 | |
| xloader, eddaf1005b1eaf4fd6dad9a067063b55ec1f04c7d5d47dcc6723601f6ac807bd, www.toppersbusiness.net/hugu | |
| xloader, fb20f2515799981b9b526e6326f5fb1b3e54b200119ee1d02141d0513aa34fc3, www.mhtnvro.lol/cqkx/ | |
| xloader, fc7309cb5387824566ec713b206e5c874948793b3fafe1c5e4dca2b083143c98, www.toppersbusiness.net/hugu | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment