Created
July 8, 2024 17:23
-
-
Save silence-is-best/b2528667d6e1527fcae55afcdda50bc2 to your computer and use it in GitHub Desktop.
June Malspam Campaigns
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 6/2/2024,Malicious email campaign; morning,AW: RE: Payment; ace -> originlogger,Attachment,6 | |
| 6/3/2024,Malicious email campaign; morning,Aw:Aw: Aw:New order - Revised Invoice/Advanced payment; doc -> remcos,Attachment,7 | |
| 6/3/2024,Malicious email campaign; evening,Quotation Request - RFQ018232901983234; zip -> vbs -> formbook,Attachment,8 | |
| 6/4/2024,Malicious email campaign; morning,"New PO for Project - 00775, 00875 & 02195; zip -> remcos",Attachment,7 | |
| 6/4/2024,Malicious email campaign; evening,New order PO00211 - Delivery next month; xlam -> originlogger,Attachment,3 | |
| 6/5/2024,Malicious email campaign; morning,RE: Request For Quote; z -> originlogger,Attachment,4 | |
| 6/5/2024,Malicious email campaign; evening,Your Shipment Just Arrived -SGS; xlam:rar -> originlogger continued to 6/10,Attachment,4 | |
| 6/6/2024,Malicious email campaign; evening,Advice from Standard Chartered Bank; xz -> originlogger,Attachment,2 | |
| 6/7/2024,Malicious email campaign; evening,ROQ // NYMPH THETIS V2402B - PORT KLANG / BENZENE LOADING; zip -> snakekeylogger,Attachment,4 | |
| 6/7/2024,Malicious email campaign; evening,"MT SEA GULL 9 V2402 CALL DUMAI, INDONESIA FORLOADING 10300MT CPO// Local agent; zip -> snakekeylogger",Attachment,4 | |
| 6/7/2024,Malicious email campaign; evening,"Quotation for Bandar Abbas, Iran - Djibouti, East Africa - Break Bulk; zip -> snakekeylogger",Attachment,4 | |
| 6/9/2024,Malicious email campaign; evening,Purchase order. Our order number WIN240079 & WIN69357; lzh -> guloader,Attachment,18 | |
| 6/9/2024,Malicious email campaign; evening,ARRIVAL NOTICE EVER CALM 0684-083S Ref-no: <<A1_DB563K0N.CNT>>; lzh -> guloader,Attachment,8 | |
| 6/11/2024,Malicious email campaign; evening,Hello; rar -> guloader,Attachment,4 | |
| 6/12/2024,Malicious email campaign; morning,Fw: Re: Order; 7z -> originlogger,Attachment,2 | |
| 6/12/2024,Malicious email campaign; evening,Re: Order Confirmations Request: ST/2024/078 and ST/2024/080 //Week 45 shipment (urgent); 7z -> guloader,Attachment,4 | |
| 6/12/2024,Malicious email campaign; evening,Payment Request: PO# WH-2E0520; lzh -> guloader,Attachment,2 | |
| 6/13/2024,Malicious email campaign; morning,RE:FWD:PURCHASE ORDER / SHIPPING DOC sent from (Hengjiu Chain Group); rar -> originlogger,Attachment,33 | |
| 6/16/2024,Malicious email campaign; evening,Purchase Order_PrimeHyd POI31205; zip > guloader,Attachment,2 | |
| 6/18/2024,Malicious email campaign; evening,Bank of America Merrill Lynch Payment Advice; xz -> originlogger,Attachment,2 | |
| 6/18/2024,Malicious email campaign; evening,QUOTATION-1234; docx -> rtf -> lokibot,Attachment,2 | |
| 6/19/2024,Malicious email campaign; evening,AW: Confirmation of payment details 232-02-003491; rar -> xloader continued to 6/20,Attachment,5 | |
| 6/23/2024,Malicious email campaign; evening,CMA CGM - Original B/L is available - RTM1439068 - - 1TU7CE1MA - MYPKG to NLRTM; lzh|lz -> vbs -> guloader,Attachment,4 | |
| 6/23/2024,Malicious email campaign; evening,Maersk Shipping Documents; 7z -> vbs -> guloader continued to 6/24,Attachment,5 | |
| 6/24/2024,Malicious email campaign; evening,YOUR EMPLOYMENT STATUS; 7z -> originlogger,Attachment,5 | |
| 6/24/2024,Malicious email campaign; evening,Shipping Invoice; 7z -> vbs -> guloader,Attachment,3 | |
| 6/25/2024,Malicious email campaign; evening,shipping schedule of JULY 28; iso -> guloader -> xloader,Attachment,2 | |
| 6/26/2024,Malicious email campaign; morning,Re: Inquiry and New Order; txz -> remcos,Attachment,2 | |
| 6/26/2024,Malicious email campaign; morning,Shipping Invoices for June 06/26/2024; 7z -> vbs -> guloader,Attachment,3 | |
| 6/26/2024,Malicious email campaign; evening,Urgent Document; 7z -> vbs -> guloader,Attachment,3 | |
| guloader-originlogger, 4e984c829df56d7ec108cc19f3015e3c39ab0b0fdc9f11eaeeecb91d525db545, mail.defenber.com | |
| guloader-xloader, 8a1cf4273bfdee89fc237e2a2b01db9ef32b3fdd9a1c6ff8ec9e455f24ed8a37, http://www.topgolflawyer.com/465f/ | |
| lokibot, 98e1aa492f377611e489361fbcf1fced75fe6c9028a214aeba35fa7ac577790b, http://midwestsoil.top/alpha/five/fre.php | |
| lokibot, 9d788eeec1761ce8aa745c4488a6676d89ed690b5d71a4df06c9ff55d82e1d8c, midwestsoil.top/alpha/five/fre.php | |
| originlogger, 01f342c2201904ec19bbd8c5fc36d10c1c92c5cfdb4b3266dceb928f1d2efb97, webmail.standardengg-works.com | |
| originlogger, 0cdd89801edc2304d208f9dca70cbe0248f5cf55876c827a275a57560fa396fe, us2.smtp.mailhostbox.com | |
| originlogger, 0d74af97359c1d0fd909164e90a90e1ebc8a519c9f906eaa72ee7cacc3ee33d1, s3.serv00.com | |
| originlogger, 0ec17a88232be3356c93b0b0eae5acf6a53332fe13e6881d627bea4f2963e6d6, investms.vadavo.cloud | |
| originlogger, 0f332fd82cac206ac5ad266b95ec432b85b285317709ea00ee5f31648a1fc512, smtp.brianberrills-ie.com | |
| originlogger, 19b604df73a21665949858204d634fc31077cc0b1c0c02f53712b2cf3b5e8bc0, mail.mahesh-ent.com | |
| originlogger, 255306dc51f8e03d60b15c31fcda56678224ff0e6781266a47aa71d5897429e7, mail.tajhiz-gostaran.com | |
| originlogger, 306fdd40e13ae0d873d6faca343142b9b487b6b6be4db2dda48b6ed886e6e349, ftp.normagroup.com.tr | |
| originlogger, 355447fbc1a87b379d3f633117dbd8327279c74a24288c20d459986b2232f433, us2.smtp.mailhostbox.com | |
| originlogger, 364c37d1a5142ecaaeabce403a7809a109348f94afd4fc547d862ed9b0f83bee, mail.springandsummer.lk | |
| originlogger, 383d0f4cc036007f1c717e49856a3e0cf8bfe511673c291f568a2930f0993778, us2.smtp.mailhostbox.com | |
| originlogger, 38b54504db439c0030ef442f4f623ff014756f820480c09857bf780c3a195d58, smtp.brianberrills-ie.com | |
| originlogger, 390b2151f97ed90201b625b089bee042304fe998171e2d9452135eecf416b17a, mail.thelamalab.com | |
| originlogger, 3b7e78551a8cf6b9cd90231fd704f8f8facea477f7be047c21a2fbb8161d6d25, [email protected] | |
| originlogger, 3bab8fe003450bf70cd9ec8c2b92d042d92167da4942046f104f6b3139663a96, mail.jvpgclub.com | |
| originlogger, 3c2cba26737c97419a43d2c58cadb2a449c7f3e183895edbbcbf620d68ea5ba1, mail.wassadadvogados.com.br | |
| originlogger, 3c4a6a16a5d8679e83400b100265e0513f5993e513d5f17c875976b09cd1bf25, mail.tajhiz-gostaran.com | |
| originlogger, 40898401f5a784cea08158b22b5a17c33791882e6c7c79afcd25690281b73c02, mail.chachitos.com.mx | |
| originlogger, 48c7311341af01dfa4d01d6000fb17d6956d6607f2714bb88bba2f8ca0a93fbc, mail.psgrasa.ir | |
| originlogger, 52f624cf9571a843b126ac880b5f9b819774c02b35d564830d0a9117b82ca8ad, mail.bengalshoe.com | |
| originlogger, 59b4c6293d3b0c1340df2e3e1ad4713f5d5e95e2585a58962936f69a641227a3, mail.coperwire.com | |
| originlogger, 601fbc5c07995ae23253ab8b45b790f7bd35305b4282fde19a3eedf158e60d07, mail.laboratoriosvilla.com.mx | |
| originlogger, 615220f794e0a78c563dcec24f6ddfe01fc518a720ed3231f0cdd8733247fcaf, ftp://ftp.kenvue.cam | |
| originlogger, 61f068ead6c9f8088caa75cbecf7ca6dadcee5e6542bfdd2465c19b455ee05bc, mail.tajhiz-gostaran.com | |
| originlogger, 6832fecaac8e4dcaab5fd45eb3a5f7c36c3749202c30d0f626397d4f78a6b86c, ftp://ftp.kenvue.cam | |
| originlogger, 714ca45e591dc1a3f8d2485e9b0c02973e69102ca41a57adc705e88badb23ece, investms.vadavo.cloud | |
| originlogger, 7a5e05a641c25842d65bf9206fffa0acdae7197fa204c4fda9ee801ff7c666ad, nffplp.com | |
| originlogger, 7e9ace80bb54631d6c392281fe75cf4e1b171aebbcc863b7e72054931bde64c8, mail.mapsenzymes.com | |
| originlogger, 83858356d39e4457babbc4f7c370d60cfc7ef83d4c8899fba40936707984a811, mail.showpiece.trillennium.biz | |
| originlogger, 86b2b298949aa8152e801baa096952105a2147fd5a13308f9f27959ffdc2cc2d, fiber13.dnsiaas.com | |
| originlogger, 8a4dfea3b0429a7e6b465f46b7a712dea3d0000468731cb010132be045a04dce, mail.100demoras.pt | |
| originlogger, 8e85642be9336d213c4656c277dee5d9ee751ea822f33becb7c310506f058073, fiber13.dnsiaas.com | |
| originlogger, 90b112bdd91653ba38fbc373ed28c7bf9467f67f64d24f1aca0dd2a4829f245d, mail.springandsummer.lk | |
| originlogger, 9806d3ef46ca4ff43aa761d7748c3c3963f350573abcc52574a333fd89a28bc5, mail.voivocars.com | |
| originlogger, a02bbd9bc3479d4045279ab08d9823a0b5520659562368d9ec4557f2abda41bb, fiber13.dnsiaas.com | |
| originlogger, a5154edc933c692bd6160ce41e1af9d27782f21ba1d25403d1cca7aac25c44a3, mail.merlinmotorworks.com | |
| originlogger, a705803d36a853fea252b00451b392245ee4d66f9c830778d021cdefaf252136, zqamcx.com | |
| originlogger, a8d26936158b1aa8cd328768955b747c2f563dc95ed9245fd132befc7dedc3d8, fiber13.dnsiaas.com | |
| originlogger, ae56de5b8d4d89c0644b5dca19f74228561188657b2c6b034837c6c51572ff8a, mail.destinationtoplan.com | |
| originlogger, b23c16643bf0ee432042493f8d9156021f0bab84b18517ba6cf0a75b721b6925, mail.nsatech.co | |
| originlogger, b3ca04d731ce63ef0fb3cae7db9ae14b8ff9c0ae842b83ac80eaa8ef459f9672, fiber13.dnsiaas.com | |
| originlogger, b85661c82d5498736bf7f61a29914eb819b9a61470c2fbbd6b71aa5f7fa496dd, mail.afanew.cl | |
| originlogger, b8ccca04a11cc7e02c251f6d96067ec003881b5b1ed5e38875b4afe9e83a571e, ftp.manjeetsteelproductions.com | |
| originlogger, b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883, fiber13.dnsiaas.com | |
| originlogger, ba5b16c28def8e5d0ea0a09bf25b4d980fe89e3537f7034d775ccdf3bd9f5035, mail.springandsummer.lk | |
| originlogger, c33d326096071fd9b4dfc0c5668d7b5452814a994811942cabe97ec4de15b1a4, fiber13.dnsiaas.com | |
| originlogger, caa149d1130881019e045732cf5894dd786b165f81d614463a3a3bd6b18a091e, mail.wassadadvogados.com.br | |
| originlogger, ce6cf51607a2fd0b3aa61c066d0adf7d659418c4cd78ef8824a46f89e639867b, mail.springandsummer.lk | |
| originlogger, d16ea5d6d40c9020b99032eaefab9b62f3c63bae12d24103a6b10ac5a2dcd34c, mail.defenber.com | |
| originlogger, d2e215628c338bbf51dae9c69864717aa706f767b082ff5713cc6f4869cfcd81, mail.springandsummer.lk | |
| originlogger, d2f23dc9b7b97472f7996e14c836b6571e23c79ee585d6d4c8f13ef7ae101d6e, us2.smtp.mailhostbox.com | |
| originlogger, d5a64294b4a47e260bf84a9819474e15fa6ffe9ee515a5db68967fd2837f9f1d, mail.voivocars.com | |
| originlogger, d97237ebdb9a0ead604f8b3543bd9a8b923ac658eeb50f68533608ce034dab20, zqamcx.com | |
| originlogger, de56c70d9543d35a0f93def14072e42a9df2b35f5b087fac3bfedd49c3f42ee6, mail.tajhiz-gostaran.com | |
| originlogger, def1c893697505de0b722e6fb3e516bad1c37f8e19599920714d29861639c274, mail.chachitos.com.mx | |
| originlogger, e1c9b3850958c21be6108aa28a28f7b8f059a0530db99c587fadef7801fa4319, https://api.telegram.org/bot5709291639 | |
| originlogger, eb79cca838f57ff5f3bf13f3bbce26859ec27d6dbcdc96ada3c2ead3ef27abf7, mail.elektronikkutu.com | |
| originlogger, eeb5b5fa4c3d0d74641f2ef155cafeea97632faa05c4d8b952e0ac269e975d99, webmail.standardengg-works.com | |
| remcos, 253ae6027d114caeb26331508c9c916b54fe3561faf46679c06c48dad8860cac, 62.102.148.166:3319 | |
| remcos, 80edcbb7fe7717412d44ce9de1c35f8ff32a904668780ceda77578068b6c2d1f, 144.208.127.241:1717 | |
| remcos, 845c3ba76768948ab3df490599f02d060cd464c6251e16e7847d53707254ee46, 62.102.148.166:3319 | |
| remcos, a1ab262fae82aad57cd8f5aea69796cb2b58e28642f62be2829f97691ab9f835, 64.176.178.205:2017 | |
| remcos, c4dd9ec83dc0b304101fa6b2f37d93aae8921bab88ca6e49a6a8eb18d390ed79, oceansss.duckdns.org:1144 | |
| snakekeylogger, 18bbf9ffed3d017ce656b2c4d9f6c05a7e3b5b4f1b59dd7d38faa954936907e0, valleycountysar.org | |
| snakekeylogger, 1be835ea4db4fde3dfee8c6d479ad512901305614850ca3d7d8db9d4a8281fdc, valleycountysar.org | |
| snakekeylogger, 2265e43c3f91487219234a3fda76b7077a1a70c6ee3b4672a7281faf06475542, valleycountysar.org | |
| snakekeylogger, 2aeac076f9c2dc2654145d6d692b53abd690a9b3b5ee39948ab60776c7c505d0, valleycountysar.org | |
| snakekeylogger, 3afb4b16d7a9aac77226467a1fcd4eaf035c19dce39d926c975aff0e551d29ff, http://103.130.147.85 | |
| snakekeylogger, 4623fc0fe4c22c9d29e2af2ef5a14c9a2008528aeb98c2130a6ef07e3e51bd27, valleycountysar.org | |
| snakekeylogger, 530ea48914b6c7e82e89532dd28463db5da66c80fbc0ad25b9e46471b1639260, valleycountysar.org | |
| snakekeylogger, 62df71d0bae729795227435a055a649583d55ce89cd8d3198cdc88752bcd4080, valleycountysar.org | |
| snakekeylogger, 721dd93abf33bd830abc78f030f6bb44d801adfe2950ee7820fd6f4ffb978373, valleycountysar.org | |
| snakekeylogger, 7a6f6272e04ce76806e72e5e40260af3ef99411a25d5dded22b2e72b6971b7a3, valleycountysar.org | |
| snakekeylogger, a6740e91697a194c69526e700ed66eeff7f976364511eaaca4adeb62b7b387ec, valleycountysar.org | |
| snakekeylogger, f2101696ff6fb8e2171fe666df358500c675246fcbdf4620fe2961be8e5fb316, https://api.telegram.org/bot6812788177 | |
| snakekeylogger, f53b6f8e91679e4eab7e2110784331f775af9c0956dccdc49a217157bc5b8880, valleycountysar.org | |
| xloader, 0344168a6e758c0be34c99ef81644f462df5a8a8c725e676dea2fea177a30d81, www.w25dn.top/3mty | |
| xloader, 1831a7d7cb0309018b48298dee3d789eb6aed6bee466a4ec2cce27db09e458f3, www.stellardaysigning.com/xb5p | |
| xloader, 3744bb1ee9a5396507db71df872718adc1ecd76056d665b3e59fd2823f528550, www.w25dn.top/3mty | |
| xloader, 3e8a45e1f0face1dedab9167d1e0405000f94d1dfaf1780b45cbe315f1ead0d4, www.srripaspocon.org/41br/ | |
| xloader, 4100a818ff603e1b37740a46d8c5fb58626e4c096575c4b4eb11492eebecf903, www.6666111p.vip/xb5p | |
| xloader, a63797919b66fc30d94d53f8b70851e6c855a83a166352b2cfba26869c585ea3, http://www.jlstoneconstruction.site/m1iy | |
| xloader, c2c188b3ff0f0b7b0da1cb5f01ce78291e8094d7509ec04c18de72e3ebb57564, www.fcelectrodesign.com/agbg/ | |
| xloader, e75f8000fdd2081700afa2c137c683bd424d8eca3c5fa928758ba18eeca8f194, www.srripaspocon.org/4mpz | |
| xloader, fb5431795717f39dfc9c2426af31582b6987a85f66ba3f50cba6fe865589bfd6, www.srripaspocon.org | |
| xloader, 94818e3ff52e10a04fcd1759813020d73907ce10e9f6906ee98fd26c7da13aa3, http://www.klimkina.pro/4mpz/ | |
| xloader, db5696b8f7806557591b540e072f171d159c4e91cc775590af31f794b0ef2da6, www.leadchanges.info/99v6/ | |
| xloader, f5a619550aab65a70f97f1128411ccd053444254ebb1df49d2d908c0e154d66b, kwip.xyz/ij84 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| f9226_jono | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment