Created
May 2, 2024 15:17
-
-
Save silence-is-best/b7be65cc7e0f6bbee4d148686681824c to your computer and use it in GitHub Desktop.
April Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 4/2/2024,Booking.com invoice 1467466252; pdf -> js -> originlogger,Attachment,3 | |
| 4/2/2024,RE: New Urgent Order; zip -> originlogger,Attachment,3 | |
| 4/4/2024,RES: RES : Request For Quotation; gz -> remcos,Attachment,4 | |
| 4/7/2024,Quotation request _?FL202306200039?; z -> originlogger,Attachment,4 | |
| 4/8/2024,Request for Quotation; xls -> remcos,Attachment,4 | |
| 4/8/2024,Payment Advice - Advice Ref:[A22D4YdWsbE4] / Priority payment / Customer Ref; z -> originlogger,Attachment,4 | |
| 4/8/2024,Attachment name is document.r15; -> originlogger,Attachment,3 | |
| 4/15/2024,Top Order Inquiry; gz -> vbs -> guloader,Attachment,3 | |
| 4/16/2024,Shipping Invoice & AWB; 7z -> vbs -> guloader,Attachment,2 | |
| 4/16/2024,Your New FedEx Billing Online invoice is attached; pdf -> zip -> js -> wikiloader,Attachment,71 | |
| 4/17/2024,"Shipping Document (CI,PI,PL,BL); zip -> originlogger",Attachment,2 | |
| 4/18/2024,RE: RFQ; txz -> originlogger,Attachment,18 | |
| 4/18/2024,Shipment documents; txz -> originlogger,Attachment,4 | |
| 4/19/2024,REMIT AND PAYMENT; z -> originlogger,Attachment,4 | |
| 4/19/2024,Fwd: Updated SOA; zip -> originlogger,Attachment,8 | |
| 4/21/2024,AWB NO. 077-57676135; 7z -> originlogger,Attachment,2 | |
| 4/22/2024,Re: ??: ??: ??: ??: ??: Pl & PAYMENT SWIFT; txz -> originlogger,Attachment,2 | |
| 4/22/2024,Shipping Document | Invoice | Order Delivery.; zip -> originlogger,Attachment,2 | |
| 4/24/2024,Re: Bank Payment Swift for INVOICE-908785; 7z -> originlogger,Attachment,2 | |
| 4/24/2024,Re:2023 signed forms Attached; link -> zip -> darkgate,Link,2 | |
| 4/28/2024,Aw: Payment Information for Pl; txz -> originlogger,Attachment,22 | |
| 4/29/2024,RE: Shipment Documents// LCL // 245890055; txz -> originlogger,Attachment,22 | |
| 4/30/2024,Request for Product Catalogue; doc -> scr -> formbook,Attachment,33 | |
| 4/30/2024,Header from [email protected]; pdf -> zip -> wikiloader,Attachment,178 | |
| 4/30/2024,Re: Enquiry letter - RFQ No. : 1060; xlam ->,Attachment,33 | |
| darkgate, b54c8e984dbfed0bb80a5fdff2637a2e56a146f85a2712c29bef509d088ceb69, http://185.196.220.195/ | |
| formbook, 0f4185aed646dcc354f61968b69d25e06fdb3fe3e6bab9b52e2ecce1395f667f, www.budget-harmony.com/ij84/ | |
| formbook, 305ff80e71dcae0f39152396e3fedd7c06a496a00f960d406afed9668fc34c4e, http://www.yesbet88.party/2whg/ | |
| formbook, 331ca91b3a643aab796547bdd69ecd624ab13ac224ea80f88ca4a8987c0625e3, xc4f35fg4h35fg4h53.top/fs83 | |
| formbook, 45b2f9301bef1777a604f4280824252266d48c6cf0f4dca1f1963677d9e8afb3, resetter.xyz/resetter.xyz | |
| formbook, 54f2a9f17d3ba4d764b5ac354805f556ccaab3d80aa63e622cfcd5bef26352d7, resetter.xyz/ij84 | |
| formbook, 61e2a9db8f357380b18ba1017f2ae52d656d2c5f4de8851e244566b8c986d88a, resetter.xyz/ij84 | |
| formbook, 8ab205dc4d6f7c232cf9e2047a6abf4b2bb6425258cefeaf9b05e922c8229c6a, blastol.space/fs83 | |
| formbook, b71e3904bb555c207012bc86a6176c800490529c0976e2933351c593adc5afc6, http://www.terelprime.com/ufuh/ | |
| lokibot, a0d79cea0e610965b7244b1e248553be76a80dda18b210ec2479346d3b8c7416, http://24.199.107.111/index.php/720637 | |
| lokibot, a3ebc58cb7aebd21137225e16f6686642708e665fceb1f77e54c2413f6c0e706, http://alphastand.top/alien/fre.php | |
| njrat, 034375393762bb0f2efcc0641f951c3cadbc16e590b37d9fc49ed6db8294a3d0, billions.ooguy.com:5009 | |
| njrat, 2e368631139e75aa6cce30aef3ccdfe59dc2131a7f5166fa5b0e36c969eb5ada, 192.210.201.57:52499 | |
| originlogger, 004dc4a6d738c14412221dd8c2fdac631f4585e155cf030dd3cc814362f937bd, phoenixblowers.com | |
| originlogger, 02a5ec5d9037cdd26b3f1ade8ea4028fbd0947284bfb3d7649e065d22db0ef91, mail.thelamalab.com | |
| originlogger, 04905ab74af1d34a39fdb2609f02e26f5a45f9404874e70efdb9b723d7cd6b9e, mail.hd-izmir.com | |
| originlogger, 12c735086c6b7f4d3d160b4a98d901d264ccdaa6fd1b2117483e9d84abdbb15a, mail.jumpinjack.net | |
| originlogger, 13044102c3e4f2009818dd287ae2d106f2b5682e4a5ac064edb123d3f7fba44f, mail.armos.ro | |
| originlogger, 1429363a609282393015df73bb88aea33d19637a0abb82982d1050e56e1b4481, https://api.telegram.org/bot7017233680 | |
| originlogger, 15df84ca3a0c112b7ab461d6ee7603fcec8e24da91d4042d3ab018f87530b6ac, mail.thelamalab.com | |
| originlogger, 1902f939a74f649682dc0d484b6b101b855de2053cd6a74535db49697aef4c1f, [email protected] | |
| originlogger, 1ec8dfd127970aeaa735e42a7484f1329f44953db3c9e52121c778f197157c72, mail.armos.ro | |
| originlogger, 2829d7c07f3a1a966b25c244d05ad931e9b52510dbae293277ff2208f72e6d34, mail.dmsinnovative.ro | |
| originlogger, 2950be5510110fde97d4cabeb69070d8e029c8cf717c3f500fdd843dc7f93347, mail.capitol-tc.com | |
| originlogger, 2cba66d97b8af051072417ad7267c9f56f8f74eca98a5e5bf5d7ddc894249ad8, mail.unitechautomations.com | |
| originlogger, 2ecbed1e01a6404917129a03e0820fbae016372fadda8c057603a78a55fecd4c, mail.thelamalab.com | |
| originlogger, 2f765d29605f09ea8a3a21d06d403d9cf1764a6f38686131a289b99df05ad41c, mail.thelamalab.com | |
| originlogger, 31a5a7bb195c4d330dea4350928dd555a363aa6654220e06f996e27cffd866a4, mail.unitechautomations.com | |
| originlogger, 31ddea973fb65ffc0dad016e604fa1fdd010ffed0bda4355fdb5309b76148470, mail.gazityres.com | |
| originlogger, 31f74e3f2e41489b203dcf31315022f6d4eb00bad74d5c625294d038ac5ccb1e, smtp.hsbv1.nl | |
| originlogger, 32fbb0c3ddc8102af9cd3c342f5d4ad7d78e1ad840c5989acc000a12fe197b35, mail.gazityres.com | |
| originlogger, 35300023c3e0d4490e20cc16e4e35994e73ece38952e9de48cf961814cb3c139, mail.rhinetrading.com | |
| originlogger, 37fda41fdb04917e4c0da2880b51ba07e959d53a31a93a9b47785a5be8807bd7, mail.tabcoeng.com | |
| originlogger, 413edb098cc00d5456c57941a10faf691f8ca3266ae6d8538636b7ea9bcf660f, ftp://ftp.petrolic-eg.com | |
| originlogger, 46b2799700fc2cf5efdb3fb2826f432891deb9765a73d8e14047ba6ed2e90da8, https://api.telegram.org/bot6754262528 | |
| originlogger, 4e8077f0dbb336a020e8491806b49acc65f8a3e2b0c2e0481a6de1a41d8fbeee, mail.rhinetrading.com | |
| originlogger, 5795da812968208e067795465789e438fe7df242795ea1883bb0ea95b22fcef6, mail.hamouneco.com | |
| originlogger, 57e5f349a7c47e168e15daa6c9825e9075022c9aba9b1928e74cc43dfa0cfe01, mail.thelamalab.com | |
| originlogger, 5873b8e1265e84cf48ec3d9c0d6caf772c3453cb82191a0cf0dfecf2ea3d3bb2, mail.ronaldsmith.loan | |
| originlogger, 5bd77c6c32f5d8767bc5d055f1895c4625e36d3f5556436d8be9237f526963f8, mail.allengers.net | |
| originlogger, 5dda5302383b5a1677891f2bcb1da4876634f20c6cbecd2ec9a5e63a24fd5cdd, mail.oceanskylogistics.in | |
| originlogger, 60f45dc57494e24ac5676556834ad9c30fc889bd9cceed706a4c4546e593cfa9, mail.fedcraw.org.za | |
| originlogger, 615f457d36ad1da20bd802ff15975732d9ebe71f5b4d540ef19c5ca3135fd863, mail.weeecoiq.com | |
| originlogger, 753bbb7228606df1a0d1553f437bf748070783a7c630686f12e66c0ed0e02253, mail.gadik-tr.com | |
| originlogger, 75c96c8d4e720fe1290200707fcca94188b4525dcc8ae2f1dfe49068b7bb3e83, mail.daanapharma.com | |
| originlogger, 76241060bb574a42dcb0d5d7eeaad3f69c6f19719bcaadf804fc359611238c85, https://api.telegram.org/bot1774982469 | |
| originlogger, 7b4d102d36c7bfd0223c1cc849251b8ba1b9e8ebc85df98bbad6233ea2ad5ac8, ftp://ftp.jeepcommerce.rs | |
| originlogger, 7e7f02e7ac8a525256a238e4f7306e070b36199c265d8588b9a5d2193c1ae7df, mail.thelamalab.com | |
| originlogger, 80d66a927ede02982222ad5ec0b000e0ee696476724d480980d6a4009a59ddb9, proglass.com.sg | |
| originlogger, 815c461885ae99cb392b58031594a3d547dc9d786848fe7685f6f4281ca1828f, mail.starmech.in | |
| originlogger, 82f32be71d9c226d53658209924e4e534383b0db5481dbd49923692ef5666940, mail.tabcoeng.ir | |
| originlogger, 94279f693b7bb1c21594d96e572ebc15e6aea416816b03d677a3875ebb84a99b, mail.ipr-co.org | |
| originlogger, 9aba50dd48714364d76d490813efafdf754268b2cea3edd571bf4abe5704c8c8, mail.rwa-at.com | |
| originlogger, 9aea4d20daa5a61dc6e39a34310a8ef82e7da4b4b6cde68561e4ccec8b1db5f2, https://api.telegram.org/bot6897682217 | |
| originlogger, a24660abc3c893c327dfc17d5938d7078c2e0852d767d5f57f7bb143f56b2cc2, ftp://ftp.jeepcommerce.rs | |
| originlogger, a2b803974fcfb65e21fa1a7690eb2a4822f091a8bdf45786e2085c833871d5a0, mail.oripam.xyz | |
| originlogger, a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87, mail.thelamalab.com | |
| originlogger, a7bd684e70814d6b5b08aba1238de9e60e7312d894adedef428c0952a821f990, smtp.hsbv1.nl | |
| originlogger, b2485787dd9753b8bd558f63c62c9e234ba5e29a22131545af2a642318f2e0ca, webmail.purplechai.co.ke | |
| originlogger, b57b61ac75ca378686912265b5e1d52a7d41430b4f051d2318ca20414f509cef, ftp://80.92.205.47 | |
| originlogger, b5dc64e99ee634b5b745ed1108bc629ae5d68fe697744f87fad2b4c8ab003dce, ftp://ftp.amtechprinting.com | |
| originlogger, b67af6e51da08cba6dfe2556ed4ae43f348b166052ea2b47cdf1e2937131ab84, mail.armos.ro | |
| originlogger, bb5cc83f857d7ad7c07ff81596565db4238a065a4a63382b70aafb0a7327c4ca, mail.weeecoiq.com | |
| originlogger, bc5f1294caaee05297ad1547f2f6ec4a309c16f7caf906f21038269d72f54957, mail.starmech.net | |
| originlogger, c4bcbb525aadbcdb6fd3b6d7bbe99d2dfe8fa916caf54bd733bf450d2a570c94, shared48.accountservergroup.com | |
| originlogger, c94be0d3693316359c2e48e43baf51dff4f0b8d5efab6050962a09ef46ead4dc, mail.rhinetrading.com | |
| originlogger, cd7a27abbb0a951a92292c24dba7061bfaa676b720ecdfce33c84fda87971998, mail.unitechautomations.com | |
| originlogger, ceaee7b17b8e34dd07ecc0bd94b23209ae391eaab810d0b2c3a34f2ea40f7bb3, mail.thelamalab.com | |
| originlogger, d0539e8f11cef371e3eaea5818978eb76f401db9a17c388a9459c41b96ea20b2, mail.tabcoeng.ir | |
| originlogger, d965c77ee44072fa2e0dd4bf339a30f44f816de49608a4bc71fc9d59280a3749, mail.oceanskylogistics.in | |
| originlogger, dd64934df95a8678e303aaef7b1b8b58caa68a039e3f50788c7c88f408e93432, mail.rwa-at.com | |
| originlogger, e145314d3ee28df8575d1aa7f2128db4e74271198737c556def2c738331ee327, ftp.amtechprinting.com | |
| originlogger, eb5262f8a8a005e32de9c99ccc53dbe005836c4a56916cef8d9d32ff2f87a80c, mail.tabcoeng.com | |
| originlogger, edba3afe3fedc9e2ef23525c676755c2bdb76836cd4946eb4d97b22a535991be, mail.allengers.net | |
| originlogger, ef77ad07ee8b36ca0270d922b24d2c4bf9e488edf896ee0801c0e4e270c32c6d, mail.succes.ro | |
| originlogger, f064387ab391aff2b0d120df58a0a98e269843462aca86076a9cb113885bd2cc, mail.starmech.net | |
| redline, 6b1379330dd4fddecb4e6ef85c398a1679a919f9480f2b557f4d6ebc3d838085, http://64.188.27.210:4483/ | |
| remcos, 2a0a27371b6f4d355c3264fcc668d8a0fe1af7ebb8b19dca3b5cdf20a3282d65, 62.102.148.185:9771 | |
| remcos, 3610a513abb50127c22a6c5d2c84b814a5743ba2de685c031725601a23f3bdc3, shgoini.com:30902 | |
| remcos, 470b539a4e4519ea56b67b517ad48a5ff794a740b39ffff1eb834b568fb77e52, shgoini.com:30902 | |
| remcos, 554b40336bad24df88cbde544cdf20d553d02ce7fee5dab9a82318d7c21471e0, 192.210.201.57:52499 | |
| remcos, 682f67f5e87f1f480ea5a009c54538b397474dcfb2d65514b18508c7f2904836, 81.17.17.70:62520 | |
| remcos, fadcd7b36622cde793fdb8b3c509c13efb05a57e5227ea5c0dac37ef49a5cb02, 62.102.148.185:9771 | |
| wikiloader, 1d6f76acecff63fb373b5774a3cb34b87266a4a4bbb8e3a0757d107187d280ee, https://djibek.com/wp-content/themes/twentytwentyone/sb9ivy.php | |
| wikiloader, f1a49cea454bac3e78ac765b247b65d00c896d84de2028892b00d4310453c665, https://unokodkelas.cl/wp-content/themes/twentytwenty/pttfrp.php?id=1 | |
| xworm, 570485490403b47405bd23722273cf2a955f3c96cf9ad053572c49c2ced91c6a, royalgrace.kozow.com:4020 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| delizzasuppl | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| outcome | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment