Created
April 3, 2024 13:38
-
-
Save silence-is-best/e0fa9b5c4d5028a2e853d98b702cacdf to your computer and use it in GitHub Desktop.
March Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 3/1/2024,Malicious email campaign; morning,Re: lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,8 | |
| 3/4/2024,Malicious email campaign; morning,RE: ADVANCE TT SLIP // FEB 2024 SOA PAYMENT; zip -> originlogger,Attachment,4 | |
| 3/4/2024,Malicious email campaign; morning,DELIVERY RELEASE ORDER Ref-no: <<A3_DB2TH84T.CNT>>; zip -> originlogger continued to 3/19,Attachment,4 | |
| 3/4/2024,Malicious email campaign; morning,New PO - PO#2024EH001; rar -> originlogger,Attachment,4 | |
| 3/4/2024,Malicious email campaign; morning,Inquiry & Orders; rar -> formbook,Attachment,3 | |
| 3/4/2024,Malicious email campaign; morning,Payment Advice - Advice; img -> originlogger,Attachment,3 | |
| 3/4/2024,Malicious email campaign; morning,ARRIVAL NOTICE EVER BEADY 0732-081S Ref-no|RE: Release Payment; zip -> originlogger,Attachment,16 | |
| 3/5/2024,Malicious email campaign; morning,Invoice copy.; zip -> img -> wsf|vbs -> xworm continued to 3/7,Attachment,14 | |
| 3/5/2024,Malicious email campaign; evening,Şubat-2024 Ekstreniz; z -> originlogger,Attachment,2 | |
| 3/5/2024,Malicious email campaign; evening,New PO - ( New POs# ST-2312180); zip -> originlogger,Attachment,4 | |
| 3/6/2024,Malicious email campaign; morning,Re: Payment Return// Reports Remit05; zip -> vbs -> xworm,Attachment,4 | |
| 3/7/2024,Malicious email campaign; morning,RE: Release Payment; zip -> originlogger,Attachment,3 | |
| 3/7/2024,Malicious email campaign; morning,Payment Advice - Advice Ref:[A22D4YdWsbE4] / Priority payment / Customer Ref; rar -> originlogger,Attachment,4 | |
| 3/7/2024,Malicious email campaign; evening,Share your office closure time with DHL Express; zip -> originlogger,Attachment,2 | |
| 3/11/2024,Malicious email campaign; evening,RE:FW:RE: March Pending INVOICE #PO83784748; 7z -> originlogger,Attachment,11 | |
| 3/11/2024,Malicious email campaign; evening,DHL L&S - 1C23THP 00042194; zip|xls -> originlogger,Attachment,6 | |
| 3/11/2024,Malicious email campaign; evening,Remittance of USD-82800.00 copy payment..IN102854; rar -> formbook,Attachment,2 | |
| 3/11/2024,Malicious email campaign; evening,CDI-S 10577/2 (Quotation Request); z -> originlogger,Attachment,4 | |
| 3/13/2024,Malicious email campaign; evening,Price Request; z -> originlogger,Attachment,4 | |
| 3/12/2024,Malicious email campaign; evening,Urgent! BW | Quotation Request - 13 March - SFO/WRN/5; rar -> originlogger,Attachment,4 | |
| 3/13/2024,Malicious email campaign; morning,RE:DHL TRACKING; zip -> originlogger,Attachment,2 | |
| 3/13/2024,Malicious email campaign; evening,[New Enquiries] Quotation QU021182|Price request; zip|z -> originlogger,Attachment,4 | |
| 3/15/2024,Malicious email campaign; morning,New Product Catalogue from Sino Trading LTD; rar -> guloader,Attachment,2 | |
| 3/19/2024,Malicious email campaign; morning,Attachment names are like march19-d1639-2024.xlsx; xlsx -> darkgate,Attachment,6 | |
| 3/20/2024,Malicious email campaign; morning,REQUEST FOR QUOTATION; rar -> originlogger,Attachment,3 | |
| 3/21/2024,Malicious email campaign; morning,Attachment name is comapny catalogue 2024; exe -> unknownloader ,Attachment,3 | |
| 3/22/2024,Malicious email campaign; evening,Shipping Documents; zip -> originlogger,Attachment,2 | |
| 3/23/2024,Malicious email campaign; evening,Your Document; zip -> phorpiex continued to 3/31,Attachment,35125 | |
| 3/25/2024,Malicious email campaign; evening,Outstanding Payments; rar -> vbs -> njrat,Attachment,4 | |
| 3/26/2024,Malicious email campaign; morning,Header from: [email protected]; pdf -> zip -> wikiloader continued to 3/27,Attachment,874 | |
| 3/26/2024,Malicious email campaign; evening,Booking.com Invoice 1445766252; pdf -> js -> hagaa -> originlogger,Attachment,3 | |
| 3/27/2024,Malicious email campaign; evening,RE: Required quotation for Aluminum linear guide unit shaft; rar -> formbook,Attachment,2 | |
| 3/28/2024,Malicious email campaign; evening,Payment Advice - Advice Ref:[GLVA08456093] / Priority payment / Customer; arj -> lokibot continued to 3/31,Attachment,8 | |
| darkgate, 3c64cbb7e7212d920322dae62665b05ceb63a0ad6074cac3ba518cedc5c6dd48, buassinnndm.net | |
| darkgate, 82278c23c97dd24a08c5a1300f2a2cfc293824e0d4b178f340962cd722941e6b, diveupdown.com | |
| formbook, 1d85b0167afe65046fa652f0004736612fe1255ebd233745e94a01451c57f190, connectioncompass.store/he2a | |
| formbook, 1d85b0167afe65046fa652f0004736612fe1255ebd233745e94a01451c57f190, dp77.shop/he2a | |
| formbook, 3f756a83cc26f83550f25a526816879b5c086dcbe824612f0ae2f514853302a7, http://www.tygavpn.com/e368/ | |
| formbook, 9172e4c414e78d7439122599ea987912ab0385b4eaece0ab86c5ccc6dd138bc7, http://jnkinteractive.co.kr/i9if/ | |
| formbook, b3c1d0b2e2e4a47434e94d1c4ac33f7edd5bf2e8cc6e799b2742afa9118a7838, http://www.tygavpn.com/e368/ | |
| formbook, ba4e91818b6dd6baa9c8465feaf72c0de6b50f884df80ae72de722c21096ff32, http://www.tygavpn.com/e368/ | |
| formbook, dbfafc9fc47d2162e1c4badc69a1fa56aa7daf48804d9de5ec8b09a91a5d75a0, http://www.chil-a-keel.online/e368/ | |
| formbook, de5cf20e4077372593a8c24c31306b7e5b9ba62e3952609bde308300631c8c3f, http://www.tygavpn.com/e368/ | |
| lokibot, 202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76, http://alphastand.top/alien/fre.php | |
| lokibot, 7cc872c2db97ac517a53904af50ad37dd08ca934fd1a48d4ebbd4c593c9cf528, https://sempersim.su/c17/fre.php | |
| lokibot, ed0060d90610311944437da9ecc113e293b2800b903e5617b115d5bc48c379bd, https://sempersim.su/c17/fre.php | |
| modiloder-remcos, fe1d86987f6692e3ed55d15a115ef0956b9f183b6f790c1887602ba8a6f39fcc, jaztc.duckdns.org:1808 | |
| njrat, 0231c4a5cd7e1a07cdbaf84df4f635fd6c4acbadf14f817b4004ecbcc3fbd3f2, billions.ooguy.com:5009 | |
| njrat, 999a943989ccd727bdc111022f77741e385a1688583940df5e33a84ba0570b97, billions.ooguy.com:5009 | |
| originlogger, 037c7011889e43ee7456a314fbfebcc3d7abbd96aa509a34babc0d832681013f, mail.tadbirdrilling.com | |
| originlogger, 05261e8594490477eddd50ccd0499af1dd0f1bdeac466c1ddcf435afe4841641, smtp.thanhancompony.com | |
| originlogger, 061d22ce82c411b7a7a101fcb6fd0836f420b1800a7e5b241089fc819cfd4451, mail.tadbirdrilling.com | |
| originlogger, 0a6c1a3b213126aacb4bdf23a40b18facef7b2fb6efd7bb49f3549d4a0c10eb1, phoenixblowers.com | |
| originlogger, 11d7212106c1e7d65ca5b3a3d6c197775e224c151b89900de265e6efcbb68322, mail.oceanskylogistics.in | |
| originlogger, 1248ab594dfee77e32f4217f6f644883164265c5ad5a6aff2957730b39cbb4dc, ftp://ftp.3dmegastructures.com:21 | |
| originlogger, 15d92d97b0d9181ef3a9270baa8d36b15f6e5c61a8c26ebceffcb3af2d06b527, mail.mcltransindo.com | |
| originlogger, 1875aee9f50a8e2389a125c2f77998685ee0d7d7d20b7d3f1ecadf841564e654, mail.tadbirdrilling.com | |
| originlogger, 19299c911d297fef582c50c022ef66afdfba6b761f329d7ffe05e96353cb8122, smtp.thanhancompony.com | |
| originlogger, 1938cf3166e3504fed02fca89a1279ea08e4399539bd0a1f5b711711c65eccab, mail.okn-makina.com | |
| originlogger, 1ddead5d6964c8e382d3b2ea694774ff58486bcfb7996015561cc9a03c61b536, mail.starmech.net | |
| originlogger, 1ed60fc77b07f949a7cc3ced2dd0e0de84ce806a5ebb71d7fc51f31323f2b928, sg3plcpnl0020.prod.sin3.secureserver.net | |
| originlogger, 3410a06e5be3fc11580312531749522923e07b53290d7f327eae84d376d7f38c, mail.impressionmotors.in | |
| originlogger, 359d716f71f188445d2aaeff9b2ebe5a32db7e4d86220651a94d0eb263d3f582, mail.mcltransindo.com | |
| originlogger, 39c6981bd32139dd43f2676b08ff633979c2471662c224edf6820945ae280c0c, gator3220.hostgator.com | |
| originlogger, 3b89171d1b809c00201e6deaf5300a9c269c0d60ac4ac2201e61e698bdac7300, mail.hhipune.com | |
| originlogger, 45bdc1b6250045529b8332c7fcca84f7215c66de929b2ae7a10be86fee2924c5, mail.oceanskylogistics.in | |
| originlogger, 4a5703d771554661fa318e46b5a16ce25f53c82544d974bdf38f440dbc7ba3dc, [email protected] | |
| originlogger, 4b39adbf8d3a4e2a5793014b4af4a4cb98d3a71c4a565dd20dc3a69928a84c72, mail.elec-qatar.com | |
| originlogger, 55571fa3b9f2d9a7d71c1154aac73dc3826860eaa7be12cceda40d4566ea4ce1, mail.2sautomobile.com | |
| originlogger, 5d687e5dc31945246f2a483f6bcf8879c44438ccb7885b936e1fbf358faadf9c, smtp.hsbv1.nl | |
| originlogger, 664db26a69e4b1efb10289189887c35558bf7ca966eed02f97e523fef83f1205, mail.elec-qatar.com | |
| originlogger, 6b6c3c21922ab9ef325a9f8b9c0d528fd516a85e8c26978ffe7d1744c9063488, mail.hhipune.com | |
| originlogger, 718bdf94dd3385b02256011e20334806a95a81c9f7e81abe8830b6a7514e8c9d, smtp.gmail.com | |
| originlogger, 7a20de1b4a4cd2e217be33f3297d2b38d7e7fd69ee216d58f0400160e41ff3ea, mail.elec-qatar.com | |
| originlogger, 7cedf22576912e011f0e6f547fa4fd6acd811d04bf7415aaa76fc02d91bedd12, terminal4.veeblehosting.com | |
| originlogger, 80f85a304c4c55f89fcfe941a5bfa1923a766dca4080f9811535c4c51d90da6c, us2.smtp.mailhostbox.com | |
| originlogger, 855d0048eb544614d057f025c49145f599a41219e57dc4c415a854b4dbd633a1, mail.mcltransindo.com | |
| originlogger, 86e7c8d2666c9945c76553915e9504775d6b0dee8fe4f2cd2a0532746404acfd, https://api.telegram.org/bot6897682217 | |
| originlogger, 8be2f4d5af90796a75eeb0bcf35fbe89befbc482adb26c3632950a88c5b4883b, mail.hamouneco.com | |
| originlogger, 8d5930353d2239c66b566cb6725058657d642d766549d493f0118aa495c95106, mail.impressionmotors.in | |
| originlogger, 92c2e29583a5387aaa8c516cb90679f79204fe6c6b599d728a3a2edd0d80c6d8, mail.hhipune.com | |
| originlogger, 96d8f946d4ba59979608136ba3117652705bfdca1365f5e5b8a148fa5a601e11, mail.starlinetrading.com | |
| originlogger, 99cb75d06c6012343153cad4f2d5a0cbb8f161569d1178301a81e45087753e15, mail.hhipune.com | |
| originlogger, 9d2d06f9adad149710d34c3a37f6e4e7c0542f0982b36e1dc339a63a9c2365e3, mail.tadbirdrilling.com | |
| originlogger, 9e37bb863752875a685b1dd93f44e9445712f4ba81575753a23fe84ece310ceb, mail.wassadadvogados.com.br | |
| originlogger, 9f172db7ed366ff9f5862b467b80202720badaa722712c38f880b8e9a80093e0, mail.karpackkasa.com | |
| originlogger, a4dc379a6ca20fa75f16c167cb516e37866b36c845eefd7bba23df27435497df, mail.speedwellabrasive.com | |
| originlogger, aa0bb57cc545a3e7e234ef691f84ea8f2fc90f4e024a3addcc23d2f20a0e63e0, mail.zqamcx.com | |
| originlogger, ac517064216de46a3c1ab91e2623170b89eef04b4e64b1c24149c1bb64b24ec8, mail.starlinetrading.com | |
| originlogger, ad6972720f985e8adf12f0ac1a52f909c46abe8b0b19cc5be2f0bcc7b57fcc12, ftp://ftp.3dmegastructures.com:21 | |
| originlogger, adeebc489ed24b4e3e8ca7d0db2a4fe9bfce24c7c7675d67d57712afce862a72, https://api.telegram.org/bot7112308801 | |
| originlogger, b9b4d87c84f6baf4e71845c26c43e70b7c1c6d06a94e4a87df17a7e8dcf5530a, mail.oceanskylogistics.in | |
| originlogger, bc166cd7e28545d2f52b1cce3f2eafc4824b4b4252440859cc4b7286e95bd8b5, us2.smtp.mailhostbox.com | |
| originlogger, bd9a2450499f87561deff9f7862b4ca34b5afb27089b8ae90578f7ed28054808, mail.clslk.com | |
| originlogger, bf97d8ee1b61a6699e0a1ff3cda31252cfbd154804673d83dd68b1fee155f953, mail.talesur.com | |
| originlogger, c2d0cc385181b9e1685ce28e76d5bd1865843e67eb97796a6529bfaa34774816, zqamcx.com | |
| originlogger, c37ab5dfe51203a7597c48320584457c90fdfa9c9d0f8f6a86e24a5f1e719463, mail.interceram.ro | |
| originlogger, c58fa4400c47bd3c3281052cecdd62e6050aa74c8b3895cc2e43726d102fe7c8, mail.itresinc.com | |
| originlogger, c67364d7cdad141966f7e14ae1ab855568fd781d96ea847c5575359537312c17, mail.udpl.top | |
| originlogger, c86d70c38ed45d01bda3c502f7d77601369e469e4088b092f0a7bd3a844619e8, webmail.interfoodltd.com | |
| originlogger, c9c09d6c428e195827e779c5cb58b5fd32fd42ff581b34c2a66b325e4d04d674, mail.oceanskylogistics.in | |
| originlogger, d04380b79524da697074a01b0af3809f881d0fb09a68364083aeb7a1be021249, mail.impressionmotors.in | |
| originlogger, d15a53b03ae3d6aebeb2d08c1ab71ccace7a418ea6413f73085f60154ca682e0, mail.oceanskylogistics.in | |
| originlogger, d90243827ee248cafbd1fc8b858e239f620106882989ca7a3c5452dc7bb595f2, [email protected] | |
| originlogger, dc8ec5d730d569cb3e918507f166947e3c14b50408c5d32827038faa8c5a9418, mail.impressionmotors.in | |
| originlogger, ddc5d1c80b07a16ba4a2d8d289dcfccaa1c2f25a525d96f223be8c8eedf9e9e6, mail.ipr-co.org | |
| originlogger, df8e553c6b2d78a240c76c5efbc15beba8be24362f53d9bdfc0c42c74934d293, mail.mcltransindo.com | |
| originlogger, e1ce0684164aa26c3076ce2d8fee03488e1a64905352c237f967bbb3b7c17c78, mail.tadbirdrilling.com | |
| originlogger, e220436b5521f7b6171dc1b1e8e32cecdaf791dc51b85b3767866617c38a3628, mail.hamouneco.com | |
| originlogger, e4afa9cefd2e536e7d6330689e57bb1badcc300bd7b903e1da80c920cff8096b, ftp://ftp.icemp.eu | |
| originlogger, e837bf6c58ee97ebdb7c3d58a733f3d527bf0150f1eb551af6707f71d54a3457, [email protected] | |
| originlogger, e888272ec903b082245c0a046b182fd02a1f6e8a6f01e347325bc1a81972325e, mail.fis-uae.com.ng | |
| originlogger, ea5365c541520a84c08b255b188c992fd4a4fac9a52032b03a36d45d679e2f5a, mail.mcltransindo.com | |
| originlogger, ee82a7d799150b129c7e27b8328e987cabf5de9d204b7e028ae2849d92672e20, mail.fedcraw.org.za | |
| originlogger, f1ac86388ffe376b99f91b580e0d31128f385954d790121561717ed6bbb6561b, mail.starlinetrading.com | |
| originlogger, f2e2882a446fe3f0cddd545f8a14093ba1af065b50a301c3719f921a3bff890d, phoenixblowers.com | |
| originlogger, f4cefaa54034c3cfd9bf223520e2a5876ec1d161cb4a68b6b7d3e9fe892b087f, [email protected] | |
| originlogger, f5c9b729887679c505b1318729c25d2622b617222e0e5d4adfb0017f8a04f19e, mail.ronaldsmith.loan | |
| originlogger, f5e5065093aba6e737332f46cfd1b0672dd9c7025e599d9832f8b25b65033c94, mail.aficofilters.com.eg | |
| originlogger, f79941668c6679c1f5770816ce7b68a2d518caa7d7218299f7a1908cf338297a, mail.clslk.com | |
| originlogger, fc9a9c10b989fb790466a432945be2a122151bd634013222bfd87469a9f4d584, mail.cyber.net.pk | |
| originlogger, fd62e09831ebcfa6b2fa8da868a3e6da9eac62580a7516633a8490bb6f7ea29f, mail.starmech.in | |
| purestealer, c201449a0845d659c32cc48f998b8cc95c20153bb1974e3a1ba80c53a90f1b27, 141.98.10.96 | |
| remcos, 38d45a0e0f376be174d788c93424ef4724daad94ce4139beba1868a36d8ad47f, 192.210.201.57:62289 | |
| remcos, 867e3c9147ef41bc4edff6002959c37c785d919b13edbd7e8ed150ea51f9f15d, shgoini.com:30902 | |
| snakekeylogger, 88137ef5ca05130558e846da3d480008f2e5488a7543872195f64daa5a04b365, https://scratchdreams.tk/_send_.php?TS | |
| snakekeylogger, e8d481924c090333dd7e0c1f9b3eca1711bbc3317796f8b30a5d29dab64aaee3, mail.noscoegypt.com | |
| strrat, 213005ac3eed9e5dfa0b00b24cf04cb9ca484b940799c47b095834681e23b807, 185.222.58.38:8088 | |
| strrat, b28e574048022dfe9483a9054f2bb96bc597d64c93a2a36ad27c03034ab5f185, 23.94.159.198:8055 | |
| strrat, ee5420e42f0a24abc94f91a63dcf822e21eee1536b815972bfcac06e7a2d9cfd, 93.123.39.147:8088 | |
| wikiloader, 148b29123bb0c28614858460d7a10707469fecebd6a9ff1da98a0c76a89a9819, https://lurdyvanafernandesmkd.com/wp-content/themes/twentytwentytwo/pam8oa.php?id=1 | |
| wikiloader, 4f2079cd2e228a2777df45ae00714c8679531fd8ad82a66b5c1b10e800771f18, https://mrs-batiment.com/wp-content/themes/twentytwenty/tlsgvu.php?id=1 | |
| xworm, 10875f69e0911f8aced75c992993d60e1f5e38a1de53fe63436b7913ffccaa24, febxworm39090.duckdns.org:9090 | |
| xworm, 215211a9fcdb1adb86e4cb140081975fda6346dcd41e3563cdaa56e50a80e32f, marxrwonew9090.duckdns.org | |
| xworm, e7bde63f01511d2f90a5432c2f3194e172c100e23013708e3ac1e237839eccdb, marxrwo9090.duckdns.org:9090 | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] | |
| [email protected] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment