silence-is-best

10.200.169.204
104.198.155.173
104.200.151.35
109.145.173.169
109.226.37.172
109.74.154.90
109.74.154.91
109.74.154.92
140.228.21.36
149.88.111.79

silence-is-best

Date,Details,Email Payload Type,Users Targeted
8/3/2025,Re: SmartTec : PO Payment; tar -> dbatloader-remcos,Attachment,6
8/3/2025,PFI: SHIPMENT FROM INCEPTA // 56 CTNS; zip -> snakekeylogger,Attachment,3
8/4/2025,New Order PO#86637 01/08/2025; vbs -> originlogger,Attachment,3
8/6/2025,INVOICE CONFIRMATION; 7z -> xloader,Attachment,2
8/6/2025,Inquiry; zip -> darkvision,Attachment,2
8/6/2025,Attachment name is quotation.gz; -> xloader,Attachment,2
8/6/2025,RE: New Order - PO/2025; gz -> snakekeylogger,Attachment,2
8/7/2025,Attachment name is Past Due Invoice.zip; zip -> vipkeylogger,Attachment,8
8/9/2025,PAGO; uue -> darkvision,Attachment,2

silence-is-best

Date	Details	Email Payload Type	Users Targeted
7/2/2025	New Order Inquiry; zip ->	Attachment	23
7/2/2025	kindly quote your best price for the; zip -> xloader 	Attachment	4
7/3/2025	Payment Invoice Receipt; rar -> js -> xworm	Attachment	2
7/3/2025	NEW ORDER--GO23B005XXXX025; 7z -> purecryptor	Attachment	2
7/8/2025	Elite shipment; z -> xloader	Attachment	8
7/9/2025	Verify your bank details for our payment; rar -> xloader	Attachment	9
7/10/2025	Evergreen Invoice No. : 25205986 Ref-no: <<A7_FR787BSY.CNT>>; z -> vipkeylogger	Attachment	4
7/10/2025	RE: Final Shipping Documents; zip -> snakekeylogger continued to 7/11	Attachment	5
7/11/2025	UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-06-839; rar -> xloader continued to 7/22	Attachment	18

silence-is-best

Date,Details,Email Payload Type,Users Targeted
6/4/2025,Attachment name is Pago a partir del 04-06-2025 por monto USD 114,800.pdf.z; z -> vipkeylogger,Attachment,4
6/4/2025,[ORDER] POSPHL0002653 Projector Pro2 Refurbished Order# 49763; iso -> vbs -> remcos,Attachment,6
6/4/2025,Attachment name is Invoice for payment.pdf.z; z -> vipkeylogger,Attachment,4
6/5/2025,Attachment name is inv. 324.20374.pdf.z; z -> vipkeylogger,Attachment,4
6/5/2025,RE: PRODUCT ENQUIRY; zip -> xloader,Attachment,7
6/5/2025,FW: Order; 7z -> vbe -> guloader -> xloader,Attachment,2
6/6/2025,RFQ 6000169715 from 3340; rar -> xloader continued to 06/25,Attachment,42
6/8/2025,OUR REF: RET-402-1438; xlsx -> remcos,Attachment,3
6/9/2025,Attachment name is soa_longsail intl cargo services_feb_march 2025_from longsail.pdf.z; z -> snakekeylogger,Attachment,4

silence-is-best

Date,Details,Email Payload Type,Users Targeted
5/2/2025,Purchase Order No.13648045|Purchase Order.; zip -> xloader,Attachment,5
5/5/2025,Purchase Order (PO); exe -> xloader,Attachment,7
5/6/2025,OUR REF: RET-402-1438; zip -> js -> snakekeylogger,Attachment,3
5/7/2025,RE:NEW ORDER|RE: NEW ORDER ENQUIRY; 7z|zip -> xloader,Attachment,12
5/7/2025,shipping documents for Cable quilt; rar -> snakekeylogger,Attachment,2
5/14/2025,"Shipment Document BL,INV and packing; ace -> remcos continued to 5/16",Attachment,6
5/21/2025,Statement of Account Dated 21th May|PO2212020001 Suzhou Huijun Technology; ace -> remcos,Attachment,8
5/21/2025,RE: FINAL SHIPPING DOCS; r15 -> masslogger,Attachment,2
5/27/2025,Shipping Documents; 7z -> xloader,Attachment,21

silence-is-best

Date,Details,Email Payload Type,Users Targeted
4/1/2025,Attachment name contains Inquiry N. F-1676.25.pdf.z ; z -> snakekeylogger,Attachment,4
4/1/2025,RE: DHL单号 Shipment Delivery Air Waybill no 6979374150; ace -> snakekeylogger ontinued to 4/24,Attachment,60
4/1/2025,Attchment name contains embin; exe|rar -> vipkeylogger,Attachment,8
4/1/2025,Documents for Shipments no.-IN100679001BL PO£602102005; htm -> vbs -> xworm,Attachment,3
4/3/2025,FW: Payment Confirmation; rar -> snakekeylogger,Attachment,3
4/3/2025,payment slip and letter of authorization; z -> originlogger,Attachment,4
4/3/2025,Re:Re:Quote PO:8765434157652 drews; zip -> js -> xloader,Attachment,2
4/4/2025,payment【付款收据】; z -> originlogger,Attachment,4
4/4/2025,new order of CT-2501; z -> originlogger,Attachment,4

silence-is-best

Date,Details,Email Payload Type,Users Targeted
3/1/2025,???? 2024/193; rar -> vipkeylogger,Attachment,8
3/2/2025,Re: payment receipt; z -> vipkeylogger,Attachment,4
3/2/2025,price quotation / new order CT-2501; z -> vipkeylogger,Attachment,4
3/3/2025,Wire transfer; gz -> dbatloader,Attachment,2
3/4/2025,Attachment name is hbl asnlru-20241001 & 20241002.zip; zip -> snakekeylogger,Attachment,5
3/4/2025,Attachment name is payment receipt (po #1437) 1_ payment receipt (po #1437) 2.pdf.z; z -> lokibot,Attachment,4
3/5/2025,RE: A PROFORMA INVOICE REQUEST FOR YOUR TODAY'S IMMEDIATE PAYMENT !!; zip -> snakekeylogger,Attachment,3
3/5/2025,OOCL Arrival Notice At Final Destination: OOLU40541039482 | COSCO TAIWAN - 026E; zip -> originlogger,Attachment,3
3/5/2025,RE: New order supply; rar -> xloader,Attachment,2

silence-is-best

Raw

Mar 14 13:05:14 kernel: [887297.189396] NEW IN= OUT= SRC=24.76.119.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=29225 DF PROTO=TCP SPT=19000 DPT=10001 WINDOW=23012 RES=0x00 SYN URGP=0 
Mar 14 13:05:14 kernel: [887297.409345] NEW IN= OUT= SRC=24.76.119.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=59216 DF PROTO=TCP SPT=19000 DPT=8282 WINDOW=16050 RES=0x00 SYN URGP=0 
Mar 14 13:05:14 kernel: [887297.490673] NEW IN= OUT= SRC=208.125.174.94 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x40 TTL=116 ID=9513 DF PROTO=TCP SPT=19000 DPT=51000 WINDOW=20768 RES=0x00 SYN URGP=0 
Mar 14 13:05:14 kernel: [887297.496633] NEW IN= OUT= SRC=207.236.120.223 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=689 DF PROTO=TCP SPT=19000 DPT=1188 WINDOW=23644 RES=0x00 SYN URGP=0 
Mar 14 13:05:14 kernel: [887297.613492] NEW IN= OUT= SRC=31.160.169.242 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=20693 DF PROTO=TCP SPT=19000 DPT=8787 WINDOW=19664 RES=0x00 SYN URGP=0 
Mar 14 13:05:14 kernel: [887297.653584] NEW IN= OUT= SRC

silence-is-best

Date,Details,Payload Type,Users Targeted
2/4/2025,Request for Quotation; docx -> xloader,Attachment,4
2/4/2025,RE: RE: RE: RE: A PROFORMA INVOICE REQUEST FOR YOUR TODAY'S IMMEDIATE PAYMENT !!!; zip -> xloader,Attachment,6
2/6/2025,OC4503585788; 7z -> originlogger,Attachment,4
2/6/2025,RE: TNT Express //Arrival Notice // AWB #8013580 2/06/2025; zip -> snakekeylogger,Attachment,2
2/7/2025,RE: T/T EUR 78845.10; doc -> snakekeylogger,Attachment,5
2/10/2025,Re: GPRI PO #24090838; docx -> -> rtf -> xloader,Attachment,2
2/12/2025,PAGOS|INFORME MODELO 347; rar|tar -> snakeykeylogger,Attachment,4
2/12/2025,Purchase Order #PO240145|New Order PO240145; lzh -> xloader continued to 2/14,Attachment,8
2/13/2025,Orden de compra; 001 -> originlogger,Attachment,3

silence-is-best

Date,Details,Email Payload Type,Users Targeted
1/8/2025,Copy shipping docs/ PO EV1786/ LY ECO PAK/ EV1; z -> vipkeylogger,Attachment,4
1/9/2025,Invoice; zip -> lumma ,Attachment,2
1/9/2025,PO#17971; rar -> vipkeylogger,Attachment,4
1/11/2025,Order Confirmation#011025; 7z -> xloader,Attachment,3
1/13/2025,Enquiry - RFQ; z -> vipkeylogger,Attachment,4
1/13/2025,QUOTATION REQUIRED_Enatel s.r.l.; rar -> vipkeylogger,Attachment,8
1/13/2025,Re: Invoice AJL2024/12/13. - Payment Receipt (OCEAN HOPE LLC); 7z -> snakekeylogger,Attachment,4
1/13/2025,Re: Payment Authourisation for Order9000168504; r15|r00 -> xloader,Attachment,2
1/13/2025,RE: PI-KMM289108//Payment Transfer Issue; zip -> xloader,Attachment,2