silence-is-best
silence-is-best
/ gist:70f69b4a412b14c16e6fe9a29c82630a
Last active
April 11, 2025 13:41
March Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 3/1/2025,???? 2024/193; rar -> vipkeylogger,Attachment,8 | |
| 3/2/2025,Re: payment receipt; z -> vipkeylogger,Attachment,4 | |
| 3/2/2025,price quotation / new order CT-2501; z -> vipkeylogger,Attachment,4 | |
| 3/3/2025,Wire transfer; gz -> dbatloader,Attachment,2 | |
| 3/4/2025,Attachment name is hbl asnlru-20241001 & 20241002.zip; zip -> snakekeylogger,Attachment,5 | |
| 3/4/2025,Attachment name is payment receipt (po #1437) 1_ payment receipt (po #1437) 2.pdf.z; z -> lokibot,Attachment,4 | |
| 3/5/2025,RE: A PROFORMA INVOICE REQUEST FOR YOUR TODAY'S IMMEDIATE PAYMENT !!; zip -> snakekeylogger,Attachment,3 | |
| 3/5/2025,OOCL Arrival Notice At Final Destination: OOLU40541039482 | COSCO TAIWAN - 026E; zip -> originlogger,Attachment,3 | |
| 3/5/2025,RE: New order supply; rar -> xloader,Attachment,2 |
silence-is-best
/ gist:2b110c6c59734ea346570b331b88fa49
Created
March 14, 2025 19:13
SPT 19000 Botnet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Raw | |
| Mar 14 13:05:14 kernel: [887297.189396] NEW IN= OUT= SRC=24.76.119.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=29225 DF PROTO=TCP SPT=19000 DPT=10001 WINDOW=23012 RES=0x00 SYN URGP=0 | |
| Mar 14 13:05:14 kernel: [887297.409345] NEW IN= OUT= SRC=24.76.119.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=59216 DF PROTO=TCP SPT=19000 DPT=8282 WINDOW=16050 RES=0x00 SYN URGP=0 | |
| Mar 14 13:05:14 kernel: [887297.490673] NEW IN= OUT= SRC=208.125.174.94 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x40 TTL=116 ID=9513 DF PROTO=TCP SPT=19000 DPT=51000 WINDOW=20768 RES=0x00 SYN URGP=0 | |
| Mar 14 13:05:14 kernel: [887297.496633] NEW IN= OUT= SRC=207.236.120.223 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=689 DF PROTO=TCP SPT=19000 DPT=1188 WINDOW=23644 RES=0x00 SYN URGP=0 | |
| Mar 14 13:05:14 kernel: [887297.613492] NEW IN= OUT= SRC=31.160.169.242 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=20693 DF PROTO=TCP SPT=19000 DPT=8787 WINDOW=19664 RES=0x00 SYN URGP=0 | |
| Mar 14 13:05:14 kernel: [887297.653584] NEW IN= OUT= SRC |
silence-is-best
/ gist:9ff7d57a203ab304d6ff79adebbb6732
Created
March 3, 2025 20:28
February Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Payload Type,Users Targeted | |
| 2/4/2025,Request for Quotation; docx -> xloader,Attachment,4 | |
| 2/4/2025,RE: RE: RE: RE: A PROFORMA INVOICE REQUEST FOR YOUR TODAY'S IMMEDIATE PAYMENT !!!; zip -> xloader,Attachment,6 | |
| 2/6/2025,OC4503585788; 7z -> originlogger,Attachment,4 | |
| 2/6/2025,RE: TNT Express //Arrival Notice // AWB #8013580 2/06/2025; zip -> snakekeylogger,Attachment,2 | |
| 2/7/2025,RE: T/T EUR 78845.10; doc -> snakekeylogger,Attachment,5 | |
| 2/10/2025,Re: GPRI PO #24090838; docx -> -> rtf -> xloader,Attachment,2 | |
| 2/12/2025,PAGOS|INFORME MODELO 347; rar|tar -> snakeykeylogger,Attachment,4 | |
| 2/12/2025,Purchase Order #PO240145|New Order PO240145; lzh -> xloader continued to 2/14,Attachment,8 | |
| 2/13/2025,Orden de compra; 001 -> originlogger,Attachment,3 |
silence-is-best
/ gist:4a3558425ea7057e0e4e00d14a9cde78
Created
February 3, 2025 16:33
January Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 1/8/2025,Copy shipping docs/ PO EV1786/ LY ECO PAK/ EV1; z -> vipkeylogger,Attachment,4 | |
| 1/9/2025,Invoice; zip -> lumma ,Attachment,2 | |
| 1/9/2025,PO#17971; rar -> vipkeylogger,Attachment,4 | |
| 1/11/2025,Order Confirmation#011025; 7z -> xloader,Attachment,3 | |
| 1/13/2025,Enquiry - RFQ; z -> vipkeylogger,Attachment,4 | |
| 1/13/2025,QUOTATION REQUIRED_Enatel s.r.l.; rar -> vipkeylogger,Attachment,8 | |
| 1/13/2025,Re: Invoice AJL2024/12/13. - Payment Receipt (OCEAN HOPE LLC); 7z -> snakekeylogger,Attachment,4 | |
| 1/13/2025,Re: Payment Authourisation for Order9000168504; r15|r00 -> xloader,Attachment,2 | |
| 1/13/2025,RE: PI-KMM289108//Payment Transfer Issue; zip -> xloader,Attachment,2 |
silence-is-best
/ gist:40fa2842ad8122411fa2a7241f8c65ac
Created
January 24, 2025 17:15
Distributed port scan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Raw | |
| Jan 24 09:30:06 kernel: [1433155.925803] NEW IN= OUT= SRC=87.190.21.11 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=120 ID=47161 DF PROTO=TCP SPT=19000 DPT=44322 WINDOW=13173 RES=0x00 SYN URGP=0 | |
| Jan 24 09:30:06 kernel: [1433156.317801] NEW IN= OUT= SRC=35.131.74.82 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=115 ID=62149 DF PROTO=TCP SPT=19000 DPT=1971 WINDOW=18474 RES=0x00 SYN URGP=0 | |
| Jan 24 09:30:06 kernel: [1433156.322783] NEW IN= OUT= SRC=82.79.112.58 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=118 ID=29898 DF PROTO=TCP SPT=19000 DPT=4343 WINDOW=27164 RES=0x00 SYN URGP=0 | |
| Jan 24 09:30:06 kernel: [1433156.443998] NEW IN= OUT= SRC=72.12.122.239 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=46847 DF PROTO=TCP SPT=19000 DPT=8006 WINDOW=25819 RES=0x00 SYN URGP=0 | |
| Jan 24 09:30:06 kernel: [1433156.642991] NEW IN= OUT= SRC=170.250.142.171 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=41878 DF PROTO=TCP SPT=19000 DPT=8042 WINDOW=26227 RES=0x00 SYN URGP=0 | |
| Jan 24 09:30:06 kernel: [1433156.659971] NEW IN= OUT= |
silence-is-best
/ gist:80e7b20f37e8ba6212144d4a37fb714d
Created
January 6, 2025 17:22
December Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Details,Email Payload Type,Users Targeted | |
| Copy Of Payment Just Made.; arj -> filerenamer,Attachment,5 | |
| RE: GLTB-PO/24/10002; zip -> xloader,Attachment,2 | |
| Request for Quotation; rar -> snakekeylogger,Attachment,5 | |
| Payments; rar -> xloader,Attachment,2 | |
| QUOTATION REQUEST - BQS058; zip -> snakekeylogger,Attachment,2 | |
| SHIPPING DOCUMENTS - PO#EV1786/loading: 07/11/2024 - SC: HKLE-DS240912; rar -> vipkeylogger,Attachment,4 | |
| expiro-xloader, 0629d06c5aa9b9c33a5b7f9fb029023c3c6140bd475e6b68645beca7d85203bd, www.snyp.shop/4nyz | |
| expiro-xloader, 77fff1c59aace50f9bbb9184b1086cccb57df0cb5d3b10589a9b6b91283aa719, www.d48dk.top/9ffw |
silence-is-best
/ gist:e735efaac2d974399b00cba58114264c
Created
December 2, 2024 16:21
November Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date, Details,Email Payload Type,Users Targeted | |
| 11/1/2024,New Purchase Orders for Span|PO018 | Hydraulic Parts | Spare Parts; rar -> xloader,Attachment,8 | |
| 11/3/2024,Purchase Order; zip -> snakekeylogger,Attachment,2 | |
| 11/3/2024,IRS Customer Service; zip -> lnk -> vidar,Attachment,3 | |
| 11/4/2024,PR # 3000005991 - Quotation Required | Spare Parts; rar -> xloader,Attachment,4 | |
| 11/4/2024,re:payment; z -> xloader,Attachment,4 | |
| 11/5/2024,New Inquiry // INQ24561; iso -> xloader,Attachment,4 | |
| 11/5/2024,Novaj Aĉeto-Mendoj por Span; rar -> xloader,Attachment,4 | |
| 11/5/2024,Request of payment - 364898 FD PO# B2023-21508; zip|rar -> xloader,Attachment,4 | |
| 11/6/2024,Shipping docs and schedule; tar -> xloader,Attachment,3 |
silence-is-best
/ gist:2688f9486b0447bc128949289d27bfae
Created
November 4, 2024 14:59
October Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 10/1/2024,FACTURA N.º 240073; lzh -> xloader,Attachment,46 | |
| 10/1/2024,Payment Advice ***** Advice Ref:[A20A9o6tNQd2] / ACH; rar -> xloader,Attachment,3 | |
| 10/3/2024,SOA AUG 2024 - / CMA CGM; rar -> xloader,Attachment,4 | |
| 10/3/2024,Payment Reference SOA Pending Balance Updated; rar -> xloader,Attachment,4 | |
| 10/6/2024,Re: Ref: Payment Advice 081 // Customer Ref:23486903|NEW ORDER; rar -> xloader,Attachment,4 | |
| 10/6/2024,SOA (Statement Of Account); rar -> xloader,Attachment,4 | |
| 10/7/2024,Request for Quotation Plug Valve; z -> vipkeylogger,Attachment,4 | |
| 10/7/2024,Quotation Accepted; lzh -> xloader,Attachment,3 | |
| 10/9/2024,NEW PO; z -> xloader,Attachment,4 |
silence-is-best
/ gist:2efe46038a58d20e173fb5ca0a3f7f43
Created
October 2, 2024 17:14
September Malspam Campaign
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 9/2/2023,<email address> You have an incoming invoice; rar -> formbook,Attachment,3 | |
| 9/2/2024,QUOTE - REQUIRED ITEMS_4001244; rar -> viplogger,Attachment,2 | |
| 9/2/2024,Business /lease agreements.; 7z -> vbe -> snakekeylogger,Attachment,2 | |
| 9/2/2024,JUSTIFICANTE -Carta de pago; rar -> viplogger,Attachment,3 | |
| 9/2/2024,Quote #011698; lzh -> xloader,Attachment,3 | |
| 9/3/2024,New Order PO#86637 03_09_2024; lzh -> xloader,Attachment,3 | |
| 9/3/2024,Re: Urgent; 7z -> vbe -> snakekeylogger,Attachment,3 | |
| 9/4/2024,New Shipment - Order 103; lzh -> xloader,Attachment,3 | |
| 9/5/2024,New Order PO 011824; lzh -> xloader,Attachment,3 |
silence-is-best
/ gist:252f23cff687506a22f36b6286794b23
Created
September 4, 2024 16:13
August Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 8/1/2024,Malicious email campaign; morning,Purchase Order; rar ->,Attachment,3 | |
| 8/1/2024,Malicious email campaign; evening,SIGNED ORDER CONFIRMATION FOR; zip -> xloader continued to 8/5,Attachment,4 | |
| 8/1/2024,Malicious email campaign; evening,ARRIVAL NOTICE FOR YOUR; zip -> originlogger continued to 8/5,Attachment,9 | |
| 8/2/2024,Malicious email campaign; evening,Purchase Order PO0001277 - N34 PAX SUITES SO0002124; z -> xloader,Attachment,5 | |
| 8/3/2024,Malicious email campaign; evening,RE: UPDATED SOA FOLLOW UP PAYMENT; rar|zip -> originlogger,Attachment,3 | |
| 8/3/2024,Malicious email campaign; evening,Fw: PAYMENT NOTIFICATION; zip -> snakekeylogger,Attachment,2 | |
| 8/6/2024,Malicious email campaign; morning,DHL BILL OF LANDING SHIPPING INVOICE DOCUMENTS; lzh -> originlogger,Attachment,2 | |
| 8/6/2024,Malicious email campaign; evening,Re: Payment for Proforma Invoice 0000000056789007689-pdf; zip -> purelogs,Attachment,3 | |
| 8/7/2024,Malicious email campaign; morning, PI-J/005 : PF |
NewerOlder