Skip to content

Instantly share code, notes, and snippets.

View silence-is-best's full-sized avatar

silence-is-best

102 followers · 0 following
View GitHub Profile
@silence-is-best
silence-is-best / gist:67adb7549211b3046f554044bcc5c151
Created December 1, 2023 18:16
November Malspam Campaigns
Date,Summary , Details,Email Payload Type,Users Targeted
11/1/2023,Malicious email campaign; morning,Dhl// Shipment 0106245448; zi p-> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; morning,Enquiry - RFQ; zip -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,order 4806125050; iso -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,Swift Advice 02-Nov-2023; pdf(rar) -> agenttesla,Attachment,4
11/2/2023,Malicious email campaign; evening,Quotation request 7142300109_00003517; rar -> img -> quaxloader -> agenttesla,Attachment,2
11/4/2023,Malicious email campaign; morning,Freight Invoice(s); z -> agenttesla,Attachment,4
11/5/2023,Malicious email campaign; morning,payment regarding shipment (urgent); rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,PO; rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,Request For Quotation; 001 -> agenttesla,Attachment,2
@silence-is-best
silence-is-best / gist:06d709336bc90faaabe8c36af504b71c
Created November 1, 2023 17:49
October Malspam Campaigns
Date,Details,Email Payload Type,Users Targeted
10/1/2023,FW: damaged Goods; xlam -> agenttesla continued to 10/9,Attachment,
10/2/2023,RE: SHIPPING DOCUMENT & PACKING LIST; r15 -> agenttesla,Attachment,2
10/2/2023,RE: CONFIRM REVISED PIURCHASE ORDER; zip -> formbook,Attachment,2
10/2/2023,Signed Purchase Order: PO/US/4509622207; zip -> formbook,Attachment,2
10/2/2023,Attachment name is Document.zip; zip -> agenttesla,Attachment,2
10/3/2023,RE: New Order; r15 -> agenttesla,Attachment,2
10/3/2023,Wrong Payment Information; zip -> agenttesla,Attachment,2
10/4/2023,RE: Status For September SOA; xls -> agenttesla continued to 10/5,Attachment,4
10/5/2023,Purchase Order - HOM-OS-20-23-813; r15 -> agenttesla,Attachment,2
@silence-is-best
silence-is-best / gist:23738d87475d67d843bd79231b008e5a
Created October 3, 2023 20:03
September Malspam Campaigns
Date,Summary ,Details,Email Payload Type,Users Targeted
9/2/2023,Malicious email campaign; morning,<email address> You have an incoming invoice; rar -> formbook,Attachment,3
9/6/2023,Malicious email campaign; evening,Re:Euro Payment Only//Revise Invoice to Euro Currency//Provide Euro Bank Details; z -> agenttesla,Attachment,2
9/6/2023,Malicious email campaign; morning,New Purchase Order; doc -> nanocore,Attachment,2
9/6/2023,Malicious email campaign; morning,Pending Invoice payments; zip -> agenttesla,Attachment,6
9/6/2023,Malicious email campaign; evening,New order#2_W43550970; zip -> agenttesla,Attachment,9
9/10/2023,Malicious email campaign; evening,Order and Deposit; xls -> guloader,Attachment,14
9/11/2023,Malicious email campaign; evening,Request for a sample quotation; xls -> agenttesla,Attachment,2
9/12/2023,Malicious email campaign; evening,UAE RFQ CONTRACT: BID SUPPLY 2023 AND SERVICES.; doc -> nanocore,Attachment,3
9/14/2023,Malicious email campaign; evening,Attachements start with inv_|sep_inv; pdf
@silence-is-best
silence-is-best / gist:45ef5084eb1fc19325e215169f15a1dd
Created September 23, 2023 11:59
SSH brute force via key
100.42.161.205
107.190.111.104
107.5.40.178
135.125.132.194
145.128.211.49
154.20.198.58
158.174.34.217
161.97.104.148
173.29.33.75
174.55.106.186
@silence-is-best
silence-is-best / gist:fc8f995f2c188ce22d8cc6c424290d56
Created September 1, 2023 14:08
August Malspam Campaigns
Date,Details,Email Payload Type,Users Targeted
8/1/2023,RE: FINAL INVOICE ATTACHED; docx -> formbook,Attachment,3
8/2/2023,Quote Best Price Offer; zip -> agenttesla,Attachment,2
8/2/2023,fwd: Proforma Invoice; z -> agenttesla,Attachment,3
8/3/2023,FEEDER DELAY NOTICE; rar -> dfarkcloud,Attachment,4
8/3/2023,Sv: EXT: Re: AW: Re: Sv: New Order PO; doc -> agenttesla,Attachment,5
8/7/2023,Re: URGENT: Immediate Payment Required for Invoice ME01-72; jar -> strrat,Attachment,5
8/7/2023,Attachment name is RFQ# R&E-S194.rar; rar -> formbook,Attachment,4
8/8/2023,DocuSign!; pdf -> parallax,Attachment,4
8/10/2023,Swift Payment Copy; z -> darkcloud,Attachment,4
@silence-is-best
silence-is-best / gist:da3e2f38fbac1f9e946b582456ad3a06
Last active August 2, 2023 07:38
July Malspam Campaigns
Date,Details,Email Payload Type,Users Targeted
7/3/2023,Anbei unser Angebot als Referenz; jar -> strrat,Attachment,4
7/3/2023,SWT131 03-07-2023; jar -> strrat,Attachment,2
7/3/2023,New Order; z -> agenttesla,Attachment,4
7/4/2023,Haziran-2023 Ekstreniz; bz -> agenttesla,Attachment,2
7/4/2023,RE: Purchase Order; r15 -> agenttesla,Attachment,3
7/5/2023,FWD: FYI: ATTACHED PAYMENT SLIP; xlsx -> agenttesla,Attachment,7
7/6/2023,Re: Re: packing list and Invoice; doc -> xloader,Attachment,2
7/6/2023,Re: Re: packing list -&nbsp; ????DO16191; xlsx -> xloader,Attachment,2
7/6/2023,NEW ORDER 7/6/2023; xla -> agenttesla,Attachment,2
@silence-is-best
silence-is-best / gist:b159cc410068fa15d21c1cc653b20333
Created July 5, 2023 19:26
June 2023 Malspam Campaigns
Date,Details,Email Payload Type,Users Targeted
6/1/2023,Release pending bookings; rar -> formbook continued to 6/6,Attachment,6
6/1/2023,RE: Purchase Order -1st June 2023; img -> purecryptor -> agenttesla,Attachment,4
6/1/2023,Hesap hareketleriniz; xz|rar -> agenttesla,Attachment,4
6/2/2023,Is Bankasi-01.06.2023 05:00-02.06.2023 04:59 4157-0002689 Numarali; xz -> agenttesla,Attachment,2
6/2/2023,payment made to your account; zip -> agenttesla,Attachment,2
6/4/2023,Complete pending bookings; rar -> formbook,Attachment,3
6/4/2023,pending bookings; rar -> formbook,Attachment,6
6/5/2023,DBS(Doğrudan Borçlandırma Sistemi) Bilgilendirme; rar -> agenttesla,Attachment,2
6/5/2023,Re: Payment Notification; 7z -> modiloader -> remcos,Attachment,2
@silence-is-best
silence-is-best / gist:c4e3593a157aefcce7931a6cd4908b07
Created June 23, 2023 18:51
Links
https://8-4.oss-cn-hangzhou.aliyuncs.com/1045.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1124.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1127.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1143.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1159.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1195.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1197.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1226.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1939.jpg
https://8-4.oss-cn-hangzhou.aliyuncs.com/1953.jpg
@silence-is-best
silence-is-best / gist:5ab41579867ee386e31293c0f527dc8c
Created June 1, 2023 20:15
May 2023 Malspam Campaigns
Date,Details,Email Payload Type,Users Targeted
5/1/2023,PO 211436; z -> agenttesla continued to may30,Attachment,8
5/2/2023,SUMMARY REPORT; r01 -> guloader-azorult,Attachment,5
5/3/2023,Attachment name is bl017351-00691mdl.r01; r01 -> guloader -> azorult,Attachment,2
5/4/2023,Attahment name is PL59107-00.r01; r01 -> formbook,Attachment,2
5/5/2023,DHL AWB DOC; ace -> stormkitty -> snake,Attachment,4
5/6/2023,New Purchase Order HBR-1053; rar|zip -> agenttesla,Attachment,2
5/8/2023,RE: New Order NO.Z21239; pdf -> xml -> strrat,Attachment,5
5/10/2023,2022 1099-NEC; html -> zip -> jar -> adwind,Attachment,2
5/11/2023,PO 211436 // Weatherbeeta New Zealand.; z -> formbook,Attachment,2
@silence-is-best
silence-is-best / gist:5875ab147f1511a31914cd20771824b7
Created May 24, 2023 01:47
OpenJDK scans
119.236.115.13
119.34.179.192
119.86.28.44
121.29.80.27
123.203.12.158
123.203.175.109
155.137.137.54
183.179.40.206
203.77.73.65
217.121.1.179