silence-is-best
silence-is-best
/ gist:d168f4c94f59e444a1081751e9dc79ca
Created
May 1, 2023 14:34
Apr 2023 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 4/4/2023,Attachment names is Stmnt0985.htm; html -> qbot,Attachment,2 | |
| 4/5/2023,Shipping Documents VI210034; uue -> darkcloud,Attachment,2 | |
| 4/5/2023,New PO - 23010; zip -> formbook,Attachment,4 | |
| 4/6/2023,New_Order#SQ031776; cab -> agenttesla,Attachment,10 | |
| 4/7/2023,Ibile Attached Payment; 7z -> agenttesla,Attachment,4 | |
| 4/10/2023,Türkiye İş Bankası 10.04.2023 Tarihli Hesap Özeti - 659923163.POS; xlsm -> azorult,Attachment,2 | |
| 4/10/2023,QUOTATION; gz -> agenttesla continued to 4/17,Attachment,2 | |
| 4/11/2023,RE: RE: Sea and air /ANTEK Co.Ltd.; zip -> agenttesla,Attachment,2 | |
| 4/12/2023,Outstanding invoice against B/l no MEDUV8024584; z -> agenttesla,Attachment,4 |
silence-is-best
/ gist:1cfdea76f35046443d537fa721ac2a2e
Created
April 10, 2023 15:20
Mar 2023 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 3/1/2023,Re: Invoice [Payment Advice US$27504]|???AW: Order Signed contract and PO; zip -> origin,Attachment,10 | |
| 3/2/2023,Order Confirmation (P.O.) No.4036041334; zip -> agenttesla,Attachment,10 | |
| 3/2/2023,PARTS INQUIRIES; r01 -> guloader,Attachment,2 | |
| 3/3/2023,RE: Payment; rar -> snake,Attachment,2 | |
| 3/3/2023,Wrong Payment Details; z -> agenttesla,Attachment,3 | |
| 3/7/2023,T.HALK BANKASI A.?. 08.03.2023 Hesap Ekstresi; zip ->,Attachment,2 | |
| 3/7/2023,Re: **TOP URGENT** Shipping Documents; rar -> snake,Attachment,2 | |
| 3/8/2023,Proof Of Payment Completed Today!; rar -> formbook,Attachment,23 | |
| 3/8/2023,Re: ISF FORM - THPAL - 4000004312 / URGENT; zip -> agenttesla,Attachment,3 |
silence-is-best
/ gist:17ede2b814928600571bec473d59c56f
Created
March 1, 2023 18:28
Feb 2023 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Payload Type,Users Targeted | |
| 2/1/2023,Statement Of Account; r11 -> origin,Attachment,5 | |
| 2/1/2023,RE:RE:PAYMENT TRANSFER AZ34009 INVOICE; zip -> luminosity,Attachment,2 | |
| 2/2/2023,Re: Invoice # 9776 from H & D; ace -> formbook,Attachment,4 | |
| 2/2/2023,RE: SHIPPING DOCUMENT & PACKING LIST; r15 -> agenttesla,Attachment,2 | |
| 2/2/2023,FWD: Payment Advice - Advice; doc -> lokibot,Attachment,5 | |
| 2/3/2023,RE: MOQ-10356-507; xlsm -> snakekeylogger continued to 2/6,Attachment,23 | |
| 2/3/2023,RFQ: ORDER-T2190-CVE97; z -> origin continued to ,Attachment,4 | |
| 2/3/2023,Purchase Order WAR002 511; rar -> agenttesla,Attachment,3 | |
| 2/3/2023,How can i contact you?; one -> dll -> icedid,Attachment,2 |
silence-is-best
/ gist:155e5c3c05b89f201211a2ceff955c60
Created
February 2, 2023 15:35
Jan 2023 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 1/3/2023,ENQUIRY SO NO - 270; zip -> formbook,Attachment,15 | |
| 1/3/2023,Re: Fwd: PO EFT; img -> hta -> agenttesla,Attachment,2 | |
| 1/5/2023,Taxes; zip -> hta -> xworm,Attachment,3 | |
| 1/8/2023,RE:BL DRAFT SO# GOSUSNH1637860; zip -> formbook,Attachment,3 | |
| 1/8/2023,Payment Advice-BCS_ECS9522022121320540019_16334_952; doc -> agenttesla,Attachment,2 | |
| 1/9/2023,SHIPPING DOC (CI,COO,PL,BL); zip -> formbook,Attachment,3 | |
| 1/11/2023,Re: PO January Invoice_(Payment Confirmation); rar -> hta -> agenttesla,Attachment,2 | |
| 1/11/2023,RE: Purchase Order 8391-6; doc -> netwire,Attachment,3 | |
| 1/11/2023,Re: Fwd: PO_Invoice-Copy; rar -> hta -> agenttesla,Attachment,2 |
silence-is-best
/ gist:b550b97623ffac6d646ed8e526a7949d
Last active
January 20, 2023 14:28
Jan 19 2023 ssh bruteforce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 101.32.11.230 | |
| 101.33.80.197 | |
| 101.36.104.218 | |
| 103.1.184.238 | |
| 103.127.67.194 | |
| 103.149.74.230 | |
| 103.149.74.231 | |
| 103.149.74.237 | |
| 103.152.18.138 | |
| 103.178.234.230 |
silence-is-best
/ gist:c448b2a14ca747f2fd1a4a01e58cf1ef
Created
January 3, 2023 18:13
December 2022 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 6/1/2022,Re: Nuevo Orden (PO 973/ PO998); lzh -> img -> lokibot,Attachment,11 | |
| 6/2/2022,RI: TT Transmitted Copy TRV/TT/02-06-2022; r00-> avemaria,Attachment,3 | |
| 6/2/2022,New Order; z -> agenttesla continued to 6/3,Attachment,8 | |
| 6/5/2022,RE: 4th SHIPMENT //1 x 20 �OMT TEXTILS / EVASION / TUTICORIN- VALENCIA SPAIN - OMT/5646-4; zip -> agenttesla,Attachment,6 | |
| 6/6/2022,Fw: Reminder/MAY, 2022 Statement - 22387;zip -> remcos,Attachment,2 | |
| 6/7/2022,RE: Shipment Documents Copies (ETD: May 22----ETA: MAY 29)]]]; r00 -> avemaria,Attachment,2 | |
| 6/7/2022,RE: Purchase Order_Request for QUOTE Specs; r01 -> avemaria,Attachment,2 | |
| 6/7/2022,Delivery Order; z -> agenttesla,Attachment,4 | |
| 6/7/2022,RE: RE: New order 70275213; iso -> agenttesla,Attachment,4 |
silence-is-best
/ gist:d73ebba8143af85e5222b055fb325282
Created
December 9, 2022 18:18
SMTP bruteforce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Raw logs: | |
| Dec 6 23:52:00 smtpd[607344]: lost connection after AUTH from unknown[60.19.237.133] | |
| Dec 6 23:59:27 smtpd[608311]: lost connection after AUTH from unknown[42.55.180.162] | |
| Dec 7 00:01:14 smtpd[610170]: lost connection after AUTH from unknown[117.88.144.229] | |
| Dec 7 00:02:10 smtpd[610170]: lost connection after AUTH from unknown[175.173.223.5] | |
| Dec 7 00:05:04 smtpd[611540]: lost connection after AUTH from unknown[119.109.88.225] | |
| Dec 7 00:09:31 smtpd[612280]: lost connection after AUTH from unknown[42.177.141.253] | |
| Dec 7 00:18:03 smtpd[613625]: lost connection after AUTH from unknown[114.223.185.180] | |
| Dec 7 00:32:23 smtpd[615646]: lost connection after AUTH from unknown[114.223.186.198] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 139.162.138.242 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 66.228.35.123 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 74.207.254.66 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 172.105.74.216 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 45.33.82.120 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 45.33.30.147 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 139.162.255.53 -> x.x.x.x | |
| Dec 3 06:01:13 WARNING: IPV4 packet with zero TTL [Classification: Misc activity] [Priority: 3] {ICMP} 88.80.1 |
silence-is-best
/ gist:213f7b2112a46acd56ceb78bf79286a8
Created
December 1, 2022 14:59
November 2022 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date, Details,Email Payload Type,Users Targeted | |
| 11/1/2022,RE: SWIFT DETAILS- TT DETAILS-BANK TRANSFER; gz -> remcos,Attachment,2 | |
| 11/1/2022,Re: **TOP URGENT** Shipping Documents; zip -> lokibot,Attachment,2 | |
| 11/1/2022,RFQ# 6000163267; zip -> formbook,Attachment,2 | |
| 11/2/2022,RE: ??: Purchase Order-Top Urgent; gz -> remcos,Attachment,3 | |
| 11/2/2022,OS_PO#3210046374_SALE ORDER_112022|Provide quotation for the listed; docx -> agenttesla,Attachment,4 | |
| 11/2/2022,AMC QUOTATION; doc ->agenttesla,Attachment,3 | |
| 11/3/2022,??: RE: SWIFT DETAILS- TT DETAILS-BANK TRANSFER; doc -> remcos,Attachment,4 | |
| 11/3/2022,Re: **TOP URGENT** Shipping Documents; gz -> remcos,Attachment,3 | |
| 11/5/2022,INSTANT LOAN WITHOUT STRESS.; doc -> agenttesla,Attachment,3 |
silence-is-best
/ gist:d50469831df866f74f85649e98fcc28b
Created
November 2, 2022 13:58
October 2022 Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Details,Email Payload Type,Users Targeted | |
| 10/2/2022,RE: PO-20951 & 20950; lz -> guloader-agenttesla,Attachment,2 | |
| 10/2/2022,Request for quotation; exe -> bluestealer,Attachment,2 | |
| 10/3/2022,RE: **TOP URGENT** Shipping Documents; gz -> remcos continued to,Attachment,4 | |
| 10/3/2022,RE: RFQ 4130 / Supply of WAREHOUSE TOOLS AND CONSUMABLES; zip -> agenttesla,Attachment,2 | |
| 10/3/2022,REVISED Official Order - PO#4802567411;7z -> agenttesla,Attachment,2 | |
| 10/4/2022,Chung food; zip -> formbook,Attachment,22 | |
| 10/5/2022,PRE-ALERT /// FE-SGNCGP220965N/ / HANC64706900; zip -> snakekeylogger,Attachment,2 | |
| 10/5/2022,RE: NEW PO# RP1/013587 - Confirmation and Shipping; xlsx -> snakekeylogger,Attachment,2 | |
| 10/6/2022,New Invoice(s) for C<digids> are Available to be Viewed; xls -> icedid continued to 10/11,Attachment,73 |