Created
August 13, 2017 14:56
-
-
Save fedelemantuano/830df0601cf5572ed9a0084d38675cad to your computer and use it in GitHub Desktop.
SpamScope complete analysis of https://gist.github.com/fedelemantuano/5dd702004c25a46b2bd60de21e67458e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"attachments": [ | |
{ | |
"files": [ | |
{ | |
"sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", | |
"virustotal": { | |
"response_code": 200, | |
"results": { | |
"scan_id": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01-1487943477", | |
"sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01", | |
"resource": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", | |
"response_code": 1, | |
"scan_date": "2017-02-24 13:37:57", | |
"permalink": "https://www.virustotal.com/file/d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01/analysis/1487943477/", | |
"verbose_msg": "Scan finished, information embedded", | |
"sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", | |
"positives": 44, | |
"total": 58, | |
"md5": "c106f9bc7174402b582cffc1d6399b46", | |
"scans": [ | |
{ | |
"version": "12.0.250.0", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "MicroWorld-eScan", | |
"update": "20170224" | |
}, | |
{ | |
"version": "14.00", | |
"result": "Trojan.Dynamer", | |
"antivirus": "CAT-QuickHeal", | |
"update": "20170223" | |
}, | |
{ | |
"version": "6.0.6.653", | |
"result": "RDN/Generic PWS.y", | |
"antivirus": "McAfee", | |
"update": "20170224" | |
}, | |
{ | |
"version": "2.1.1.1115", | |
"result": "Trojan.Zbot", | |
"antivirus": "Malwarebytes", | |
"update": "20170224" | |
}, | |
{ | |
"version": "56208", | |
"result": "Trojan.Win32.Generic.pak!cobra", | |
"antivirus": "VIPRE", | |
"update": "20170224" | |
}, | |
{ | |
"version": "10.2.22532", | |
"result": "Trojan ( 004f66491 )", | |
"antivirus": "K7GW", | |
"update": "20170224" | |
}, | |
{ | |
"version": "10.2.22530", | |
"result": "Trojan ( 004f66491 )", | |
"antivirus": "K7AntiVirus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "9.740.0.1012", | |
"result": "TROJ_FRS.0NA003HL16", | |
"antivirus": "TrendMicro", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.7.1.166", | |
"result": "W32/Trojan3.WXC", | |
"antivirus": "F-Prot", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.2.1.0", | |
"result": "Infostealer.Limitail", | |
"antivirus": "Symantec", | |
"update": "20170224" | |
}, | |
{ | |
"version": "9.900.0.1004", | |
"result": "TROJ_FRS.0NA003HL16", | |
"antivirus": "TrendMicro-HouseCall", | |
"update": "20170224" | |
}, | |
{ | |
"version": "8.0.1489.320", | |
"result": "Win32:Malware-gen", | |
"antivirus": "Avast", | |
"update": "20170224" | |
}, | |
{ | |
"version": "15.0.1.13", | |
"result": "UDS:DangerousObject.Multi.Generic", | |
"antivirus": "Kaspersky", | |
"update": "20170224" | |
}, | |
{ | |
"version": "7.2", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "BitDefender", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.70.15190", | |
"result": "Trojan.Win32.Stealer.eloogm", | |
"antivirus": "NANO-Antivirus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.2", | |
"result": "Uds.Dangerousobject.Multi!c", | |
"antivirus": "AegisLab", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.1", | |
"result": "Win32.Trojan.Inject.Auto", | |
"antivirus": "Tencent", | |
"update": "20170224" | |
}, | |
{ | |
"version": "3.0.3.794", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "Ad-Aware", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.98.0", | |
"result": "Troj/Fareit-BCY", | |
"antivirus": "Sophos", | |
"update": "20170224" | |
}, | |
{ | |
"version": "11.0.19100.45", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "F-Secure", | |
"update": "20170224" | |
}, | |
{ | |
"version": "7.0.27.12160", | |
"result": "Trojan.PWS.Stealer.17779", | |
"antivirus": "DrWeb", | |
"update": "20170224" | |
}, | |
{ | |
"version": "6.2.2.24419", | |
"result": "virtool.win32.injector.fq", | |
"antivirus": "Invincea", | |
"update": "20170203" | |
}, | |
{ | |
"version": "v2015", | |
"result": "BehavesLike.Win32.PWSZbot.gc", | |
"antivirus": "McAfee-GW-Edition", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.0.0.834", | |
"result": "Trojan.GenericKD.3479134 (B)", | |
"antivirus": "Emsisoft", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.4.16.7", | |
"result": "W32/Trojan.MLZK-1378", | |
"antivirus": "Cyren", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.207", | |
"result": "W32.Trojan.Gen", | |
"antivirus": "Webroot", | |
"update": "20170224" | |
}, | |
{ | |
"version": "8.3.3.4", | |
"result": "TR/Dropper.VB.iunj", | |
"antivirus": "Avira", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.4.233.0", | |
"result": "W32/Injector.DEKC!tr", | |
"antivirus": "Fortinet", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.1", | |
"result": "Trojan/Win32.TSGeneric", | |
"antivirus": "Antiy-AVL", | |
"update": "20170224" | |
}, | |
{ | |
"version": "0.1.1", | |
"result": "malicious (high confidence)", | |
"antivirus": "Endgame", | |
"update": "20170222" | |
}, | |
{ | |
"version": "1.0.0.795", | |
"result": "Trojan.Generic.D35165E", | |
"antivirus": "Arcabit", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.6.0.1032", | |
"result": "Trojan.Agent/Gen-VB", | |
"antivirus": "SUPERAntiSpyware", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.1.13504.0", | |
"result": "Trojan:Win32/Dynamer!ac", | |
"antivirus": "Microsoft", | |
"update": "20170224" | |
}, | |
{ | |
"version": "3.8.3.16811", | |
"result": "Trojan/Win32.ZBot.C1530633", | |
"antivirus": "AhnLab-V3", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.1.9", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "ALYac", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.5.0.42", | |
"result": "Trojan.Win32.Generic.pak!cobra", | |
"antivirus": "AVware", | |
"update": "20170224" | |
}, | |
{ | |
"version": "14989", | |
"result": "a variant of Win32/Injector.DDZN", | |
"antivirus": "ESET-NOD32", | |
"update": "20170224" | |
}, | |
{ | |
"version": "28.0.0.1", | |
"result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ", | |
"antivirus": "Rising", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.5.1.3", | |
"result": "Trojan.Injector!RxvLSVNo9PA", | |
"antivirus": "Yandex", | |
"update": "20170222" | |
}, | |
{ | |
"version": "0.1.5.2", | |
"result": "Trojan.VB.Inject", | |
"antivirus": "Ikarus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "25", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "GData", | |
"update": "20170224" | |
}, | |
{ | |
"version": "16.0.0.4756", | |
"result": "Inject3.BBKO", | |
"antivirus": "AVG", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.6.4.2", | |
"result": "Trj/GdSda.A", | |
"antivirus": "Panda", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0", | |
"result": "malicious_confidence_100% (D)", | |
"antivirus": "CrowdStrike", | |
"update": "20170130" | |
} | |
] | |
} | |
}, | |
"extension": ".exe", | |
"Content-Type": "application/x-dosexec", | |
"analisys_date": "2017-08-13T14:41:03.804051", | |
"filename": "IMG-PO-492384BA_outputB93880.exe", | |
"is_filtered": [ | |
false | |
], | |
"ssdeep": "6144:UB0Qyhp5axJdq3PHo0Tq54BoSoUNRGui+YvEc8xoQAe6J+z/I93xgH38IN8I:UHIp5UqvdK4BoaREhEO5e6Jg/I93iXr", | |
"sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01", | |
"sha512": "59af8a425dee54609707079ac04b3645753f6101f794cb3738cdab575f0d5805d073bf0b10224a77e44fd28d687ff677a199df42eefe98879852351b3d5dca68", | |
"payload": "TVqQAAMAAA...", | |
"md5": "c106f9bc7174402b582cffc1d6399b46", | |
"size": 449368 | |
} | |
], | |
"Content-Type": "application/zip", | |
"sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", | |
"virustotal": { | |
"response_code": 200, | |
"results": { | |
"scan_id": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44-1487945645", | |
"sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44", | |
"resource": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", | |
"response_code": 1, | |
"scan_date": "2017-02-24 14:14:05", | |
"permalink": "https://www.virustotal.com/file/122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44/analysis/1487945645/", | |
"verbose_msg": "Scan finished, information embedded", | |
"sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", | |
"positives": 41, | |
"total": 59, | |
"md5": "2723dd2e5ce2b21b7df8e8f43121032c", | |
"scans": [ | |
{ | |
"version": "1.3.0.8871", | |
"result": "HW32.Packed.8CC2", | |
"antivirus": "Bkav", | |
"update": "20170224" | |
}, | |
{ | |
"version": "12.0.250.0", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "MicroWorld-eScan", | |
"update": "20170224" | |
}, | |
{ | |
"version": "14.00", | |
"result": "Trojan.Dynamer", | |
"antivirus": "CAT-QuickHeal", | |
"update": "20170223" | |
}, | |
{ | |
"version": "6.0.6.653", | |
"result": "RDN/Generic PWS.y", | |
"antivirus": "McAfee", | |
"update": "20170224" | |
}, | |
{ | |
"version": "2.1.1.1115", | |
"result": "Trojan.Zbot", | |
"antivirus": "Malwarebytes", | |
"update": "20170224" | |
}, | |
{ | |
"version": "56208", | |
"result": "Trojan.Win32.Generic.pak!cobra", | |
"antivirus": "VIPRE", | |
"update": "20170224" | |
}, | |
{ | |
"version": "7.2", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "BitDefender", | |
"update": "20170224" | |
}, | |
{ | |
"version": "10.2.22532", | |
"result": "Trojan ( 004f66491 )", | |
"antivirus": "K7GW", | |
"update": "20170224" | |
}, | |
{ | |
"version": "10.2.22530", | |
"result": "Trojan ( 004f66491 )", | |
"antivirus": "K7AntiVirus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "9.740.0.1012", | |
"result": "TROJ_FR.0DA9DC19", | |
"antivirus": "TrendMicro", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.7.1.166", | |
"result": "W32/Trojan3.WXC", | |
"antivirus": "F-Prot", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.2.1.0", | |
"result": "SecurityRisk.gen1", | |
"antivirus": "Symantec", | |
"update": "20170224" | |
}, | |
{ | |
"version": "9.900.0.1004", | |
"result": "TROJ_FRS.0NA003HL16", | |
"antivirus": "TrendMicro-HouseCall", | |
"update": "20170224" | |
}, | |
{ | |
"version": "8.0.1489.320", | |
"result": "Win32:Malware-gen", | |
"antivirus": "Avast", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.70.15190", | |
"result": "Trojan.Win32.Stealer.eloogm", | |
"antivirus": "NANO-Antivirus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "28.0.0.1", | |
"result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ", | |
"antivirus": "Rising", | |
"update": "20170224" | |
}, | |
{ | |
"version": "3.0.3.794", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "Ad-Aware", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.98.0", | |
"result": "Troj/Fareit-BCY", | |
"antivirus": "Sophos", | |
"update": "20170224" | |
}, | |
{ | |
"version": "11.0.19100.45", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "F-Secure", | |
"update": "20170224" | |
}, | |
{ | |
"version": "7.0.27.12160", | |
"result": "Trojan.PWS.Stealer.17779", | |
"antivirus": "DrWeb", | |
"update": "20170224" | |
}, | |
{ | |
"version": "6.2.2.24419", | |
"result": "virtool.win32.injector.fq", | |
"antivirus": "Invincea", | |
"update": "20170203" | |
}, | |
{ | |
"version": "v2015", | |
"result": "BehavesLike.Trojan.fc", | |
"antivirus": "McAfee-GW-Edition", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.0.0.834", | |
"result": "Trojan.GenericKD.3479134 (B)", | |
"antivirus": "Emsisoft", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.4.16.7", | |
"result": "W32/Trojan.MLZK-1378", | |
"antivirus": "Cyren", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.207", | |
"result": "W32.Trojan.Gen", | |
"antivirus": "Webroot", | |
"update": "20170224" | |
}, | |
{ | |
"version": "8.3.3.4", | |
"result": "TR/Dropper.VB.iunj", | |
"antivirus": "Avira", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.4.233.0", | |
"result": "W32/Injector.DEKC!tr", | |
"antivirus": "Fortinet", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.1", | |
"result": "Trojan/Win32.TSGeneric", | |
"antivirus": "Antiy-AVL", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.795", | |
"result": "Trojan.Generic.D35165E", | |
"antivirus": "Arcabit", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.2", | |
"result": "Troj.Generickd!c", | |
"antivirus": "AegisLab", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.1.13504.0", | |
"result": "Trojan:Win32/Dynamer!ac", | |
"antivirus": "Microsoft", | |
"update": "20170224" | |
}, | |
{ | |
"version": "3.8.3.16811", | |
"result": "Trojan/Win32.ZBot.C1530633", | |
"antivirus": "AhnLab-V3", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.1.9", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "ALYac", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.5.0.42", | |
"result": "Trojan.Win32.Generic.pak!cobra", | |
"antivirus": "AVware", | |
"update": "20170224" | |
}, | |
{ | |
"version": "14990", | |
"result": "a variant of Win32/Injector.DDZN", | |
"antivirus": "ESET-NOD32", | |
"update": "20170224" | |
}, | |
{ | |
"version": "1.0.0.1", | |
"result": "Win32.Trojan.Inject.Auto", | |
"antivirus": "Tencent", | |
"update": "20170224" | |
}, | |
{ | |
"version": "5.5.1.3", | |
"result": "Trojan.Injector!RxvLSVNo9PA", | |
"antivirus": "Yandex", | |
"update": "20170222" | |
}, | |
{ | |
"version": "0.1.5.2", | |
"result": "Trojan.VB.Inject", | |
"antivirus": "Ikarus", | |
"update": "20170224" | |
}, | |
{ | |
"version": "25", | |
"result": "Trojan.GenericKD.3479134", | |
"antivirus": "GData", | |
"update": "20170224" | |
}, | |
{ | |
"version": "16.0.0.4756", | |
"result": "Inject3.BBKO", | |
"antivirus": "AVG", | |
"update": "20170224" | |
}, | |
{ | |
"version": "4.6.4.2", | |
"result": "Trj/GdSda.A", | |
"antivirus": "Panda", | |
"update": "20170224" | |
} | |
] | |
} | |
}, | |
"extension": ".zip", | |
"is_archive": true, | |
"sha512": "37e93b79707b56afeb91a4a3ee8c2180e5137b6a3912db46b5e58bd412d9295f3c14e123271ac0fb6b8db22572e6d67c054efda90ee4618fbf94faaeff1bc08b", | |
"analisys_date": "2017-08-13T14:41:03.741653", | |
"filename": "Payment Invoice.zip", | |
"mail_content_type": "application/x-zip-compressed", | |
"tika": [ | |
{ | |
"Content-Length": "350899", | |
"X-TIKA:content": "\n\n\n\n\n\n\n\n\n\nIMG-PO-492384BA_outputB93880.exe\n\n", | |
"X-TIKA:parse_time_millis": "103", | |
"resourceName": "tmpbbXZWU", | |
"Content-Type": "application/zip", | |
"X-Parsed-By": [ | |
"org.apache.tika.parser.DefaultParser", | |
"org.apache.tika.parser.pkg.PackageParser" | |
] | |
}, | |
{ | |
"machine:endian": "Little", | |
"machine:machineType": "x86-32", | |
"Content-Length": "449368", | |
"embeddedRelationshipId": "IMG-PO-492384BA_outputB93880.exe", | |
"modified": "2016-08-18T14:42:54Z", | |
"X-TIKA:embedded_resource_path": "/IMG-PO-492384BA_outputB93880.exe", | |
"meta:save-date": "2016-08-18T14:42:54Z", | |
"machine:architectureBits": "32", | |
"Last-Modified": "2016-08-18T14:42:54Z", | |
"Creation-Date": "2016-08-18T21:42:53Z", | |
"X-TIKA:parse_time_millis": "23", | |
"date": "2016-08-18T14:42:54Z", | |
"resourceName": "IMG-PO-492384BA_outputB93880.exe", | |
"machine:platform": "Windows", | |
"dcterms:modified": "2016-08-18T14:42:54Z", | |
"Content-Type": "application/x-msdownload", | |
"Last-Save-Date": "2016-08-18T14:42:54Z", | |
"X-Parsed-By": [ | |
"org.apache.tika.parser.DefaultParser", | |
"org.apache.tika.parser.executable.ExecutableParser" | |
] | |
} | |
], | |
"is_filtered": false, | |
"ssdeep": "6144:KbMHo7O8JQbO4sMZ8EJqhLTKE1hNRGui+YvEsRqoh84Ll7Jy:KIHmKDs8Nq1TDREhEyqALZM", | |
"sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44", | |
"content_transfer_encoding": "base64", | |
"payload": "UEsDBBQAAA...", | |
"md5": "2723dd2e5ce2b21b7df8e8f43121032c", | |
"size": 350899 | |
} | |
], | |
"analisys_date": "2017-08-13T14:41:03.490180", | |
"date": "2016-08-19T14:33:29", | |
"anomalies": [ | |
"mail_without_message-id" | |
], | |
"has_defects": false, | |
"subject": "PI", | |
"from": "\"Anabel Gonzalo\"<anabelgonzalo@fanox.com>", | |
"network": { | |
"is_filtered": false, | |
"virustotal": "{\"response_code\": 200, \"results\": {\"response_code\": 0, \"verbose_msg\": \"Missing IP address\"}}" | |
}, | |
"path_mail": "/mnt/mails/untroubled.org/1471832668.1377_3.ivanova.orig", | |
"with_attachments": true, | |
"priority": 1, | |
"to": "bruce@untroubled.org", | |
"sha256": "948455f40fe7bb6cd7ecb573ba98ad5ec5537fc5bbab12661a947ef21b29e7f7", | |
"sha512": "28a38068ce78e116939a2027d2aedc4ac382f481a1b03c3022bb0e35384ab58059abbd263808b700d31feb0c6ca888242ab375ae8bcd5b8a3ddaa67eefb1ebb8", | |
"message_id": null, | |
"body": "<HTML><HEAD><TITLE></TITLE>\n</HEAD>\n<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nDear All,</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nWe have made the payment of USD 103,349,35. TT copy attached for full payment details.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<FONT size=4><B>Document N. AMOUNT DIV.</B></FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3>INVOICE 5328 103548,25 USD</FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3>CREDIT NOTE ECS/CN/06 -198,9 USD</FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3><B>TOTAL AMOUNT 103349,35</B></FONT><FONT size=3> USD</FONT></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nI am forwarding you the e-mail that the brokering company has sent us. You will receive the money into your account in a couple of days.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<TABLE border=2 cellpadding=0 bordercolorlight=#FFFFFF bordercolordark=#000000 cellspacing=0>\n <TR valign=top>\n <TD width=118 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Booked Date</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Foreign Currency Payment Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Rate Booked</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Base Currency Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B> Fees</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Settlement Amount</B></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n <TR valign=top>\n <TD width=118 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>19/08/2016 08:11:28</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103349.35 (USD )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>1.11127</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103314.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>5 (EUR )</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103319.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n</TABLE>\n</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV align=center>\n<B>Nominated Account:</B></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Account Name</B></FONT><FONT size=3>: Interpay Limited</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank</B></FONT><FONT size=3>: CAIXABANK, S.A.</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Country</B></FONT><FONT size=3>: Spain</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>IBAN</B></FONT><FONT size=3>: ES67 2100 3467 1007 0001 6539 </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Account Number</B></FONT><FONT size=3>: 0700016539</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Currency</B></FONT><FONT size=3>: EUR </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>SWIFT/BIC Code</B></FONT><FONT size=3>: CAIXESBBXXX</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>National Bank Code</B></FONT><FONT size=3>: 21003467</FONT></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nPlease ensure to use the Booking Reference Number quoted below:</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nBooking Reference Number: B210154</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nPlease Complete TT details attached.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nBest regards</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<B>Anabel Gonzalo</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B>Responsable de Compras / Purchasing Manager</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n </DIV>\n<DIV>\n<IMG align=baseline border=0 width=226 height=65 src=\"cid:00A3761D82D4$04826125$0100007f@bjjmucqlfpofxjh\"></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<B>Fabricante especialista en ProtecciГіn & Control / Manufacturer specialized in Protection & Control</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B>Certified ISO 9001:2008</B></DIV>\n<DIV>\n </DIV>\n<DIV>\nFANOX ELECTRONIC, S.L.</DIV>\n<DIV>\n </DIV>\n<DIV>\nParque TecnolГіgico de Bizkaia</DIV>\n<DIV>\n </DIV>\n<DIV>\nAstondo bidea, Edificio 604 </DIV>\n<DIV>\n48160 Derio - Spain</DIV>\n<DIV>\nT. +34 944 711 411</DIV>\n<DIV>\nF. +34 944 710 431</DIV>\n<DIV>\n </DIV>\n<DIV>\nwww.fanox.com</DIV>\n</FONT>\n</BODY></HTML>", | |
"mailbox": "untroubled", | |
"sender_ip": "69.5.6.174", | |
"raw_mail": { | |
"is_filtered": false, | |
"spamassassin": { | |
"X-Spam-Level": "****************", | |
"X-Spam-Checker-Version": "SpamAssassin 3.4.1 (2015-04-28) on 75d9f2ebf044", | |
"score": 16.1, | |
"X-Spam-Status": "Yes, score=16.1 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,\n\tAXB_XMAILER_MIMEOLE_OL_024C2,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,\n\tFORGED_OUTLOOK_TAGS,FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,\n\tFROM_MISSP_XPRIO,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,\n\tMISSING_HEADERS,MISSING_MID,MONEY_FROM_MISSP,NSL_RCVD_HELO_USER,\n\tREPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,URIBL_BLOCKED\n\tautolearn=no autolearn_force=no version=3.4.1", | |
"details": [ | |
{ | |
"rule name": "NSL_RCVD_HELO_USER", | |
"pts": 2.5, | |
"description": "Received from HELO User" | |
}, | |
{ | |
"rule name": "MISSING_HEADERS", | |
"pts": 1.2, | |
"description": "Missing To: header" | |
}, | |
{ | |
"rule name": "URIBL_BLOCKED", | |
"pts": 0.0, | |
"description": "ADMINISTRATOR NOTICE: The query to URIBL was block See http://wiki.apache.org/spamassassin/DnsBlocklists# for more information. [URIs: fanox.com]" | |
}, | |
{ | |
"rule name": "HTML_MESSAGE", | |
"pts": 0.0, | |
"description": "BODY: HTML included in message" | |
}, | |
{ | |
"rule name": "MIME_HTML_ONLY", | |
"pts": 1.1, | |
"description": "BODY: Message only has text/html MIME parts" | |
}, | |
{ | |
"rule name": "MISSING_MID", | |
"pts": 0.1, | |
"description": "Missing Message-Id: header" | |
}, | |
{ | |
"rule name": "LOTS_OF_MONEY", | |
"pts": 0.0, | |
"description": "Huge... sums of money" | |
}, | |
{ | |
"rule name": "FROM_MISSP_XPRIO", | |
"pts": 0.0, | |
"description": "Misspaced FROM + X-Priority" | |
}, | |
{ | |
"rule name": "FROM_MISSP_MSFT", | |
"pts": 0.0, | |
"description": "From misspaced + supposed Microsoft tool" | |
}, | |
{ | |
"rule name": "AXB_XMAILER_MIMEOLE_OL", | |
"pts": 0.0, | |
"description": "024C2 Yet another X header trait" | |
}, | |
{ | |
"rule name": "FORGED_OUTLOOK_TAGS", | |
"pts": 0.6, | |
"description": "Outlook can't send HTML in this format" | |
}, | |
{ | |
"rule name": "FSL_NEW_HELO_USER", | |
"pts": 0.6, | |
"description": "Spam's using Helo and User" | |
}, | |
{ | |
"rule name": "FORGED_OUTLOOK_HTML", | |
"pts": 0.0, | |
"description": "Outlook can't send HTML message only" | |
}, | |
{ | |
"rule name": "REPLYTO_WITHOUT_TO_CC", | |
"pts": 1.9, | |
"description": "No description available." | |
}, | |
{ | |
"rule name": "MONEY_FROM_MISSP", | |
"pts": 0.0, | |
"description": "Lots of money and misspaced From" | |
}, | |
{ | |
"rule name": "FROM_MISSPACED", | |
"pts": 0.0, | |
"description": "From: missing whitespace" | |
}, | |
{ | |
"rule name": "FROM_MISSP_REPLYTO", | |
"pts": 0.0, | |
"description": "From misspaced, has Reply-To" | |
}, | |
{ | |
"rule name": "TO_NO_BRKTS_FROM_MSSP", | |
"pts": 0.7, | |
"description": "Multiple formatting errors" | |
}, | |
{ | |
"rule name": "FORGED_MUA_OUTLOOK", | |
"pts": 2.8, | |
"description": "Forged mail pretending to be from MS Outlook" | |
}, | |
{ | |
"rule name": "TO_NO_BRKTS_MSFT", | |
"pts": 2.5, | |
"description": "To: misformatted and supposed Microsoft tool" | |
}, | |
{ | |
"rule name": "ADVANCE_FEE_2_NEW_MONE", | |
"pts": 2.0, | |
"description": "Advance Fee fraud and lots of money" | |
} | |
], | |
"X-Spam-Flag": "YES" | |
} | |
}, | |
"ssdeep": "96:+LhGNddddddNddddddddWdddddddddddqddddddddddddZddddddddYP2QmCdSg9:+LFeQZHwd8brQEwwn", | |
"has_anomalies": true, | |
"md5": "46baea921a4efebea85895d7a0bf2764", | |
"sha1": "0931a46eb80784978689ca7371352d2851953c7d", | |
"phishing": { | |
"score": 1, | |
"score_expanded": [ | |
"mail_body" | |
], | |
"targets": [ | |
"Booking" | |
], | |
"with_phishing": false | |
}, | |
"headers": "Delivered-To bruce@untroubled.org\nReceived (fqmail 26559 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from mx03.futurequest.net (mx03.futurequest.net [69.5.6.174])\n by pt02.futurequest.net ([69.5.6.173])\n with FQDP via TCP; 21 Aug 2016 10:49:40 -0000\nReceived (qmail 19675 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from localhost.localdomain.com (mail.revesoft.com [208.74.72.248])\n by mx03.futurequest.net ([69.5.6.174])\n with ESMTP via TCP; 21 Aug 2016 10:49:39 -0000\nReceived from host86-187-174-57.range86-187.btcentralplus.com ([86.187.174.57]:45321 helo=User)\n\tby localhost.localdomain.com with esmtpa (Exim 4.87)\n\t(envelope-from <anabelgonzalo@fanox.com>)\n\tid 1bakrE-000291-LF; Fri, 19 Aug 2016 20:34:52 +0600\nReply-To <anabelgonzalo@fanox.com>\nFrom \"Anabel Gonzalo\"<anabelgonzalo@fanox.com>\nSubject PI\nDate Fri, 19 Aug 2016 15:33:29 +0100\nMIME-Version 1.0\nContent-Type multipart/mixed;\n\tboundary=\"----=_NextPart_000_0121_01C2A9A6.50D724E0\"\nX-Priority 3\nX-MSMail-Priority Normal\nX-Mailer Microsoft Outlook Express 6.00.2600.0000\nX-MimeOLE Produced By Microsoft MimeOLE V6.00.2600.0000\nX-AntiAbuse This header was added to track abuse, please include it with any abuse report\nX-AntiAbuse Primary Hostname - localhost.localdomain.com\nX-AntiAbuse Original Domain - untroubled.org\nX-AntiAbuse Originator/Caller UID/GID - [47 12] / [47 12]\nX-AntiAbuse Sender Address Domain - fanox.com\nX-Get-Message-Sender-Via localhost.localdomain.com: authenticated_id: quazi.limon@revesoft.com\nX-Authenticated-Sender localhost.localdomain.com: quazi.limon@revesoft.com\n", | |
"is_filtered": false, | |
"mail_server": "untroubled.org" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment