Last active
August 13, 2017 14:37
-
-
Save fedelemantuano/e37095442263a51da7f5bd722532aab3 to your computer and use it in GitHub Desktop.
SpamScope analysis of https://gist.github.com/fedelemantuano/5dd702004c25a46b2bd60de21e67458e
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"attachments": [ | |
{ | |
"files": [ | |
{ | |
"sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", | |
"extension": ".exe", | |
"Content-Type": "application/x-dosexec", | |
"analisys_date": "2017-08-13T14:30:38.835704", | |
"filename": "IMG-PO-492384BA_outputB93880.exe", | |
"is_filtered": [ | |
false | |
], | |
"ssdeep": "6144:UB0Qyhp5axJdq3PHo0Tq54BoSoUNRGui+YvEc8xoQAe6J+z/I93xgH38IN8I:UHIp5UqvdK4BoaREhEO5e6Jg/I93iXr", | |
"sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01", | |
"sha512": "59af8a425dee54609707079ac04b3645753f6101f794cb3738cdab575f0d5805d073bf0b10224a77e44fd28d687ff677a199df42eefe98879852351b3d5dca68", | |
"payload": "TVqQAAMAAA...", | |
"md5": "c106f9bc7174402b582cffc1d6399b46", | |
"size": 449368 | |
} | |
], | |
"Content-Type": "application/zip", | |
"sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", | |
"extension": ".zip", | |
"is_archive": true, | |
"sha512": "37e93b79707b56afeb91a4a3ee8c2180e5137b6a3912db46b5e58bd412d9295f3c14e123271ac0fb6b8db22572e6d67c054efda90ee4618fbf94faaeff1bc08b", | |
"analisys_date": "2017-08-13T14:30:38.797451", | |
"filename": "Payment Invoice.zip", | |
"mail_content_type": "application/x-zip-compressed", | |
"is_filtered": false, | |
"ssdeep": "6144:KbMHo7O8JQbO4sMZ8EJqhLTKE1hNRGui+YvEsRqoh84Ll7Jy:KIHmKDs8Nq1TDREhEyqALZM", | |
"sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44", | |
"content_transfer_encoding": "base64", | |
"payload": "UEsDBBQAAA...", | |
"md5": "2723dd2e5ce2b21b7df8e8f43121032c", | |
"size": 350899 | |
} | |
], | |
"analisys_date": "2017-08-13T14:30:38.693147", | |
"date": "2016-08-19T14:33:29", | |
"anomalies": [ | |
"mail_without_message-id" | |
], | |
"has_defects": false, | |
"subject": "PI", | |
"from": "\"Anabel Gonzalo\"<anabelgonzalo@fanox.com>", | |
"network": { | |
"is_filtered": false | |
}, | |
"path_mail": "/mnt/mails/untroubled.org/1471832668.1377_3.ivanova.orig", | |
"with_attachments": true, | |
"priority": 1, | |
"to": "bruce@untroubled.org", | |
"sha256": "948455f40fe7bb6cd7ecb573ba98ad5ec5537fc5bbab12661a947ef21b29e7f7", | |
"sha512": "28a38068ce78e116939a2027d2aedc4ac382f481a1b03c3022bb0e35384ab58059abbd263808b700d31feb0c6ca888242ab375ae8bcd5b8a3ddaa67eefb1ebb8", | |
"message_id": null, | |
"body": "<HTML><HEAD><TITLE></TITLE>\n</HEAD>\n<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nDear All,</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nWe have made the payment of USD 103,349,35. TT copy attached for full payment details.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<FONT size=4><B>Document N. AMOUNT DIV.</B></FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3>INVOICE 5328 103548,25 USD</FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3>CREDIT NOTE ECS/CN/06 -198,9 USD</FONT></DIV>\n<DIV>\n<FONT size=3> </FONT></DIV>\n<DIV>\n<FONT size=3><B>TOTAL AMOUNT 103349,35</B></FONT><FONT size=3> USD</FONT></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nI am forwarding you the e-mail that the brokering company has sent us. You will receive the money into your account in a couple of days.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<TABLE border=2 cellpadding=0 bordercolorlight=#FFFFFF bordercolordark=#000000 cellspacing=0>\n <TR valign=top>\n <TD width=118 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Booked Date</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Foreign Currency Payment Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Rate Booked</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Base Currency Amount</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B> Fees</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=75>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B> </B></FONT></DIV>\n<DIV>\n<FONT size=4><B>Settlement Amount</B></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n <TR valign=top>\n <TD width=118 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>19/08/2016 08:11:28</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=223 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103349.35 (USD )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>1.11127</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103314.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n <TD width=100 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B>5 (EUR )</B></FONT></DIV>\n</FONT>\n </TD>\n <TD width=121 height=42>\n<FONT size=2 color=#000000 face=\"Arial\">\n<DIV>\n<FONT size=4><B><U>103319.37 (EUR )</B></U></FONT></DIV>\n</FONT>\n </TD>\n </TR>\n</TABLE>\n</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV align=center>\n<B>Nominated Account:</B></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Account Name</B></FONT><FONT size=3>: Interpay Limited</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank</B></FONT><FONT size=3>: CAIXABANK, S.A.</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Bank Country</B></FONT><FONT size=3>: Spain</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>IBAN</B></FONT><FONT size=3>: ES67 2100 3467 1007 0001 6539 </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Account Number</B></FONT><FONT size=3>: 0700016539</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>Currency</B></FONT><FONT size=3>: EUR </FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>SWIFT/BIC Code</B></FONT><FONT size=3>: CAIXESBBXXX</FONT></DIV>\n<DIV align=center>\n<FONT size=3><B>National Bank Code</B></FONT><FONT size=3>: 21003467</FONT></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nPlease ensure to use the Booking Reference Number quoted below:</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nBooking Reference Number: B210154</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nPlease Complete TT details attached.</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\nBest regards</DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<B>Anabel Gonzalo</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B>Responsable de Compras / Purchasing Manager</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n </DIV>\n<DIV>\n<IMG align=baseline border=0 width=226 height=65 src=\"cid:00A3761D82D4$04826125$0100007f@bjjmucqlfpofxjh\"></DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n </DIV>\n<DIV>\n<B>Fabricante especialista en ProtecciГіn & Control / Manufacturer specialized in Protection & Control</B></DIV>\n<DIV>\n<B> </B></DIV>\n<DIV>\n<B>Certified ISO 9001:2008</B></DIV>\n<DIV>\n </DIV>\n<DIV>\nFANOX ELECTRONIC, S.L.</DIV>\n<DIV>\n </DIV>\n<DIV>\nParque TecnolГіgico de Bizkaia</DIV>\n<DIV>\n </DIV>\n<DIV>\nAstondo bidea, Edificio 604 </DIV>\n<DIV>\n48160 Derio - Spain</DIV>\n<DIV>\nT. +34 944 711 411</DIV>\n<DIV>\nF. +34 944 710 431</DIV>\n<DIV>\n </DIV>\n<DIV>\nwww.fanox.com</DIV>\n</FONT>\n</BODY></HTML>", | |
"mailbox": "untroubled", | |
"sender_ip": "69.5.6.174", | |
"raw_mail": { | |
"is_filtered": false | |
}, | |
"ssdeep": "96:+LhGNddddddNddddddddWdddddddddddqddddddddddddZddddddddYP2QmCdSg9:+LFeQZHwd8brQEwwn", | |
"has_anomalies": true, | |
"md5": "46baea921a4efebea85895d7a0bf2764", | |
"sha1": "0931a46eb80784978689ca7371352d2851953c7d", | |
"phishing": { | |
"score": 1, | |
"score_expanded": [ | |
"mail_body" | |
], | |
"targets": [ | |
"Booking" | |
], | |
"with_phishing": false | |
}, | |
"headers": "Delivered-To bruce@untroubled.org\nReceived (fqmail 26559 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from mx03.futurequest.net (mx03.futurequest.net [69.5.6.174])\n by pt02.futurequest.net ([69.5.6.173])\n with FQDP via TCP; 21 Aug 2016 10:49:40 -0000\nReceived (qmail 19675 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from localhost.localdomain.com (mail.revesoft.com [208.74.72.248])\n by mx03.futurequest.net ([69.5.6.174])\n with ESMTP via TCP; 21 Aug 2016 10:49:39 -0000\nReceived from host86-187-174-57.range86-187.btcentralplus.com ([86.187.174.57]:45321 helo=User)\n\tby localhost.localdomain.com with esmtpa (Exim 4.87)\n\t(envelope-from <anabelgonzalo@fanox.com>)\n\tid 1bakrE-000291-LF; Fri, 19 Aug 2016 20:34:52 +0600\nReply-To <anabelgonzalo@fanox.com>\nFrom \"Anabel Gonzalo\"<anabelgonzalo@fanox.com>\nSubject PI\nDate Fri, 19 Aug 2016 15:33:29 +0100\nMIME-Version 1.0\nContent-Type multipart/mixed;\n\tboundary=\"----=_NextPart_000_0121_01C2A9A6.50D724E0\"\nX-Priority 3\nX-MSMail-Priority Normal\nX-Mailer Microsoft Outlook Express 6.00.2600.0000\nX-MimeOLE Produced By Microsoft MimeOLE V6.00.2600.0000\nX-AntiAbuse This header was added to track abuse, please include it with any abuse report\nX-AntiAbuse Primary Hostname - localhost.localdomain.com\nX-AntiAbuse Original Domain - untroubled.org\nX-AntiAbuse Originator/Caller UID/GID - [47 12] / [47 12]\nX-AntiAbuse Sender Address Domain - fanox.com\nX-Get-Message-Sender-Via localhost.localdomain.com: authenticated_id: quazi.limon@revesoft.com\nX-Authenticated-Sender localhost.localdomain.com: quazi.limon@revesoft.com\n", | |
"is_filtered": false, | |
"mail_server": "untroubled.org" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example for SpamScope project.