This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary ,Details,Email Payload Type,Users Targeted | |
3/1/2024,Malicious email campaign; morning,Re: lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,8 | |
3/4/2024,Malicious email campaign; morning,RE: ADVANCE TT SLIP // FEB 2024 SOA PAYMENT; zip -> originlogger,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,DELIVERY RELEASE ORDER Ref-no: <<A3_DB2TH84T.CNT>>; zip -> originlogger continued to 3/19,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,New PO - PO#2024EH001; rar -> originlogger,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,Inquiry & Orders; rar -> formbook,Attachment,3 | |
3/4/2024,Malicious email campaign; morning,Payment Advice - Advice; img -> originlogger,Attachment,3 | |
3/4/2024,Malicious email campaign; morning,ARRIVAL NOTICE EVER BEADY 0732-081S Ref-no|RE: Release Payment; zip -> originlogger,Attachment,16 | |
3/5/2024,Malicious email campaign; morning,Invoice copy.; zip -> img -> wsf|vbs -> xworm continued to 3/7,Attachment,14 | |
3/5/2024,Malicious email campaign; evening,Şubat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Payload Type,Users Targeted | |
2/1/2024,SOA PAYMENT SETTLEMENT; r01 -> dbatloader -> remcos,Attachment,5 | |
2/1/2024,Request for Quotation; z -> originlogger continued to 02/04,Attachment,8 | |
2/4/2024,Re:New Order; 7z -> originlogger,Attachment,2 | |
2/5/2024,Quote; z -> origin logger,Attachment,4 | |
2/6/2024,AmBank Remittance Advice/SOA SETTLEMENT/BL-FEB-2024/APPROVED; tar -> modiloader -> remcos,Attachment,6 | |
2/7/2024,Header from noreply@kuehne-nagel.com|CHRobinsonAR@chrobinson.com; pdf -> wikiloader continied to 2/8,Attachment,162 | |
2/8/2024,FW: Re: Quotation Request - Feb 2024 quotation.// New Supplier; lzh -> originlogger,Attachment,25 | |
2/8/2024,RE: RFQ - 07.02.2024; xla -> doc -> vbs -> remcos,Attachment,3 | |
2/12/2024,Payment remittance from Our Client/ Your Customer; 7z -> originlogger,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
1/9/2024,Payment Failed: Update Your Payment Details to Avoid Subscription Interruption; pdf -> hagga -> orogin logger,Attachment,2 | |
1/10/2024,Inquiry 37567 Appendices A, B, D, and E; 7z -> loader,Attachment,2 | |
1/13/2024,Subjects contain Agency Appointment; zip -> snakekeylogger,Attachment,7 | |
1/13/2024,FLF7992/22 // Shipment; zip -> snakekeylogger,Attachment,3 | |
1/15/2024,Your UPS Parcel was delivered; gz -> originlogger,Attachment,2 | |
1/15/2024,PO 4500082036; zip -> remcos,Attachment,3 | |
1/15/2024,PDA and PORT INFO for 69 x 20' IMO CONTAINERS; zip -> snakekeylogger,Attachment,3 | |
1/16/2024,Subjects start with Invoice from DSV: pdf -> zip -> js -> wikiloader,Attachment,369 | |
1/17/2024,New Quotation 5665900481XXX024; rar -> oroginlogger,Attachment,3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Src | |
101.100.168.8 | |
106.201.232.211 | |
112.165.98.84 | |
113.160.178.233 | |
115.238.191.246 | |
116.249.154.224 | |
117.4.201.133 | |
122.171.19.108 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary ,Details,Email Payload Type,Users Targeted | |
12/1/2023,Malicious email campaign; morning,Re: Inquiry; z -> originlogger,Attachment,4 | |
12/3/2023,Malicious email campaign; morning,CV; doc -> formbook,Attachment,2 | |
12/3/2023,Malicious email campaign; morning,Statement-1000276262; z -> originlogger,Attachment,4 | |
12/4/2023,Malicious email campaign; morning,REQUEST FOR QUOTATION; gz -> formbook,Attachment,5 | |
12/5/2023,Malicious email campaign; evening,URGENT PURCHASE ORDER No. 9104393019; gz -> originlogger,Attachment,3 | |
12/5/2023,Malicious email campaign; morning,RE: Request for Urgent Quotation; gz -> formbook,Attachment,3 | |
12/5/2023,Malicious email campaign; evening,Re: order December -06122023; 7z -> vbs -> guloader continued to 11/6,Attachment,13 | |
12/5/2023,Malicious email campaign; evening,Payment Advice - Advice Ref:[A23Wo4XAk6xJ-IN] / Priority payment; rar -> originlogger,Attachment,4 | |
12/5/2023,Malicious email campaign; morning,New Order /DB-078003417XXXXX; rar -> originlogger,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary , Details,Email Payload Type,Users Targeted | |
11/1/2023,Malicious email campaign; morning,Dhl// Shipment 0106245448; zi p-> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; morning,Enquiry - RFQ; zip -> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; evening,order 4806125050; iso -> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; evening,Swift Advice 02-Nov-2023; pdf(rar) -> agenttesla,Attachment,4 | |
11/2/2023,Malicious email campaign; evening,Quotation request 7142300109_00003517; rar -> img -> quaxloader -> agenttesla,Attachment,2 | |
11/4/2023,Malicious email campaign; morning,Freight Invoice(s); z -> agenttesla,Attachment,4 | |
11/5/2023,Malicious email campaign; morning,payment regarding shipment (urgent); rar -> agenttesla,Attachment,4 | |
11/6/2023,Malicious email campaign; morning,PO; rar -> agenttesla,Attachment,4 | |
11/6/2023,Malicious email campaign; morning,Request For Quotation; 001 -> agenttesla,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
10/1/2023,FW: damaged Goods; xlam -> agenttesla continued to 10/9,Attachment, | |
10/2/2023,RE: SHIPPING DOCUMENT & PACKING LIST; r15 -> agenttesla,Attachment,2 | |
10/2/2023,RE: CONFIRM REVISED PIURCHASE ORDER; zip -> formbook,Attachment,2 | |
10/2/2023,Signed Purchase Order: PO/US/4509622207; zip -> formbook,Attachment,2 | |
10/2/2023,Attachment name is Document.zip; zip -> agenttesla,Attachment,2 | |
10/3/2023,RE: New Order; r15 -> agenttesla,Attachment,2 | |
10/3/2023,Wrong Payment Information; zip -> agenttesla,Attachment,2 | |
10/4/2023,RE: Status For September SOA; xls -> agenttesla continued to 10/5,Attachment,4 | |
10/5/2023,Purchase Order - HOM-OS-20-23-813; r15 -> agenttesla,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary ,Details,Email Payload Type,Users Targeted | |
9/2/2023,Malicious email campaign; morning,<email address> You have an incoming invoice; rar -> formbook,Attachment,3 | |
9/6/2023,Malicious email campaign; evening,Re:Euro Payment Only//Revise Invoice to Euro Currency//Provide Euro Bank Details; z -> agenttesla,Attachment,2 | |
9/6/2023,Malicious email campaign; morning,New Purchase Order; doc -> nanocore,Attachment,2 | |
9/6/2023,Malicious email campaign; morning,Pending Invoice payments; zip -> agenttesla,Attachment,6 | |
9/6/2023,Malicious email campaign; evening,New order#2_W43550970; zip -> agenttesla,Attachment,9 | |
9/10/2023,Malicious email campaign; evening,Order and Deposit; xls -> guloader,Attachment,14 | |
9/11/2023,Malicious email campaign; evening,Request for a sample quotation; xls -> agenttesla,Attachment,2 | |
9/12/2023,Malicious email campaign; evening,UAE RFQ CONTRACT: BID SUPPLY 2023 AND SERVICES.; doc -> nanocore,Attachment,3 | |
9/14/2023,Malicious email campaign; evening,Attachements start with inv_|sep_inv; pdf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
100.42.161.205 | |
107.190.111.104 | |
107.5.40.178 | |
135.125.132.194 | |
145.128.211.49 | |
154.20.198.58 | |
158.174.34.217 | |
161.97.104.148 | |
173.29.33.75 | |
174.55.106.186 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
8/1/2023,RE: FINAL INVOICE ATTACHED; docx -> formbook,Attachment,3 | |
8/2/2023,Quote Best Price Offer; zip -> agenttesla,Attachment,2 | |
8/2/2023,fwd: Proforma Invoice; z -> agenttesla,Attachment,3 | |
8/3/2023,FEEDER DELAY NOTICE; rar -> dfarkcloud,Attachment,4 | |
8/3/2023,Sv: EXT: Re: AW: Re: Sv: New Order PO; doc -> agenttesla,Attachment,5 | |
8/7/2023,Re: URGENT: Immediate Payment Required for Invoice ME01-72; jar -> strrat,Attachment,5 | |
8/7/2023,Attachment name is RFQ# R&E-S194.rar; rar -> formbook,Attachment,4 | |
8/8/2023,DocuSign!; pdf -> parallax,Attachment,4 | |
8/10/2023,Swift Payment Copy; z -> darkcloud,Attachment,4 |
NewerOlder