silence-is-best

Date,Summary ,Details,Email Payload Type,Users Targeted
3/1/2024,Malicious email campaign; morning,Re: lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,8
3/4/2024,Malicious email campaign; morning,RE: ADVANCE TT SLIP // FEB 2024 SOA PAYMENT; zip -> originlogger,Attachment,4
3/4/2024,Malicious email campaign; morning,DELIVERY RELEASE ORDER Ref-no: <<A3_DB2TH84T.CNT>>; zip -> originlogger continued to 3/19,Attachment,4
3/4/2024,Malicious email campaign; morning,New PO - PO#2024EH001; rar -> originlogger,Attachment,4
3/4/2024,Malicious email campaign; morning,Inquiry & Orders; rar -> formbook,Attachment,3
3/4/2024,Malicious email campaign; morning,Payment Advice - Advice; img -> originlogger,Attachment,3
3/4/2024,Malicious email campaign; morning,ARRIVAL NOTICE EVER BEADY 0732-081S Ref-no|RE: Release Payment; zip -> originlogger,Attachment,16
3/5/2024,Malicious email campaign; morning,Invoice copy.; zip -> img -> wsf|vbs -> xworm continued to 3/7,Attachment,14
3/5/2024,Malicious email campaign; evening,Şubat

silence-is-best

Date,Details,Payload Type,Users Targeted
2/1/2024,SOA PAYMENT SETTLEMENT; r01 -> dbatloader -> remcos,Attachment,5
2/1/2024,Request for Quotation; z -> originlogger continued to 02/04,Attachment,8
2/4/2024,Re:New Order; 7z -> originlogger,Attachment,2
2/5/2024,Quote; z -> origin logger,Attachment,4
2/6/2024,AmBank Remittance Advice/SOA SETTLEMENT/BL-FEB-2024/APPROVED; tar -> modiloader -> remcos,Attachment,6
2/7/2024,Header from noreply@kuehne-nagel.com|CHRobinsonAR@chrobinson.com; pdf -> wikiloader continied to 2/8,Attachment,162
2/8/2024,FW: Re: Quotation Request - Feb 2024 quotation.// New Supplier; lzh -> originlogger,Attachment,25
2/8/2024,RE: RFQ - 07.02.2024; xla -> doc -> vbs -> remcos,Attachment,3
2/12/2024,Payment remittance from Our Client/ Your Customer; 7z -> originlogger,Attachment,2

silence-is-best

Date,Details,Email Payload Type,Users Targeted
1/9/2024,Payment Failed: Update Your Payment Details to Avoid Subscription Interruption; pdf -> hagga -> orogin logger,Attachment,2
1/10/2024,Inquiry 37567 Appendices A, B, D, and E; 7z -> loader,Attachment,2
1/13/2024,Subjects contain Agency Appointment; zip -> snakekeylogger,Attachment,7
1/13/2024,FLF7992/22 // Shipment; zip -> snakekeylogger,Attachment,3
1/15/2024,Your UPS Parcel was delivered; gz -> originlogger,Attachment,2
1/15/2024,PO 4500082036; zip -> remcos,Attachment,3
1/15/2024,PDA and PORT INFO for 69 x 20' IMO CONTAINERS; zip -> snakekeylogger,Attachment,3
1/16/2024,Subjects start with Invoice from DSV: pdf -> zip -> js -> wikiloader,Attachment,369
1/17/2024,New Quotation 5665900481XXX024; rar -> oroginlogger,Attachment,3

silence-is-best

Src

101.100.168.8
106.201.232.211
112.165.98.84
113.160.178.233
115.238.191.246
116.249.154.224
117.4.201.133
122.171.19.108

silence-is-best

Date,Summary ,Details,Email Payload Type,Users Targeted
12/1/2023,Malicious email campaign; morning,Re: Inquiry; z -> originlogger,Attachment,4
12/3/2023,Malicious email campaign; morning,CV; doc -> formbook,Attachment,2
12/3/2023,Malicious email campaign; morning,Statement-1000276262; z -> originlogger,Attachment,4
12/4/2023,Malicious email campaign; morning,REQUEST FOR QUOTATION; gz -> formbook,Attachment,5
12/5/2023,Malicious email campaign; evening,URGENT PURCHASE ORDER No. 9104393019; gz -> originlogger,Attachment,3
12/5/2023,Malicious email campaign; morning,RE: Request for Urgent Quotation; gz -> formbook,Attachment,3
12/5/2023,Malicious email campaign; evening,Re: order December -06122023; 7z -> vbs -> guloader continued to 11/6,Attachment,13
12/5/2023,Malicious email campaign; evening,Payment Advice - Advice Ref:[A23Wo4XAk6xJ-IN] / Priority payment; rar -> originlogger,Attachment,4
12/5/2023,Malicious email campaign; morning,New Order /DB-078003417XXXXX; rar -> originlogger,Attachment,2

silence-is-best

Date,Summary , Details,Email Payload Type,Users Targeted
11/1/2023,Malicious email campaign; morning,Dhl// Shipment 0106245448; zi p-> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; morning,Enquiry - RFQ; zip -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,order 4806125050; iso -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,Swift Advice 02-Nov-2023; pdf(rar) -> agenttesla,Attachment,4
11/2/2023,Malicious email campaign; evening,Quotation request 7142300109_00003517; rar -> img -> quaxloader -> agenttesla,Attachment,2
11/4/2023,Malicious email campaign; morning,Freight Invoice(s); z -> agenttesla,Attachment,4
11/5/2023,Malicious email campaign; morning,payment regarding shipment (urgent); rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,PO; rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,Request For Quotation; 001 -> agenttesla,Attachment,2

silence-is-best

Date,Details,Email Payload Type,Users Targeted
10/1/2023,FW: damaged Goods; xlam -> agenttesla continued to 10/9,Attachment,
10/2/2023,RE: SHIPPING DOCUMENT & PACKING LIST; r15 -> agenttesla,Attachment,2
10/2/2023,RE: CONFIRM REVISED PIURCHASE ORDER; zip -> formbook,Attachment,2
10/2/2023,Signed Purchase Order: PO/US/4509622207; zip -> formbook,Attachment,2
10/2/2023,Attachment name is Document.zip; zip -> agenttesla,Attachment,2
10/3/2023,RE: New Order; r15 -> agenttesla,Attachment,2
10/3/2023,Wrong Payment Information; zip -> agenttesla,Attachment,2
10/4/2023,RE: Status For September SOA; xls -> agenttesla continued to 10/5,Attachment,4
10/5/2023,Purchase Order - HOM-OS-20-23-813; r15 -> agenttesla,Attachment,2

silence-is-best

Date,Summary ,Details,Email Payload Type,Users Targeted
9/2/2023,Malicious email campaign; morning,<email address> You have an incoming invoice; rar -> formbook,Attachment,3
9/6/2023,Malicious email campaign; evening,Re:Euro Payment Only//Revise Invoice to Euro Currency//Provide Euro Bank Details; z -> agenttesla,Attachment,2
9/6/2023,Malicious email campaign; morning,New Purchase Order; doc -> nanocore,Attachment,2
9/6/2023,Malicious email campaign; morning,Pending Invoice payments; zip -> agenttesla,Attachment,6
9/6/2023,Malicious email campaign; evening,New order#2_W43550970; zip -> agenttesla,Attachment,9
9/10/2023,Malicious email campaign; evening,Order and Deposit; xls -> guloader,Attachment,14
9/11/2023,Malicious email campaign; evening,Request for a sample quotation; xls -> agenttesla,Attachment,2
9/12/2023,Malicious email campaign; evening,UAE RFQ CONTRACT: BID SUPPLY 2023 AND SERVICES.; doc -> nanocore,Attachment,3
9/14/2023,Malicious email campaign; evening,Attachements start with inv_|sep_inv; pdf

silence-is-best

100.42.161.205
107.190.111.104
107.5.40.178
135.125.132.194
145.128.211.49
154.20.198.58
158.174.34.217
161.97.104.148
173.29.33.75
174.55.106.186

silence-is-best

Date,Details,Email Payload Type,Users Targeted
8/1/2023,RE: FINAL INVOICE ATTACHED; docx -> formbook,Attachment,3
8/2/2023,Quote Best Price Offer; zip -> agenttesla,Attachment,2
8/2/2023,fwd: Proforma Invoice; z -> agenttesla,Attachment,3
8/3/2023,FEEDER DELAY NOTICE; rar -> dfarkcloud,Attachment,4
8/3/2023,Sv: EXT: Re: AW: Re: Sv: New Order PO; doc -> agenttesla,Attachment,5
8/7/2023,Re: URGENT: Immediate Payment Required for Invoice ME01-72; jar -> strrat,Attachment,5
8/7/2023,Attachment name is RFQ# R&E-S194.rar; rar -> formbook,Attachment,4
8/8/2023,DocuSign!; pdf -> parallax,Attachment,4
8/10/2023,Swift Payment Copy; z -> darkcloud,Attachment,4