Created
January 8, 2024 21:21
-
-
Save silence-is-best/781f80d484aefbc89acdaee7cf1ce879 to your computer and use it in GitHub Desktop.
December Malspam Campaigns
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Date,Summary ,Details,Email Payload Type,Users Targeted | |
| 12/1/2023,Malicious email campaign; morning,Re: Inquiry; z -> originlogger,Attachment,4 | |
| 12/3/2023,Malicious email campaign; morning,CV; doc -> formbook,Attachment,2 | |
| 12/3/2023,Malicious email campaign; morning,Statement-1000276262; z -> originlogger,Attachment,4 | |
| 12/4/2023,Malicious email campaign; morning,REQUEST FOR QUOTATION; gz -> formbook,Attachment,5 | |
| 12/5/2023,Malicious email campaign; evening,URGENT PURCHASE ORDER No. 9104393019; gz -> originlogger,Attachment,3 | |
| 12/5/2023,Malicious email campaign; morning,RE: Request for Urgent Quotation; gz -> formbook,Attachment,3 | |
| 12/5/2023,Malicious email campaign; evening,Re: order December -06122023; 7z -> vbs -> guloader continued to 11/6,Attachment,13 | |
| 12/5/2023,Malicious email campaign; evening,Payment Advice - Advice Ref:[A23Wo4XAk6xJ-IN] / Priority payment; rar -> originlogger,Attachment,4 | |
| 12/5/2023,Malicious email campaign; morning,New Order /DB-078003417XXXXX; rar -> originlogger,Attachment,2 | |
| 12/6/2023,Malicious email campaign; evening,URGENT REQUEST FOR QUOTATION; rar -> originlogger continued to 12/10,Attachment,2 | |
| 12/7/2023,Malicious email campaign; evening,Your Document #45; zip -> phorpiex continuted to 12/11,Attachment,121 | |
| 12/7/2023,Malicious email campaign; evening,REF: RFQ (KSA NEW PROJECT); gz -> formbook,Attachment,3 | |
| 12/12/2023,Malicious email campaign; morning,CV; iso -> nanocore continued to 12/13,Attachment,2 | |
| 12/12/2023,Malicious email campaign; morning,SOA 2023-50 HAPAG LLOYD � 50244516; rar -> originlogger,Attachment,4 | |
| 12/12/2023,Malicious email campaign; morning,Booking.com Invoice 1578246817; pdf -> origin,Attachment,3 | |
| 12/18/2023,Malicious email campaign; morning,Header from is CEVA Freight; pdf -> suspected wikiloader,Attachment,169 | |
| 12/20/2023,Malicious email campaign; evening,Invoices No. 112 and 113; z -> snakekeylogger,Attachment,4 | |
| 12/21/2023,Malicious email campaign; morning,Your Document; zip -> phorpiex,Attachment,14 | |
| 12/22/2023,Malicious email campaign; morning,Booking.com Invoice <digits>; pdf -> lnk -> hagga -> origin logger,Attachment,3 | |
| 12/24/2024,Malicious email campaign; morning,AGENCY APPOINTMENT // PDA REQUEST; zip -> snakekeylogger continued to 12/26,Attachment,3 | |
| 12/27/2024,Malicious email campaign; morning,MV WADI S // Hull cleaning at PORT; zip -> snakekeylogger continued to 12/28,Attachment,3 | |
| 12/27/2024,Malicious email campaign; morning,AFPL/ MT 'ESHIPS COBIA'- VESSEL CALLING TO YOUR GOOD; zip -> snakekeylogger continued to 12/28,Attachment,3 | |
| originlogger, 00875bfb6feb1281357d738b5989e4ce000db6521eafb1edd29e7d3cf6117ad3, mail.sarahfoils.com | |
| originlogger, 07463687693e68947b76ead68ae75f764649c80725f4914cde0eaf0d1c4644d7, mail.vrlogistic.com | |
| originlogger, 083488944d0efc342bbb4bdb7881822e14781b3888ea58d1f7121dea52933373, mail.femhaz.hu | |
| originlogger, 0b6b634a3d763601e989506f485f0bbbb9aa0b739f34d5566069bfd7bdc05904, mail.bezzleauto.com | |
| originlogger, 1be1eb3fc904fc5a9e9e555e3fa4a2b6a5a299917d5afa9a1570079195387fa3, mail.asiaparadisehotel.com | |
| originlogger, 1d79756d1b41dd8556576d53dcce29b47791ad27316c62cc0e256d75dde3e52c, mail.coaatja.com | |
| originlogger, 214de679f00845231238252dc3295762b74c77b7a2ddd7d7eb38f04321bba1dd, mail.bezzleauto.com | |
| originlogger, 25ed66335a82f70ae9980bb3f4635398c537b294eeca7728d5994ce9b266ca12, mail.precise.co.in | |
| originlogger, 26e3295aa8a473155951d618971b749be570e36898bb7ad0b0e690648e7c2fd8, mail.precise.co.in | |
| originlogger, 2743ed82252fc5c06c1696d961a2fd9ec7e1a49f085b08f6d88ec554707d9e0c, mail.precise.co.in | |
| originlogger, 27d672cb71c052ba0379590d9fa4ad1253f9b2c12692586bf5829ed0b8d94431, mail.helikhodro.com | |
| originlogger, 2877f7995c2735d9f3776a49b6b28f9af850446b023821833c94581ce2b689c4, mail.elec-qatar.com | |
| originlogger, 29383cc60aaa6a07071ed65e546c603f9631e8a468d690c1914c1208f8b953ae, mail.femhaz.hu | |
| originlogger, 3af8e8d96431992127c5774977cb7b3ea300c4ef8b23a620f0213f42b79584d9, 20231206_120522_WATwZEYppAak3MBKwmGvnZjaXEK9OPM5.eml | |
| originlogger, 3f479de77fd65ff82d89c44b941aedd81d9afe93093699e40ba82b02e058719a, mail.vrlogistic.com | |
| originlogger, 43505231035c21e05e594cefd6519952f5808f9b6b3e20b5a1abacde15b8cb9c, host2069.hostmonster.com | |
| originlogger, 4722e9113d3f8eaa1956f990da588f8eed324bb8d5551d52bff3bf4536a6010d, mail.2sautomobile.com | |
| originlogger, 48640541d98ded5a850e2c281cd551eea3598502ab725bfa2ac4ce5f7846b3ed, mail.atasoygumrukleme.com | |
| originlogger, 4b41260da8f93986ca0bac53fd006dd6e17fb94b81960677221ed9ecc63b0eed, host2069.hostmonster.com | |
| originlogger, 4ec757a53ab17fbf9fb784f7acbf23a44ce3fcff4ebe00c067ec36bdc6c0e8f3, MAIL.starmech.in | |
| originlogger, 5889d17651164539438b8f01cc545f343d3d7e2c3efde4fae6b33f7d13c49b70, mail.ronaldsmith.loan | |
| originlogger, 5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34, mail.amtechcards.com | |
| originlogger, 5b55547eef5b3c1cdc44a3aaf8fd061471d2236cb6b3cfcada6bc2ece749adc3, 20231212_091934_MNm7_8vIRSXsAqXTIN3_7pd5HJTLjwrf.eml | |
| originlogger, 5ce3eab6d2f6dce6ed4e7be3a397250f8489f0083c825f9f2dce0730525ec0d5, 20231204_025839_R7j1qtTcx9p4Ivkl_tSS4ZJzTplzhsDC.eml | |
| originlogger, 5f18177e3983cc801653cb1da190145a1e83cc5b277ea0246107c15f165bb554, host2069.hostmonster.com | |
| originlogger, 5f918d7bd2348f90d00f38003918dc9e614741d42f7157bff50cfac0e2d4fe06, mail.bezzleauto.com | |
| originlogger, 66f34a1f996f03fa16851cd050547e352a49dfa96950579b1f69cb32a39485df, mail.asiaparadisehotel.com | |
| originlogger, 68539ce65162c2526ee390f706b68e249e05e0453f2e5138dd77a9d5aaa9b54c, mail.dayanbiotech.ir | |
| originlogger, 6a925c2569b45a9199d08453915475565d5ea13788bb12ede9102c370f8bce0f, mail.2sautomobile.com | |
| originlogger, 6c2f5afa91ac37f222db8a2055e183efc732e08596f9e4cb664d0453ac5c8f3c, ftp://ftp.mercuresurabaya.com | |
| originlogger, 70a65c589b3b46ed049d952785c5f21d709c7b1558bce2b0646e54927a93da38, ftp.mercuresurabaya.com | |
| originlogger, 71e5c4006ab60a5e9e6830c1eab07c23f018cd443cf5998f0ed89976eeb15abb, mail.amtechcards.com | |
| originlogger, 76b324f75db6095cf36f6cc55b3b7b9070a8f9ace436920cef5c792dbebebb15, mail.precise.co.in | |
| originlogger, 7cba6ce993da55a8706e4c726e120ce59a40622f20ed4f0beb971c1fb03b9519, mail.elec-qatar.com | |
| originlogger, 7f382cc5928a8adf09033a4412af83f103fe25384f7fb39343344432fc71f8c1, mail.precise.co.in | |
| originlogger, 80a2010e0a0ade699a0c4bc3d5f739491d4ea6ccf4abe39b8232ef39dc7aa430, mail.asiaparadisehotel.com | |
| originlogger, 810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04b, mail.abi0expertise.com | |
| originlogger, 864fe98f784db801dd8514226f5b70bb21f41ef4ffcef3fc77636fbfa039444a, mail.2sautomobile.com | |
| originlogger, 8879bff7f26b389b8d375928fc6095a3847f8602e00822e3f2f67705e2d85cc0, mail.asiaparadisehotel.com | |
| originlogger, 8c9e69c484e159acd88a9c50d70db9f104d9cd804ac6855d657c077c54faa4ac, mail.amtechcards.com | |
| originlogger, 8fc8d08ac95f945b863195ee3556c1e756754faff354db781a67a9323b4c06fc, mail.bezzleauto.com | |
| originlogger, 90c7b6bd3fd954125e071fca9a96c398d2c7c337e150b79c3629285858dd476c, mail.asiaparadisehotel.com | |
| originlogger, 961501b7f2e2ba7d255fc9cc4de8dfd0697dd2265c2e4e316f92854166614c31, mail.elec-qatar.com | |
| originlogger, 9824b822a689518c8db4e0c8ab997a7bd149c57618bdc7790d1dc121a2493a86, ftp://ftp.mercuresurabaya.com | |
| originlogger, 9c0346e08a28cec8ab5be231e650450bbf64ebc42a14169e755ed9badef3b630, mail.2sautomobile.com | |
| originlogger, 9d687a4e898291e7635a79e45f7cb5cd2f987dcd6f909d495e83dac2e1fd0cfc, ftp.mercuresurabaya.com | |
| originlogger, 9f468e738ac7218f377e20302bedf378c573b15e54f46b786e4a6b5a2081fc8b, mail.bezzleauto.com | |
| originlogger, 9f9871c67ea785d65921ea232a89ec9ae4ba1bb13dd01732b39aaf406d9544a0, mail.asiaparadisehotel.com | |
| originlogger, a4d1c2193d3db847e5c7132074a16826beff3d069e1ba83633b8ac7bc5c88f5e, zqamcx.com | |
| originlogger, a81e919be20c26807dc7d775ccdc026d4a9daf0116661dff5e3fbdaf29effe19, us2.smtp.mailhostbox.com | |
| originlogger, aa229130ed51294a06ff9dd26a0891c5da383cda41ceb0cf49e0878eb0ee021b, mail.bezzleauto.com | |
| originlogger, ada28dc16f1eb7d03ad145b01c1525e832d18bcd8a179dd68c1f5c4313b5853f, mail.helikhodro.com | |
| originlogger, ae74573b2465c82c7251fafa08ed86f4113f2568f21709f57c998371e5a6150b, mail.precise.co.in | |
| originlogger, b5373781057e3cc3a3e2064f57942adc17f2a3905de6c1037332dfaede7a9cba, mail.2sautomobile.com | |
| originlogger, b5cd63c5fec95f16d9c11ca726e0bad76d52eb122a6458b3940d5dd94d3a7dfb, mail.amtechcards.com | |
| originlogger, ba5b23fdbec77442d3d5e9e87ea46dba8ce7df395fa5668edabe9be96eebae10, mail.elec-qatar.com | |
| originlogger, bdf5c86fd79318fbe9c3e2bbf9234fb5d3ea093047e0b290244659f9c08c9ebe, mail.coaatja.com | |
| originlogger, c4ad291760dffaafe23d725dcf8545caf7bdca2f360457909b0b6bd5719c6fcb, mail.wasstech.com | |
| originlogger, cab0d981559ec627b28ba927840774c66ccba4c7cea401d748ac398f0ab39c85, us2.smtp.mailhostbox.com | |
| originlogger, ce18daad377673d765ae77224400740842cc31aee43a2cdb5e5ac564fbbe908d, mail.elec-qatar.com | |
| originlogger, d134c531dc1702e7fb2efb1b65146a367b76cd97c78e23492f2a45719bc80a2a, Hostcp5ua.hyperhost.ua | |
| originlogger, d61fdb59b0176c8e329052c1b577dd366f17f206b79769bf3ae56ed6d52575de, mail.bezzleauto.com | |
| originlogger, d92da33493917017ff937789890dfacd02c22671abd9ea8c196ea9dfd90f3a72, https://api.telegram.org/bot6631345683 | |
| originlogger, d9961b923d5187cab6c6216a4de0f61a03a24fd3cf6765a5c3eb0963e05f580c, mail.bezzleauto.com | |
| originlogger, de1f13055e11a5175a5401b2f765228a9e61e196cbc60c1417906bfe9f4ce688, mail.asiaparadisehotel.com | |
| originlogger, ded4d7400f9b37aa33cddbe13bb8f7bbb3a3acf4e4708d0b7cfededa46ffb79b, mymobileorder.com | |
| originlogger, e0b8c5c5f1fcfd52dffabc78f9ce5dedc8598ec30736ec30308cf5b2d4dc4801, mail.precise.co.in | |
| originlogger, e6370c7eee2c7a1101943e56807d0cac8e977a291385459a4d455d6eb7d821d8, mail.precise.co.in | |
| originlogger, e9cbd624aa2f7a22f007f7bb3c9a3e9ffb857a80db1a10427d5b8ec50244871b, mail.sarahfoils.com | |
| originlogger, ee62838a0de9611ef4a274e1c876605aca8a9548fe14664ab50802aec93bef3a, mail.vrlogistic.com | |
| originlogger, f24a13886b4f210691bf73566963618b370ca0781cf65cb212cafb13e12060ff, mail.coaatja.com | |
| originlogger, f3e9ff06f04b6f3fce67e3ae02f89eb6f006ae95391105703abded87bc53f362, mail.precise.co.in | |
| originlogger, fb0514347c4e3087847d4457e4dad6e14bb018ab1881bf7d64ea3bebdc308391, 20231201_104431_hfhEhUjpYPALwVtdy_zmsEgO9JLwIL6M.eml | |
| originlogger, fe631848ec9e5b0eb6675e44eee3d3bfc17bc4c2a1669842ab02303e748a85e7, host2069.hostmonster.com | |
| formbook, 0579b34c4d758e5ef224f1f5e25bd911aca81460df1a1cde1c1103b10cf9b33f, www.wx5z66dp.click/kqa8 | |
| formbook, 28550a9388fb4b6f64c8f0b718565f40735b3ae06ace13f8b5350d336e316ff9, www.quantumvoil.xyz/94in | |
| formbook, 3fe3a6df5a330bd2725872cb79b88b850582be007b064bd25df08b0488d16e5b, http://www.ageingisthedisease.com/izuc/ | |
| formbook, 41505a84ca11ad70e286ae8ca142ab8b72cf81346fd88ae524a3d4476fa81253, http://www.goatprodesign.com/ds0w/ | |
| formbook, 517ef015543f7db992fb3eac666fd9416bc2be14e5a467e289cf0024b7065a0d, http://www.quantumvoil.xyz/94in/ | |
| formbook, 5721a2c6e2c0a577828b9e4b3690a18a7df63e541aeba65781464c1f73e8da91, www.toppassiveincome.shop/88vu | |
| formbook, 5f738cfe796a0a2c79871af3b97474e55f808f80e2f40b272bd779cb62ab26fe, http://www.goatprodesign.com/ds0w/ | |
| formbook, 93c052934438599045e6d9a3177f5d7d57960cad17070bc74444c1e4818bb81b, www.hudi.codes/fdin | |
| formbook, afdafeeba2b88355620702b283e1f86fe655b8b43c4c9c4d84add28e3f777cef, http://www.goatprodesign.com/ds0w | |
| formbook, d149fc6adc07ffa848eb414438af0bb68cee6b0f3d7c4fe5dc919e7f5182bd27, http://www.e-saleshub.quest/mg0g/ | |
| formbook, d76f0bd5be27187672f2b89be93eba20033cadb397398143bfe6f81d8ef4d9dd, http://www.book2110.com/q0a9/ | |
| guloader-originlogger, e8c869ce645ed191a49065b3b51790b0d502f7045e9040aefdef98d697e47caf, server1.sqsendy.shop | |
| lokibot, 8ab4dee97e1c991a21be3bac6a68a35d4c9f85c70d333b4ce6d55c688cc2d87f, http://kelly.spencerstuartllc.top/_errorpages/kelly/five/fre.php | |
| nanocore, 020e75bba53b32452b70c2796aabfd51dbd2c82380bf138158ad590d9db1df72, 91.92.248.208 | |
| origin, 08a1a9925dfe42290e12823fa21cb53cd879fa1895011d2cfa41d1edeb464795, mail.ronaldsmith.loan | |
| origin, 2e8cc38f3632a65650d4cb44f5c9b66b5a31e9e431f21a67615a3566a3f0cb9e, https://discord.com/api/webhooks/1183413987946274836 | |
| origin, 338296c4afcdc67873712c300d6977a7e442437b05968c32c90909d623d1e1f1, https://discord.com/api/webhooks/1181759713713602600 | |
| origin, 715c5a3ad22226549fbcb358acac3117f11e4f7acf4f5bce0eff2117130eb1f2, mail.abi0expertise.com | |
| origin, 77817d3b0e0420afd868a1892253c582d8f9f744927885635c2435618bfa5d61, https://api.telegram.org/bot6407936943 | |
| origin, a50c08375ddd2954e1f0082afddecbe511c8cd55111471b34d9820f2874cdf04, https://xyzbench.com/gate | |
| originbotnet, fe98cdaacbbe31c9dee59a926693dc719ea9f1839ff62fa6997f5faf32a6a1aa, https://spf-asia.com/gate | |
| origin, d9c3810761942c6191a8e2dfb22b2178d6970bf474a908a4af1bc80b3022a774, us2.smtp.mailhostbox.com | |
| originlogger, a8bb637ae0ebc8d81d859968365d89d3d9452bf1d2d3e44cf19a96b9840dcbd3, mail.ronaldsmith.loan | |
| remcos, 3e46e79b7c70b354e95c89e0b014f41833d10e3c3d4bbdac4ef0244cfc76fcb7, 109.248.151.76:1974 | |
| remcos, 85dec13a308fd96a187495577a1d8713ad6a0ecd6f50f557f165c333d3540e11, 198.27.121.194:2024 | |
| remcos, a1ebbf52b74398374d414abda4eeee981f3529189701dc7fdcf92246f83cc02b, 198.27.121.194:2024 | |
| snake, 48991f467d8b22b9b36a1495de807796386f98fbadf09e01e1d913bf63951d33, varders.kozow.com | |
| snakekeylogger, 13f500cb766e4c37869fb3286cbefb2c2ecefb4a799ef7e5723f574a842d5647, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, 1af4b1e67dee34e1ce541150c83e1be4f75766d47ecebf4b476cb08aa04fa837, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, 2a2ddd46e762a33bd47b94a93f06a0a8560b868e8a37e5f1b9d6515ead3e974b, http://aborters.duckdns.org:8081/ | |
| snakekeylogger, 71aaa5510b2558e77807ee92dae0b7eef3c3f473be2078860769b58641b1c118, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, b8410c46b62f3f4fa0255c4fa37c4899f2fa7ee69883d35bd178e629e2db24db, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, becd887276df85a4eea5b2837327ee6eea59f0f7579f7894a8307e4681b9b5d4, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, cab1d5b926c4b6020fded7fc429de2f39f1728d3697ff9ba60fb08515a0453cc, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, d85b912c5171741966d6c8238db04de39b56ed1b696ccf7a32400d34cd29338c, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, f0df0ec243153f35a5522715fb79c372fde175ad98596185ec2eea5a16a535bf, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, f63b61933ecd47ebf5c5c79fb5e30c89852dc271dab0a6df17015392e1158293, http://aborters.duckdns.org:8081/_send_.php?TS | |
| snakekeylogger, fd3215fd4bcb33f2149cd4bed63011c2b992b5a008cdd289559031741e8a3089, http://aborters.duckdns.org:8081/_send_.php?TS | |
| wikiloader, 0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5, https://gya.com.bo/diubg12uin.php?id=1 | |
| asia@asiaparadisehotel.com | |
| atasoy@atasoygumrukleme.com | |
| boys@opttools-tw.com | |
| cash@koolorr.com | |
| contact@2sautomobile.com | |
| electronics@starmech.in | |
| gentle@mercuresurabaya.com | |
| info@abi0expertise.com | |
| info@dayanbiotech.ir | |
| info@helikhodro.com | |
| info@sarahfoils.com | |
| manjeet.singh@precise.co.in | |
| mep@ostdubai.com | |
| mohammed.abrar@elec-qatar.com | |
| obilog@hulkeng.xyz | |
| obo1@amtechcards.com | |
| passant.ahmed@wasstech.com | |
| Payables@bezzleauto.com | |
| pure@amtechcards.com | |
| sender@zqamcx.com | |
| sendill@longyarh.shop | |
| service@bezzleauto.com | |
| starz@demrnelhuber.net | |
| support1@vrlogistic.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment