silence-is-best

Date,Details,Email Payload Type,Users Targeted
4/2/2024,Booking.com invoice 1467466252; pdf -> js -> originlogger,Attachment,3
4/2/2024,RE: New Urgent Order; zip -> originlogger,Attachment,3
4/4/2024,RES: RES : Request For Quotation; gz -> remcos,Attachment,4
4/7/2024,Quotation request _?FL202306200039?; z -> originlogger,Attachment,4
4/8/2024,Request for Quotation; xls -> remcos,Attachment,4
4/8/2024,Payment Advice - Advice Ref:[A22D4YdWsbE4] / Priority payment / Customer Ref; z -> originlogger,Attachment,4
4/8/2024,Attachment name is document.r15; -> originlogger,Attachment,3
4/15/2024,Top Order Inquiry; gz -> vbs -> guloader,Attachment,3
4/16/2024,Shipping Invoice & AWB; 7z -> vbs -> guloader,Attachment,2

silence-is-best

Date,Details,Email Payload Type,Users Targeted
12/1/2020,Balance Payment; pdf -> agenttesla,Attachment,2
12/1/2020,All subjects contain DocuSign floydnicholsonsc.com sender; link -> hancitor  -> ficker,Link,8257
12/2/2020,All subjects contain DocuSign frankstaropoli.com sender; link -> hancitor  -> ficker,Link,4810
12/2/2020,Subjects Invoice <digits>; xlsm|xls -> dridex,Attachment,117
12/2/2020,Re:Re: New Purchase Order-030220- SMART SOURCING INC; link -> agenttesla,Link,5
12/2/2020,Re: Re: Proforma PI-08598; gz -> remcos,Attachment,3
12/3/2020,All subjects contain DocuSign freitasforcongress.com sender; link -> hancitor  -> ficker,Link,6047
12/3/2020,BALANCE PAYMENT; z -> agenttesla,Attachment,4
12/3/2020,RE: Payment Advice; z -> agenttesla,Attachment,4

silence-is-best

Date,Summary ,Details,Email Payload Type,Users Targeted
3/1/2024,Malicious email campaign; morning,Re: lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,8
3/4/2024,Malicious email campaign; morning,RE: ADVANCE TT SLIP // FEB 2024 SOA PAYMENT; zip -> originlogger,Attachment,4
3/4/2024,Malicious email campaign; morning,DELIVERY RELEASE ORDER Ref-no: <<A3_DB2TH84T.CNT>>; zip -> originlogger continued to 3/19,Attachment,4
3/4/2024,Malicious email campaign; morning,New PO - PO#2024EH001; rar -> originlogger,Attachment,4
3/4/2024,Malicious email campaign; morning,Inquiry & Orders; rar -> formbook,Attachment,3
3/4/2024,Malicious email campaign; morning,Payment Advice - Advice; img -> originlogger,Attachment,3
3/4/2024,Malicious email campaign; morning,ARRIVAL NOTICE EVER BEADY 0732-081S Ref-no|RE: Release Payment; zip -> originlogger,Attachment,16
3/5/2024,Malicious email campaign; morning,Invoice copy.; zip -> img -> wsf|vbs -> xworm continued to 3/7,Attachment,14
3/5/2024,Malicious email campaign; evening,Şubat

silence-is-best

Date,Details,Payload Type,Users Targeted
2/1/2024,SOA PAYMENT SETTLEMENT; r01 -> dbatloader -> remcos,Attachment,5
2/1/2024,Request for Quotation; z -> originlogger continued to 02/04,Attachment,8
2/4/2024,Re:New Order; 7z -> originlogger,Attachment,2
2/5/2024,Quote; z -> origin logger,Attachment,4
2/6/2024,AmBank Remittance Advice/SOA SETTLEMENT/BL-FEB-2024/APPROVED; tar -> modiloader -> remcos,Attachment,6
2/7/2024,Header from noreply@kuehne-nagel.com|CHRobinsonAR@chrobinson.com; pdf -> wikiloader continied to 2/8,Attachment,162
2/8/2024,FW: Re: Quotation Request - Feb 2024 quotation.// New Supplier; lzh -> originlogger,Attachment,25
2/8/2024,RE: RFQ - 07.02.2024; xla -> doc -> vbs -> remcos,Attachment,3
2/12/2024,Payment remittance from Our Client/ Your Customer; 7z -> originlogger,Attachment,2

silence-is-best

Date,Details,Email Payload Type,Users Targeted
1/9/2024,Payment Failed: Update Your Payment Details to Avoid Subscription Interruption; pdf -> hagga -> orogin logger,Attachment,2
1/10/2024,Inquiry 37567 Appendices A, B, D, and E; 7z -> loader,Attachment,2
1/13/2024,Subjects contain Agency Appointment; zip -> snakekeylogger,Attachment,7
1/13/2024,FLF7992/22 // Shipment; zip -> snakekeylogger,Attachment,3
1/15/2024,Your UPS Parcel was delivered; gz -> originlogger,Attachment,2
1/15/2024,PO 4500082036; zip -> remcos,Attachment,3
1/15/2024,PDA and PORT INFO for 69 x 20' IMO CONTAINERS; zip -> snakekeylogger,Attachment,3
1/16/2024,Subjects start with Invoice from DSV: pdf -> zip -> js -> wikiloader,Attachment,369
1/17/2024,New Quotation 5665900481XXX024; rar -> oroginlogger,Attachment,3

silence-is-best

Src

101.100.168.8
106.201.232.211
112.165.98.84
113.160.178.233
115.238.191.246
116.249.154.224
117.4.201.133
122.171.19.108

silence-is-best

Date,Summary ,Details,Email Payload Type,Users Targeted
12/1/2023,Malicious email campaign; morning,Re: Inquiry; z -> originlogger,Attachment,4
12/3/2023,Malicious email campaign; morning,CV; doc -> formbook,Attachment,2
12/3/2023,Malicious email campaign; morning,Statement-1000276262; z -> originlogger,Attachment,4
12/4/2023,Malicious email campaign; morning,REQUEST FOR QUOTATION; gz -> formbook,Attachment,5
12/5/2023,Malicious email campaign; evening,URGENT PURCHASE ORDER No. 9104393019; gz -> originlogger,Attachment,3
12/5/2023,Malicious email campaign; morning,RE: Request for Urgent Quotation; gz -> formbook,Attachment,3
12/5/2023,Malicious email campaign; evening,Re: order December -06122023; 7z -> vbs -> guloader continued to 11/6,Attachment,13
12/5/2023,Malicious email campaign; evening,Payment Advice - Advice Ref:[A23Wo4XAk6xJ-IN] / Priority payment; rar -> originlogger,Attachment,4
12/5/2023,Malicious email campaign; morning,New Order /DB-078003417XXXXX; rar -> originlogger,Attachment,2

silence-is-best

Date,Summary , Details,Email Payload Type,Users Targeted
11/1/2023,Malicious email campaign; morning,Dhl// Shipment 0106245448; zi p-> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; morning,Enquiry - RFQ; zip -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,order 4806125050; iso -> agenttesla,Attachment,4
11/1/2023,Malicious email campaign; evening,Swift Advice 02-Nov-2023; pdf(rar) -> agenttesla,Attachment,4
11/2/2023,Malicious email campaign; evening,Quotation request 7142300109_00003517; rar -> img -> quaxloader -> agenttesla,Attachment,2
11/4/2023,Malicious email campaign; morning,Freight Invoice(s); z -> agenttesla,Attachment,4
11/5/2023,Malicious email campaign; morning,payment regarding shipment (urgent); rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,PO; rar -> agenttesla,Attachment,4
11/6/2023,Malicious email campaign; morning,Request For Quotation; 001 -> agenttesla,Attachment,2

silence-is-best

Date,Details,Email Payload Type,Users Targeted
4/4/2023,Attachment names is Stmnt0985.htm; html -> qbot,Attachment,2
4/5/2023,Shipping Documents VI210034; uue -> darkcloud,Attachment,2
4/5/2023,New PO - 23010; zip -> formbook,Attachment,4
4/6/2023,New_Order#SQ031776; cab -> agenttesla,Attachment,10
4/7/2023,Ibile Attached Payment; 7z -> agenttesla,Attachment,4
4/10/2023,Türkiye İş Bankası 10.04.2023 Tarihli Hesap Özeti - 659923163.POS; xlsm -> azorult,Attachment,2
4/10/2023,QUOTATION; gz -> agenttesla continued to 4/17,Attachment,2
4/11/2023,RE: RE: Sea and air /ANTEK Co.Ltd.; zip -> agenttesla,Attachment,2
4/12/2023,Outstanding invoice against B/l no MEDUV8024584; z -> agenttesla,Attachment,4

silence-is-best

Date,Details,Email Payload Type,Users Targeted
10/1/2021,Payment Advice - Advice Ref:[GLV927530529] / Priority payment / Customer Ref:[1057139]; zip -> asyncrat,Attachment,3
10/4/2021,RE: URGENT ORDER_NO.238275-ENQUIRY; r15 -> agenttesla,Attachment,3
10/4/2021,Re: *URGENT*- Invoice For Shipment; doc -> formbook,Attachment,2
10/5/2021,Attachment name is bl-invoice shipping docx.zip ;zip -> agenttesla continued to 8/6,Attachment,4
10/5/2021,View Secured Document for Review & Printing; doc -> formbook,Attachment,4
10/5/2021,Subjects contain DocuSign, FICCOB.COM sender; link -> hancitor,Link,3363
10/5/2021,Docusign document; link -> zip -> iso -> bazaloader,Link,7
10/5/2021,RE�:�STATEMENT�OF�ACCOUNT; link -> avemaria,Link,3
10/5/2021,NEW PURCHASE ORDER-NO.Z21239-WMHL|NEW QUOTATION REQUEST; ppt -> hagga -> agenttesla,Attachment,6