This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
4/2/2024,Booking.com invoice 1467466252; pdf -> js -> originlogger,Attachment,3 | |
4/2/2024,RE: New Urgent Order; zip -> originlogger,Attachment,3 | |
4/4/2024,RES: RES : Request For Quotation; gz -> remcos,Attachment,4 | |
4/7/2024,Quotation request _?FL202306200039?; z -> originlogger,Attachment,4 | |
4/8/2024,Request for Quotation; xls -> remcos,Attachment,4 | |
4/8/2024,Payment Advice - Advice Ref:[A22D4YdWsbE4] / Priority payment / Customer Ref; z -> originlogger,Attachment,4 | |
4/8/2024,Attachment name is document.r15; -> originlogger,Attachment,3 | |
4/15/2024,Top Order Inquiry; gz -> vbs -> guloader,Attachment,3 | |
4/16/2024,Shipping Invoice & AWB; 7z -> vbs -> guloader,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
12/1/2020,Balance Payment; pdf -> agenttesla,Attachment,2 | |
12/1/2020,All subjects contain DocuSign floydnicholsonsc.com sender; link -> hancitor -> ficker,Link,8257 | |
12/2/2020,All subjects contain DocuSign frankstaropoli.com sender; link -> hancitor -> ficker,Link,4810 | |
12/2/2020,Subjects Invoice <digits>; xlsm|xls -> dridex,Attachment,117 | |
12/2/2020,Re:Re: New Purchase Order-030220- SMART SOURCING INC; link -> agenttesla,Link,5 | |
12/2/2020,Re: Re: Proforma PI-08598; gz -> remcos,Attachment,3 | |
12/3/2020,All subjects contain DocuSign freitasforcongress.com sender; link -> hancitor -> ficker,Link,6047 | |
12/3/2020,BALANCE PAYMENT; z -> agenttesla,Attachment,4 | |
12/3/2020,RE: Payment Advice; z -> agenttesla,Attachment,4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary ,Details,Email Payload Type,Users Targeted | |
3/1/2024,Malicious email campaign; morning,Re: lnvoice copy.; zip -> img -> wsf -> xworm,Attachment,8 | |
3/4/2024,Malicious email campaign; morning,RE: ADVANCE TT SLIP // FEB 2024 SOA PAYMENT; zip -> originlogger,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,DELIVERY RELEASE ORDER Ref-no: <<A3_DB2TH84T.CNT>>; zip -> originlogger continued to 3/19,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,New PO - PO#2024EH001; rar -> originlogger,Attachment,4 | |
3/4/2024,Malicious email campaign; morning,Inquiry & Orders; rar -> formbook,Attachment,3 | |
3/4/2024,Malicious email campaign; morning,Payment Advice - Advice; img -> originlogger,Attachment,3 | |
3/4/2024,Malicious email campaign; morning,ARRIVAL NOTICE EVER BEADY 0732-081S Ref-no|RE: Release Payment; zip -> originlogger,Attachment,16 | |
3/5/2024,Malicious email campaign; morning,Invoice copy.; zip -> img -> wsf|vbs -> xworm continued to 3/7,Attachment,14 | |
3/5/2024,Malicious email campaign; evening,Şubat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Payload Type,Users Targeted | |
2/1/2024,SOA PAYMENT SETTLEMENT; r01 -> dbatloader -> remcos,Attachment,5 | |
2/1/2024,Request for Quotation; z -> originlogger continued to 02/04,Attachment,8 | |
2/4/2024,Re:New Order; 7z -> originlogger,Attachment,2 | |
2/5/2024,Quote; z -> origin logger,Attachment,4 | |
2/6/2024,AmBank Remittance Advice/SOA SETTLEMENT/BL-FEB-2024/APPROVED; tar -> modiloader -> remcos,Attachment,6 | |
2/7/2024,Header from noreply@kuehne-nagel.com|CHRobinsonAR@chrobinson.com; pdf -> wikiloader continied to 2/8,Attachment,162 | |
2/8/2024,FW: Re: Quotation Request - Feb 2024 quotation.// New Supplier; lzh -> originlogger,Attachment,25 | |
2/8/2024,RE: RFQ - 07.02.2024; xla -> doc -> vbs -> remcos,Attachment,3 | |
2/12/2024,Payment remittance from Our Client/ Your Customer; 7z -> originlogger,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
1/9/2024,Payment Failed: Update Your Payment Details to Avoid Subscription Interruption; pdf -> hagga -> orogin logger,Attachment,2 | |
1/10/2024,Inquiry 37567 Appendices A, B, D, and E; 7z -> loader,Attachment,2 | |
1/13/2024,Subjects contain Agency Appointment; zip -> snakekeylogger,Attachment,7 | |
1/13/2024,FLF7992/22 // Shipment; zip -> snakekeylogger,Attachment,3 | |
1/15/2024,Your UPS Parcel was delivered; gz -> originlogger,Attachment,2 | |
1/15/2024,PO 4500082036; zip -> remcos,Attachment,3 | |
1/15/2024,PDA and PORT INFO for 69 x 20' IMO CONTAINERS; zip -> snakekeylogger,Attachment,3 | |
1/16/2024,Subjects start with Invoice from DSV: pdf -> zip -> js -> wikiloader,Attachment,369 | |
1/17/2024,New Quotation 5665900481XXX024; rar -> oroginlogger,Attachment,3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Src | |
101.100.168.8 | |
106.201.232.211 | |
112.165.98.84 | |
113.160.178.233 | |
115.238.191.246 | |
116.249.154.224 | |
117.4.201.133 | |
122.171.19.108 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary ,Details,Email Payload Type,Users Targeted | |
12/1/2023,Malicious email campaign; morning,Re: Inquiry; z -> originlogger,Attachment,4 | |
12/3/2023,Malicious email campaign; morning,CV; doc -> formbook,Attachment,2 | |
12/3/2023,Malicious email campaign; morning,Statement-1000276262; z -> originlogger,Attachment,4 | |
12/4/2023,Malicious email campaign; morning,REQUEST FOR QUOTATION; gz -> formbook,Attachment,5 | |
12/5/2023,Malicious email campaign; evening,URGENT PURCHASE ORDER No. 9104393019; gz -> originlogger,Attachment,3 | |
12/5/2023,Malicious email campaign; morning,RE: Request for Urgent Quotation; gz -> formbook,Attachment,3 | |
12/5/2023,Malicious email campaign; evening,Re: order December -06122023; 7z -> vbs -> guloader continued to 11/6,Attachment,13 | |
12/5/2023,Malicious email campaign; evening,Payment Advice - Advice Ref:[A23Wo4XAk6xJ-IN] / Priority payment; rar -> originlogger,Attachment,4 | |
12/5/2023,Malicious email campaign; morning,New Order /DB-078003417XXXXX; rar -> originlogger,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Summary , Details,Email Payload Type,Users Targeted | |
11/1/2023,Malicious email campaign; morning,Dhl// Shipment 0106245448; zi p-> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; morning,Enquiry - RFQ; zip -> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; evening,order 4806125050; iso -> agenttesla,Attachment,4 | |
11/1/2023,Malicious email campaign; evening,Swift Advice 02-Nov-2023; pdf(rar) -> agenttesla,Attachment,4 | |
11/2/2023,Malicious email campaign; evening,Quotation request 7142300109_00003517; rar -> img -> quaxloader -> agenttesla,Attachment,2 | |
11/4/2023,Malicious email campaign; morning,Freight Invoice(s); z -> agenttesla,Attachment,4 | |
11/5/2023,Malicious email campaign; morning,payment regarding shipment (urgent); rar -> agenttesla,Attachment,4 | |
11/6/2023,Malicious email campaign; morning,PO; rar -> agenttesla,Attachment,4 | |
11/6/2023,Malicious email campaign; morning,Request For Quotation; 001 -> agenttesla,Attachment,2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
4/4/2023,Attachment names is Stmnt0985.htm; html -> qbot,Attachment,2 | |
4/5/2023,Shipping Documents VI210034; uue -> darkcloud,Attachment,2 | |
4/5/2023,New PO - 23010; zip -> formbook,Attachment,4 | |
4/6/2023,New_Order#SQ031776; cab -> agenttesla,Attachment,10 | |
4/7/2023,Ibile Attached Payment; 7z -> agenttesla,Attachment,4 | |
4/10/2023,Türkiye İş Bankası 10.04.2023 Tarihli Hesap Özeti - 659923163.POS; xlsm -> azorult,Attachment,2 | |
4/10/2023,QUOTATION; gz -> agenttesla continued to 4/17,Attachment,2 | |
4/11/2023,RE: RE: Sea and air /ANTEK Co.Ltd.; zip -> agenttesla,Attachment,2 | |
4/12/2023,Outstanding invoice against B/l no MEDUV8024584; z -> agenttesla,Attachment,4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date,Details,Email Payload Type,Users Targeted | |
10/1/2021,Payment Advice - Advice Ref:[GLV927530529] / Priority payment / Customer Ref:[1057139]; zip -> asyncrat,Attachment,3 | |
10/4/2021,RE: URGENT ORDER_NO.238275-ENQUIRY; r15 -> agenttesla,Attachment,3 | |
10/4/2021,Re: *URGENT*- Invoice For Shipment; doc -> formbook,Attachment,2 | |
10/5/2021,Attachment name is bl-invoice shipping docx.zip ;zip -> agenttesla continued to 8/6,Attachment,4 | |
10/5/2021,View Secured Document for Review & Printing; doc -> formbook,Attachment,4 | |
10/5/2021,Subjects contain DocuSign, FICCOB.COM sender; link -> hancitor,Link,3363 | |
10/5/2021,Docusign document; link -> zip -> iso -> bazaloader,Link,7 | |
10/5/2021,RE�:�STATEMENT�OF�ACCOUNT; link -> avemaria,Link,3 | |
10/5/2021,NEW PURCHASE ORDER-NO.Z21239-WMHL|NEW QUOTATION REQUEST; ppt -> hagga -> agenttesla,Attachment,6 |
NewerOlder