API tools faq
paste
James_inthe_box

October Malspam Campaigns

James_inthe_box
Nov 1st, 2019
5,734
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.56 KB | None | 0 0
raw download clone embed print report
  1. Date,Details,Email Payload Type,Users Targeted
  2. 10/3/2019,"All subjects contain ""DocuSign""; link -> doc -> hancitor -> pony -> evilpony -> ursnif",Link,189
  3. 10/4/2019,"""Payment Advice (SOA)""; rar -> agenttesla",Attachment,6
  4. 10/5/2019,"""QUOTATION""; rtf -> hawkeye keylogger",Attachment,2
  5. 10/6/2019,"""Transfer copy of USD 29,658.00""; rar -> agenttelsa",Attachment,3
  6. 10/6/2019,All subjects contain fax or efax; docm -> trickbot,Attachment,28
  7. 10/6/2019,"""RE: Re: Re: Re: Proforma Invoice""; rar -> agenttesla",Attachment,13
  8. 10/8/2019,All subjects contain Docusign; link -> hancitor -> pony -> evilpony -> ursnif -> cobaltstrike,Link,151
  9. 10/8/2019,"""Pre-advice of payment to your account""; rar -> netwire",Attachment,6
  10. 10/9/2019,"""Here you go""; docx -> doc -> revenge rat",Attachment,20
  11. 10/9/2019,All subjects contain Docusign; link -> hancitor -> pony -> evilpony -> ursnif -> cobaltstrike,Link,19
  12. 10/10/2019,All subjects contain Docusign; link -> hancitor -> pony -> evilpony -> ursnif -> cobaltstrike,Link,540
  13. 10/10/2019,"""Remittance Advice: Bank of America Customer Advice -""; zip -> lnk -> ps1 -> remcos rat",Attachment,2
  14. 10/10/2019,"""????????????? - DHL-#AWB130501923096""; zip -> lokibot",Attachment,2
  15. 10/10/2019,"""Re: Inquiry for quotation""; doc -> pony loader continued to 10/13",Attachment,61
  16. 10/11/2019,Various hijacked subjects; zip -> ursnif,Attachment,5
  17. 10/14/2019,"""REQUEST FOR QUOTATION""; rar -> remcos",Attachment,7
  18. 10/14/2019,"""Our Ref. # 190 � 32018/03/18""; ",Attachment,2
  19. 10/14/2019,Various hijacked subjects; js -> remcos rat wshrat,Attachment,2
  20. 10/15/2019,"""Message could not be delivered""; zip -> mydoom (really�..)",Attachment,2
  21. 10/16/2019,"All subjects contain ""REVISED""; xlsx -> lokibot",Attachment,3
  22. 10/16/2019,"""Request For Quotation""; rar -> agenttesla",Attachment,12
  23. 10/16/2019,All subjects contain Package|DHL; link -> hancitor -> pony -> evilpony -> ursnif,Link,333
  24. 10/17/2019,"""RE: PO : RSs & NP872""; zip -> lokibot",Attachment,22
  25. 10/17/2019,All subjects contain eFax; link -> hancitor -> pony -> evilpony -> ursnif,Link,530
  26. 10/17/2019,"""Inquiry of 2x40FT HC Super Heavy""; doc -> lokibot",Attachment,2
  27. 10/17/2019,"""RE: 4500062058-T-BUOH(87%)-D/A 30days from B/L date - ????-2019.10.10""; rar -> lokibot",Attachment,44
  28. 10/17/2019,"""RFQ#SQ00014397T""; rar -> lokibot",Attachment,77
  29. 10/18/2019,"""Order Sample""; img -> agenttesla",Attachment,3
  30. 10/21/2019,All subjects contain Price|Rate; link -> hancitor -> pony -> evilpony,Link,270
  31. 10/21/2019,"""Your package has been delivered <digits>""; zip -> vbs -> dridex loader",Attachment,9
  32. 10/22/2019,"""Statement for month of SEPT, 2019""; iso -> hawkeye",Attachment,2
  33. 10/22/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony -> ursnif,Link,236
  34. 10/22/2019,"""Re: SV:PAYMENT""; rar -> formbook",Attachment,2
  35. 10/23/2019,"""Purchase Order : PO-0205/19""; iso -> hawkeye keylogger",Attachment,2
  36. 10/23/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony -> cobaltstrike,Link,1317
  37. 10/23/2019,"""Order Sample""; img -> agenttesla",Attachment,2
  38. 10/24/2019,"""Urgent New Order""; img -> agenttesla",Attachment,3
  39. 10/24/2019,"""RFQ- Purchase Order for Commodity King Traders llc- FOB Jebel Ali""; doc -> formbook",Attachment,2
  40. 10/24/2019,"""DHL - Your Shipment is Here""; img -> netwire",Attachment,4
  41. 10/24/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony -> ursnif,Link,1550
  42. 10/25/2019,All subjects hijacked; zip -> ursnif,Attachment,2
  43. 10/25/2019,"All subjects contain ""QUOTE|Quotation""; img ->",Attachment,4
  44. 10/25/2019,"""Shipping Document/ Invoice and Packing list""; zip -> agenttesla",Attachment,2
  45. 10/25/2019,"""Ref Quote""; img",Attachment,3
  46. 10/25/2019,"""Latest scans""; link -> xls -> get2 -> sdbbot",Attachment,51
  47. 10/25/2019,"""KTI TRADING COMPANY-Urgent Order""; iso and jar, hawkeye and adwind",Attachment,2
  48. 10/28/2019,"Subjects are blank or ""Sample Order""; iso -> agenttelsa",Attachment,4
  49. 10/28/2019,"""Sync.com - secure link notification""; link -> ta505 dropper",Link,166
  50. 10/28/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony,Link,"1,612"
  51. 10/28/2019,"All subjects contain ""Copy of your Maxim Invoice""; link -> ta505 dropper",Link,41
  52. 10/28/2019,"""Purchase Order Number 0062023389""; link -> zip",Link,2
  53. 10/29/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony,Link,"2,284"
  54. 10/29/2019,"""RE: [order confirmation]: ORDER OCTOBER 2019""; rtf -> agenttesla",Attachment,2
  55. 10/29/2019,"""Confirm quotation availability""; doc -> link -> agenttesla continued to 11/1",Attachment,40
  56. 10/29/2019,"""DHL NOTIFICATION: AWB Number:06785388011""; gz -> netwire continued to 10/31",Attachment,28
  57. 10/29/2019,"""Order Confirmation""; gz -> netwire continued to 10/31",Attachment,16
  58. 10/30/2019,"All subjects contain ""your corporate parcel status""; link -> trickbot",Link,3
  59. 10/30/2019,"""Re: PO1910057 - CATALITE""; zip -> njrat",Attachment,5
  60. 10/30/2019,"""QUOTATION FOR PURCHASE ORDER EQ-PO -SEPT-2891A""; doc -> remcos",Attachment,2
  61. 10/30/2019,"""Re: final PI""; zip -> formbook continued to 10/31",Attachment,25
  62. 10/30/2019,"Alls subjects contain ""??:"", rar iso -> agenttesla",Attachment,2
  63. 10/31/2019,"""Revised order! PO. 2019-04""; doc -> formbook",Attachment,6
  64. 10/31/2019,All subjects contain DocuSign; link -> hancitor -> pony -> evilpony,Link,"2,004"
  65.  
  66. malware c2's
  67. oct1/agenttesla/,smtp.chezgroups.com
  68. oct1/agenttesla/another/,mail.varikasery.com
  69. oct1/hawkeye/,smtp.arabsecurify.net
  70. oct1/metamorfo/,http://u00e1zquez.webcindario.com/Colaborades/
  71. oct2/adwind/,addahost.ddns.net
  72. oct2/agent-tesla-http/,http://grindtreue.online/gem/inc/76c93758881110.php
  73. oct2/agenttesla/,mail.torishima-qa.com
  74. oct2/agenttesla/another/,smtp.chezgroups.com
  75. oct2/nanocore/,59108.duckdns.org
  76. oct3/agenttesla/,us2.smtp.mailhostbox.com
  77. oct3/agenttesla/another/,mail.lasultanaoualidia.com
  78. oct3/hawkeye/,smtp.arabsecurify.net
  79. oct3/lokibot/,http://corpcougar.com/gozie/Panel/five/fre.php
  80. oct4/agenttesla/,smtp.chezgroups.com
  81. oct4/predator-ursnif/,http://forrf0410.info/api/check.get
  82. oct6/another/,mail.privateemail.com
  83. oct6/hawkeye/,smtp.arabsecurify.net
  84. oct6/remcos/,robertmoore.hopto.org
  85. oct7/agenttesla/,smtp.chezgroups.com
  86. oct7/agenttesla/3/,server1.monovm.com
  87. oct7/agenttesla/another/,us2.smtp.mailhostbox.com
  88. oct8/agenttesla/,mail.shivanilocks.com
  89. oct9/netwire/,trippleboss.warzonedns.com
  90. oct10/adwind-hawkeye/,lexd.duckdns.org
  91. oct10/agenttesla/,mail.deepblueamerica.com
  92. oct10/agenttesla/2/,mail.privateemail.com
  93. oct10/lokibot/,nonomonojolipoiubtrewert.tk/fre.php
  94. oct10/nanocore/,godwin.ddns.net
  95. oct10/pony/,onlygoodm.com
  96. oct10/remcos/,sub.winkcaffe.waw.pl
  97. oct11/azorult/,adityebirla.com/kent/index.php
  98. oct13/adwind/,respainc.duckdns.org
  99. oct13/agenttesla/,mail.gandi.net
  100. oct13/pony-loader/,www.jicago-jp.com/eng/gate.php
  101. oct14/agenttesla/,mail.privateemail.com
  102. oct14/agenttesla/2/,us2.smtp.mailhostbox.com
  103. oct14/agenttesla/3/,mail.privateemail.com
  104. oct14/azorult/,corpcougar.com
  105. oct14/dridex/,185.14.148.34
  106. oct14/nanocore/,213.152.162.170
  107. oct14/nanocore/another/,sub.thebest1jewels.waw.pl
  108. oct14/predator/,www.serawledindustries.com
  109. oct14/remcos-wshrat/,http://79.134.225.95:4050/is-ready
  110. oct14/remcos/,sub.thebest1jewels.waw.pl
  111. oct15/agenttesla/,mail.privateemail.com
  112. oct15/agenttesla/2/,us2.smtp.mailhostbox.com
  113. oct15/hawkeye/,smtp.universelcanning.com
  114. oct15/lokibot/,http://corpcougar.com/gozie/Panel/five/fre.php
  115. oct16/agenttesla/,smtp.yandex.com
  116. oct16/agenttesla/2/,mail.alserhgroup.com
  117. oct16/agenttesla/3/,us2.smtp.mailhostbox.com
  118. oct16/agenttesla/4/,us2.smtp.mailhostbox.com
  119. oct16/agenttesla/5/,mail.sysmarkbd.com
  120. oct16/dridex/,https://185.14.148.34/
  121. oct16/formbook/,www.chuangshunchem.com/um/
  122. oct16/hawkeye/,mail.privateemail.com
  123. oct16/hawkeye/2/,smtp.universelcanning.com
  124. oct16/lokibot/,http://tahetah.ir/.lox/fre.php
  125. oct16/nanocore/,godwin.ddns.net
  126. oct17/agenttesla/,us2.smtp.mailhostbox.com
  127. oct17/agenttesla/2/,us2.smtp.mailhostbox.com
  128. oct17/agenttesla/4/,smtp.rishichemlcals.com
  129. oct17/hawkeye/,smtp.arabsecurify.net
  130. oct17/lokibot/,atritei.icu/68259/roks/fre.php
  131. oct17/lokibot/3/,http://modatie.gq/68259/roks/fre.php
  132. oct18/agenttesla/,my103.ht2u.net
  133. oct18/agenttesla/another/,smtp.btconrnect.com
  134. oct20/,https://baloobafoudanitojahdge.space/n/file.php
  135. oct21/adwind-hawkeye/,lexd.duckdns.org
  136. oct21/agenttesla/,us2.smtp.mailhostbox.com
  137. oct21/dridex/,185.14.148.34
  138. oct21/formbook/,http://www.moraxy.com/dg/
  139. oct21/lokibot/,http://jajar.ru/kris/Panel/fre.php
  140. oct21/ostap/,185.130.104.187
  141. oct21/wshrat/,homi.doomdns.org
  142. oct22/agenttesla/,us2.smtp.mailhostbox.com
  143. oct22/agenttesla/2/,mail.shivanilocks.com
  144. oct22/agenttesla/3/,mail.varikasery.com
  145. oct22/avemaria/,185.165.153.46
  146. oct22/formbook/,www.mizorl.com/s40/
  147. oct22/hawkeye/,smtp.arabsecurify.net
  148. oct22/remcos/,top.subaroone.waw.pl
  149. oct23/agenttesla/2/,smtp.sitechukandlreland.com
  150. oct23/agenttesla/3/,server1.monovm.com
  151. oct23/hawkeye/,smtp.arabsecurify.net
  152. oct23/hawkeye/2/,mail.privateemail.com
  153. oct23/orion/,smtp.btconrnect.com
  154. oct23/pony/,http://chinalarnpbase.com/chief/gate.php
  155. oct24/agenttelsa-lokibot/,http://dadatiles.com.au/cba/Panel/five/fre.php
  156. oct24/agenttesla/,smtp.it8-e.org
  157. oct24/emotet/,http://201.213.32.59/devices/raster/
  158. oct24/formbook/,http://www.cancertreatmenttransport.com/dg/
  159. oct24/hawkeye/,grindtreue.online
  160. oct24/lokibot/,http://gracetime.tech/cyber/tech/coded/fre.php
  161. oct24/netwire/,fartgul.duckdns.org
  162. oct25/agenttesla/,smtp.sitechukandlreland.com
  163. oct25/agenttesla/2/,mail.hervitama.co.id
  164. oct25/agenttesla/3/,mail.coducation.com.my
  165. oct25/hawkeye-adwind/,mail.sigmachennai.com
  166. oct27/agenttesla/,mail.dsectioncreative.com
  167. oct27/formbook/,http://www.hairminders.com/px/
  168. oct27/hawkeye/,mail.privateemail.com
  169. oct28/agenttesla/,mailhostbox.com
  170. oct28/agenttesla/2/,lh2.monovm.com
  171. oct28/avemaria/,185.165.153.46
  172. oct28/avemaria/another/,favour.ddnsgeek.com
  173. oct28/formbook/,http://www.rwinzresearch.com/um/
  174. oct28/hawkeye/,smtp.spencneco.com
  175. oct28/netwire/,185.165.153.221
  176. oct28/remcos/,samuelcity.ddns.net
  177. oct28/ta505/,office-en-service.com
  178. oct29/agenttesla/,smtp.vwestrock.com
  179. oct29/agenttesla/3/,mail.wepmill.website
  180. oct29/avemaria-remcos/,mnx.duckdns.org
  181. oct29/netwire/,cowboyz.climatechangeawareness.uk
  182. oct30/agenttesla/,us2.smtp.mailhostbox.com
  183. oct30/agenttesla/2/,mail.hervitama.co.id
  184. oct30/agenttesla/3/,smtp.bmssrevis.com
  185. oct30/agenttesla/4/,smtp.yandex.com
  186. oct30/azorult/,https://adityebirla.com/kent/index.php
  187. oct30/formbook/,http://www.kovaxy.com/b5/
  188. oct30/njrat/,213.208.152.215
  189. oct30/raccoon/,http://34.65.76.39/gate/log.php
  190. oct30/remcos/,sub.thebest1jewels.waw.pl
  191. oct30/trickbot/,https://192.3.104.46/trgt98888
  192. oct31/adwind/,0000rrrvvv.duckdns.org
  193. oct31/agenttesla/,smtp.btconrnect.com
  194. oct31/agenttesla/3/,mail.hervitama.co.id
  195. oct31/agenttesla/4/,smtp.lbhrne.com
  196. oct31/agenttesla/5/,mail.kingstoncomplex.com
  197. oct31/formbook/,http://www.golaminators.com/bo/
  198. oct31/formbook/another/,http://www.garthhassel.com/px/
  199. oct31/nancore/,185.217.1.137
  200.  
  201. agenttesla/hawkeye exfil email addresses
  202. RCPT TO:<[email protected]>
  203. RCPT TO:<[email protected]>
  204. RCPT TO:<[email protected]>
  205. RCPT TO:<[email protected]>
  206. RCPT TO:<[email protected]>
  207. RCPT TO:<[email protected]>
  208. RCPT TO:<[email protected]>
  209. RCPT TO:<[email protected]>
  210. RCPT TO:<[email protected]>
  211. RCPT TO:<[email protected]>
  212. RCPT TO:<[email protected]>
  213. RCPT TO:<[email protected]>
  214. RCPT TO:<[email protected]>
  215. RCPT TO:<[email protected]>
  216. RCPT TO:<[email protected]>
  217. RCPT TO:<[email protected]>
  218. RCPT TO:<[email protected]>
  219. RCPT TO:<[email protected]>
  220. RCPT TO:<[email protected]>
  221. RCPT TO:<[email protected]>
  222. RCPT TO:<[email protected]>
  223. RCPT TO:<[email protected]>
  224. RCPT TO:<[email protected]>
  225. RCPT TO:<[email protected]>
  226. RCPT TO:<[email protected]>
  227. RCPT TO:<[email protected]>
  228. RCPT TO:<[email protected]>
  229. RCPT TO:<[email protected]>
  230. RCPT TO:<[email protected]>
  231. RCPT TO:<[email protected]>
  232. RCPT TO:<[email protected]>
  233. RCPT TO:<[email protected]>
  234. RCPT TO:<[email protected]>
  235. RCPT TO:<[email protected]>
  236. RCPT TO:<[email protected]>
  237. RCPT TO:<[email protected]>
  238. RCPT TO:<[email protected]>
  239. RCPT TO:<[email protected]>
  240. RCPT TO:<[email protected]>
  241. RCPT TO:<[email protected]>
  242. RCPT TO:<[email protected]>
  243. RCPT TO:<[email protected]>
  244. RCPT TO:<[email protected]>
  245. RCPT TO:<[email protected]>
  246. RCPT TO:<[email protected]>
  247. RCPT TO:<[email protected]>
  248. RCPT TO:<[email protected]>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!