SHARE
TWEET

2019-03-11 - Emotet malspam example

malware_traffic Mar 11th, 2019 (edited) 962 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-03-11 - EMOTET MALSPAM EXAMPLE
  2.  
  3. Received: from sonic313-19.consmr.mail.bf2.yahoo.com (sonic313-19.consmr.mail.bf2.yahoo.com [74.6.133.193])
  4.     by [removed] for [removed]; Mon, 11 Mar 2019 21:59:43 +0000 (UTC)
  5. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1552341583; bh=+Xv6PO6Ew7z4J4qhkZ4dDt5WJarddn+tdDVEV64Q9Nk=; h=Date:From:To:Subject:From:Subject; b=Ifq+Dw3NcwxUTFshvrVai+VWsz7op2j7xLMI6oTNyOnMj+JiVUQQd+8JGMlfRf5hvsWWfycDOla4p1S/vGwCMCsgKQgH1vVogpQ3ZDa0QoOEUIrlgkWkdQzs9nypXaiW3sV7GmkzpXbA8f8wOKX337CKZoK2coOCkbwRqYL+acI=
  6. X-YMail-OSG: C3ijE7sVM1ndLE50oMh2eejorfBShWXJq5tawMVsrKk8zuFUTL0qgn5O2eQgzwV
  7.  FF6z6VCpl3Devdmwf5dI4nBaKLdB5IxYROl_1P9WjOyrkHz7HargEFae_tEZso224AMhaZe_VRaT
  8.  4MU6ZSRGVd4jw6gk13onQUi50nVxjGuFOKjpCjyZyfMEbCoqXKRiKGmuVXo2rfbETqOzBQpom24e
  9.  cX5ZUyEsalzFIIP4TrQuimMfg2XaB8J6Xes8JfL5BTtcn4xKytseommXrQTbP9CLOSCwAko6RmrC
  10.  yj.PRmPgT3Ec.3XlMxzWUtUNw6k71WiWncqgi5QFSwRnyh1K_JIK4T4lD.ZT4J80yMx9cGlTdu4t
  11.  G.bG6sYOhPzhnWkrrI4ciJ_hcR6iIEyL345KZb8jOuCkETbZfyHRIYp0SuNi4WWJlFMbau9gUFQI
  12.  oWXBSQoMLqBfqzsQwiFJuX8Fxcxiu6MPQVFcr.KXaaclmfJ7liEn3lxXTrEVNZLEtEDScRx6qSqG
  13.  74_Znv9QD11la18thCIhdcoAVLkwPdIgWyF5r_UtLSFHqMWZR1_0lO4.0Rltx6OkMa6YnUR.CLLP
  14.  Su2s2wJpFQ9hJii6XmJE2OQO9Fu7SAcnja.Cn7d01zVotWfdI8LBkvrnpDNuytahlaq9HVI69XSV
  15.  VKC38f1_H_05yYybzughD578s1YErkLNMHwrB7AwAr1VY76MA.Ce2LwjTB4K27CiyiOewo.HM9Et
  16.  aq35NvDfXUS4iJ_gl11jOH0BtKuV9qXMXJRGBxRAXNR6Pv5kJojcggMHFVqqutYPsrj.AXdKBzmc
  17.  Qe3lsZwoE1NMGhTAfxoZDp78wnSfl6.WZHUGJonNCSklYkGix94eiKbf9VoWKubom2dvAc3BfbrU
  18.  tKJYoVrMQ5tNoXRFx7VCTmHHPLMfNBF1as7Bpa8Hn2MGdjzlbhohJYI1nGRO9OQRBUY3cCarkGCu
  19.  rB64Fvt_2.aFd5UnIv1LQVWqoezeAJuMjI1KLymxxwZEQBDvQ3V1uc9.eeJHSgj9LmHQWwqdDkKQ
  20.  EJP440GsBfjThP7latwIPaA1d7RCSC3F_Mu6M2Jo3cAGe9ZtT6bS07OnaTmFF8AKyNR3NXKv3wmR
  21.  aSCAd6TWm1yLExj_52oAGM1VW3waGJ93cjUcjKqtGEkBl1yAw1ACJdA--
  22. Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.bf2.yahoo.com with HTTP; Mon, 11 Mar 2019 21:59:43 +0000
  23. Received: from 189.162.127.5 (EHLO [192.11.5.20]) ([189.162.127.5])
  24.           by smtp414.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6d756a48191049d10e58aa100d9d7ee8
  25.           for [removed];
  26.           Mon, 11 Mar 2019 21:59:42 +0000 (UTC)
  27. Date: Mon, 11 Mar 2019 15:59:42 -0600
  28. From: UPS View <fjziemann@att.net>
  29. To: brian.sandoval@spraline.com
  30. Message-Id: <Y2pEo5O1Av9m7NTQTy5kRSbvUWhtZPi4Q1kwxHWwlo0omQnVqJN@[recipient's email domain]>
  31. Subject: UPS Express Domestic
  32. MIME-Version: 1.0
  33. Content-Type: text/html; charset=UTF-8
  34. Content-Transfer-Encoding: quoted-printable
  35.  
  36. <html>
  37. <body>
  38. <img border=3D"0" src=3D"https://www.ups-ebill.ups.com/ebilling/_assets/ima=
  39. ges/billingcenter_email_header.jpg" alt=3D"UPS Billing Center">
  40. <br>
  41. <b>You have a package coming.</b>
  42. <br><br>The physical parcel may or may not have actually been tendered to U=
  43. PS for shipment.
  44. <br><br>
  45. <br>----------------------------------------------------------
  46. <br><br>Scheduled Delivery Date: <b>Tuesday, 03/12/2019</b>
  47. <br><br>
  48. Shipment Details
  49. <br>----------------------------------------------------------
  50. <br><br>
  51. <br>From: <font style=3D"text-transform:uppercase;"><b>[spoofed sender name=
  52. ]</b></font>
  53. <br>Tracking Number: <a href=3D"http://barabooseniorhigh.com/En/sfrxv-pzbvn=
  54. -msqlrcyw/">1FT74277024300007</a>
  55. =20
  56. <br>Number of Packages: 3
  57. =20
  58. =20
  59. <br><br><br><br>Thank you for your business.
  60. </body>
  61. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top