Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2020-05-04 (MONDAY) - MALSPAM WITH XLS ATTACHMENTS PUSHING DRIDEX
- RELATED TO:
- - https://twitter.com/reecdeep/status/1257311243796271104
- DATA FROM 10 EMAIL EXAMPLES:
- EXAMPLE OF SENDING MAIL SERVERS:
- - Received: from ([37.176.91.105])
- - Received: from ([78.134.7.212])
- - Received: from 84.120.142.211.dyn.user.ono.com ([84.120.142.211])
- - Received: from 93-46-193-98.ip109.fastwebnet.it ([93.46.193.98])
- - Received: from ([93.151.233.33])
- - Received: from ([177.184.221.68])
- - Received: from ([179.24.74.84])
- - Received: from ([188.114.75.201])
- - Received: from ([195.210.41.158])
- - Received: from ([197.20.95.235])
- SENDER EMAIL ADDRESS:
- - From: "\Intuit E-Commerce Service\" <quickbooks@notification.intuit.com>
- SUBJECT LINE EXAMPLES:
- - Subject: April Inv # 357104
- - Subject: April Inv # 555930
- - Subject: April Inv # 963620
- - Subject: Invoice 837535
- - Subject: Invoice 848137
- - Subject: Invoice/Sales Receipt 432499
- - Subject: Invoice/Sales Receipt 689708
- - Subject: Purchase Order/Invoice 852029
- - Subject: Reminder: Invoice 180460
- - Subject: Reminder: Invoice 217567
- ATTACHMENT NAME EXAMPLES:
- - Attachment name: invoice_357104.xls
- - Attachment name: invoice_555930.xls
- - Attachment name: invoice_837535.xls
- - Attachment name: Invoice_180460_.xls
- - Attachment name: Invoice_217567_.xls
- - Attachment name: Invoice_432499_.xls
- - Attachment name: Invoice_689708_.xls
- - Attachment name: Invoice_848137_.xls
- - Attachment name: Invoice_852029_.xls
- - Attachment name: Invoice_963620_.xls
- EXAMPLES OF ATTACHMENTS:
- - SHA256 hash: 19042ea0e61783a3c281e3f02e0e2e2b07e9421bae0afeeae21febe450510f0c
- - File size: 64,000 bytes
- - File name: Invoice_050706_.xls
- - SHA256 hash: 5cf7bc9a59fcd10c02ca84c8dc4993b6f4425c645d863e69ea146668acf244a4
- - File size: 64,002 bytes
- - File name: invoice_984162.xls
Add Comment
Please, Sign In to add comment
