API tools faq
paste
Advertisement
James_inthe_box

Dec 2017 Campaigns

James_inthe_box
Jan 2nd, 2018
467
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.48 KB | None | 0 0
raw download clone embed print report
  1. 12/1/2017,Malicious email campaign morning,"<digits>_Invoice_<digits>"; 'doc' (is 7z) -> vbs -> globeimposter ransomware,Attachment,3192
  2. 12/1/2017,Malicious email campaign morning,"Re: <username>|Fw: <username"; passworded doc -> link -> sigma ransomware,Attachment,20
  3. 12/4/2017,Malicious email campaign morning,"Emailing: <digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,542
  4. 12/4/2017,Malicious email campaign morning,"CC Confirmation"; 7z -> vbs -> globeimposter ransomware,Attachment,562
  5. 12/5/2017,Malicious email campaign morning,"Message from "G10PR0024379.<domain>"; 7z -> vbs -> globeimposter ransomware,Attachment,374
  6. 12/5/2017,Malicious email campaign morning,"Scan Data"; 7z -> vbs -> globeimposter ransomware,Attachment,1800
  7. 12/6/2017,Malicious email campaign morning,"RE: FYI invoice status"; doc -> hancitor -> pony -> evilpony -> icedid trojan,Link,814
  8. 12/7/2017,Malicious email campaign morning,"Invoice INV0000<digits>|INV0000<digits>"; 7z -> vbs -> globeimposter/trickbot,Attachment,392
  9. 12/7/2017,Malicious email campaign morning,All subjects contain "fattura"; xls -> pandabanker,Attachment,11
  10. 12/7/2017,Malicious email campaign morning,"New Fax Message from <digits>"; doc -> hancitor -> pony -> evilpony -> icedid trojan,Attachment,759
  11. 12/7/2017,Malicious email campaign morning,"Scan"; doc -> trickbot trojan, attachment was inline, so showed up as b64 inline,Attachment,994
  12. 12/8/2017,Malicious email campaign morning,"Emailed Invoice - <digits>"; doc -> trickbot,Attachment,107
  13. 12/11/2017,Malicious email campaign morning,"Emailing: <characters> 11.12.2017"; doc -> globeimposter ransomware, attachment was inline, so showed up as b64 inline,Attachment,298
  14. 12/11/2017,Malicious email campaign morning,"New incoming fax from <phone number> on Mon, 11 Dec 2017 <timestamp>"; doc -> hancitor -> pony -> evilpony -> pandabanker trojan,Link,81
  15. 12/11/2017,Malicious email campaign morning,"Invoice <chracters>"; 7z -> vbs -> globeimposter/trickbot,Attachment,188
  16. 12/12/2017,Malicious email campaign morning,"Invoice RE-2017-12-12-<digits>|Your Payment - <digits>"; doc -> trickbot,Attachment,815
  17. 12/13/2017,Malicious email campaign morning,"Status of invoice <characters>"; doc -> trickbot,Attachment,106
  18. 12/13/2017,Malicious email campaign morning,"Message from KM_<digits>e"; doc -> globeimposter ransomware,Attachment,366
  19. 12/13/2017,Malicious email campaign morning,"New incoming fax from <phone number>"; doc -> hancitor -> pony -> evilpony -> icedid banking trojan,Link,414
  20. 12/15/2017,Malicious email campaign morning,"Scan"; doc -> globeimposter ransomware, attachment was inline, so showed up as b64 inline,Attachment,275
  21. 12/18/2017,Malicious email campaign morning,"LogMeIn Audit Notification - Payment Declined"; doc -> hancitor -> pony -> evilpony -> pandabanker trojan,Attachment,365
  22. 12/18/2017,Malicious email campaign morning,"12月度発注書送付"; xls -> exe -> ifsb trojan,Attachment,47
  23. 12/19/2017,Malicious email campaign morning,"Voice Message from (Outside Caller (1m <digits>s)|digits <digits>)"; 7z -> vbs -> globeimposter ransomware,Attachment,1031
  24. 12/19/2017,Malicious email campaign morning,"Your tracking information for package <digits> is available!"; doc -> hancitor -> pony -> evilpony -> pandabanker trojan,Link,1049
  25. 12/20/2017,Malicious email campaign morning,"Purchase Order <digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,1042
  26. 12/21/2018,Malicious email campaign morning,"You have received a fax message"; doc -> trickbot,Attachment,9
  27. 12/22/2017,Malicious email campaign morning,"Emailing: IMG_<digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,2459
  28. 12/22/2017,Malicious email campaign morning,"Outstanding Statement"; 7z -> vbs -> globeimposter ransomware,Attachment,1963
  29. 12/26/2017,Malicious email campaign morning,"CCE26122017_<digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,562
  30. 12/27/2017,Malicious email campaign morning,"Fwd: 12月度発注書送付"; xls -> urlzone,Attachment,15
  31. 12/27/2017,Malicious email campaign morning,"Invoice_<digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,1598
  32. 12/27/2017,Malicious email campaign morning,"You have received a fax message"; doc -> trickbot,Attachment,4
  33. 12/28/2017,Malicious email campaign morning,"CCE28122017_<digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,1909
  34. 12/28/2017,Malicious email campaign morning,"Copy_<digits>"; 7z -> vbs -> globeimposter ransomware,Attachment,742
  35. 12/29/2017,Malicious email campaign morning,"Scan"; 7z -> vbs -> globeimposter ransomware,Attachment,1268
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!