SHARE
TWEET

2019-04-24 - Emote malspam example

malware_traffic Apr 24th, 2019 1,739 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-04-24 - EMOTET MALSPAM EXAMPLE
  2.  
  3. X-Originating-Ip: [66.96.189.5]
  4. Authentication-Results: [removed]; iprev=pass policy.iprev="66.96.189.5"; spf=pass smtp.mailfrom="SRS0=8/Z0NL=S2=jonesawnings.com=mwalters@eigbox.net" smtp.helo="bosmailout05.eigbox.net"; dkim=fail (signature verification failed) header.d=jonesawnings.com; dmarc=none (p=nil; dis=none) header.from=jonesawnings.com
  5. X-Suspicious-Flag: YES
  6. X-Classification-ID: 2aa70a0c-669e-11e9-97f8-a0369f0d8808-1-1
  7. Received: from [66.96.189.5] ([66.96.189.5:55013] helo=bosmailout05.eigbox.net)
  8.     by [removed] (envelope-from <SRS0=8/Z0NL=S2=jonesawnings.com=mwalters@eigbox.net>)
  9.     [removed]; Wed, 24 Apr 2019 10:35:12 -0400
  10. Received: from bosmailscan03.eigbox.net ([10.20.15.3])
  11.     by bosmailout05.eigbox.net with esmtp (Exim)
  12.     id 1hJIzP-0005FN-N3
  13.     for admin@malware-traffic-analysis.net; Wed, 24 Apr 2019 10:35:11 -0400
  14. Message-ID: <8A.1F.07619.F1470CC5@[removed]>
  15. DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
  16.     d=jonesawnings.com; s=dkim; h=Sender:Content-Transfer-Encoding:Content-Type:
  17.     MIME-Version:Subject:To:From:Date:Reply-To:Message-ID:Cc:Content-ID:
  18.     Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
  19.     :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
  20.     List-Subscribe:List-Post:List-Owner:List-Archive;
  21.     bh=/BnoJydwLTX2ig7uBvogTNxOlu6y8sSBpzlHuf9fSuc=; b=ptOLefSBIe5RDdu11BzRwoLZVu
  22.     BqOE9XrdJVZehoi51upFHQOJJbkTQoE2pkIazmSMtXAOs4XYi0K7/z2D+cMIkUlM9qylvgZz334UL
  23.     MEAKnaPK/y4HRG32aS8TYSo6WURUAIugBlC//Ei0YuDuOKStc9Iv9sHY2Gr+EpoCN9P9pa1QLZ2B5
  24.     ZLE0GotX3zf3M51xOIePIWl8XSAKFeGR9rE6zZawzHTXcmR4LD6+rjVB+a+mcjl9+pmx+uCWANLd1
  25.     tHRoIZHsvy4E51xeMTTCha+r1BcQ5vwbMP6iPqqb4cznrWbveRkKuD85x/XvGdo0WZB5IgEO4WLVG
  26.     3ESuwBaw==;
  27. Received: from [10.115.3.33] (helo=bosimpout13)
  28.     by bosmailscan03.eigbox.net with esmtp (Exim)
  29.     id 1hJIzP-0001A3-JJ
  30.     for admin@malware-traffic-analysis.net; Wed, 24 Apr 2019 10:35:11 -0400
  31. Received: from bosauthsmtp19.yourhostingaccount.com ([10.20.18.19])
  32.     by bosimpout13 with
  33.     id 4Eb82000Q0QhFXN01EbBvD; Wed, 24 Apr 2019 10:35:11 -0400
  34. X-EN-SP-DIR: OUT
  35. X-EN-SP-SQ: 1
  36. Received: from [199.231.174.42] (port=51702)
  37.     by bosauthsmtp19.eigbox.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
  38.     (Exim)
  39.     id 1hJIzM-0005vZ-Dh
  40.     for admin@malware-traffic-analysis.net; Wed, 24 Apr 2019 10:35:08 -0400
  41. Date: Wed, 24 Apr 2019 10:35:08 -0500
  42. From: "Odell Palumbo" <mwalters@jonesawnings.com>
  43. To: "admin@malware-traffic-analysis.net" <admin@malware-traffic-analysis.net>
  44. Subject: Re: RE: Late shipment on Tuesday
  45. MIME-Version: 1.0
  46. Content-Type: text/html; charset=UTF-8
  47. Content-Transfer-Encoding: quoted-printable
  48. X-EN-UserInfo: 270b847658b2c9a21c23516e6e93532e:931c98230c6409dcc37fa7e93b490c27
  49. X-EN-AuthUser: mwalters@jonesawnings.com
  50. Sender:  "Odell Palumbo" <mwalters@jonesawnings.com>
  51. X-EN-OrigIP: 199.231.174.42
  52. X-EN-OrigHost: unknown
  53.  
  54. <html>
  55. <body>
  56. =0DLoad instructions attached
  57.  
  58. <br>
  59. <a href=3D"http://drwilsoncaicedo.com/wp-includes/FILE/E0vGepiG/">http://gm=
  60. x.com/doc/GCVW-278-BUC3121/Gmx_172180654071_Apr_24_2019.doc</a>
  61. <br>
  62. <br>
  63. <br>
  64. <br>
  65. Odell Palumbo<br>
  66. odell.palumbo@gmx.com
  67. <br>
  68. <br>
  69. <br>
  70. <br>
  71. ----Original Message-----<br><br>
  72. <pre>
  73. Odell,=0A=0AThis is the second time this has happened.  I'm discussing the =
  74. issue with Greg right now.  We'll be in touch.=0A=0A- Jacob=0A=0A-----Origi=
  75. nal Message-----=0AFrom: "Odell Palumbo" <odell.palumbo@gmx.com>=0ASent: Mo=
  76. nday, December 17, 2018 1:50am=0ATo: admin@malware-traffic-analysis.net=0AS=
  77. ubject: Late shipment on Tuesday=0A=0AHey Jacob,=0A=0A =0A=0AThat shipment =
  78. on Tuesday will be late.  You should get it after 1 PM in the=0Aafternoon i=
  79. nstead of before noon.  Sorry about that, man.=0A=0A =0A=0ARegards,=0A=0A =
  80. =0A=0AOdell=0A=0A
  81.  
  82. </pre>
  83. </body></html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top