SHARE
TWEET

2019-01-29 - example of Emotet malspam

malware_traffic Jan 29th, 2019 1,066 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Authentication-Results: [removed]; iprev=pass policy.iprev="190.109.209.234"; spf=pass smtp.mailfrom="jsanchez@resalhn.com" smtp.helo="mx0.tigobusiness.hn"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=resalhn.com
  2. Received: from [190.109.209.234] ([190.109.209.234:48738] helo=mx0.tigobusiness.hn)
  3.     by [removed] (envelope-from <jsanchez@resalhn.com>) [removed];
  4.     Tue, 29 Jan 2019 10:30:54 -0500
  5. X-Amavis-Modified: Mail body modified (using disclaimer) - mx0.tigobusiness.hn
  6. Date: Tue, 29 Jan 2019 11:24:25 -0400
  7. From: "[spoofed_sender_name]" <jsanchez@resalhn.com>
  8. To: [removed]
  9. Message-ID: <42430888895367017218.F61FF2874125DC13@[recipient's email address]>
  10. Subject: 01/29 SHC Invoice 40511 from [spoofed sender name]
  11. X-Mailer: Microsoft Outlook 16.0
  12. Content-Language: en-us
  13. Importance: High
  14. MIME-Version: 1.0
  15. Content-Type: multipart/mixed; boundary="----=_Part_39306_279841597.5856580211387400876"
  16.  
  17. ------=_Part_39306_279841597.5856580211387400876
  18. Content-Type: text/html; charset=UTF-8
  19. Content-Transfer-Encoding: quoted-printable
  20.  
  21. <html>
  22. <body>
  23. <p>
  24. =0DHere is the invoice you requested. Please let me know if there is anythi=
  25. ng else I can help you with.<br><br>
  26. <br>
  27. <a href=3D"http://es.thevoucherstop.com/glRf-s7_eO-eCr/COMET/SIGNS/PAYMENT/=
  28. NOTIFICATION/01/29/2019/US/ACH-form">Click here to view your invoice.</a>
  29. </p>
  30. <br>
  31. ---<br>
  32. <br>
  33. <i>[spoofed sender name]</i><br>
  34. <i>[spoofed sender's email address]</i><br>
  35. <br>
  36. <br>
  37. <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
  38. x #ccc solid;padding-left:1ex">
  39. <br>
  40. <br>
  41. <br>
  42. -----Original Appointment-----<br><br>
  43. =0D> *From:* "" <i>[removed]</i><br>=0D> *Sent:* Friday, January 25, 2019 10=
  44. :22<br>=0D> *To:* <i>[removed]</i><br>=0D> *Subject:* Re: AW: <i>[removed]</=
  45. i> #INV ...........<br>
  46. <br>=0D<br>
  47. </blockquote>
  48. </body>
  49. </html>
  50. ------=_Part_39306_279841597.5856580211387400876--
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top