API tools faq
paste
Advertisement
James_inthe_box

July 2019 Email Campaigns

James_inthe_box
Aug 1st, 2019
1,159
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.41 KB | None | 0 0
raw download clone embed print report
  1. Date,Summary ,Details,Remediation Steps,Category,Sub Category,Email Payload Type,Users Targeted
  2. 7/1/2019,Malicious email campaign; morning,All subjects contain eFax; link -> hancitor -> pony -> cobaltstrike -> ursnif,Email,Malware,Link,1590
  3. 7/1/2019,Malicious email campaign; evening,"""Invoices""; xlsx -> formbook",Email,Malware,Attachment,3
  4. 7/2/2019,Malicious email campaign; morning,"""Fwd: Copy of TT for Inv No.QH114/2019 Dt:18-0194-""; gz -> avemaria rat",Email,Malware,Attachment,11
  5. 7/2/2019,Malicious email campaign; morning,All subjects contain DocuSign; link -> hancitor -> pony -> ursnif,Email,Malware,Link,159
  6. 7/2/2019,Malicious email campaign; evening,"""Request For Quotation""; zip iso -> hawkeye and lokibot",Email,Malware,Attachment,4
  7. 7/2/2019,Malicious email campaign; evening,"""RFq Specification % qty 01072019""; 2 zips -> hawkeye and lokibot",Email,Malware,Attachment,2
  8. 7/3/2019,Malicious email campaign; morning,"""GLOBAL TRADING INQUIRY No. 06580319""; doc -> agenttesla",Email,Malware,Attachment,4
  9. 7/3/2019,Malicious email campaign; morning,"""Police Agenda - Case Number: <digits>""|Fax Message [Caller-ID is <digits>]; doc -> dridex",Email,Malware,Attachment,5
  10. 7/5/2019,Malicious email campaign; evening,"""RE: Quote: BMA1253515 P/N: 246-41-745 RESENDING PO""; iso -> formbook",Email,Malware,Attachment,13
  11. 7/6/2019,Malicious email campaign; morning,"""New Lpo""; doc -> agenttesla",Email,Malware,Attachment,4
  12. 7/8/2019,Malicious email campaign; morning,"""ZHEJIANG XIUXIU REQUEST FOR QUOTATION - JULY 9/10 ORDER NO:0141""; rar -> formbook continued to 7/9",Email,Malware,Attachment,5
  13. 7/8/2019,Malicious email campaign; morning,"""Prices Dated 25th June 2019""; xlsx -> formbook continued to 7/9",Email,Malware,Attachment,5
  14. 7/8/2019,Malicious email campaign; morning,"""Re: Revise proforma invoice""; rar -> nanocore",Email,Malware,Attachment,9
  15. 7/8/2019,Malicious email campaign; morning,"""RE: Quote: BMA1253515 P/N: 246-41-745 RESENDING PO""; zip ->",Email,Malware,Attachment,13
  16. 7/8/2019,Malicious email campaign; morning,"""ZHEJIANG XIUXIU REQUEST FOR QUOTATION - 3X40'FCL CTR.87 FOR JULY""; rar -> doc -> formbook",Email,Malware,Attachment,2
  17. 7/9/2019,Malicious email campaign; morning,"""INVOICE SETTLEMENTS""; iso -> agenttesla",Email,Malware,Attachment,16
  18. 7/9/2019,Malicious email campaign; morning,"""RFQ#BRMC010""; xlsx -> formbook",Email,Malware,Attachment,3
  19. 7/9/2019,Malicious email campaign; morning,"""FW:re: orders & shipment advise""; doc -> formbook",Email,Malware,Attachment,6
  20. 7/9/2019,Malicious email campaign; morning,"""RE:WAITING FOR PRICE LIST-INQUIRY""; xlsx -> agenttesla",Email,Malware,Attachment,2
  21. 7/10/2019,Malicious email campaign; morning,"""DHL CONGINMENT NOTIFICATION""; zip -> agenttesla",Email,Malware,Attachment,2
  22. 7/11/2019,Malicious email campaign; morning,"""SOA ( statement of account )""; rar -> agenttesla",Email,Malware,Attachment,2
  23. 7/11/2019,Malicious email campaign; morning,"""Payment Confirmation for Pilgrims Pride Aviation""; zip -> broken",Email,Malware,Attachment,13
  24. 7/11/2019,Malicious email campaign; evening,"""New orders.""; doc -> formbook continued to 7/13",Email,Malware,Attachment,54
  25. 7/13/2019,Malicious email campaign; evening,"""Delivery Notification""; doc -> agenttesla",Email,Malware,Attachment,2
  26. 7/13/2019,Malicious email campaign; evening,"""Purchase Order 21085 from AVIATION LINK LLC URGENT""; iso zip -> broken",Email,Malware,Attachment,18
  27. 7/16/2019,Malicious email campaign; morning,"""Re:PRODUCT INQUIRY ""; doc -> lokibot",Email,Malware,Attachment,2
  28. 7/16/2019,Malicious email campaign; morning,"""Overpaid Invoices - June 2019""; zip -> jrat/adwind",Email,Malware,Attachment,8
  29. 7/17/2019,Malicious email campaign; morning,"""Re:Your DHL parcel/shipment.""; doc -> lokibot",Email,Malware,Attachment,2
  30. 7/17/2019,Malicious email campaign; morning,"""PO #SB-65809""; rar -> remcos rat",Email,Malware,Attachment,22
  31. 7/17/2019,Malicious email campaign; morning,Various Italian subjects; xlsx -> ursnif,Email,Malware,Attachment,4
  32. 7/17/2019,Malicious email campaign; evening,"""DUNIAPOLY CO., LTD - Products Inquiry""; rar -> formbook",Email,Malware,Attachment,16
  33. 7/18/2019,Malicious email campaign; morning,"Various ""Re:"" subjects; zip -> doc -> ursnif",Email,Malware,Attachment,12
  34. 7/18/2019,Malicious email campaign; morning,"""Transaction Notification Success""; 2 ace files -> lokibot",Email,Malware,Attachment,27
  35. 7/18/2019,Malicious email campaign; morning,All subjects contain DocuSign; zip -> vbs -> amadey -> pony -> ursnif (hancitor crew?),Email,Malware,Attachment,13
  36. 7/19/2019,Malicious email campaign; morning,"""Re: Remain payment US$9183.35. of PO 3153485""; rar -> agenttesla",Email,Malware,Attachment,23
  37. 7/19/2019,Malicious email campaign; morning,"""Request for OFFER BPC-9720423/TAKAM""; rar -> formbook",Email,Malware,Attachment,8
  38. 7/21/2019,Malicious email campaign; evening,"""Request for Quotation - NASUIT_NEW_ORDER""; rar -> formbook continued to 7/22",Email,Malware,Attachment,20
  39. 7/22/2019,Malicious email campaign; morning,"""Really important POS Security Upgrade Notification""; zip -> vbs -> amadey -> pony -> ursnif -> cobaltstrike",Email,Malware,Attachment,42
  40. 7/23/2019,Malicious email campaign; morning,"""Purchase Order #34640""; img -> nanocore",Email,Malware,Attachment,4
  41. 7/23/2019,Malicious email campaign; morning,"""PAYMENT/23072019""; zip -> formbook",Email,Malware,Attachment,6
  42. 7/23/2019,Malicious email campaign; morning,"All subjects contain ""You have a shipment""; zip -> vbs -> amadey -> pony -> ursnif",Email,Malware,Attachment,9
  43. 7/23/2019,Malicious email campaign; morning,"""Purchase Order""; xlsx docx -> lokibot continued into 7/25",Email,Malware,Attachment,4
  44. 7/23/2019,Malicious email campaign; evening,"""New Order 07242019""; doc -> agenttesla continued into 7/24",Email,Malware,Attachment,6
  45. 7/24/2019,Malicious email campaign; morning,"""urgent request""; xlsx -> nanocore",Email,Malware,Attachment,6
  46. 7/24/2019,Malicious email campaign; morning,"""MLEA Personnel Policies 7-2019""; link -> zip -> vbs -> trickbot",Email,Malware,Link,2
  47. 7/25/2019,Malicious email campaign; morning,Various hijacked subjects; zip -> ursnif ,Email,Malware,Attachment,10
  48. 7/25/2019,Malicious email campaign; morning,"""Request for Quotation - HEALTHCABIN NEW ORDER""; rar -> formbook",Email,Malware,Attachment,3
  49. 7/25/2019,Malicious email campaign; morning,"All subjects contain ""Fedex""; zip -> vbs -> amadey -> pony -> cobaltstrike",Email,Malware,Attachment,40
  50. 7/25/2019,Malicious email campaign; morning,Blank subject; xz -> bitly link -> formbook,Email,Malware,Attachment,2
  51. 7/28/2019,Malicious email campaign; morning,"""ORDER SPECIFICATION (AUGUST)""; doc -> agenttesla contined to 7/31",Email,Malware,Attachment,6
  52. 7/29/2019,Malicious email campaign; morning,"All subjects contain ""DHL DOCUMENTS""; xls -> ursnif",Email,Malware,Attachment,96
  53. 7/29/2019,Malicious email campaign; morning,"""RE: Problem With Intermediary Bank""; gz -> pony continued to 7/30",Email,Malware,Attachment,6
  54. 7/29/2019,Malicious email campaign; morning,"""URGENT REQUEST FOR QUOTATION""; xlsx -> agenttesla",Email,Malware,Attachment,5
  55. 7/29/2019,Malicious email campaign; morning,"""Purchasing Products""; xlsx -> agenttesla",Email,Malware,Attachment,5
  56. 7/29/2019,Malicious email campaign; morning,"""50% advance payment""; xlsx -> agenttesla",Email,Malware,Attachment,10
  57. 7/29/2019,Malicious email campaign; evening,"""Re-CONFIRM INVOICE""; xlsx -> agenttelsa",Email,Malware,Attachment,5
  58. 7/29/2019,Malicious email campaign; evening,"""RES: Payment""; rar -> pony",Email,Malware,Attachment,19
  59. 7/30/2019,Malicious email campaign; morning,"""MIDDLE EAST QUARTERLY RFQ_NPBLPL02961_30072019 (IRAN)""; rar -> formbook",Email,Malware,Attachment,26
  60. 7/30/2019,Malicious email campaign; morning,"""Confirm Invoices For Payment Purpose""; xlsx -> agenttesla",Email,Malware,Attachment,5
  61. 7/30/2019,Malicious email campaign; evening,"""Re:purchase order""; xlsx -> agenttesla",Email,Malware,Attachment,5
  62. 7/30/2019,Malicious email campaign; evening,"""FYI: Remittance Advice""; rar-zip -> remcos rat continued to 7/31",Email,Malware,Attachment,4
  63. 7/31/2019,Malicious email campaign; evening,"""Invoice 78294 from Safecom Security N.V.""; jar -> qrat",Email,Malware,Attachment,3
  64. 7/31/2019,Malicious email campaign; evening,"""New Order DM8 6700356 - PORT REF : YKP77589 10X100""; doc -> agenttesla",Email,Malware,Attachment,2
  65. 7/31/2019,Malicious email campaign; evening,"""Enquiry IMRAN LASKAR- JUABIL/KSA""; doc -> agenttelsa continued to 8/1",Email,Malware,Attachment,4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!