Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Date,Summary ,Details,Remediation Steps,Category,Sub Category,Email Payload Type,Users Targeted
- 7/1/2019,Malicious email campaign; morning,All subjects contain eFax; link -> hancitor -> pony -> cobaltstrike -> ursnif,Email,Malware,Link,1590
- 7/1/2019,Malicious email campaign; evening,"""Invoices""; xlsx -> formbook",Email,Malware,Attachment,3
- 7/2/2019,Malicious email campaign; morning,"""Fwd: Copy of TT for Inv No.QH114/2019 Dt:18-0194-""; gz -> avemaria rat",Email,Malware,Attachment,11
- 7/2/2019,Malicious email campaign; morning,All subjects contain DocuSign; link -> hancitor -> pony -> ursnif,Email,Malware,Link,159
- 7/2/2019,Malicious email campaign; evening,"""Request For Quotation""; zip iso -> hawkeye and lokibot",Email,Malware,Attachment,4
- 7/2/2019,Malicious email campaign; evening,"""RFq Specification % qty 01072019""; 2 zips -> hawkeye and lokibot",Email,Malware,Attachment,2
- 7/3/2019,Malicious email campaign; morning,"""GLOBAL TRADING INQUIRY No. 06580319""; doc -> agenttesla",Email,Malware,Attachment,4
- 7/3/2019,Malicious email campaign; morning,"""Police Agenda - Case Number: <digits>""|Fax Message [Caller-ID is <digits>]; doc -> dridex",Email,Malware,Attachment,5
- 7/5/2019,Malicious email campaign; evening,"""RE: Quote: BMA1253515 P/N: 246-41-745 RESENDING PO""; iso -> formbook",Email,Malware,Attachment,13
- 7/6/2019,Malicious email campaign; morning,"""New Lpo""; doc -> agenttesla",Email,Malware,Attachment,4
- 7/8/2019,Malicious email campaign; morning,"""ZHEJIANG XIUXIU REQUEST FOR QUOTATION - JULY 9/10 ORDER NO:0141""; rar -> formbook continued to 7/9",Email,Malware,Attachment,5
- 7/8/2019,Malicious email campaign; morning,"""Prices Dated 25th June 2019""; xlsx -> formbook continued to 7/9",Email,Malware,Attachment,5
- 7/8/2019,Malicious email campaign; morning,"""Re: Revise proforma invoice""; rar -> nanocore",Email,Malware,Attachment,9
- 7/8/2019,Malicious email campaign; morning,"""RE: Quote: BMA1253515 P/N: 246-41-745 RESENDING PO""; zip ->",Email,Malware,Attachment,13
- 7/8/2019,Malicious email campaign; morning,"""ZHEJIANG XIUXIU REQUEST FOR QUOTATION - 3X40'FCL CTR.87 FOR JULY""; rar -> doc -> formbook",Email,Malware,Attachment,2
- 7/9/2019,Malicious email campaign; morning,"""INVOICE SETTLEMENTS""; iso -> agenttesla",Email,Malware,Attachment,16
- 7/9/2019,Malicious email campaign; morning,"""RFQ#BRMC010""; xlsx -> formbook",Email,Malware,Attachment,3
- 7/9/2019,Malicious email campaign; morning,"""FW:re: orders & shipment advise""; doc -> formbook",Email,Malware,Attachment,6
- 7/9/2019,Malicious email campaign; morning,"""RE:WAITING FOR PRICE LIST-INQUIRY""; xlsx -> agenttesla",Email,Malware,Attachment,2
- 7/10/2019,Malicious email campaign; morning,"""DHL CONGINMENT NOTIFICATION""; zip -> agenttesla",Email,Malware,Attachment,2
- 7/11/2019,Malicious email campaign; morning,"""SOA ( statement of account )""; rar -> agenttesla",Email,Malware,Attachment,2
- 7/11/2019,Malicious email campaign; morning,"""Payment Confirmation for Pilgrims Pride Aviation""; zip -> broken",Email,Malware,Attachment,13
- 7/11/2019,Malicious email campaign; evening,"""New orders.""; doc -> formbook continued to 7/13",Email,Malware,Attachment,54
- 7/13/2019,Malicious email campaign; evening,"""Delivery Notification""; doc -> agenttesla",Email,Malware,Attachment,2
- 7/13/2019,Malicious email campaign; evening,"""Purchase Order 21085 from AVIATION LINK LLC URGENT""; iso zip -> broken",Email,Malware,Attachment,18
- 7/16/2019,Malicious email campaign; morning,"""Re:PRODUCT INQUIRY ""; doc -> lokibot",Email,Malware,Attachment,2
- 7/16/2019,Malicious email campaign; morning,"""Overpaid Invoices - June 2019""; zip -> jrat/adwind",Email,Malware,Attachment,8
- 7/17/2019,Malicious email campaign; morning,"""Re:Your DHL parcel/shipment.""; doc -> lokibot",Email,Malware,Attachment,2
- 7/17/2019,Malicious email campaign; morning,"""PO #SB-65809""; rar -> remcos rat",Email,Malware,Attachment,22
- 7/17/2019,Malicious email campaign; morning,Various Italian subjects; xlsx -> ursnif,Email,Malware,Attachment,4
- 7/17/2019,Malicious email campaign; evening,"""DUNIAPOLY CO., LTD - Products Inquiry""; rar -> formbook",Email,Malware,Attachment,16
- 7/18/2019,Malicious email campaign; morning,"Various ""Re:"" subjects; zip -> doc -> ursnif",Email,Malware,Attachment,12
- 7/18/2019,Malicious email campaign; morning,"""Transaction Notification Success""; 2 ace files -> lokibot",Email,Malware,Attachment,27
- 7/18/2019,Malicious email campaign; morning,All subjects contain DocuSign; zip -> vbs -> amadey -> pony -> ursnif (hancitor crew?),Email,Malware,Attachment,13
- 7/19/2019,Malicious email campaign; morning,"""Re: Remain payment US$9183.35. of PO 3153485""; rar -> agenttesla",Email,Malware,Attachment,23
- 7/19/2019,Malicious email campaign; morning,"""Request for OFFER BPC-9720423/TAKAM""; rar -> formbook",Email,Malware,Attachment,8
- 7/21/2019,Malicious email campaign; evening,"""Request for Quotation - NASUIT_NEW_ORDER""; rar -> formbook continued to 7/22",Email,Malware,Attachment,20
- 7/22/2019,Malicious email campaign; morning,"""Really important POS Security Upgrade Notification""; zip -> vbs -> amadey -> pony -> ursnif -> cobaltstrike",Email,Malware,Attachment,42
- 7/23/2019,Malicious email campaign; morning,"""Purchase Order #34640""; img -> nanocore",Email,Malware,Attachment,4
- 7/23/2019,Malicious email campaign; morning,"""PAYMENT/23072019""; zip -> formbook",Email,Malware,Attachment,6
- 7/23/2019,Malicious email campaign; morning,"All subjects contain ""You have a shipment""; zip -> vbs -> amadey -> pony -> ursnif",Email,Malware,Attachment,9
- 7/23/2019,Malicious email campaign; morning,"""Purchase Order""; xlsx docx -> lokibot continued into 7/25",Email,Malware,Attachment,4
- 7/23/2019,Malicious email campaign; evening,"""New Order 07242019""; doc -> agenttesla continued into 7/24",Email,Malware,Attachment,6
- 7/24/2019,Malicious email campaign; morning,"""urgent request""; xlsx -> nanocore",Email,Malware,Attachment,6
- 7/24/2019,Malicious email campaign; morning,"""MLEA Personnel Policies 7-2019""; link -> zip -> vbs -> trickbot",Email,Malware,Link,2
- 7/25/2019,Malicious email campaign; morning,Various hijacked subjects; zip -> ursnif ,Email,Malware,Attachment,10
- 7/25/2019,Malicious email campaign; morning,"""Request for Quotation - HEALTHCABIN NEW ORDER""; rar -> formbook",Email,Malware,Attachment,3
- 7/25/2019,Malicious email campaign; morning,"All subjects contain ""Fedex""; zip -> vbs -> amadey -> pony -> cobaltstrike",Email,Malware,Attachment,40
- 7/25/2019,Malicious email campaign; morning,Blank subject; xz -> bitly link -> formbook,Email,Malware,Attachment,2
- 7/28/2019,Malicious email campaign; morning,"""ORDER SPECIFICATION (AUGUST)""; doc -> agenttesla contined to 7/31",Email,Malware,Attachment,6
- 7/29/2019,Malicious email campaign; morning,"All subjects contain ""DHL DOCUMENTS""; xls -> ursnif",Email,Malware,Attachment,96
- 7/29/2019,Malicious email campaign; morning,"""RE: Problem With Intermediary Bank""; gz -> pony continued to 7/30",Email,Malware,Attachment,6
- 7/29/2019,Malicious email campaign; morning,"""URGENT REQUEST FOR QUOTATION""; xlsx -> agenttesla",Email,Malware,Attachment,5
- 7/29/2019,Malicious email campaign; morning,"""Purchasing Products""; xlsx -> agenttesla",Email,Malware,Attachment,5
- 7/29/2019,Malicious email campaign; morning,"""50% advance payment""; xlsx -> agenttesla",Email,Malware,Attachment,10
- 7/29/2019,Malicious email campaign; evening,"""Re-CONFIRM INVOICE""; xlsx -> agenttelsa",Email,Malware,Attachment,5
- 7/29/2019,Malicious email campaign; evening,"""RES: Payment""; rar -> pony",Email,Malware,Attachment,19
- 7/30/2019,Malicious email campaign; morning,"""MIDDLE EAST QUARTERLY RFQ_NPBLPL02961_30072019 (IRAN)""; rar -> formbook",Email,Malware,Attachment,26
- 7/30/2019,Malicious email campaign; morning,"""Confirm Invoices For Payment Purpose""; xlsx -> agenttesla",Email,Malware,Attachment,5
- 7/30/2019,Malicious email campaign; evening,"""Re:purchase order""; xlsx -> agenttesla",Email,Malware,Attachment,5
- 7/30/2019,Malicious email campaign; evening,"""FYI: Remittance Advice""; rar-zip -> remcos rat continued to 7/31",Email,Malware,Attachment,4
- 7/31/2019,Malicious email campaign; evening,"""Invoice 78294 from Safecom Security N.V.""; jar -> qrat",Email,Malware,Attachment,3
- 7/31/2019,Malicious email campaign; evening,"""New Order DM8 6700356 - PORT REF : YKP77589 10X100""; doc -> agenttesla",Email,Malware,Attachment,2
- 7/31/2019,Malicious email campaign; evening,"""Enquiry IMRAN LASKAR- JUABIL/KSA""; doc -> agenttelsa continued to 8/1",Email,Malware,Attachment,4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement