Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Date Details Email Payload Type Users Targeted
- 8/1/2017 "Voicemail From 845-551-<digits>", zip, -> vbs -> globeimposter ransomware Attachment 1876
- 8/1/2017 "Voice Message Attached from <digits>|Emailing -|Your order has been despatched", zip -> exe -> emotet trojan Attachment 613
- 8/1/2017 "You have received a new document from user@domain" , link -> doc -> hancitor -> pony -> zloader Link 763
- 8/2/2017 "Voicemail From 845-551-<digits>", zip, -> vbs -> globeimposter ransomware Attachment 785
- 8/2/2017 "Invoice NIC<digits>", zip -> vbs -> globeimposter ransomware this continued into 8/3/2017 Attachment 980
- 8/2/2017 "MACRO WARNING<japanese characters>", xls -> urlzone and pushdo trojans Attachment 11
- 8/2/2017 "ADP Payroll Invoice 52888616 for month 07/01/2017 - 07/31/2017", link -> doc -> hancitor -> pony -> zloader trojan Link 446
- 8/3/2017 "Re: invoice <digits>", link -> doc -> hancitor -> pony -> zloader trojan Link 404
- 8/3/2017 "IMG_<digits>.PDF|GIF|BMP|JPG|JPEG", zip -> .js -> globeimposter ransomware this continued into 8/4/2017 Attachment 5146
- 8/7/2017 "Delivery halted for shipment #<digits>", link -> doc -> -> hancitor -> pony -> evilpony -> zloader Link 978
- 8/7/2017 "Re: Our inquiry", zip -> exe -> formbook trojan Attachment 3
- 8/8/2017 "IMG_<digits>.PDF|GIF|BMP|JPG|JPEG", zip -> .js -> globeimposter ransomware this continued into 8/9/2017 Attachment 2509
- 8/8/2017 "MACRO WARNING<japanese characters>", xls -> urlzone and pushdo trojans Attachment 29
- 8/8/2017 "New eFax from 490-<digits>", link -> doc -> -> hancitor -> pony -> evilpony -> zloader Link 1046
- 8/9/2017 "E 2017-08-09 <digits>", zip -> .js -> locky ransomware Attachment 2851
- 8/10/2017 "FedEx Shipment $<digits> Delivered", doc -> hancitor -> pony -> evilpony -> zloader trojan Attachment 699
- 8/11/2017 "Scanned|Document|Invoice", pdf -> docm -> locky ransomware Attachment 58
- 8/11/2017 "Emailing <digits>.pdf", zip -> locky ransomware Attachment 560
- 8/11/2017 "Document from <random name>", doc -> locky ransomware Attachment 66
- 8/11/2017 "IMG_<digits>.PDF", pdf -> docm -> locky ransomware Attachment 191
- 8/14/2017 "PAYMENT", rar -> js -> locky ransomware Attachment 63
- 8/14/2017 All subjects contain "invoice", link -> doc -> emotet trojan Link 8
- 8/14/2017 "You have received a <digits> pages document from <digits>", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Attachment 680
- 8/15/2017 "eFax", doc -> trickbot trojan Attachment 15
- 8/16/2017 "Voice Message Attached from <digits> - name unavailable", rar -> js -> locky ransomware, continued into 8/17/2017 Attachment 2824
- 8/16/2017 "PAYMENT", rar -> js -> locky ransomware Attachment 945
- 8/16/2017 All subjects contain "invoice", link -> doc -> emotet trojan Link 14
- 8/16/2017 "Emailing - <zip attachment name>", zip -> js -> locky ransomware Attachment 249
- 8/16/2017 "Your document Invoice <digits> is ready to be signed!", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 691
- 8/16/2017 "< No Subject >", rar -> js -> locky ransomware Attachment 482
- 8/17/2017 "IMG|PIC|JPEG|SCAN_<digits>", 7z -> vbs -> locky ransomware Attachment 2428
- 8/17/2017 "RE: qb invoice", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 630
- 8/17/2017 "Outstanding Invoices email 1 of 2", doc -> locky ransomware Attachment 603
- 8/18/2017 "Scanned image from MX-2600N|Scanned Image from a Xerox WorkCentre", rar -> vbs -> locky ransomware Attachment 1190
- 8/18/2017 All subjects involve adult message, zip -> js -> tofsee trojan Attachment 54
- 8/22/2017 "Fax from: (digits) digits", rar -> locky ransomware Attachment 2389
- 8/22/2017 "<digits w -> has sent you a new eFax", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 393
- 8/23/2017 "Your Invoice AUG<digits> is ready for your review." , link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 571
- 8/23/2017 "Payment has been made", doc -> trickbot trojan Attachment 10
- 8/23/2017 Subjects contain "Fatura", xls -> zloader trojan Attachment 161
- 8/23/2017 "Copy of invoice", link -> pdf -> docm -> locky ransomware Link 3012
- 8/24/2017 "Your Sage subscription invoice is ready", link -> rar -> vbs -> locky ransomware, continued into 8/25/2017 Link 2675
- 8/24/2017 "New voicemail from <digits>." , link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 506
- 8/24/2017 "Bill-<digits>", link -> pdf -> docm -> locky ransomware Link 232
- 8/25/2017 "New voice message digits in mailbox digits from "digits" <digits>", rar -> vbs -> locky ransomware Attachment 2329
- 8/28/2017 "IMG_<digits>", zip -> vbs -> locky ransomware Attachment 2666
- 8/28/2017 "scans|photos|please print|documents", zip -> vbs -> locky ransomware Attachment 2400
- 8/28/2017 "user@domain.com PAYMENT COPY", rar -> pony trojan Attachment 9
- 8/28/2017 "Your document Settlement <digits> is ready for signature!" link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 211
- 8/29/2017 "Emailing: Payment_201708-<digits>", 7z -> js -> locky ransomware, continued into 8/30/2017 Attachment 3083
- 8/29/2017 "You have received a scan from AT Management", zip -> vbs -> locky ransomware Attachment 27
- 8/29/2017 "Overdue BT bill" , zip -> vbs -> locky ransomware Attachment 15
- 8/29/2017 "Message from G10PR0151001.domain.com" , zip -> zip -> vbs -> locky ransomware Attachment 333
- 8/29/2017 "Canadian Imperial Bank of Commerce", doc -> trickbot trojan Attachment 22
- 8/29/2017 "USPS Confirmation - your mail is being held", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 41
- 8/30/2017 "Emailed Invoice - <digits>:1", 7z, -> vbs -> locky ransomware Attachment 2340
- 8/30/2017 "E-invoice for your order #<digits>" 7z, -> js -> locky ransomware Attachment 1715
- 8/30/2017 "Your order DELTA<digits> has been approved!", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 1819
- 8/30/2017 "PayPal Security Department informs", doc -> trickbot trojan Attachment 28
- 8/31/2017 "Please verify your email address", link -> js -> locky ransomware Link
- 8/31/2017 "August Payment", 7z, -> vbs -> locky ransomware Attachment 504
- 8/31/2017 "RE: domain.com services price list", link -> doc -> hancitor -> pony -> evilpony -> zloader trojan Link 516
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement