Summary:
The article outlines various phishing attempts through email, detailing the types of attachments used and the number of users targeted. The emails primarily involve financial documents and requests, indicating a focus on exploiting business transactions.
Keypoints:
Multiple phishing emails targeting users with financial documents.
Attachments include various file types such as rar, zip, and exe.
High number of targeted users in some instances, with up to 46 users affected.
Common themes include payment advice, quotations, and purchase orders.
MITRE Techniques
Phishing (T1566): Uses deceptive emails to trick users into opening malicious attachments.
Credential Dumping (T1003): Attempts to gather user credentials through malicious payloads.
Command and Control (T1071): Utilizes various domains to maintain communication with compromised systems.
Exploitation of Remote Services (T1210): Targets remote services to gain unauthorized access.
Data Encrypted for Impact (T1486): Encrypts data to extort victims for ransom.
|
Date,Details,Email Payload Type,Users Targeted |
|
10/1/2024,FACTURA N.º 240073; lzh -> xloader,Attachment,46 |
|
10/1/2024,Payment Advice ***** Advice Ref:[A20A9o6tNQd2] / ACH; rar -> xloader,Attachment,3 |
|
10/3/2024,SOA AUG 2024 – / CMA CGM; rar -> xloader,Attachment,4 |
|
10/3/2024,Payment Reference SOA Pending Balance Updated; rar -> xloader,Attachment,4 |
|
10/6/2024,Re: Ref: Payment Advice 081 // Customer Ref:23486903|NEW ORDER; rar -> xloader,Attachment,4 |
|
10/6/2024,SOA (Statement Of Account); rar -> xloader,Attachment,4 |
|
10/7/2024,Request for Quotation Plug Valve; z -> vipkeylogger,Attachment,4 |
|
10/7/2024,Quotation Accepted; lzh -> xloader,Attachment,3 |
|
10/9/2024,NEW PO; z -> xloader,Attachment,4 |
|
10/10/2024,Quote for tender N° 05/2024|Cotización–FL202306200039 Consulta SWP n.º 2023-1981; rar -> xloader,Attachment,4 |
|
10/10/2024,Updated piece price for 2024 Q4; zip -> xloader,Attachment,3 |
|
10/10/2014,purchase order STS/2193/10/2024|New PO; rar -> xloader,Attachment,8 |
|
10/14/2024,New order list; lzh -> xloader,Attachment,3 |
|
10/15/2024,Quotation request|SCHEFFER / ORDEM N. F-1676.24|New PO; rar -> xloader,Attachment,16 |
|
10/15/2024,failure notice; 7z -> guloader,Attachment,5 |
|
10/16/2024,DUE INVOICES; z -> xloader,Attachment,4 |
|
10/16/2024,shimpment doc; rar -> xloader,Attachment,4 |
|
10/17/2024,[SOA-AUG] COSMO – KUMPULAN CERIA SDN BHD; rar -> xloader,Attachment,4 |
|
10/17/2024,Attachment name is best price pdf.zip; zip -> xloader,Attachment,3 |
|
10/18/2024,PO23000251; rar -> xloader,Attachment,4 |
|
10/19/2024,READ: RFQ Order specification; zip -> xloader,Attachment,22 |
|
10/21/2024,Payment Reciept // FL202306150003 Request 10273 Konturteile; rar ->xloader,Attachment,4 |
|
10/21/2024,PO11534; rar -> xloader,Attachment,4 |
|
10/21/2024,Letter Request for 30% Downpayment; iso -> xloader,Attachment,2 |
|
10/21/2024,Re: Revised BL documents; rar -> xloader,Attachment,2 |
|
10/22/2024,Tender Quote; rar -> xloader,Attachment,2 |
|
10/23/2024,RE: EXTERNAL:Offer for Poanta – Warehouse Electrical – Sunpharma – Ponta Saheb; zip -> xloader,Attachment,19 |
|
10/23/2024,Invoice & Packing list For Sea Shipment; r15|zip -> xloader,Attachment,7 |
|
10/23/2024,RE: OS_PO#3210046374_SALE ORDER_SHIWON_23102024; r15 -> xloader,Attachment,2 |
|
10/24/2024,QUOTATION REQUIRED FOR Attached Order; rar -> xloader,Attachment,4 |
|
10/24/2024,United Rentals Inc: Invoice# <digits>; pdf -> warmcookie,Attachment,11 |
|
10/27/2024,Fwd: PO# 4501820652- PO001008 XNE-202; rar -> snakekeylogger,Attachment,3 |
|
10/27/2024,Payment Advice; rar -> xloader,Attachment,4 |
|
10/27/2024,FW: Invoice and Packing list; exe:rar -> snakekeylogger,Attachment,8 |
|
10/28/2024,New PO; rar -> xloader,Attachment,4 |
|
10/31/2024,31 October – USD10655.69 – Kassim; rar -> xloader,Attachment,4 |
|
|
|
originlogger, 0222c1554ceb01925bccffabe846186b951f8b48a9f1731ed25d51c42761826e, mail.starmech.net |
|
originlogger, 097c7472803e5dca675ac074c1092848ae92cb468447eb8d0b57afe392c156ad, mail.starmech.net |
|
originlogger, 0d7a4a69f12914329cbff3ca263858dac70c0b5afa1657806129e553fd9e246e, mail.starmech.net |
|
originlogger, 236614f95c217529d7252aa57368c6f8c2b3a13c95d6e77096a8914f714bbc35, mail.azmaplast.com |
|
originlogger, 4814d2923369ffb5245d01dc4d9854aadd669fed95cfe32c24919256b2176165, mail.starmech.net |
|
originlogger, 4bf19e00f15d689c108b9935716d0f5f34be07e6a08c39dd715bfbe806d99fe9, mail.starmech.net |
|
originlogger, 6ea3566784f4d65b8198859ea7afc29a1eb7deea856d44628279067682e25665, ftp://ftp.libreriagandhi.cl |
|
originlogger, 89dc8a4e529a8860533365676d0a1431d335c6e1dd1f1b2238e5b5d820c4ac51, mail.azmaplast.com |
|
originlogger, 8a8794d42a442da3a12f8424a51685fc7da1b9113452b2a5dd1ef23352b5f0b6, mail.starmech.net |
|
originlogger, a1475a0042fe86e50531bb8b8182f9e27a3a61f204700f42fd26406c3bdec862, ftp.fosna.net |
|
originlogger, c12ecca79747db3f47b548b79fe0efc40e048fd1f430ec2e2fd9eccd6bcc8ec3, ftp://ftp.fosna.net |
|
originlogger, cb8e8d185adfffe272bafb00ef1000724beac1e478fba3e50682ac0c2300d0bc, mail.starmech.net |
|
originlogger, cb9790cad0a60c5d06786c99700a84a880c04abf6477ab97453b13ba386306f4, mail.starmech.net |
|
remcos, 279fc80979106bdd10ca9992a9c242904a52185924705bcf90dd7cf0b4956732, 103.124.107.115 |
|
snakekeylogger, 1287a0d900d31f1a3c989a4d74121cadcdbb6da6be55b42bddb452fcd897bb1d, https://api.telegram.org/bot7844099330 |
|
snakekeylogger, 1b5f80400b3a1c576088617608134dc43954a3cb7a4e7c5e80cb2beeeae3cbfc, https://api.telegram.org/bot7725731697 |
|
snakekeylogger, 206c2be165a381f961ecf12f28ba8505fcbfd8e9d11d910d7c0f64dd587d25a4, https://api.telegram.org/bot7725731697 |
|
snakekeylogger, 3c8e3ba151c76fa1c6f48872213b7c8db78e4cd5260bbd13f428ae0bc1a70f3a, https://api.telegram.org/bot7844099330 |
|
snakekeylogger, 4bb7ad555a0641fd9020b58ac7fdeb4eab618214f056a489739ad6aa91f528ae, https://api.telegram.org/bot8007960326 |
|
snakekeylogger, 6fa650ce13d6af2de198d27c1dae56d62f53bfa5f570eba1ba9bf5b26074db7c, https://api.telegram.org/bot7824077250 |
|
snakekeylogger, 73e68e1ba97f084093f26bde2e64d16efcb7f69b01861e481716ea3443a94aea, https://api.telegram.org/bot7967467250 |
|
snakekeylogger, 9ef3ac43b9988e67eb70ff14788037b128502dbf28365f35b7deec9ede49c3cf, mail.tonicables.top |
|
snakekeylogger, a202cd0d28c24f84fcd0ad84477991d9697180adc72c9b52b0d8839588a2d810, https://api.telegram.org/bot8080123058 |
|
snakekeylogger, a750777345fce604f483adfbe40e5f0d4c0582e5536c273675d7fd1002e84c5d, https://api.telegram.org/bot8012948610 |
|
snakekeylogger, d6d0f637ad8372d18fc34e66db940fef00fc9816d05faff39f7c3ff8c3ae0f8f, https://api.telegram.org/bot7725731697 |
|
snakekeylogger, d6ec665bdaa426f8cd260a33ac1e2d0a2274c20a0d6aa7956794c5aadcbecf75, https://api.telegram.org/bot7757458252 |
|
snakekeylogger, e7283aca995d1e717d6127275f06e142df3ffdbed0c81644e90752b2c7fa7175, https://api.telegram.org/bot7844099330 |
|
snakekeylogger, e83231fa6c8d4df75581b44faa0180bc822f28168e12ed7590ba8c06a879a55e, https://api.telegram.org/bot7936689263 |
|
snakekeylogger, eb63c71f096131d99d8d2a6ae302687adabc8f06a2527947e492acb3e7b43cd9, https://api.telegram.org/bot7824077250 |
|
venomrat, 142873db547e46701d0630bf254b6e4d7570a37e62194e89264b53410682d9a8, 185.106.92.86:4040 |
|
vipkeylogger, 181b41addb05b81a4246bc0dfe801d408c7478322cca039b66e91fd0d37c4f47, us2.smtp.mailhostbox.com |
|
vipkeylogger, 2a53872f573a1817be1848779e60c7db22501badc0afd7f364ee30a77dce3395, mail.tonicables.top |
|
vipkeylogger, 3ba352819c7abd6700100363b3f63e070549433564bd7636cdd0cf53b6356dc2, mail.tmars.net |
|
vipkeylogger, 4447fbf1066bc4f640abff84fcac04d0c86664f9823410348a36c280ac80e26d, https://api.telegram.org/bot7777204705 |
|
vipkeylogger, 470733344bb4e563a0b482efd18cf1f643808164c1093b9eea60e6eb0f40127c, mail.tmars.net |
|
vipkeylogger, 4b256a7b80d0dfe978acf9e21ea3c4003e4b2fc36a1f2d64b1cc909917c7ce78, proglass.com.sg |
|
vipkeylogger, a8281f10a65d2066e0bb4d9089efbc567dedec223e6b77303223da17af9021dd, mail.tmars.net |
|
vipkeylogger, bb0db766edcbed8852b6d58a738c6df464d2c7a344f05be742d6c23657bcebf6, 185.198.59.26 |
|
vipkeylogger, d41fe3fc605a799e6f95c52cc16d35a2f1bc03fd166187a1c6fd830f287e3518, mail.tmars.net |
|
vipkeylogger, eceb26bdb02cc022a27d7ad41deac697590037e693c10988e14a5183612ce0cf, mail.jhxkgroup.online |
|
warmcookie, 915a80abb43f04fcdfb9ba2ced3b38f3524c050b6c0a36d97f4e7827916248b2, 185.161.251.26 |
|
xloader, 00140ab45e4fcbba5f1b52f3058a8ac015771eb60348617843ac7ca841b8bae9, qidr.shop/cu29 |
|
xloader, 0192d385d59bc9e853e7b58a9e3cf65857b7be49c3ba92185bfd7241a36ccc0d, www.itemsort.shop/qw71 |
|
xloader, 0309aa8889daca83b4cf97ab99bc9921bb549c9187736a69c76185dfe68cd325, f6b-crxy.top/cu29 |
|
xloader, 069a4c2c42050c9037f6a11f9083b312c8bc3159fbe2b73f1e84760da762e6a8, qidr.shop/cu29 |
|
xloader, 06d709cf438f3fefe0ed7858278e77e1188422e2b4d59706f6c4759df1a5aafd, ftersaleb.top/c89p |
|
xloader, 10b85fb4905227bc1e37c8ebfcb317b188f9d93a761aa887977dae17c71de81f, www.phonelock.xyz/cu29 |
|
xloader, 1ae734d22270bb261f984838e51a77bc5f32be08ac895157ac2691d042fa6dc3, amyard.shop/ge07 |
|
xloader, 1c2b963220cf175f77391b7fa2e2f27dc835144750b9c3c0c4c6ddb2e1cccc45, f6b-crxy.top/cu29 |
|
xloader, 2847c9264726b6c4abbcede6bfc40c2386e93e81a8cd968c19e5493e08851f1a, qidr.shop/cu29 |
|
xloader, 2d1d21fefaccdde89b759234f18ed79ea0a8a631c15be4f93fe3106f7fe6abe6, imberstimedtinter.cfd/n04s |
|
xloader, 320aa8c92e7c70266b35c8a5fc38ed069d68e6e1403b3ce56bab93fbd349d890, qidr.shop/cu29 |
|
xloader, 4184b14006520ea167252e0264bcd92873ea365635baaed4d366a4aaf9e32e8b, rasko.net/ge07 |
|
xloader, 4f78b4eb3d5e54f28d596b74216dd4e01de5228f42841241423e8832a82d61e7, www.coffee-and-blends.info/bhth/ |
|
xloader, 596681238e749d9109fd00bbc95f364f4cfc5977cf1d2253bd8ee268d6dbbf2f, f6b-crxy.top/cu29 |
|
xloader, 732336eccda1e0e01a9474a968eb6ac9725fec8e8e03ad950472df75ba470693, ftersaleb.top/c89p |
|
xloader, 826bd3dd2f072af7f5b2ba48ffc370622de87660a19d2c70748f2e5b91dc620e, www.hugod.live/oxqa |
|
xloader, 8352beed8fb5f5823a3ea3829d7e845a3fd3c53535dfb4a13fa0d11e01231912, f6b-crxy.top/cu29 |
|
xloader, 91123f6fc1ac1580e1e358365eb9b10a5137cc96ea7039a284d3926923aed4a3, ecurity-ukgaxq.xyz/ms84 |
|
xloader, 9c7c112f4213739638ff08d7af26b6387c0bf3a4d5501cb781cdbcdfcf7e35e4, www.edrelev.info/8u32 |
|
xloader, a327355ae6e99929d1303a762ea8a936d8e4884f45d683de08dba6882c1c016d, usinessaviationconsulting.net/cu29 |
|
xloader, a4ee829bdcac8446c8ac67b09901138f2510a46804d39c380228ddeea3d2e093, ea-yogkkb.xyz/ge07 |
|
xloader, a5c97f8e1ff612fbfcc18f1a1852db11099e58bb241f5b825c74715c60dd0fef, qidr.shop/cu29 |
|
xloader, a66fd780dafe112e8ee95dd63b7d6138fea1e5273b961b2774e3be95a677990d, www.istorted.app/md49/ |
|
xloader, b2f6924210cfad56a2bbf5a0701684602693a525c68abdbebdb7cea1d106eb30, wner-nyquh.xyz/ge07 |
|
xloader, b90d30fabfd911bdf2b7d785dee57ffd346019b889601d1411df2872d7d020d5, f6b-crxy.top/cu29 |
|
xloader, b98984b8cdd94f3a64ab0bb0ac45983e62b311419f1a9735f398a71b4f85e98d, amyard.shop/ge07 |
|
xloader, cf8230d20fbd1b9b21058813669fcd7fa9575a5a0f9c38269213b4e712d918d3, qidr.shop/cu29 |
|
xloader, e3eab8ee534e254cdd647d8c7b34f03fd7218c30f5a2c40a6342d1b402d438a3, www.63582.photo//i70z |
|
xloader, eb00047a6b0c3483760d36fc53b69398768f28532003f44d0b402052f65bbd24, amyard.shop/ge07 |
|
xloader, ec6c0b68ad723bfd12ffe050b290318de9f50ceaac13a9f9483d42a6301ac657, panish-classes-64045.bond/cu29 |
|
xloader, fb3f91e5f61d4bb67dbe8b15407b651435a11a2030518d68dbbc18edf1aec539, http://www.amzlsignstore.info/uomf/ |
|
xloader, fe32cd498b7f031639961bfb962d1289896a3667f38f06f801b2c5d97d0b5906, qidr.shop/cu29 |
|
xloader, ff410475bb80926bc3933e68f5e84a7185292bb2b78294abe528cb647c78f637, www.f6b-crxy.top/cu29/ |
|
xloader, ffaa78a8a97885716e7dbe2a4a7ed9e1593ea5690f02f79f5d63c9b4964559da, ealthbridgeccs.online/c24t |
|
xworm, 1f7658dc2eb22a07c50d65a0a32069a024f724cc412b3f820bb84b9cc9601397, 154.216.18.238:1194 |
|
xworm, c021f84997d6bf0ac6a7de57c7aec5133ab785e8e543a0cc6b706c6c66b524e1, 154.216.18.238:1194 |
|
xworm, e81b6b5dc10fa29138e68b8020a73f9a767877d3a85e1a5396ec08b20d3a8be3, 154.216.18.238:1194 |
|
|
|
electronics@starmech.net |
|
fav@fosna.net |
|
info@azmaplast.com |
|
madamweb@fosna.net |
|
obis@tonicables.top |
|
zativax2@libreriagandhi.cl |
Source: Original Post
