Phishing Attacks 20_4_2021






(1)

Sender ip

185.222.57.157

From

"sagar.timbadia@amns.in"

Subject

"RE: Re: Invoice Query & PAYMENT COPY"

Attachment

"PAYMENT COPY.r00"

MD5

41d13589b827da7db14e0eaf68d5df72

SHA256

319ac7a3916438a335b5931150f6c12ce4d9f554a6cd21179ad1fc102115d3b5

Family

AgentTesla

 

(2)

Sender ip

185.222.57.162

From

"Cristina Gaffuri <cristina.gaffuri@sigmasrl.com>"

Subject

"purchase order no 74GW0942"

Attachment

"PO-no 74GW0942.zip"

MD5

875faa81f6ef331c9d391e0fbdd3a87c

SHA256

9124e16d0db26bb4f560f7240882404162302ba301a430a025c5b7d20c6e3bc8

Family

AgentTesla

 

(3)

 

Sender ip

199.10.31.237

From

"Shelter group" <info@504.nvbo.cf>"

Subject

"RE: PURCHASE ORDER"

Attachment

"PO_N00115_Order_pdf.cab"

MD5

69788c9d8586c33fcc7704cfb0714ce6

SHA256

4a1290bd96cd79dd3bb9a2cb06a299725309acaa66c170024d2896b484d55d1d

Family

AgentTesla

 

(4)

 

Sender ip

199.10.31.238

From

"revonda@calendarcompany.com"

Subject

"FW: Attached file of LC swift against Proforma Invoice - PI21-06 DT.22.03.2021 Valued - $28,694.57"

Attachment

"LC swift.r00"

MD5

61c1b8eff316d643caaab8b8c33d2f33

SHA256

ce8d49635f9e0c71258c4a622e77a09c21ee37ac8c3992157f099c8ce3a1585a

Family

AgentTesla

 

(5)

Sender ip

185.222.57.157

From

"sagar.timbadia@amns.in"

Subject

"RE: Re: Invoice Query & PAYMENT COPY"

Attachment

"PAYMENT COPY.ARJ"

MD5

f238c21f752fad35576c56be1e26cde4

SHA256

5f4944e7341f67f64359af367c857d6279727cc2d86a7e07397bd8ea187a2c4f

Family

AgentTesla

 

(6)

Sender ip

124.29.202.102

From

"Finance Manager <sales@c-accts.info>"

Subject

"Proforma Invoice"

Attachment

"Proforma Invoice.r00"

MD5

f238c21f752fad35576c56be1e26cde4

SHA256

5f4944e7341f67f64359af367c857d6279727cc2d86a7e07397bd8ea187a2c4f

Family

AgentTesla


(7)

Sender ip

45.137.22.57

From

"export10@rishengstone.com"

Subject

"Re: Invoice Query & PAYMENT COPY"

Attachment

"Invoice Query & PAYMENT COPY.zip"

MD5

ca4f78ef777f415d8e25077c6e56b499

SHA256

6dab7955ed9c28d45dcb9552303e6d8569e0d7e57378542b78979d3cae62bf05

Family

AgentTesla

 


(8)

Sender ip

209.85.166.170

From

"eco bank <ecobank2005togo@gmail.com>"

Subject

"hi"

Attachment

"SPA Dear owner2222222222.doc"

MD5

5db6f2f88437a03029ad325eb8df0719

SHA256

fbe3703dcd7c9d71facc2ceeabd768ecca54f30a749166c59cd7db5c6ee4c54d

Family

unknown

 

 

(9)

Sender ip

185.222.57.162

From

"LEE WONG (MS.)<lw@milco.lk>"

Subject

"=?UTF8?B?5oGt6LS6IENvbmZpcm0gcHJvZm9ybWEgZm9yIHBheW1lbnQ=?="

Attachment

"proforma invoice.zip"

MD5

e3a0d6c971935fdaf5d6cd8a290344ba

SHA256

6bb5aa536658e9c20b86ab4fd812b5378ef38b650a1e4e6aa56b4ed39cf09d6d

Family

AgentTesla

 

 

(10)

Sender ip

185.222.57.171

From

"chk_shah@yahoo.com"

Subject

"=?UTF-8?B?5o6h6LO86KiC5Zau77yDMTI3?="

Attachment

"QTY090900.LZH"

MD5

fb8a32d93d95d602553d6d5c23fba152

SHA256

9d0f6cf62d01e3a12653e21aa7222564f43af6defcd0dcfb1c90a821e0a02538

Family

SnakeKeylogger


(11)

Sender ip

45.156.27.84

From

"Steve Park" <miller@barbarajohnson.ml>"

Subject

"RE: Overdue Charge Payment"

Attachment

"Bank Details.rar"

MD5

149d464286ee8e4b964fc1bafddcdf67

SHA256

795cbf921ad4645f3b16761091d40bba19bc65ea2edd1f35f1083c548ecdb41f

Family

Formbook

 

(12)

Sender ip

141.98.10.226

From

"<Vickie@lgpartner.ch>"

Subject

"RE: New order"

Attachment

"RE New order.gz"

MD5

a4ca2541455b21d37f2248912523afb1

SHA256

631b6b713ce0d568c634c925e22a834fc2cd249dd1854ab0740ed841597e21e6

Family

Formbook

 

(12)

Sender ip

31.210.20.217

From

"Trang Nguyen (DHL VN) <Trang.Nguyen@dhl.com>"

Subject

"(DHL) Shipment delivery Arrival Parcel"

Attachment

"DHL Shipments Docs Arrival.ace"

MD5

5035990a983101398fbee4830814e208

SHA256

911e53fd3af5fc8559ce5a0d3e3cb225ec4aeb50afe320a1befb1f952eedc572

Family

ArkeiStealer

 

 

(13)

Sender ip

103.133.105.111

From

"ABU OBAIDA ABDUL WAHAB <sales@binhafeez.ae>"

Subject

"9046- PA118- SUPPLY & INSTALLATION OF EQUIPMENTS / OILFIELD EQUIPMENTS & SUPPLY - REQUEST FOR QUOTATION"

Attachment

"9046- PA118- SUPPLY & INSTALLATION OF EQUIPMENTS OILFIELD EQUIPMENTS & SUPPLY - REQUEST FOR QUOTATION.pdf.gz"

MD5

c8979a538ad34c66e8ccfb7fe5239e4f

SHA256

17df69c1e0d9a5228e6583dea7a5659faa82b3a55f32c4338d80954b8e77d3bf

Family

Formbook

 


(14)

Sender ip

45.133.1.235

From

"Ms.Julie Tsukahara-LOGISTICS MATES CORP."<info@esanat.com>"

Subject

"FW: MV. CMA CGM Verdi V-250E DT:04/20/2021."

Attachment

"CUSTOMER AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT 709447464231.pdf.r15"

MD5

bf93b4396db0057908022cc68f078624

SHA256

7be044503e0f07121774779ae53dd3b9f6548fa9e2c9d2734fa7e277e3d05c2a

Family

Formbook

 

 

(15)

Sender ip

157.245.244.219

From

"Lian Teng" <commercial@503.plxo.ml>"

Subject

"BULK ORDER SUPPLY"

Attachment

"Quot_675421-07.gz"

MD5

dcb6c73a894fbc1b3b1b9406fd095b3e

SHA256

9452d78fd321bfd5124644206f7f72cf8efe6b5792a1fe83166c919aaad75722

Family

Unknown

 

(16)

Sender ip

66.154.111.122

From

"jurubina@unireka.com"

Subject

"Quotation Request - PR No : PR0078966"

Attachment

"OLUMBA-3212-HTC.zip"

MD5

d5c94ac890b8f2839232b36c3b46d9ea

SHA256

a6360a7a05f66c00c95c5597ff78b153b67bb014dd3154e2951b192912300fb6

Family

AgentTesla

 

(17)

Sender ip

199.10.31.238

From

"Michelle Tang" <michelle@jchorizonltd.com>"

Subject

"Wire Payment $35,276.70 "

Attachment

"Payment slip.zip"

MD5

d389b709f84435bbf54ddf204620da56

SHA256

ee2c6184885c7b065c3dda4749d25364d672159a97323f72a707f03e855c8a90

Family

AgentTesla

 


(18)

Sender ip

103.253.68.149

From

"bca.global.trade@cbn.net.id" <ida@indopc.co.id>"

Subject

"Slip Pembayaran - Pembayaran dikirimkan 20/04/2021 (Pengingat

Terakhir !!!)"

Attachment

"PEMBAYARAN COPY TT_PDF.gz"

MD5

e89111fec44b3951e81e0e28a8d9716d

SHA256

2d80bcb044726fdc77e7cde1667921ec707af42ad318f172265d19817d893a62

Family

Loki

 

(19)

Sender ip

103.253.68.149

From

"bca.global.trade@cbn.net.id" <ida@indopc.co.id>"

Subject

"Slip Pembayaran - Pembayaran dikirimkan 20/04/2021 (Pengingat

Terakhir !!!)"

Attachment

"PEMBAYARAN COPY TT_PDF.gz"

MD5

e89111fec44b3951e81e0e28a8d9716d

SHA256

2d80bcb044726fdc77e7cde1667921ec707af42ad318f172265d19817d893a62

Family

Loki

 

(20)

Sender ip

45.133.1.235

From

"Ms.Julie Tsukahara-LOGISTICS MATES CORP."<info@esanat.com>"

Subject

"FW: MV. CMA CGM Verdi V-250E DT:04/20/2021."

Attachment

"MV. CMA CGM Verdi V-250E AWB PACKING LIST ISO CERTIFICATE BILL OF LANDING DRAFT. COMMERCIAL INVOICE SHIPMENT 709447464231.pdf.r27"

MD5

96dc3bc4d385d8c92df4fbf6d34e5859

SHA256

d3c9fd184e65239f38abca1316047b54c55eb67ff6cb3bc06d914e96f06848c1

Family

Formbook

 

(21)

Sender ip

103.153.183.148

From

"Angeli Alessandro <Alessandro.Angeli@gea.com>"

Subject

"Re: RFQ QUOTATION REF. 334#"

Attachment

"334# ARD_QUOTATION (2).PDF.z"

MD5

2856f88478dc39b95425f61091dd1105

SHA256

14ff14f01dbdd25fa438abb57376747a312007166d6eb67b778918582da01002

Family

AgentTesla

 

(22)

Sender ip

185.222.57.157

From

"Praveenraaj.rr@emerson.com"

Subject

"RE: Purchase Order#4500484210"

Attachment

"PO, Order#4500484210.r00"

MD5

e5c56cbe65de3dc8bf2e8645f993d80b

SHA256

d89d2fca5022e8fe1f54037e4028f26e7f00b5b6f8a344b16f2f25f806ff2b0d

Family

AgentTesla

 

(23)

Sender ip

185.222.57.157

From

"Praveenraaj.rr@emerson.com"

Subject

"RE: Purchase Order#4500484210"

Attachment

"PO, Order#4500484210.r00"

MD5

e5c56cbe65de3dc8bf2e8645f993d80b

SHA256

d89d2fca5022e8fe1f54037e4028f26e7f00b5b6f8a344b16f2f25f806ff2b0d

Family

AgentTesla

 

(24)

Sender ip

185.222.57.90

From

"<accounts@ssipblr.com>"

Subject

"GS_ PO NO.186/2021"

Attachment

"GS_ PO NO.1862021.zip"

MD5

efe995f856a990290de388772bfefa29

SHA256

cd3100aad6b84641981f0851b6cd17eb1c247d7f3cfe3770326c71c5e19968c0

Family

AgentTesla

 

 

(25)

Sender ip

45.137.22.56

From

"Sales Support<Abegail@alkuhaimi.com>"

Subject

"Re: Invoice as of 20:04.2021"

Attachment

"Invoice pdf.7z"

MD5

eb8bef3bcdb0a68f7b8e5ed7d496b4a6

SHA256

39c3cb2bce96c98cde9bec9fff034acca99b592f0a4ebec39a6017f3554a56fa

Family

Unknown

 

 





























Comments

Popular posts from this blog

Sunburst Solarwinds Backdoor

Ragnarok Ransomware

Phishing Attacks 9_4_2021