Phishing Attacks 23_4_2022
If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
|
Sender
ip |
180.214.238.82 |
|
From |
"Dang Thi Thu
Hien<hiendang@panpacific.co.kr>" |
|
Subject |
"RE: [SSC CS] F22 03/09 Buy
Shipping request_04062022" |
|
Attachment |
"SEALOGISTICS DEBIT
NOTE.zip" |
|
MD5 |
add8e964a595d7af30f02783943c3a00 |
|
SHA256 |
24f6485539bc5d700d17ec8d629827ea80dfae2eb2189e872f4b8ae0e7f1d66f |
|
Family |
AgentTesla |
(2)
|
Sender
ip |
138.197.200.182 |
|
From |
"Nguyen Thi Quy
<nguyen@47.fximnii.sbs>" |
|
Subject |
"RE: Purchase Inquiry:
KPC/PU-231(MECH)NBI/20-22" |
|
Attachment |
"Purchase
Inquiry_pdf.rar" |
|
MD5 |
0a1467a257bee63ce2a381c08265e27b |
|
SHA256 |
f9d31ceab4db890241e0229869c34dd81f1b792797adbbf4e777de1abc242a73 |
|
Family |
Loki |
(3)
|
Sender
ip |
2.56.56.88 |
|
From |
"pranii@pacificbasin.com" |
|
Subject |
"quotation re-submmision
" |
|
Attachment |
"quotation.pdf.zip" |
|
MD5 |
f6859e7d76d9b97099bddcaef4d176f7 |
|
SHA256 |
3aebb2587f146e7df15f2537b97c4010ee0f21eaa68f7219d3d23247366c55d3 |
|
Family |
Unknown |
(4)
|
Sender
ip |
185.222.58.93 |
|
From |
"Shoei Kisen Kaisha,
Ltd" <ochi.aya@shoei-kisen.com>" |
|
Subject |
"Inquiry: MVTOLEDO TRIUMPH
(revised)" |
|
Attachment |
"INQUIRY-DRAWING.bat.gz" |
|
MD5 |
6488fb9bc8e597f68c5e792ea06977b7 |
|
SHA256 |
394e0c707a2055db6a4b96ff55bcf46328274152f8b09e1e934954a2b70cd8ce |
|
Family |
AveMariaRAT |
(5)
|
Sender
ip |
180.214.238.82 |
|
From |
"jerry<jerry@goldenrock.cn>" |
|
Subject |
"Re: Shipping Advice - ETD 22
APR. 2022" |
|
Attachment |
"SHIPPING
ADVICE#SHELLSEA.zip" |
|
MD5 |
1dd6a25cde677c427823bdbc9f63e365 |
|
SHA256 |
4c9bf38ca90e14651d2498e021d4dec5a9987ef64cd05006e5af6f0ceda0cdbe |
|
Family |
AgentTesla |
(6)
|
Sender
ip |
185.222.57.233 |
|
From |
"fajar@combilogistics.co.id" |
|
Subject |
"PO121879" |
|
Attachment |
"PO121879.r13" |
|
MD5 |
3475d4431afcd9c6262eff9ea2158f0c |
|
SHA256 |
f450126e36db8236a9dc2339c3f87e4e2dc14e2a3a21dda89bf65ef678a50229 |
|
Family |
AgentTesla |
(7)
|
Sender
ip |
185.222.57.240 |
|
From |
"CAPT. ELFATIH M.
IDRIS)" <Elfatih.Idris@walarbab.com>" |
|
Subject |
"RE:SOA-outstandingEUR
106902.50" |
|
Attachment |
"updated
SOA[K9DMVRKF].zip" |
|
MD5 |
4dc4a542a2ff8f30ef5c38c211f57b88 |
|
SHA256 |
b1adfeaca106d8dc9e2498a5d89ccc346c370437cf3a68a74aaf80aa9243867d |
|
Family |
AgentTesla |
(8)
|
Sender
ip |
103.232.55.159 |
|
From |
"moyi@edayun.cn"<moyi@edayun.cn" |
|
Subject |
"Re: Remittance Advice" |
|
Attachment |
"invoice.rar" |
|
MD5 |
03fb969fc042a2a3facb412d14a5b181 |
|
SHA256 |
0781563793d33503140a19bdf4d9f9a0f97a7d538a697746705b86f00fe7c2ea |
|
Family |
AgentTesla |
(9)
|
Sender
ip |
180.214.238.82 |
|
From |
"Dang Thi Thu
Hien<hiendang@panpacific.co.kr>" |
|
Subject |
"RE: [SSC CS] F22 03/09 Buy
Shipping request_04062022" |
|
Attachment |
"CURRENT DEBIT NOTE.zip" |
|
MD5 |
6be9f5760694f751a0f0f5ceaf895bbe |
|
SHA256 |
08978f1d94347f9782d17a2249ee4d416c38c3f060ea0e0c59be4327f73eb3e7 |
|
Family |
AgentTesla |
(10)
|
Sender
ip |
212.192.241.113 |
|
From |
"Friday Robot
<friday.robert@outreachmedialtd.net>" |
|
Subject |
"APRIL PURCHASE ORDER NEW
2022,TREAT AS URGENT" |
|
Attachment |
"APRIL NEW ORDER
2022.gz" |
|
MD5 |
f14295060cd9bc5cd0ddc19f7125c6f7 |
|
SHA256 |
cbc1a87cf822070c64227c1f2b2485692bc75a4ba7d0f141e6d25e9f264336c2 |
|
Family |
AgentTesla |
(11)
|
Sender
ip |
185.222.57.240 |
|
From |
"DGI Undel (DHL)"
<dgi.undel@dhl.com>" |
|
Subject |
"RE; Import Custom Duty
Payment" |
|
Attachment |
"Custom Duty.zip" |
|
MD5 |
40956e934131156991cf96df6fd80092 |
|
SHA256 |
a548be9f8bf199a7b5403e7636a8af3f9c2e063c8288ad05744dff1e8f2158c0 |
|
Family |
AgentTesla |
(12)
|
Sender
ip |
185.222.57.240 |
|
From |
"Japan Marine-Team
C"<salesfive@jmsgroup.jp>" |
|
Subject |
"Request for Quotation of our
Inquiry No. TIM-037/2022e-I003" |
|
Attachment |
"No.
TIM-0372022e-I003.zip" |
|
MD5 |
f12d4656d8f62fef5b8e905d1709fd36 |
|
SHA256 |
14993e0604ce8e0b7948b6abaca355a91af97fbcb528c25bc1e804561cddd327 |
|
Family |
AgentTesla |
(13)
|
Sender
ip |
185.222.57.233 |
|
From |
"Sandhya
<sandhya@alhuraizgroup.ae>" |
|
Subject |
"Re: PO/PROFORMA
INVOICE" |
|
Attachment |
"PO-PROFORMA
INVOICE.r13" |
|
MD5 |
783d9c8e359e74ad4b43aa7f092d3f71 |
|
SHA256 |
6a92304fbafc74aab184e275a37c417e31936d6a63ec620de592478fba06629c |
|
Family |
AgentTesla |
(14)
|
Sender
ip |
199.10.31.237 |
|
From |
"inquiry@finicare.com" |
|
Subject |
"Product Inquiry" |
|
Attachment |
"Product Inquiry.rar" |
|
MD5 |
1810d5330f793e22d81f85e83997033e |
|
SHA256 |
e7e6fa2315fdf9ce0c69d3c3963ca7ca78a0824434521d31bdc5cfb8b5f83586 |
|
Family |
SnakeKeylogger |
(15)
|
Sender
ip |
185.222.57.233 |
|
From |
"Abdul Wahab Ali Hassan Al
Dhahri (GTS Development & MIS) <abdulwahaba@bankmuscat.com>" |
|
Subject |
"RE: [External Mail]DHL Way
Bill & Reference No" |
|
Attachment |
"DHL Way Bill & Reference
No.r13" |
|
MD5 |
f96c2d473aef8bb457e71baa874b2fa2 |
|
SHA256 |
a93407bfd5093a87b2228f11a4532fbd1b687872a0a0392876be12bfbc2fd0b5 |
|
Family |
AgentTesla |
(16)
|
Sender
ip |
162.243.160.76 |
|
From |
"John<joewalker@thekmgroup.co.uk>" |
|
Subject |
"Purchase order for WEC
Group" |
|
Attachment |
"PO 202204TR.lzh" |
|
MD5 |
6b8fc6dfd10cbe08fc93abb917c659e3 |
|
SHA256 |
748d9b1717a39fcf1b335244a11095deb0240d4d02bf3141e57a07cc9f60645e |
|
Family |
AveMariaRAT |
If you wanna learn malware analysis you can check my YouTube channel I'm trying publish analysis of malware and some methods to analysis malwares.
Please don't forgot subscribe my channel Than you ♥
YouTube channel
Comments
Post a Comment