(1)
| Sender ip | 103.133.105.111 |
| From | "Jon Crofts <[email protected]>" |
| Subject | "NEW ENQUIRY/RFQ: ALUMINIUM DOOR CLOSER (120421PR1)" |
| Attachment | "NEW ENQUIRYRFQ ALUMINIUM DOOR CLOSER (120421PR1).pdf.zip" |
| MD5 | d84244993a95e56ac988080fac8305ec |
| SHA256 | 3966c11050646120a2c30e1f3bd7db0d8f0cb38ba8f586b1d8656d46a2b30b09 |
| Family | AgentTesla |
(2)
| Sender ip | 45.126.132.42 |
| From | "Lucio USVARDI Area Manager <[email protected]>" |
| Subject | "RE:Fw: C.O.A of Materials Placebo" |
| Attachment | "C.O.A of Materials Placebo.PDF.gz" |
| MD5 | d009073229a4241314aee30ec3a65001 |
| SHA256 | bebaf132c73e03c11cd32a3551abf02369edd8ee465e36701331502717340a66 |
| Family | Loki |
(3)
| Sender ip | 66.154.111.122 |
| From | |
| Subject | "Quotation Request - PR No : PR0078966" |
| Attachment | "QUO-131.zip" |
| MD5 | 92f35e58db10d6aa177527e27e2734d8 |
| SHA256 | d22b3e746e42bfada3fe6b73b03d5e2443caf1a9090120ac9385e49bb72297c2 |
| Family | AgentTesla |
(4)
| Sender ip | 92.204.132.28 |
| From | "Edwin Fernandes <[email protected]>" |
| Subject | "Fw: Revise Quotation.." |
| Attachment | "REVISE QUOTATION 21.04.2021.pdf (113K).rar" |
| MD5 | 6b989d90c73fa32a2cbeb1b051644d4c |
| SHA256 | 3638135eb0f487e5b5b003d1f090554b0f6fe96ac90da04a1ff683156b164bd7 |
| Family | AgentTesla |
(5)
| Sender ip | 195.140.213.112 |
| From | "SALES" <[email protected]>" |
| Subject | "Top Urgent" |
| Attachment | "IMG_001 IMG_SCAN.JPG.iso" |
| MD5 | 0d2ecb25207eff31ec77d7e6f075ec0e |
| SHA256 | 3f7e3dd0a5d0ae1fd5e216b360ed459a0304251378cb3818353495b50fef5094 |
| Family | AgentTesla |
(6)
| Sender ip | 185.222.57.227 |
| From | "Jackson Li <sales <[email protected]>>" |
| Subject | "=?UTF-8?B?Q2FibGV0ZWNoIOaMieWPkei0p+aXpeacnyAyMDIxMDQxMA==?=" |
| Attachment | "CONTRACT AGREEMENT_PDF.gz" |
| MD5 | 37f5814b503eef70598272cb87c7d5f9 |
| SHA256 | 6b900a5501a9c5da08a1b8f879fc05ba4753f03374278673e85990ad0678f097 |
| Family | Formbook |
(7)
| Sender ip | 62.113.202.77 |
| From | |
| Subject | "First Deposit Payment" |
| Attachment | "First Deposit Payment pdf.7z" |
| MD5 | 92a636d278c4d158e558c49a59274188 |
| SHA256 | b0a271b752b19e04e073e63c8927358e15a4a314035cd32a1524e3abcc53a082 |
| Family | Unknown |
(8)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "FW: 100,000 MT / New Order" |
| Attachment | "PROFILE SULFERT 2021_pdf.rar" |
| MD5 | eaab9ac59fb0a7631ed6260f0be91bdf |
| SHA256 | f73fd03534d33ba3fae1a599de9cae587a34fe060457fdab954e79a0ab2f52ff |
| Family | AgentTesla |
(9)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "FW: 100,000 MT / New Order" |
| Attachment | "SPECS SULFERT 2021_pdf.gz" |
| MD5 | d7e9f85b97417e101ebf465be8b13980 |
| SHA256 | 7a4d26da454cc9824a18163b646184d0f4389e0be9d54fe7b7c2014720983243 |
| Family | AgentTesla |
(10)
| Sender ip | 45.137.22.133 |
| From | "Pavan Vairagi <[email protected]>" |
| Subject | "FW: PURCHASE ORDER" |
| Attachment | "PO-20210420.zip" |
| MD5 | 609d38c0908dd52b9a518ced1c75dd5c |
| SHA256 | 3a16d9865825143e0057c45f70a11f80461f200314a70108a48ab9b683d58a92 |
| Family | SnakeKeylogger |
(11)
| Sender ip | 103.133.105.111 |
| From | "Marvin Feig <[email protected]>" |
| Subject | "solar panel poly 150wt -" |
| Attachment | "solar panel poly 150wt .pdf.ace" |
| MD5 | 2a0f779aa58b9d4d1d45afaa7a622a92 |
| SHA256 | 309f12d31a2d8b4bf96dc06a8f24de554f5b8f215142bff8d4515168379a07d2 |
| Family | Unknown |
(12)
| Sender ip | 103.133.105.111 |
| From | "Peter Fu <[email protected]>" |
| Subject | "ALuminum COIL FOR ROOFING" |
| Attachment | "Quotation Sheet_Alloy 3003 H24 Coils.pdf.gz" |
| MD5 | 82e46548a114eb13882c42e5d09bf8a3 |
| SHA256 | 5827f03812579d03fbad772d4eed718a22261845ba8545f29121d685b5b17e0c |
| Family | Unknown |
(13)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "TT Copy for Invoices" |
| Attachment | "TT Copy 042121_pdf.rar" |
| MD5 | e6264c1c8eb6ddc57844fdbeb5aee075 |
| SHA256 | 6bcc69eb5c764b973bfb388c1342797592cace15893300327e96cf6db9af4bed |
| Family | AgentTesla |
(14)
| Sender ip | 199.10.31.238 |
| From | "Dilara AYGUN<[email protected]>" |
| Subject | "RE:Quotation 301086" |
| Attachment | "Quotation 301086.gz" |
| MD5 | 1cb6b382ecf9e5a7e73ef765afa403ab |
| SHA256 | c53f78a0aba8697e91d16c70d04d7e11e6d92db7a780a14d4a945aca1a2f85e8 |
| Family | AgentTesla |
(15)
| Sender ip | 185.222.58.156 |
| From | "T. HALK BANKASI A.S." <[email protected]>" |
| Subject | "T.HALK BANKASI A.S. 22.04.2021 Hesap Ekstresi" |
| Attachment | "Halkbank,pdf.7z" |
| MD5 | 283f56b2202aff5f76755895d231afb2 |
| SHA256 | a04e7268712f8d0b4b75e58ef1a60b4a3bc3fe4c06780a5df6b8207d2237a6cb |
| Family | SnakeKeylogger |
(15)
| Sender ip | 185.222.57.90 |
| From | |
| Subject | "GS_ PO NO.186/2021" |
| Attachment | "GS_ PO NO.1862021.zip" |
| MD5 | 1eadad01709a0294e51f5b64462059fc |
| SHA256 | 399a8f899ba8d8ef02ecfd588fcbe4c0e85d59d8a51bb3127dc3e5fc451d278b |
| Family | AgentTesla |
(16)
| Sender ip | 195.140.213.112 |
| From | "Accounts" <[email protected]>" |
| Subject | "Payment" |
| Attachment | "SWIFT COPY OF PAYMENT MT103.IMG.zip" |
| MD5 | a55afd6e585084cd5c35e32b2b489773 |
| SHA256 | 11c6387d2869e52d861cb081815414553074c4f7bc0a1b874c62e7519e6deb07 |
| Family | SnakeKeylogger |
(17)
| Sender ip | 185.222.57.157 |
| From | |
| Subject | "RE: BALANCE TRANSFER SWIFT COPY.." |
| Attachment | "SWIFT COPY..r00" |
| MD5 | 98871cc928cc252d84a5d639a0045910 |
| SHA256 | d8cd6b1f85451943300fa7f62c715b4abd03ee80286032ab3301e5e0b9910753 |
| Family | AgentTesla |
(18)
| Sender ip | 185.222.57.162 |
| From | "Supriya M Rao<[email protected]>" |
| Subject | "PO#5300008762. NEEDED URGENTLY" |
| Attachment | "PO#5300008762.zip" |
| MD5 | b879907f82b37e4018bd4153e0815dd6 |
| SHA256 | e8629b7e780aa86a7e337c9227b03b50eb35de4b0e425ef65d14c8cdf930888d |
| Family | AgentTesla |
(19)
| Sender ip | 103.133.105.111 |
| From | "Trikora Ibnu <[email protected]>" |
| Subject | "RE:NEW ORDER INQUIRY_B3003H24" |
| Attachment | "NEW ORDER INQUIRY_B3003H24 .pdf.gz" |
| MD5 | 659a98070ab17f593972e5dc7935f89d |
| SHA256 | d6eb294a8b844315cca29121d513bdabd61c0d435985da372aa648eabeaeeb28 |
| Family | Unknown |
(20)
| Sender ip | 185.222.57.90 |
| From | |
| Subject | "Fwd: GS_ PO NO.186/" |
| Attachment | "GS_ PO NO.186.zip" |
| MD5 | f376efc82aa255d4386aa5a075caca1d |
| SHA256 | 5c15e5ea3fcf134533d9bb93f5151a3cdff568c10a5d0d8422a947774f1882ff |
| Family | AgentTesla |
(21)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "FW: 100,000 MT / New Order" |
| Attachment | "PROFILE SULFERT 2021_pdf.rar" |
| MD5 | 530985a290a1bc57e9f0ae2b14a165b1 |
| SHA256 | 11fb443dac1bf246e4fc62ae592ebee7ddac2fa669f1e2d1fb5a7a225a1b6072 |
| Family | Unknown |
(22)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "FW: 100,000 MT / New Order" |
| Attachment | "SPECIFICATIONS SULFERT 2021_pdf.gz" |
| MD5 | cefc42320a29734bb40ab7d5c818b920 |
| SHA256 | 4b52a85f4341b3dc98a940b4612f765fefab009915845fb9d72ee756091a0442 |
| Family | AgentTesla |
(23)
| Sender ip | 134.119.177.15 |
| From | "SALES <[email protected]>" |
| Subject | “PRODUCT INQURIES /invoice .P.O" |
| Attachment | "purchase of new order ,PO.rar" |
| MD5 | 9accad1e5b0cfe201bc7107a7d0139d4 |
| SHA256 | 99d31be3d16970d6e399c8b9aee32f90221c6354cd2f18ab79ecaf02c4e50b17 |
| Family | AgentTesla |
(24)
| Sender ip | 199.10.31.238 |
| From | |
| Subject | "TT Copy for Invoices" |
| Attachment | "TT copy 220421_pdf.rar" |
| MD5 | e4d9aa046633fa53cd5c287ff5c0784d |
| SHA256 | 8f9da06b2e19a4bb10cde882ee9da87993ecea391a06bf055348525ea11a668c |
| Family | Unknown |
(25)
| Sender ip | 45.85.90.228 |
| From | |
| Subject | RFQ |
| Attachment | "Invitation from -Hunt Oil Middle East-.pdf (433K).rar" |
| MD5 | ea52d23c1fcf0f471f4fed84dea046d6 |
| SHA256 | 2daa0975e061cb55724ea804ed29c819da5d133bae9bb6a82e2cf2def4d9ad05 |
| Family | Formbook |
(26)
| Sender ip | 51.195.135.77 |
| From | "Jenifer" <[email protected]>" |
| Subject | Invoice |
| Attachment | Invoice.zip |
| MD5 | 4cc2f5a585feb6909c7064c39dac4025 |
| SHA256 | 0d67090a6357de558de01fe6319da800a7133d82ce995bcb338a173b4064b587 |
| Family | AgentTesla |
(27)
| Sender ip | 185.222.57.88 |
| From | "=?UTF-8?B?ICJKb3NlcGhpbmV7RGFuY28gQ2FwaXRhbMKgTHRkfSAi?= <[email protected]>" |
| Subject | "RE: STATEMENT OF ACCOUNT" |
| Attachment | "statement�of�account�as at 31.03.2021-8948030038889393.exe.gz" |
| MD5 | 4465ebdd46d195f48ce479aa28b62773 |
| SHA256 | 5031d522eaaf840d063fb7403845181e9cd47e941be7b59b3e72d22e2e6f840a |
| Family | AgentTesla |
(28)
| Sender ip | 185.222.57.88 |
| From | "=?UTF-8?B?ICJKb3NlcGhpbmV7RGFuY28gQ2FwaXRhbMKgTHRkfSAi?= <[email protected]>" |
| Subject | "RE: STATEMENT OF ACCOUNT" |
| Attachment | "statement�of�account�as at 31.03.2021-8948030038889393.exe.gz" |
| MD5 | 4465ebdd46d195f48ce479aa28b62773 |
| SHA256 | 5031d522eaaf840d063fb7403845181e9cd47e941be7b59b3e72d22e2e6f840a |
| Family | AgentTesla |
Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-2242021.html