(1)
| Sender ip | 45.137.22.94 |
| From | "Fadi Tahboub <[email protected]>" |
| Subject | Re: Shipmen |
| Attachment | "INV+PACKING LIST.gz" |
| MD5 | 39e343d80ab4d1e666174259ddace5cd |
| SHA256 | e48f98656c4a21311cb99be0dc4066da0ff01bcce271339b60233945b7c8bb09 |
| Family | Formbook |
(2)
| Sender ip | 45.137.22.56 |
| From | "Export department<[email protected]>" |
| Subject | "Shipping documents" |
| Attachment | "shipping document PDF.7z" |
| MD5 | c797fc48467257693a93b67c64ed2dcf |
| SHA256 | 85ce611551377829b136b41ca0e67aaf83a27cd616f39e524dbeb715bada4667 |
| Family | Formbook |
(3)
| Sender ip | 37.49.225.172 |
| From | |
| Subject | "Purchase Order nr 49834" |
| Attachment | "Purchase Orde.pdf.r09" |
| MD5 | c85fe498d24b0a589ecd3fea9fc2a163 |
| SHA256 | 5eb4b586d432be9a5f9e26f10480ccfcb204ab1225b4d5852aae1c66c6ee2211 |
| Family | AgentTesla |
(4)
| Sender ip | 62.36.20.210 |
| From | "Protect.DocuSign" <[email protected]>" |
| Subject | "Please DocuSign. " |
| Attachment | "Documents_1344549788_1549269731.xls" |
| MD5 | b410380eee2661e27e61ee04f278df0a |
| SHA256 | 8cd05deb5574997e63ba125d13fb3fbddbc1cbb41125102a2f6828f0f0e0bdb4 |
| Family | SilentBuilder |
(5)
| Sender ip | 45.143.147.194 |
| From | "Annie Ayala (DHL)<[email protected]>" |
| Subject | "Pre-Alert SEA,S2101467572, HBL# MNLA08005,MNL-PKG, lgpartner.c” |
| Attachment | "HBL# MNLA08005.zip" |
| MD5 | 13e4ebd118104aecc20af5ac544a4593 |
| SHA256 | d32d6337382ae655e091952291c03f13be611b859fe3cfacb18c803e964131e2 |
| Family | Unknown |
(6)
| Sender ip | unknown |
| From | "Ahmed Akram <[email protected]>" |
| Subject | "Re: Updated SOA" |
| Attachment | "SOA.gz" |
| MD5 | 6f376ceb23bf3cd21666a9682367c665 |
| SHA256 | c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
| Family | Formbook |
(7)
| Sender ip | 45.137.22.71 |
| From | "Ahmed Akram <[email protected]>" |
| Subject | "Re: Updated SOA" |
| Attachment | "SOA.gz" |
| MD5 | 6f376ceb23bf3cd21666a9682367c665 |
| SHA256 | c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
| Family | Formbook |
(8)
| Sender ip | 45.137.22.71 |
| From | "Ahmed Akram <[email protected]>" |
| Subject | "Re: Updated SOA" |
| Attachment | "SOA.gz" |
| MD5 | 6f376ceb23bf3cd21666a9682367c665 |
| SHA256 | c6ed1143d4e48845c135afc103cefb1a8a54dc0671cd50014a46842a4f7ef842 |
| Family | Formbook |
Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-2542021.html