If you wanna learn how to detect phishing emails only by your eye , you can check my udemy course here 
.
(1)
| Sender ip | 103.156.91.251 |
| From | "Kit Leung" <[email protected]>" |
| Subject | "RE: PO88224 || NEW ORDER" |
| Attachment | "NEW ORDER_PO88224.PDF.iso" |
| MD5 | 8d62f8617a036d204233bbb5ecea97c9 |
| SHA256 | d31545790be2903d071f2355c74a10a0f250c7dd5f43dd48042cff8579f40a43 |
| Family | Formbook |
(2)
| Sender ip | 37.0.8.112 |
| From | "USPS Delivery <[email protected]>" |
| Subject | "IMPORTANT: Check Your Parcel Details" |
| Attachment | "echouver_137193_pdf.img" |
| MD5 | c85dcdadec4d2c529665fb11e6a9758f |
| SHA256 | dc3b2ac66e1be02a8c008c02f756130e18387ecafd869c4275aff3b9f57fbb3a |
| Family | NanoCore |
(3)
| Sender ip | 103.147.184.40 |
| From | "Ms. Cheng Sy"<[email protected]>" |
| Subject | "=?UTF-8?B?RndkOlJlOiBBdzogU2hpcHBpbmcgRG9jdW1lbnRzIOKAkyBDSSArIFBMICsgQkw=?=" |
| Attachment | "INV, BL, PL.gz" |
| MD5 | fae5f01e6ddc6f1d2a1315c0a02b23a6 |
| SHA256 | 3dcba4003b2b226a2c7bfe52b7f88ea6e65f903b77e7a34a6936884ec7526b76 |
| Family | AgentTesla |
(4)
| Sender ip | 185.222.58.155 |
| From | "Export <[email protected]>" |
| Subject | "TAX INVOICES & LPOs" |
| Attachment | "doc0490192021092110294.lzh" |
| MD5 | 08ce80d4380f4145d01cf821d7fce034 |
| SHA256 | aa2959d2c85e38ff431701c308fdc8cd71f173bfa9aaa5f02a2fb89c1782d299 |
| Family | Formbook |
(5)
| Sender ip | 103.133.108.70 |
| From | "Joshy <[email protected]>" |
| Subject | "RE: Statement Of Account (SOA)" |
| Attachment | "attached SOA & some Invoices.r00" |
| MD5 | f6d10c2eeb2936aa864e337cab27300a |
| SHA256 | e6c444630af01c1a8e70c3ee2146f0fab5a1f71c9ea9093e36efe11cd242cc5c |
| Family | AZORult |
(6)
| Sender ip | 45.137.22.147 |
| From | |
| Subject | "=?UTF-8?B?TnVldmEgY290aXphY2nDs24=?=" |
| Attachment | "cotizaci�n.XL.img" |
| MD5 | 436083b2d3252397e92d70983bb0564c |
| SHA256 | ea169dec26d15dd27078e94d3cba37f67109cbbf095913335317499091ea50dc |
| Family | AgentTesla |
(7)
| Sender ip | 103.156.91.251 |
| From | "Kit Leung" <[email protected]>" |
| Subject | "RE: PO88224 || NEW ORDER" |
| Attachment | "NEW ORDER RE PO88224.PDF.iso" |
| MD5 | 01b2a64fff1fe10a32ec06541181f48f |
| SHA256 | 8eac1ee2c601de814b716a91238a115f7294ed39fa0c0bf69eeb318ac9792284 |
| Family | Formbook |
(8)
| Sender ip | 103.156.91.251 |
| From | "Arshad" <[email protected]>" |
| Subject | "RE: REF:-1260 REQUIRED & Requesting for PI - 2021" |
| Attachment | "Order confirmation 49506.PDF.iso" |
| MD5 | de0448c16540c8ec55e6af25078fbac8 |
| SHA256 | 51cfb97e6e1e19e8a0c068bd0d3ef9710777718cb9048944cccdebdc4bd3f951 |
| Family | Formbook |
(9)
| Sender ip | 185.222.58.156 |
| From | "Vanessa Dennis"<[email protected]>" |
| Subject | "Re: Proforma Invoice-Bank Advice (PAID) Attached: " |
| Attachment | "Proforma Invoice-Bank Advice (PAID) Attached.pdf.rar" |
| MD5 | 4a0e5efd23cc47d7c2b53dc9ae6b95c9 |
| SHA256 | f7ced259f64ff64f1f2a111286b7206c421e98b2f50e3b324e32991df92e9f59 |
| Family | AveMariaRAT |
(10)
| Sender ip | 45.137.22.147 |
| From | |
| Subject | "Re: INVOICE" |
| Attachment | "Swift Copy.gz.rar" |
| MD5 | 806576390176182de9fac13350b43974 |
| SHA256 | 2d239d3dcee1292de9e996b855d3cb5804aa30772517ad4f34128b2ad91d2add |
| Family | AgentTesla |
(11)
| Sender ip | 92.52.218.17 |
| From | "Zhang Kevin <[email protected]>" |
| Subject | "REQUEST FOR QUOTATION: P.O-20210923120155HT" |
| Attachment | "P.O-20210923120155HT.r00" |
| MD5 | 73ff17672acbfed752fcaa77c5f1af30 |
| SHA256 | 161e0447660dd2b1b8700c64296ab1e8b93233696d16727130a8adee840ac5c5 |
| Family | AsyncRAT |
(12)
| Sender ip | 137.184.82.88 |
| From | "DHL EXPRESS <[email protected]>" |
| Subject | "Consignment Notification: You Have A Package With Us" |
| Attachment | "Consignment Documents.rar" |
| MD5 | 2e948d075d0cb9ca1edc83e8689ebcdb |
| SHA256 | d19280c63a2fe2b2b50cd19faf6e467f6471589f200d0dab811b612a5183ca97 |
| Family | AsyncRAT |
(13)
| Sender ip | 185.222.57.168 |
| From | |
| Subject | "RE: Purchase order REF No.3279/55768" |
| Attachment | "Purchase order.r00" |
| MD5 | e73137ed52fc5e2d83cf123fa6f41e90 |
| SHA256 | d91bf3739ac8b30d679de6454cc8ad8f2027c28095cb575ced9e043454996ee4 |
| Family | AgentTesla |
(14)
| Sender ip | 142.4.219.33 |
| From | |
| Subject | "=?UTF-8?Q?=C3=9Cberpr=C3=BCfen_Sie_die_Bilder_der_Produktmuster?=" |
| Attachment | "Produktmuster bestellen pdf.exe.xz" |
| MD5 | 605ace59653713e15a265663fa353f8d |
| SHA256 | bb563dd32da362223391bcab4ce944176a91743e3d686284b46c7166feffc9c0 |
| Family | Formbook |
(15)
| Sender ip | 45.137.22.156 |
| From | "Fu Xidong<[email protected]>" |
| Subject | "RE: B/L copy, Commercial Invoice" |
| Attachment | "SHIPPING DOCUMENTS.zip" |
| MD5 | 03b447c0f7fa31ec4017b0abf1a05976 |
| SHA256 | db7eabb647cc05f9e3810a954d2596f1383e371d07564c8055228c3e94146049 |
| Family | AgentTesla |
(16)
| Sender ip | 68.183.177.17 |
| From | |
| Subject | "D&D Invoice(s)" |
| Attachment | "DD_INV_180401_2.IMG" |
| MD5 | 1826ddaec3fcc9896cf7fa8606899f7e |
| SHA256 | 6318c1ba8c8740dc49268c841bdec61ca5747582b94089b9fbfebe499abfea7e |
| Family | AgentTesla |
Article Link: Phishing Attacks 25_9_2021