Phishing Attacks 26_4_2021

 



(1)

Sender ip

45.137.22.56

From

"Mike Yang<[email protected]>"

Subject

"fwd: Re: outstanding invoices"

Attachment

"outstanding invoices pdf.7z"

MD5

07b4a4b24f0cfad258497c689a8a93fe

SHA256

0505d6f20405f635068b46f0adc82e65ea574da428e4b8fd256c64a9ecf237fe

Family

Formbook

 


(2)

Sender ip

185.222.57.157

From

"[email protected]"

Subject

"RE: Invoice & Packing list for Approval (20-21/197)"

Attachment

"Invoice & Packing.r00"

MD5

21a70f72f2295a0485d7e0a5c8ada771

SHA256

cf65bb00d5f1fc805c74ccaa290027265bc293b07cfd58717948739fe7200dba

Family

AgentTesla

 

(3)

 

Sender ip

185.222.57.162

From

"Supriya M Rao<[email protected]>"

Subject

"PO#5300008762. NEEDED URGENTLY"

Attachment

"PO#5300008762.zip"

MD5

232fa3693aad6d87354244a9898b1059

SHA256

229abf4d35db6de67ef6dbf60b79dc0f07f1e25a0b957ed5b7f26b17f16f82f4

Family

AgentTesla

 


(4)

 

Sender ip

103.89.91.93

From

"DHL Express Inc<[email protected]>"

Subject

"DHL NOTICE OF ARRIVAL Reff:O/59548/178980"

Attachment

"DHL Receipt_pdf.gz"

MD5

7b094e768f6fa1a49b5c5004636d6759

SHA256

f99d20b93c7da8516997054bd7888d2584e69a9d6ca569a721d740a3e1a0a678

Family

Loki

 


(5)

Sender ip

45.137.22.71

From

"Probona Info <[email protected]>"

Subject

"New Order"

Attachment

"confirm this order and sign PI.gz"

MD5

299e8942daf3479234843c5327676e5e

SHA256

bc429aca6dcf6a9b2315f7cdf4465ceb8a4f5ded220c7c6ef2c6781d5d5dafc4

Family

Formbook

 

(6)

Sender ip

45.137.22.71

From

"Sanjoy Das Chowdhury <[email protected]>"

Subject

"HSBC 6265( Box) - Payment proof"

Attachment

"HKHSBC1D23297029-T01 Payment proof.7z"

MD5

79eefcf4ce0ca0922e31005393d9b15d

SHA256

641c83fb32cfb7415be602df2b934059f88b340a956efcc95cbd74f9e76dfb33

Family

SnakeKeylogger


(6)

Sender ip

45.137.22.57

From

"[email protected]"

Subject

"Amended Purchhase Order Follow Up"

Attachment

"Amended Purchhase Order Follow Up.zip"

MD5

5e7b7e99854ec413703f910f53b82432

SHA256

6a699c86232d7e3a6173aed0357555ecd214ec1cea38884bc81289ce0610d6b9

Family

AgentTesla


(7)

Sender ip

185.222.58.156

From

"Sales <[email protected]>"

Subject

"RE: ENQUIRY NOVA/1181/04/26/JJ RFQ"

Attachment

"ENQUIRY-NOVA11810426JJ-RFQ.r00"

MD5

407a815448b1b8e42753d74c02aa09eb

SHA256

f5ec1341d631452ee16446197912ed2845475a2b6b902466a74ed544dd5a9be7

Family

SnakeKeylogger


(8)

Sender ip

165.227.239.191

From

"MAERSK LINE" <[email protected]>"

Subject

"Maersk Booking Confirmation and Telex release"

Attachment

"Booking Confirmation.gz"

MD5

a3b9bdb7305ef28e933533bd6b87d8bf

SHA256

682dda0201be9106ffab1fc5c99adce763099cf29af848ccba7ac86971cbf1e3

Family

Loki


(9)

Sender ip

185.222.57.216

From

"[email protected]"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(10)

Sender ip

185.222.57.216

From

"[email protected]"

Subject

"PAYMENT ADVICE FOR OUTSTANDING SOA,"

Attachment

"payment advice 0264.rar"

MD5

c2edb5f467db0ac0bf4b40307e36e066

SHA256

8deaa8789f9392ce4fbab6cfbb6598d5c4cd075012b396827103b00958490c9a

Family

AgentTesla


(11)

Sender ip

138.128.160.2

From

Charlotte Elijah <[email protected]>

Subject

PROFORMA INVOICE#4902

Attachment

PROFORMA INVOICE#4902.pdf.zip

MD5

36a821d735296e196510d4372f4bad72

SHA256

f3bed53b374e76a80c611fed1383fda4a6c5eea0ede45cf6391bf2aa6cde9c37

Family

Unknown



Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-2642021.html