(1)
| Sender ip | 185.222.57.157 |
| From | |
| Subject | "RE: bank details" |
| Attachment | "invoice.r00" |
| MD5 | 694146ebade22848a1fe843e4eb31c89 |
| SHA256 | 022a5fc68d11d26683f80764a574fcee93eff48f535cbe24ec1e391dc5a0f6c2 |
| Family | AgentTesla |
(2)
| Sender ip | 37.49.225.172 |
| From | |
| Subject | "Inquiry for Tile" |
| Attachment | "quotation list.zip" |
| MD5 | 0600b806027180acb0be2e1472927b65 |
| SHA256 | ad85e7e53c80c6603c55485f3e08c5ffe783de8c9fd2fbd5c6437c8c7333c19b |
| Family | AgentTesla |
(3)
| Sender ip | 185.121.120.135 |
| From | "=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <[email protected]>" |
| Subject | "RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##" |
| Attachment | "FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz" |
| MD5 | 5568c7156240d414a774d0b2c32b4b31 |
| SHA256 | 8050cdb57cf3d39abc295033fe7764033b2a75ed3ced9684f83b09a8cea96ab3 |
| Family | AgentTesla |
(4)
| Sender ip | 45.143.147.194 |
| From | "Jenny Zang <[email protected]>" |
| Subject | "Re: Copy of the Invoice 02/2021" |
| Attachment | "Copy of the Invoice 022021.pdf.zip" |
| MD5 | 323b85a635bcf4bea3736799390cd9ec |
| SHA256 | 05f3ab67f2a2976dd6c879669977569190c44613959d37ad60e576f7ad34525c |
| Family | AgentTesla |
(5)
| Sender ip | 45.143.147.194 |
| From | "Jenny Zang <[email protected]>" |
| Subject | "Re: Copy of the Invoice 02/2021" |
| Attachment | "Copy of the Invoice 022021.pdf.rar" |
| MD5 | 778490a475d48f5ad510c03e027244b3 |
| SHA256 | e2b2a24e169ca0494983da86a23bae5724d115e03fdc31fe84af6cb0222f52d9 |
| Family | AgentTesla |
(6)
| Sender ip | 103.99.1.147 |
| From | "=?UTF-8?B?Iuimg+WGsOWGsCI=?= <[email protected]>" |
| Subject | "=?UTF-8?B?UkXkuK3muK/orqLovaY0LzMwIOW3tOilvzYxTTLlkozlt7Topb82MUsy5ou86L2mIChDYXJwb29saW5nIGluIENoaW5hIGFuZCBIb25nIEtvbmcgNC8zMCBCcmF6aWwgNjFNMiBhbmQgQnJhemlsIDYxSzIgQ2FycG9vbCk=?=" |
| Attachment | "第1车 (15:00) 4.30巴西61K2和巴西61M2拼车中港订车.xls.rar" |
| MD5 | 6bfa2a7892b9a6678ac6e57b390b7c46 |
| SHA256 | ac2920d92671cc53fb3264b2366932bc826bdbfe91b811376e3a9215571be340 |
| Family | AgentTesla |
(7)
| Sender ip | 159.65.165.216 |
| From | "RAVINDRA.G <[email protected]>" |
| Subject | "RE: URGENT REQUEST FOR QUOTATION" |
| Attachment | "IMG_103_65_070501.R01" |
| MD5 | 8a4170e9c0af3494d6001420174abef3 |
| SHA256 | d1131005b486989f2ab79910b9f98ce93cd661df498690e0dec257fc53fee9e5 |
| Family | Loki |
(8)
| Sender ip | 159.89.149.33 |
| From | |
| Subject | "RE:RE:RE: Cash_receipt IP77108 29_04_21" |
| Attachment | "Cash_receipt IP77108 29_04_21.r00" |
| MD5 | 1f69c0238555c4eebf0b0bb1db28c67c |
| SHA256 | 34a3973cf82398eeae686354462ac51831d68601e75058dbd19e65cb3d8b5083 |
| Family | AgentTesla |
(9)
| Sender ip | 45.137.22.89 |
| From | "Batbileg Jarantai" <[email protected]>" |
| Subject | "Fw: SWIFT Payment 20201102 - TC -ref:00D208FT" |
| Attachment | "SWIFT Payment 20201229 - TC -ref00D208FT.pif.zip" |
| MD5 | e7b4a29217bfaa3093e818da3c562516 |
| SHA256 | 8b3474d5fdf9c464167e26a88e9a25988fa784998126a17b654099990c463fb0 |
| Family | AgentTesla |
(10)
| Sender ip | 185.121.120.135 |
| From | "=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <[email protected]>" |
| Subject | "RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##" |
| Attachment | "FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz" |
| MD5 | 20a0c9a3206e37f988f7cbbeea3ce379 |
| SHA256 | 97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f |
| Family | AgentTesla |
(11)
| Sender ip | 103.138.109.241 |
| From | "GARY Lui <[email protected]>" |
| Subject | "RE: URGENT CUSTOMER REQUEST" |
| Attachment | "customer request.zip" |
| MD5 | f2e2a5e7b6c40099a2273b82d91f16f0 |
| SHA256 | 21119701ccacb20e0c3699fb891f270c52a83620e571b866d6faaed50ebb08ad |
| Family | AgentTesla |
(12)
| Sender ip | 45.143.147.194 |
| From | "Hamza Yildirim <[email protected]>" |
| Subject | "RE: Fattura proforma-700004616 Proforma Invoice-700004616" |
| Attachment | "attachments.zip" |
| MD5 | c69b8e1ed7ae8fcf57764ec0f425c74f |
| SHA256 | 120107376a7e45f33b145bd467e32fb2dfdc8153f8b98709e172214b22fac949 |
| Family | AgentTesla |
(13)
| Sender ip | 45.137.22.36 |
| From | |
| Subject | "RE:Payment Status" |
| Attachment | "deposit payment.7z" |
| MD5 | 08338b49e2287e549e346962c66db97f |
| SHA256 | ce853ffcdf19be7ce79c98ac13679764072cbe84a59e9c33bcee8d66bc1e810b |
| Family | NanoCore |
(14)
| Sender ip | 103.133.105.111 |
| From | "Christin Hsu <[email protected]>" |
| Subject | "REQUEST FOR QUOTATION 1307-RFQ" |
| Attachment | "REQUEST FOR QUOTATION 1307-RFQ.pdf.gz" |
| MD5 | 82b6af8a9779e01450949f603eafc03b |
| SHA256 | 1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356 |
| Family | Formbook |
(15)
| Sender ip | 103.133.105.111 |
| From | "Christin Hsu <[email protected]>" |
| Subject | "REQUEST FOR QUOTATION 1307-RFQ" |
| Attachment | "REQUEST FOR QUOTATION 1307-RFQ.pdf.gz" |
| MD5 | 82b6af8a9779e01450949f603eafc03b |
| SHA256 | 1b873b89dd469c897d041d0c7f7337f49d30eac1d4f4cda4dd0906e582b3b356 |
| Family | Formbook |
(16)
| Sender ip | 203.159.80.162 |
| From | "Mohammed Hanif <[email protected]>" |
| Subject | "(NGCP) Pipeline PROJECT - TA-725638 - DK-RH-HRDH - HEADER PLATFORM TYPE 1-16-47M_MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION" |
| Attachment | "NGCP Pipeline PROJECT TA 725638 DK RH HRDH HEADER PLATFORM TYPE 1 16 47M MARKING & FABRICATION DRAWINGS WITH FULL PACKAGE FOR CONSTRUCTION.zip" |
| MD5 | 451e1961c98b3de200fdcbea973e581f |
| SHA256 | ce02df6efd44cd96e96967e5ea71101f5590ec377bc87d916cff96824ad5e571 |
| Family | Unknown |
(17)
| Sender ip | 138.68.55.226 |
| From | "=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <[email protected]>" |
| Subject | "DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc" |
| Attachment | "DHL CONSIGNMENT NOTIFICATION_pdf.rar" |
| MD5 | ba175623e54c56e6c667c8fae0a967bd |
| SHA256 | 37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2 |
| Family | SnakeKeylogger |
(18)
| Sender ip | 138.68.55.226 |
| From | "=?UTF-8?B?REhMIEV4cHJlc3MgSU5Dwq4=?= <[email protected]>" |
| Subject | "DHL CONSIGNMENT NOTIFICATION: AWB 9899691012 Clearance Doc" |
| Attachment | "DHL CONSIGNMENT NOTIFICATION_pdf.rar" |
| MD5 | ba175623e54c56e6c667c8fae0a967bd |
| SHA256 | 37c8bc8de3743599e1cfffc1af1a253fbb23712e17d6f27f0596b0be707699c2 |
| Family | SnakeKeylogger |
Article Link: https://menshaway.blogspot.com/2021/04/phishing-attacks-3042021.html