Phishing/Scam

Weekly Phishing Email Distribution Cases (June 16th, 2024 – June 22nd, 2024)

  • Jun 28 2024
Weekly Phishing Email Distribution Cases (June 16th, 2024 – June 22nd, 2024)

This post will cover the distribution cases of phishing emails during the week from June 16th, 2024 to June 22th, 2024, and provide the associated information (email subject, attachments, URLs). The cases will be classified into Fake login page (i.e. FakePage) and malware types (i.e. Infostealer, Downloader, Exploit, Backdoor, etc.). The phishing emails covered in the distribution cases will be limited to those that have attachments. The numbers in email subjects and attachment filenames are unique IDs and may vary depending on the email recipient.

 

FakePage

Email subject

Attachment

MD5 (Attachment)
[Sinotrans-DHL] Electronic invoice (Invoice number: 26223657) Electronic-Invoice26223657.shtml 8c5d07b2bbbf847f6d654717470686c2
FedEx import tax payment deadline information – AWB775647250712 AWB775647250712.html a9aba112aeac929bb41b80aa6bd2eb93
Award Winning View Attached YAHOO-AWARD-WINNING-NOTIFICATION-JUNE-2024.doc 3f8235dae55e6626af1609bc125c067f
**********.com EFT Payment Processed on 20th of JUNE **********.com _Payment875687867578.htm 53e2bed418f9533c578cc812f508cdc5
DHL: View your delivery status and track shipment AWB-Ref__310479442.html e2fedc83b4390ad9b6bcb276b816c757
FedEx import tax payment deadline information – AWB775647250712 AWB775647250712.html d41722b6e20be3233e366306c98e3ac4
DHL AWB Arrival Notice #310479442 AirWaybill_Document.shtml 3c1ad84cef053c410837b8e6066f1560
Ihr Tracking-Code ID:773873648 44bf2f8f-32be-11ef-ac2c-44a842253044.html bf8e37e00e0f9126b022ff8bd286601d
Electronic tax invoice (***) -> Accounting firm ***) Read in new window NTS_eTaxInvoice.html 25f64fa6cc809ab026da7b917937304c
Completed: Complete with DocuSign: PROFORMA INVOICE.pdf PROFORMA INVOICE.html ec5943c0a1dc177c527a70187e08a82c
Goods supply contract GAC009376551html d0c0894fb0985b25e1b03ce090a5a593
FedEx – AWB# Arrival Information. Invoice. AWB#84248_pdf.htm e4296d23342fa1caf046627bdade1b05
COMMERCIAL INVOICE, BILL OF LADING, ETC DOC Original BL CI Copies.shtml dae04b1f9f43d0395a2638646043bb5d
Completed: Complete with DocuSign: PROFORMA INVOICE.pdf PROFORMA INVOICE.html d113438135f25ec43e118dddbe3ff8b1

 

Malware (Infostealer, Downloader, etc.)

Email subject

Attachment

MD5 (Attachment)
DHL Express SHIPPING NOTIFICATION Package.zip d2d166e4d9a0721cc6f71fe4ecd723e6
Re: OrderNbr.: 192229 4550002932.lzh ef67e0b6cba9f9b75ebb34c4d97fd51d
URGENT RFQ LIRB QUOTE.exe.img 57b637ca5a8645e76494a2708c5ffcf5
Payment Advice – Advice Ref:[A295z1TViHMc] / ACH credits / CustomerRef:[C0112062024] / Second Party Ref:[] HSBC Payment Advice_ACH credits_06172024.xls 49693b0cd19de51de97fd43fe44acd54
Re:_Confirmación_del_pedido lista de nuevos pedidos.zip 96f2bb5cdce415a4f2d9a5340aa523f3
DHL Shipment Notification: OH-24010030 Arrival Notice.rar 8c77317c671647c8786abf61efc4f12a
Ihr Tracking-Code ID:085835825 0ebb6840-32bf-11ef-983e-44a842253044.html 7b60d0d525b81b3b9def69ec327c5d0c
Our New Purchase Order MTS Purchase Order 4400012679.cab 43cc3cb908ec816d912cbdf73f542e20
RE:_RE:_RE:_RE:_¡UNA_SOLICITUD_DE_FACTURA_PROFORMA_PARA_SU_PAGO_INMEDIATO_DE_HOY!_!!_!!! 20062024.zip d059974d24e26b0e544fb7712716901b
Details of an Urgent June Inquiry New_June_Inquiry_PTIE.zip 1ab0bb7424e10b22ce7e1ce4509da216
FW: PO # 0005TP/2024 4550002902.lzh d866fccd84eb3dbea08a8d9a28051c91
RE: Nuevo orden Nueva lista de pedidos adjunta.zip 7883702935e54b98bc4c4de461ccd977
Legal warning Legal warning.img 7ecb8c36ebdd62d1cf42ee6181b80706
DHL Express SHIPPING NOTIFICATION Package.zip d2d166e4d9a0721cc6f71fe4ecd723e6
Re: OrderNbr.: 192229 4550002932.lzh ef67e0b6cba9f9b75ebb34c4d97fd51d
URGENT RFQ LIRB QUOTE.exe.img 57b637ca5a8645e76494a2708c5ffcf5
Payment Advice – Advice Ref:[A295z1TViHMc] / ACH credits / CustomerRef:[C0112062024] / Second Party Ref:[] HSBC Payment Advice_ACH credits_06172024.xls 49693b0cd19de51de97fd43fe44acd54
Re:_Confirmación_del_pedido lista de nuevos pedidos.zip 96f2bb5cdce415a4f2d9a5340aa523f3
DHL Shipment Notification: OH-24010030 Arrival Notice.rar 8c77317c671647c8786abf61efc4f12a
Ihr Tracking-Code ID:085835825 0ebb6840-32bf-11ef-983e-44a842253044.html 7b60d0d525b81b3b9def69ec327c5d0c
Our New Purchase Order MTS Purchase Order 4400012679.cab 43cc3cb908ec816d912cbdf73f542e20

 

FakePage C2 URL

 

hxxps://nocodeform[.]io/f/664647f6d6fccf1037154aa5
hxxps://app[.]form2chat[.]io/f/1cbb2c31
hxxps://smartforms[.]dev/submit/6666f1195df1517d48d8f346
hxxps://fastomod[.]sa[.]com/aer/dhl
hxxps://fastomod[.]sa[.]com/dsert/dhl
hxxps://araucariapeche[.]com/loginx[.]php
hxxps://airtekincheatingandcooling[.]com/abasel/docusign[.]php
hxxps://app[.]form2chat[.]io/f/8c0d4f6
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
hxxps://smartforms[.]dev/submit/666f80c45df1517d48d901a9

MD5

02139e7772c3a7dc0655677201b3b075
0681b19e23c8a63249fe77b6c071c042
1ab0bb7424e10b22ce7e1ce4509da216
25f64fa6cc809ab026da7b917937304c
2b1b90fff92ae9681d2c9201d829afe1
URL

https[:]//airtekincheatingandcooling[.]com/abasel/docusign[.]php
https[:]//app[.]form2chat[.]io/f/1cbb2c31
https[:]//app[.]form2chat[.]io/f/8c0d4f6
https[:]//araucariapeche[.]com/loginx[.]php
https[:]//data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
Previous Post

Next Post