Weekly Phishing Email Distribution Cases (June 9th, 2024 – June 15th, 2024)
This post will cover the distribution cases of phishing emails during the week from June 9th, 2024 to June 15th, 2024, and provide the associated information (email subject, attachments, URLs). The cases will be classified into Fake login page (i.e. FakePage) and malware types (i.e. Infostealer, Downloader, Exploit, Backdoor, etc.). The phishing emails covered in the distribution cases will be limited to those that have attachments. The numbers in email subjects and attachment filenames are unique IDs and may vary depending on the email recipient.
FakePage
|
Email subject |
Attachment |
MD5 (Attachment) |
| Fwd:_[Guide]_Network_Equipment_Critical_Security_Vulnerability_Measures (CVE-2019-1619,_1620,_1621,_1878) | Network_equipment_vulnerability_measure_guide.doc | 4c0ed105e17c13a38e829ad340bd966d |
| Pending DHL Shipment Notification REF: 10/6/2024 | DHL Package.zip | 057849d89c720ddae62b9006fd7587f9 |
| [Maersk ] OFFER | MSK872314.IMG | 6725c5c048c8b02b7ac81cf1eda3ceac |
| SPARE PARTS provision | SPARE PARTS LIST.pdf.arj | 993ecc7376ab88c318a7dffd72a7f864 |
| Final Warning – Over Due Payment – Urgent Reminder!Final Warning – Over Due Payment – Urgent R…. | Overdue invoices.zip | 540645e6b9f221fbd2bbdeff69dbbc26 |
| Port agency appointment for M/V HTK Lavender | MV HTK Lavender.doc | c4adaf42879add753054adf8d7e8eec4 |
| Fwd: Autogenerated mail – Vendor Payment Advice | Payment_confirmation.7z | dd73709f2f213c8f63b74d05e37132b5 |
| New Inquiry | LSW7109326UNI0.IMG | 023579c964958c51e2d0f4753c1ecb11 |
| Order | Order 0002939399440.img | 3241e9dc842b78c707935a1c82bbe906 |
| KANGAN Olefin Project – INQ No.KP-20-00-PS-PI-INQ-0018 | KANGAN Olefin Project – INQ No.KP-20-00-PS-PI-INQ-0018.rar | 4356dca7e320e0720696de820eb5a7c3 |
| ARRIVAL NOTICE EVER CALM 0684-083S Ref-no: <<A1_DB563K0N.CNT>> | Arrival_ Notice_Notification_73664774643_66773635466_904088477321.lzh | 4e4e8d6546dcfb04570921e091509536 |
| CR-FEDEX_TN-776636332367_DT–MRN_CD-20240605_CT-0252 | CR-FEDEX_TN-776636882367_DT-MRN_CD-20240605_CT-0252.arj | d6259e0fd45e40e6320bedbaa4c0f309 |
| ¡¡Tu documento de envío!! | Detalles Ducumentados______________pif.rar | 1556965f1093c2977bd07b061349fc47 |
| [SPAM/Advertising/Phishing] RFQ of HPMC 60000M | 3MT Order HPMC PO-06-2024_xlsx.shtml | a22a56760086a0669ba844050b30d516 |
| 答复: URGENT Request For Quote – Urgent ! | COSCO24013126.IMG | 8e757ea092c84113b25a9ec5a2096325 |
| RE:_RE:_RE:_RE:_¡UNA_SOLICITUD_DE_FACTURA_PROFORMA_PARA_SU_PAGO_INMEDIATO_DE_HOY!_!!_!!! | 11062024.rar | 1792b18d02c63465622a19b9c23fb084 |
Malware (Infostealer, Downloader, etc.)
|
Email subject |
Attachment |
MD5 (Attachment) |
| Electronic Tax Invoice (Y&S)->Accounting Firm***) Read in new window | NTS_eTaxInvoice.html | f1385648a05ef51d00174fc1b0f2c480 |
| FedEx Import Tax Due Date Information – (001) | einvoice.html | 15434e84cf3af627c92d5da5161e4e3c |
| Re: Track your shipment today! | awb_inv.shtml | 477ee002f2af76f8c00e988ff0fae3b7 |
| ATTEN: Requires immediate attention. | Police.pdf | 2dcd2defc4b97f22a2dd7d9fc1afc8fc |
| Police Report | Report.pdf | ebadbc09c824a4a0085629ce4af3e4d6 |
| [Malicious Warning]New voice mail for **.**@***.com | Email voice record001.shtml | f070a85d30facb772b20b5ccacdc65ae |
| Electronic tax invoice issuance email information NTS_eTaxInvoice.html | NTS_eTaxInvoice.html | 5e8cff88cfc416d43c089c2acbec3c89 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | be2b905084a79c5a8a7ec3436bbe3b04 |
| Inquiry – Dubai | Inquiry.pdf | 2865f83bddda3eda8643b98bc2f2c933 |
| Confirmation transfer | Confirmation transfer Ref_0023456.htm | 433b01313e6937b76e110eaac983ed50 |
| **RE: Request For PI | MG PO#0502202401 PI#MGA24_Pdf.html | 332cf2a3d45b76c8b49201e4ec00158b |
| NEDEC.COM Approval Remit Agreement 446548 | NEDEC.COM-uG1BZEu.pdf | cd9e477b89d2a8da0fa54525946c54f7 |
| fermentation plant – China | Inquiry.pdf | 6eab7d6a9a1cc9b80c83e1bc9c62936e |
| RE: Quote | Price estimate.shtml | aa440b4f210ad9087a939a6f822a0011 |
| 【Sinotrans-DHL】Electronic invoice (invoice number: 26223657) | Electronic-Invoice26223657.shtml | dd7297237932646ceb1d7d66f362fa5a |
| FW: Clarity digest: Your weekly recap F.AX 492804bdbce0a4556d2bf47640af2b5a | FAX_Lge.html | 36cd749c12293c3a96066824bd936500 |
| Tax Audit lnvestigation Excersise 2024 Issued to marvin.pinto | T.a.x. Audit Notice – marvin.pinto.shtml | 78aec986415b912cdbb6474959ff7793 |
| Re: Our Best Price AU029953 | Order Specification.pdf | d56064f9cabae348c886731c7ba299d5 |
| Completed: Complete with DocuSign: PROFORMA INVOICE.pdf | PROFORMA INVOICE.html | 42baeb8bc1526d8629b9c32117cf499d |
| DHL: View your delivery status and track shipment | AWB-Ref__310479442.html | 77d43f605cb17d8158ba35308ac6cbf7 |
| FW: Invoice #3191541 | PO 34356 MIAALBE06052024-0903.html | 24ef50cd04601fd9e03171a7d19a24b5 |
| Copy of Invoice Payment Receipt | Bank-statement.html | 0c6fa91515249dc0cd10542808ef2962 |
| AWB#******032750 – Information is required. | KR.0330807.944119175.INV.Shtml | c9daa1ee9318a3d1413aae389801f847 |
| Urgent Request For Proforma Invoice | Purchase Order.html | 448f6c672076e8f0ad8e1bc0d0da5ff4 |
| Payment Advice 12.06.24 | EFT_Attachedment.html | acfd243f3cfee1a9af3fee3bc6688d05 |
| FW:_Invoice#3191541_ | PO 34356 MIAALBE06052024-0903.html | 24ef50cd04601fd9e03171a7d19a24b5 |
FakePage C2 URL
hxxps://dev-vanilabid[.]pantheonsite[.]io/fser/dhl
hxxps://abczyx[.]ru[.]com/manfai/dhl
hxxps://nocodeform[.]io/f/6639de959045815fcb17f9c2
hxxps://araucariapeche[.]com/loginx[.]php
hxxps://globalityinvestment[.]com/current/dhl
hxxps://readmemag[.]com/mp/cd/dhl[.]php
hxxps://fil382[.]com/rp/ui[.]php
hxxps://app[.]form2chat[.]io/f/fa425077
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://yourhealingtoday[.]com/niyi/excel[.]php
hxxp://thliyosa[.]mypi[.]co/logs[.]php
hxxps://airtekincheatingandcooling[.]com/abasel/docusign[.]php
hxxps://nocodeform[.]io/f/6664735a05b8909df2b20714
hxxps://www1[.]jacksonville420doctor[.]com/post[.]php
hxxps://smartforms[.]dev/submit/6666f1195df1517d48d8f346
hxxps://submit-form[.]com/1Bh1x20ne
hxxps://app[.]form2chat[.]io/f/5ef8f443
hxxps://smartforms[.]dev/submit/66689dcf5df1517d48d8f3cd
hxxps://data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
hxxps://app[.]form2chat[.]io/f/d4e4d332
hxxps://kanyinicare[.]com[.]au/wp-includes/AMA/Excle[.]php
hxxps://alpro[.]info/x/send[.]php
hxxps://nz576[.]com/Preview/OneDrive-Attach-MMp/result[.]php
