Weekly Phishing Email Distribution Cases (May 26th, 2024 – June 1st, 2024)
This post will cover the distribution cases of phishing emails during the week from May 26th, 2024 to June 1st, 2024, and provide the associated information (email subject, attachments, URLs). The cases will be classified into Fake login page (i.e. FakePage) and malware types (i.e. Infostealer, Downloader, Exploit, Backdoor, etc.). The phishing emails covered in the distribution cases will be limited to those that have attachments. The numbers in email subjects and attachment filenames are unique IDs and may vary depending on the email recipient.
FakePage
|
Email Subject |
Attachment |
MD5 (Attachment) |
| Cargo arrival information | DHL ORIGINAL DOCUMENT.html | d4c01c806a34b826ed75fd657f13f9ef |
| Important Email Email Subject RE: Reply: Reply: Reply: RE: Reply BALANCE PAYMENT | Bank Transfer_Slip (HSBC)#12122023.htm | 47d0de90c29e9e45ea886a45278dc17d |
| FW:[KR]: FedEx Invoice (Customer Account -XXXXX5534-07020447578346) | KR-Invoice-945829815-XXXXX5534-07020447578346.html | d890e4b873b5eea24b7d10384ba0ac58 |
| You Have new Voicemail ***********@*****.com | Voicemail Nedec.html | 2402904ea1218ab4acc9cb81fd51386e |
| You Have new Voicemail | Samchully Document.html | a0d9adda1af6cb6e4216f360b177f4eb |
| You have missed a package delivery | Track_Your_Shipment_(E)_Invoice.html | 1b64d4f00082d2a235108a5ac1c95002 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | 1ec494fd8df426ebaf42327a7068a0eb |
| Section Event Photography Fees | clarify_27-May_390904.html | a29efa57724eec56cd1d9bdb894b6a45 |
| Request for quotation of the following items. | Specifications,Quotation.HTML | 3b2757c5edcdb9d9f5394a53c5f1b112 |
| Re: 回复:回复: 回复New Contract invoice-PO#00997923 | Order_List.pdf.shtml | cbf9b5bb6382640c3c413cfdb02c488c |
| Re: Notification of arrival of your shipment with air waybill: #***********3321 | DHL-Shipping invoice.shtml | b0f38a48ead85ceb815c1e3e959284b2 |
| Re : shipping document | doc.html | 1c5eb3cb8465273664b9bb388f7bf75e |
| Re : P.O No: 19E0401 Via Excel | P.O No_ 19E0401 Via Excel.html | b390ec523ffb7bc0b71ae4d513eb171c |
| Purchase Order Confirmation | Purchase_Order_41782.pdf.html | 1346c502d1e02e4566632c5ec3bc0759 |
| Payment Advice – Ref: [HSBC9722047] / RFQ Priority Payment / Customer Ref: [PI083987QT24] | Remittance#19860.html | 0649f4097716b2729c997a2773ee0ba7 |
| New Voicemail Received | Samchully Document.html | ddd58d3787e8f8ef954fb1b9a63a727c |
| New Quotation Order From AL Shabiz Trading LLC | New Quotation Order.zip | 062c80b0a661dd02650d80421a446d06 |
| MJ14407_PO2405230016 SJ Tech M24-181 182 | MJ14407_PO2405230016****** M24-180 181_.pdf | 6ac36c3d247f30fc6dc445918472b156 |
| Missed Called – 44 Seconds | Samchully Document.html | e208631b5e784811aa8a06c4463828ee |
| FWD: Shipping Documents (Original BL, CI & PL) | FedEx Cargo Package.shtml | 745a8bfd2279afb8d2aeb3a80c8a4e32 |
| FEDEX: Cargo arrival information | Inv doc.htm | 4b724d992808b3354bcba54089778b90 |
| FedEx Import Exemption – 776100838414 | inv Packing List.htm | 086c2c88e68b2d2be68acc608ba640d2 |
| FedEx – AWB# Arrival Information. | Invoice. AWB#84248_pdf.htm | e4296d23342fa1caf046627bdade1b05 |
| DHL- Shipping documents & bill of Lading / Invoice | B_L Document.html | 0f0bca23c5348a490d2e2828aacd4276 |
| Bill of Lading-CARGO ARRIVAL_NOTICE | Bill of Lading-CARGO.Html | 0777e5bba584f785b2ea5db322ccff5e |
| 7136 Product information | Request for Quote.html | 635348a61668a79d5a76af8ab1ceb76c |
| ✈️ Time-sensitive: FedEx Delivery arrival information | Shipment Pacakge Info.htm | a982d470073ea01847c23c90fb368de6 |
| 【电子发票】您收到一张新的电子发票[发票号码:29730940] | 51-Shipping-Document.XLS.html | b2794c66ea92d08367dead0dbaa37d82 |
| [FedEx] Import tax payment deadline notice | AWB#989345874598.html | a539651c5375d61205651a222267625b |
| [电子发票]您有新发票,请注意查收 (提醒)【疑似钓鱼邮件,请注意密码安全】 | 51-Shipping-Document.XLS.html | 646d354bd8ec7f38146b080e45444288 |
| Payment Remittance made 5/29/2024 | Payment.pdf | 1b3d2d40c1ac5d78feb36742c96087a9 |
| [Sf express eInvoice Notice] Invoice Confirm Overdue顺丰月结账单出账通知 | invoice 203992011-5-2024.pdf.shtml | 5694fc131194a17f6f76ed5ecff02c2c |
Malware (Infostealer, Downloader, etc.)
|
Email Subject |
Attachment |
MD5 (Attachment) |
| VESSEL DELAY NOTICE | CARGO_DELAY_NOTICE_NEW_SHIPPING_SCHEDULE_AND_ETA.7z | e76c16234cf540bc4afe6c92685288b0 |
| USD1,402,995.67,_SWIFT_****Bank(Co.) | Remittance_SWlFT#02938**********BANK.svg | dde20b65d6668dba949c5497af872f4e |
| TT SLIP – PO.8880/22, 8881/22, 8927/22, 8928/22 & 8941/22 – PAYMENT | TT SLIP – PO.htm | a540cd7cf63e47f8f2882099ce9d898a |
| SOA – OTX Logistics | SOA – OTX Logistics.rar | ee53766e919ddf1a9fd8ce14671eb09a |
| SOA | SOA REF010085.rar | fdf1c7e33aa3b468c5cc0bc6dcc4c4af |
| Re: Over Due Payment – Urgent Reminder! Final Warning!!! | Invoices.xls | 314d869bdb8a74185275fc9ec6a37fdc |
| RE: Orden de compra -44708 | Orden de compra.zip | f4cce040c4ae16ffdf5b2c42465e1e5a |
| PURCHASE_ORDER_261531 – Eyevex Safety LLC SHJ BR | PURCHASE_ORDER_261531.rar | 2cb15a1d330d94bbbfb9fe67e68eb2b6 |
| Pre-production Samples | Inventory_lis.img | 6ebb80f1c54eee95e9c4f8ab349e1c17 |
| Port agency appointment – M/V RED SEA | MV RED SEA.doc | 3f664806a50a8b6ca8f8a666a8f3d8bd |
| New Order Request for Quotation: Treat Urgently | Important_document202308.pdf | cde49f3cbb5d907a941f060e46d009f6 |
| M/V XH DOLPHIN | MV XH DOLPHIN_PDF.arj | e3d3d93759a0552c63ec2c3ccbf6c383 |
| Hersheypark-RFQ Order_IMP03042024 | Hersheypark-RFQ Order_IMP03042024.html | 47b5972be9a95bc7822b0a01df45ffdb |
| Hersheypark-RFQ Order_IMP03042024 | P0_IMP03112024.html | 1cea219f72bf4829b81d784220e7f2bb |
| Hersheypark-RFQ Order_IMP03042024 | P0_IMP03112024.html | c67231531dd823d45ef6ab3deee37ed3 |
| Hersheypark-RFQ Order_IMP03042024 | RFQ Order_IMP03042024.html | eb4166b6943c741ddc22dc43ca5cf1a4 |
| Formal Salary Revision | Payroll List.arj | 34c6bd6d8454b0ad3eeafefe2c138115 |
| Formal Salary Revision | Payroll Admin.arj | fdd823fe582e2a3f2649f8b906346c03 |
| Factura | Factura.rar | e728dcaeec40f356bf7fe54a12607b6b |
| Debit advice and SWIFT message for your account No. under transaction reference no. 06323IBCU009198 | Debitadv.r03 | fb4d12ea4cc472962cfb5f65027cf54a |
| CMA CGM CARGO #0009300XR3S –SHIPMENT DELIVERY | RECEIPT-.rar | b631325fe88e248971bc78e7183f4cfe |
| certificado de propiedad de en la factura adjunta, | DOC.rar | 379714dfb84555e121d940817bb21e06 |
| BUNKER INQUIRY | BUNKER INQUIRY.rar | f0d5bd5d81b74a366ee0ed9cabfcfa84 |
| Account Report 5/27/2024 11:45:08 a.m. | account023784cmf##.pdf | 47242b297294085baf2515feef7162ea |
| [Malicious Warning]RE:RE:_KZ_//BALNGB2110136_Запр ос_предложе ния | SMKTGTECH634667478874873845985309802Thayne.gz | cf28f43ef2773834bf4a17ee4e73f974 |
| [Request Received] Eravant: Purchase Order #PO23045 | Purchase.zip | cde6e70c06301fe80db385a1cd4fd563 |
| [Request Received] Eravant: Purchase Order #PO23045 | Purchase.zip | 4d2c731eb8a1ad97a870d4ada7ab8f3b |
FakePage C2 URL
hxxps://www[.]krabiview[.]com/wp-content/themes/twentythirteen/ice/dhl1[.]php
hxxps://www[.]auspareparts[.]com/fed/fdx[.]php
hxxps://usebasin[.]com/f/39bc7138119c
hxxps://rendmanudinar[.]com/deydyx/slDUCj1[.]php
hxxps://qldgovtv[.]com[.]au/wp-includes/check/roboss/dhlphpoyin[.]php
hxxps://qldgovtv[.]com[.]au/wp-includes/check/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/66564d254754eeaa709919bc
hxxps://nocodeform[.]io/f/664da73d3f4df3a914dfd1eb
hxxps://nocodeform[.]io/f/662e90891940144aa5575a13
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://nocodeform[.]io/f/65eeac6e92c04770bfb334ae
hxxps://nocodeform[.]io/f/65d3a0f1643e6d8f39f20b10
hxxps://nocodeform[.]io/f/65bbc626e4a0f048c71428f7
hxxps://nocodeform[.]io/f/65acc261677f4282f7477b44
hxxps://msunduziz[.]com/xurre/loginx[.]php
hxxps://manuelcasabielle[.]com/wp-includes/bold/dhlphpoyin[.]php
hxxps://khoms222[.]ir/au/js/OG/dhl1[.]php
hxxps://jenata-vchas[.]net/[.]well-known/pki-validation/lognet-[.]php
hxxps://hirukote[.]net/wp-includes/rr/dhlphpoyin[.]php
hxxps://gswaters[.]com/continue/exc[.]php
hxxps://formspree[.]io/f/meqydawz
hxxps://eolica[.]az/FEDEX/phpmailer[.]php
hxxps://coworkingops[.]com/error/Excel
hxxps://app[.]form2chat[.]io/f/f027a975
hxxps://app[.]form2chat[.]io/f/779f2968
hxxps://app[.]form2chat[.]io/f/1cbb2c31
