Weekly phishing email Distribution Cases (7/7/2024 – 7/13/2024)
in this post, we provide information (email subject line, attachments, URLs) of phishing email attacks that we identified during the week of July 7-13, 2024. we will distinguish between the type of fake login page (FakePage) and the type of malware (information leakage, downloader, vulnerability, backdoor, etc.). the phishing emails covered in this case study are only those with attachments. the number in the email subject line and attachment name is usually a unique ID value, which can vary depending on the recipient of the email.
fake login page (FakePage)
|
email Subject |
attachment |
MD5 (attachment) |
| 招商银行信用卡中心消费信贷账单 | Electronic Invoice3067923.html | 02feaeedee78887a8dda8706184567e7 |
| please find attached a new invoice for today’s shipment. | KR.0746351.947164779.INV.pdf.html | 73f9ea417ea6373974098eb3fc7c433e |
| import pickup – Confirm DHL Express pickup | Import_Declaration_1721884345_1235624945152X.pdf.html | b2311e8c028ab5327f280941164184a4 |
| shipping customs clearance information. | Invoice.AWB(012) .html | 9323ad1b9698781cf005cc05036464f3 |
| custom invoice | dhl_awb_shipment_pdf.html | 4d703f102b237d6e496ed80c71290df8 |
| Your Shipment Has Just Arrived And Is Ready For Delivery!!! | hsh Package0102810.html | 1b69e9f8d15a577ce52161b2aca15b65 |
| wenger berlin r-ezeptfrei ordern | 01e88461-45b4-11ef-9313-44a842253044.html | ffede63ddb8f2b53d2b209b1ccccccb2 |
| Urgent:Re:Re: Request For Invoice | Purchase Order #46378294.html | 6acba1d1af702ea6823c9ff69d411ba0 |
| Shipping Documents For Consignee “*******@bision.co.kr” | Shipping Documents_PDF.html | ce23bb94e57523eb85427992e9b4b7e0 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | 70fc5acdea0bb54946573782b06b0a6c |
| Request For Quotation. Quantum Machine Tools | Quote_94839.pdf.html | a20a8719716c5bff51872dd761c28bde |
| Re: Quote Order7240037QA25 | POrder_RTLampTD073934QA25.html | f5cdf2351f6f6191159bf2eb16277af8 |
| Re: Puchase Order: R0099-39812 // Gilmore Plant and Bulb Co., Inc. | PO003930.htm | 6e621357e4cdb145ce2b93ce43042f7b |
| PO PAYMENT | PO1-09-7-24.pdf.html | 0b36ebf706e0dfd5cd764deae51eda78 |
| PO 0221-1 payment-1 | PO1-09-7-24.pdf.html | 1a30a239513843828f1d1659682c8db4 |
| Payment Receipt Confirmation – 1400126265 – 1301932048 | Wire0839380292.html | b4919ab29fee4785603a5ecc834ce758 |
| New order | quote.docu.xlx.html | 74d0383799d9f70a1fe370a0dc4f05be |
| New Company Guidelines added to Lgepartner Employee Handbook Ref: SPFXD39071 | Complete with Docusign sanket.pdf | 0538aa341a646e48a8ccacf291bd6619 |
| IT3(b) Refund Process Update Request | IT3(b) Refund Process Update Request.html | ff1573de8cf606d1c2aafe3d00bac6f3 |
| FW: Re: Signed OTL Equipments Invoice for *********.com | PO#4800269863_PDF.html | d1576114569803ef5ee7d760e1527d48 |
| FW: New Company Guidelines added to Lge Employee Handbook Ref: OSXVV11251 | Complete with Docusign kiseok1.pdf | 07de3b7c64ed7631e6e48901d2f1b43c |
| FW: New Company Guidelines added to Lge Employee Handbook Ref: MOKWO | Lge.pdf | b21f583b147abe51aefd2b33c7e30bfa |
| FedEx Express AWB#******032750 – Information is required. | FedEx Shipping Document.shtml | 7207bc82dba3bd01cc193de29e579ac7 |
| Burmanfh_Important_Notice_7256 | Antstudio_Shared_Guideline_556.PDF.doc | 0237c5affd2df9d2a48338bb801ff163 |
| ⚠️ URGENT, Please Confirm – Email Restriction | ****.com.Shtml | 3101c503b4916f070ba0881d708ee5ba |
| [ANTSTUDIO.CO.KR] AFCI_CPGBrokers_July 08, 2024_2024_Distribution__Notice_064224_Final.pdf with you | ANTSTUDIO.CO.KR_SKM_C590368369060_417161.pdf.pdf | 63b80bf687862796cd8ea592dcf92243 |
malware (Infostealer, Downloader, etc.)
|
email subject |
attachment |
MD5 (attachment) |
| Your FedEx Invoice 2441707012 | FedEx Invoice_2441707012.xls | a45415dd2fefd5a2438475c7117c4d60 |
| Solicita cotización | Solicita cotizacion 23420 NOVATECH MX87546769.zip | 070158830c2983038611a6cf90083de0 |
| REVISED SOA | SOA.ARJ | 09651a20e88b3f987b4edfec430c7b56 |
| Request for quotation/product enquiry | productenquiry.html | 994dfb8d2c3b8f8f600e96b522be7f35 |
| Request for quotation : – Al hayat dubai uae production rfq 2024. // send best offer today | HOU3ED3E.Gz | 52c34c59183a5b51c6635a5c07dbe83a |
| Re:RE: PO Offer (Double T Engineering Co., Ltd) | Purchase Order_#20240807.xls | a6f4af306b64b524f301a059bf53d259 |
| RE: shipping documents (Original BL, CI & PL) | waybill_.7z | 7b2fabd608ddaa838dea69996791b5dd |
| Re: RFQ | REVISEDO.IMG | bd657e62c99cae9b49dbc88275e35e24 |
| Re: Re: Re: Re: Bank Details | BankTran.exe | 3e473d16c81dd66fee6f02537b601626 |
| Re: purchase order po-399 | PURCHASE.GZ | 7dd270b3520fd96f18cc36d13ba1b184 |
| Re: purchase order | purchase.001 | 3f603a8d5342348c8a92600200f6b987 |
| RE: Product Enquiry 17 | Technical Data Sheet.scr | 245c3edc3d1705d963bdce10c1fb5305 |
| RE: order confirmation | new order list attached.zip | ccc431f7f61f9aeec3cab9f01352214e |
| RE: New Order | NewOrder.7z | fcfb37e0cc46b8c998643d01df4ab2b0 |
| Quote Required | REVISED_.IMG | a35e3f6dbe2518af6fa217addb0083f5 |
| PI Contract NVGF839 *********.com | PI Confirmation_pdf.html | db394a3fb5b4021a0564c73bd59bf2cc |
| PAYMENT INVOICES | Dpelwdi.TAR | dd18bbe5870a165acd5099a2118609d5 |
| Payment advice – invoice apg220701b | PAYMENTA.7z | 897f7f71060328bab0dd7bc9cd8d8b72 |
| Payment Advice – Advice Ref:[FTT00398773573] | FTT00398.tar | c5195f031ca920cf0050d570d39943e8 |
| Payment Advice | Payment_.tar | 7adfb4073c3aa20fbd0036b0a85e49df |
| OOCL Arrival Notice with Freight OOLU2740390670 | SPIL NIRMALA – 077W | BL27403906700.rar | a3b0fcf24235f988e1907fb220a0d7b1 |
| October Order – 2698 – FVG2-20240704 | FVG2-202.zip | af76fed4f0c14a978fa4a3ffc289410d |
| LAS2024158//IQ24020//JA//Dar es salaam//2*40HQ//CR0012414492 | PAYMENT $37,500 EBD BANK COPY.PDF (1).rar | 7e7e7f10e2edf3389393021800c7fe9e |
| Incoming Bank Payment Notification (MT103) | OCBC Bank__ Payment Advice_MT103.pdf.zip | 9c04c634301c5d89584b8b8ac34d1e27 |
| EFT Payment Remittance | Payment Advice.html | 6c5c5b57b228f6827cdcd728455de436 |
| DHL_AWB#6078538091 | DHL_AWB#.gz | 17995f9832bc787ffe3b341cb79a4d10 |
| Dhl express hizmeti export126 | DHLEXPOR.Z | 0d0f944239a7dd07826e28edf9647185 |
| Dhl awb – commercial invoice & bill of loading | DHLAWB#5.gz | e9b63a8bd76d8d863d51001c968ec375 |
fakePage C2 Address
Hxxps://submit-form[.]com/LYUcPTlNS
hxxps://securelifescience[.]com/olux/ado[.]php
hxxps://formspree[.]io/f/xdovobje
hxxps://zenatianx[.]cc/AhMaUyj/feedback[.]php
hxxp://nb[.]brvv5[.]za[.]com/[.]ll/bold/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/66381fbc05215684434c1ae9
hxxps://controlvisualch[.]com/wp-mm/kl/ado[.]php
hxxps://nb[.]brvv5[.]za[.]com/[.]ll/bold/lex/dhlphpoyin[.]php
hxxps://kr[.]startupaccelerators[.]za[.]com/Jordan/pdff-index[.]php
hxxps://nocodeform[.]io/f/667d836646ff8e3f53a1bb15
hxxps://submit-form[.]com/CHrPonEFp
hxxps://nocodeform[.]io/f/661be8df72405f9192c1cc4b
hxxps://nocodeform[.]io/f/6638105ce8e699c9d861d18f
hxxps://elojobsky[.]com/norway/login[.]php
hxxps://daquitanda[.]online/lognet1[.]php
hxxps://controlvisualch[.]com/wp-mm/emz/ado[.]php
0182fcde76face29601643d8a62556fc
0237c5affd2df9d2a48338bb801ff163
02feaeedee78887a8dda8706184567e7
0538aa341a646e48a8ccacf291bd6619
056cc8df9186387f16ef13ff1fe8320f
http[:]//nb[.]brvv5[.]za[.]com/[.]ll/bold/dhlphpoyin[.]php
https[:]//controlvisualch[.]com/wp-mm/emz/ado[.]php
https[:]//controlvisualch[.]com/wp-mm/kl/ado[.]php
https[:]//daquitanda[.]online/lognet1[.]php
https[:]//elojobsky[.]com/norway/login[.]php
