주간 피싱 이메일 유포 사례 (2024/07/07~2024/07/13)
본 포스팅에서는 2024년 07월 07일부터 07월 13일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.
가짜 로그인 페이지(FakePage)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| 招商银行信用卡中心消费信贷账单 | Electronic Invoice3067923.html | 02feaeedee78887a8dda8706184567e7 |
| 오늘 배송에 대한 새 송장을 첨부하십시오. | KR.0746351.947164779.INV.pdf.html | 73f9ea417ea6373974098eb3fc7c433e |
| 수입 픽업 – DHL Express 픽업 확인 | Import_Declaration_1721884345_1235624945152X.pdf.html | b2311e8c028ab5327f280941164184a4 |
| 배송 통관 정보. | Invoice.AWB(012) .html | 9323ad1b9698781cf005cc05036464f3 |
| 맞춤 송장 | dhl_awb_shipment_pdf.html | 4d703f102b237d6e496ed80c71290df8 |
| Your Shipment Has Just Arrived And Is Ready For Delivery!!! | hsh Package0102810.html | 1b69e9f8d15a577ce52161b2aca15b65 |
| wenger berlin r-ezeptfrei ordern | 01e88461-45b4-11ef-9313-44a842253044.html | ffede63ddb8f2b53d2b209b1ccccccb2 |
| Urgent:Re:Re: Request For Invoice | Purchase Order #46378294.html | 6acba1d1af702ea6823c9ff69d411ba0 |
| Shipping Documents For Consignee “*******@bision.co.kr” | Shipping Documents_PDF.html | ce23bb94e57523eb85427992e9b4b7e0 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | 70fc5acdea0bb54946573782b06b0a6c |
| Request For Quotation. Quantum Machine Tools | Quote_94839.pdf.html | a20a8719716c5bff51872dd761c28bde |
| Re: Quote Order7240037QA25 | POrder_RTLampTD073934QA25.html | f5cdf2351f6f6191159bf2eb16277af8 |
| Re: Puchase Order: R0099-39812 // Gilmore Plant and Bulb Co., Inc. | PO003930.htm | 6e621357e4cdb145ce2b93ce43042f7b |
| PO PAYMENT | PO1-09-7-24.pdf.html | 0b36ebf706e0dfd5cd764deae51eda78 |
| PO 0221-1 payment-1 | PO1-09-7-24.pdf.html | 1a30a239513843828f1d1659682c8db4 |
| Payment Receipt Confirmation – 1400126265 – 1301932048 | Wire0839380292.html | b4919ab29fee4785603a5ecc834ce758 |
| New order | quote.docu.xlx.html | 74d0383799d9f70a1fe370a0dc4f05be |
| New Company Guidelines added to Lgepartner Employee Handbook Ref: SPFXD39071 | Complete with Docusign sanket.pdf | 0538aa341a646e48a8ccacf291bd6619 |
| IT3(b) Refund Process Update Request | IT3(b) Refund Process Update Request.html | ff1573de8cf606d1c2aafe3d00bac6f3 |
| FW: Re: Signed OTL Equipments Invoice for *********.com | PO#4800269863_PDF.html | d1576114569803ef5ee7d760e1527d48 |
| FW: New Company Guidelines added to Lge Employee Handbook Ref: OSXVV11251 | Complete with Docusign kiseok1.pdf | 07de3b7c64ed7631e6e48901d2f1b43c |
| FW: New Company Guidelines added to Lge Employee Handbook Ref: MOKWO | Lge.pdf | b21f583b147abe51aefd2b33c7e30bfa |
| FedEx Express AWB#******032750 – Information is required. | FedEx Shipping Document.shtml | 7207bc82dba3bd01cc193de29e579ac7 |
| Burmanfh_Important_Notice_7256 | Antstudio_Shared_Guideline_556.PDF.doc | 0237c5affd2df9d2a48338bb801ff163 |
| ⚠️ URGENT, Please Confirm – Email Restriction | ****.com.Shtml | 3101c503b4916f070ba0881d708ee5ba |
| [ANTSTUDIO.CO.KR] AFCI_CPGBrokers_July 08, 2024_2024_Distribution__Notice_064224_Final.pdf with you | ANTSTUDIO.CO.KR_SKM_C590368369060_417161.pdf.pdf | 63b80bf687862796cd8ea592dcf92243 |
악성코드(Infostealer, Downloader 등)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| Your FedEx Invoice 2441707012 | FedEx Invoice_2441707012.xls | a45415dd2fefd5a2438475c7117c4d60 |
| Solicita cotización | Solicita cotizacion 23420 NOVATECH MX87546769.zip | 070158830c2983038611a6cf90083de0 |
| REVISED SOA | SOA.ARJ | 09651a20e88b3f987b4edfec430c7b56 |
| Request for quotation/product enquiry | productenquiry.html | 994dfb8d2c3b8f8f600e96b522be7f35 |
| REQUEST FOR QUOTATION : – AL HAYAT DUBAI UAE PRODUCTION RFQ 2024. // SEND BEST OFFER TODAY | HOU3ED3E.Gz | 52c34c59183a5b51c6635a5c07dbe83a |
| Re:RE: PO Offer (Double T Engineering Co., Ltd) | Purchase Order_#20240807.xls | a6f4af306b64b524f301a059bf53d259 |
| RE: shipping documents (Original BL, CI & PL) | waybill_.7z | 7b2fabd608ddaa838dea69996791b5dd |
| Re: RFQ | REVISEDO.IMG | bd657e62c99cae9b49dbc88275e35e24 |
| Re: Re: Re: Bank Details | BankTran.exe | 3e473d16c81dd66fee6f02537b601626 |
| RE: PURCHASE ORDER PO-399 | PURCHASE.GZ | 7dd270b3520fd96f18cc36d13ba1b184 |
| Re: purchase order | purchase.001 | 3f603a8d5342348c8a92600200f6b987 |
| RE: Product Enquiry 17 | Technical Data Sheet.scr | 245c3edc3d1705d963bdce10c1fb5305 |
| RE: order confirmation | new order list attached.zip | ccc431f7f61f9aeec3cab9f01352214e |
| RE: New Order | NewOrder.7z | fcfb37e0cc46b8c998643d01df4ab2b0 |
| Quote Required | REVISED_.IMG | a35e3f6dbe2518af6fa217addb0083f5 |
| PI Contract NVGF839 *********.com | PI Confirmation_pdf.html | db394a3fb5b4021a0564c73bd59bf2cc |
| PAYMENT INVOICES | Dpelwdi.TAR | dd18bbe5870a165acd5099a2118609d5 |
| PAYMENT ADVICE – INVOICE APG220701B | PAYMENTA.7z | 897f7f71060328bab0dd7bc9cd8d8b72 |
| Payment Advice – Advice Ref:[FTT00398773573] | FTT00398.tar | c5195f031ca920cf0050d570d39943e8 |
| Payment Advice | Payment_.tar | 7adfb4073c3aa20fbd0036b0a85e49df |
| OOCL Arrival Notice with Freight OOLU2740390670 | SPIL NIRMALA – 077W | BL27403906700.rar | a3b0fcf24235f988e1907fb220a0d7b1 |
| October Order – 2698 – FVG2-20240704 | FVG2-202.zip | af76fed4f0c14a978fa4a3ffc289410d |
| LAS2024158//IQ24020//JA//Dar es salaam//2*40HQ//CR0012414492 | PAYMENT $37,500 EBD BANK COPY.PDF (1).rar | 7e7e7f10e2edf3389393021800c7fe9e |
| Incoming Bank Payment Notification (MT103) | OCBC Bank__ Payment Advice_MT103.pdf.zip | 9c04c634301c5d89584b8b8ac34d1e27 |
| EFT Payment Remittance | Payment Advice.html | 6c5c5b57b228f6827cdcd728455de436 |
| DHL_AWB#6078538091 | DHL_AWB#.gz | 17995f9832bc787ffe3b341cb79a4d10 |
| DHL EXPRESS HIZMETI EXPORT126 | DHLEXPOR.Z | 0d0f944239a7dd07826e28edf9647185 |
| DHL AWB – COMMERCIAL INVOICE & BILL OF LADING | DHLAWB#5.gz | e9b63a8bd76d8d863d51001c968ec375 |
가짜 페이지(FakePage) C2 주소
hxxps://submit-form[.]com/LYUcPTlNS
hxxps://securelifescience[.]com/olux/ado[.]php
hxxps://formspree[.]io/f/xdovobje
hxxps://zenatianx[.]cc/AhMaUyj/feedback[.]php
hxxp://nb[.]brvv5[.]za[.]com/[.]ll/bold/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/66381fbc05215684434c1ae9
hxxps://controlvisualch[.]com/wp-mm/kl/ado[.]php
hxxps://nb[.]brvv5[.]za[.]com/[.]ll/bold/lex/dhlphpoyin[.]php
hxxps://kr[.]startupaccelerators[.]za[.]com/Jordan/pdff-index[.]php
hxxps://nocodeform[.]io/f/667d836646ff8e3f53a1bb15
hxxps://submit-form[.]com/CHrPonEFp
hxxps://nocodeform[.]io/f/661be8df72405f9192c1cc4b
hxxps://nocodeform[.]io/f/6638105ce8e699c9d861d18f
hxxps://elojobsky[.]com/norway/login[.]php
hxxps://daquitanda[.]online/lognet1[.]php
hxxps://controlvisualch[.]com/wp-mm/emz/ado[.]php
0182fcde76face29601643d8a62556fc
0237c5affd2df9d2a48338bb801ff163
02feaeedee78887a8dda8706184567e7
0538aa341a646e48a8ccacf291bd6619
056cc8df9186387f16ef13ff1fe8320f
http[:]//nb[.]brvv5[.]za[.]com/[.]ll/bold/dhlphpoyin[.]php
https[:]//controlvisualch[.]com/wp-mm/emz/ado[.]php
https[:]//controlvisualch[.]com/wp-mm/kl/ado[.]php
https[:]//daquitanda[.]online/lognet1[.]php
https[:]//elojobsky[.]com/norway/login[.]php
