주간 피싱 이메일 유포 사례 (2024/06/09~2024/06/15)
본 포스팅에서는 2024년 06월 9부터 06월 15일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.
가짜 로그인 페이지(FakePage)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| Fwd:_[안내]_네트워크_장비_중대_보안_취약점_조치(CVE-2019-1619,_1620,_1621,_1878) | 네트워크_장비_취약점_조치_안내.doc | 4c0ed105e17c13a38e829ad340bd966d |
| Pending DHL Shipment Notification REF: 10/6/2024 | DHL Package.zip | 057849d89c720ddae62b9006fd7587f9 |
| [Maersk ] OFFER | MSK872314.IMG | 6725c5c048c8b02b7ac81cf1eda3ceac |
| SPARE PARTS provision | SPARE PARTS LIST.pdf.arj | 993ecc7376ab88c318a7dffd72a7f864 |
| Final Warning – Over Due Payment – Urgent Reminder!Final Warning – Over Due Payment – Urgent R…. | Overdue invoices.zip | 540645e6b9f221fbd2bbdeff69dbbc26 |
| Port agency appointment for M/V HTK Lavender | MV HTK Lavender.doc | c4adaf42879add753054adf8d7e8eec4 |
| Fwd: Autogenerated mail – Vendor Payment Advice | Payment_confirmation.7z | dd73709f2f213c8f63b74d05e37132b5 |
| New Inquiry | LSW7109326UNI0.IMG | 023579c964958c51e2d0f4753c1ecb11 |
| Order | Order 0002939399440.img | 3241e9dc842b78c707935a1c82bbe906 |
| KANGAN Olefin Project – INQ No.KP-20-00-PS-PI-INQ-0018 | KANGAN Olefin Project – INQ No.KP-20-00-PS-PI-INQ-0018.rar | 4356dca7e320e0720696de820eb5a7c3 |
| ARRIVAL NOTICE EVER CALM 0684-083S Ref-no: <<A1_DB563K0N.CNT>> | Arrival_ Notice_Notification_73664774643_66773635466_904088477321.lzh | 4e4e8d6546dcfb04570921e091509536 |
| CR-FEDEX_TN-776636332367_DT–MRN_CD-20240605_CT-0252 | CR-FEDEX_TN-776636882367_DT-MRN_CD-20240605_CT-0252.arj | d6259e0fd45e40e6320bedbaa4c0f309 |
| ¡¡Tu documento de envío!! | Detalles Ducumentados______________pif.rar | 1556965f1093c2977bd07b061349fc47 |
| [SPAM/Advertising/Phishing] RFQ of HPMC 60000M | 3MT Order HPMC PO-06-2024_xlsx.shtml | a22a56760086a0669ba844050b30d516 |
| 答复: URGENT Request For Quote – Urgent ! | COSCO24013126.IMG | 8e757ea092c84113b25a9ec5a2096325 |
| RE:_RE:_RE:_RE:_¡UNA_SOLICITUD_DE_FACTURA_PROFORMA_PARA_SU_PAGO_INMEDIATO_DE_HOY!_!!_!!! | 11062024.rar | 1792b18d02c63465622a19b9c23fb084 |
악성코드(Infostealer, Downloader 등)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| 전자세금계산서(Y&S)->회계법인***) 새창에서 읽기 | NTS_eTaxInvoice.html | f1385648a05ef51d00174fc1b0f2c480 |
| FedEx 수입세 납부 기한 정보 – (001) | einvoice.html | 15434e84cf3af627c92d5da5161e4e3c |
| Re: 오늘 배송을 추적하세요! | awb_inv.shtml | 477ee002f2af76f8c00e988ff0fae3b7 |
| ATTEN: 즉각적인 주의가 필요합니다. | 경찰.pdf | 2dcd2defc4b97f22a2dd7d9fc1afc8fc |
| 경찰 보고서 | 보고.pdf | ebadbc09c824a4a0085629ce4af3e4d6 |
| [악성 주의/Malicious Warning]New voice mail for **.**@***.com | Email voice record001.shtml | f070a85d30facb772b20b5ccacdc65ae |
| 전자세금계산서 발급 메일 안내 NTS_eTaxInvoice.html | NTS_eTaxInvoice.html | 5e8cff88cfc416d43c089c2acbec3c89 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | be2b905084a79c5a8a7ec3436bbe3b04 |
| Inquiry – Dubai | Inquiry.pdf | 2865f83bddda3eda8643b98bc2f2c933 |
| Confirmation transfer | Confirmation transfer Ref_0023456.htm | 433b01313e6937b76e110eaac983ed50 |
| **RE: Request For PI | MG PO#0502202401 PI#MGA24_Pdf.html | 332cf2a3d45b76c8b49201e4ec00158b |
| NEDEC.COM Approval Remit Agreement 446548 | NEDEC.COM-uG1BZEu.pdf | cd9e477b89d2a8da0fa54525946c54f7 |
| fermentation plant – China | Inquiry.pdf | 6eab7d6a9a1cc9b80c83e1bc9c62936e |
| RE: Quote | Price estimate.shtml | aa440b4f210ad9087a939a6f822a0011 |
| 【Sinotrans-DHL】Electronic invoice (invoice number: 26223657) | Electronic-Invoice26223657.shtml | dd7297237932646ceb1d7d66f362fa5a |
| FW: Clarity digest: Your weekly recap F.AX 492804bdbce0a4556d2bf47640af2b5a | FAX_Lge.html | 36cd749c12293c3a96066824bd936500 |
| Tax Audit lnvestigation Excersise 2024 Issued to marvin.pinto | T.a.x. Audit Notice – marvin.pinto.shtml | 78aec986415b912cdbb6474959ff7793 |
| Re: Our Best Price AU029953 | Order Specification.pdf | d56064f9cabae348c886731c7ba299d5 |
| Completed: Complete with DocuSign: PROFORMA INVOICE.pdf | PROFORMA INVOICE.html | 42baeb8bc1526d8629b9c32117cf499d |
| DHL: View your delivery status and track shipment | AWB-Ref__310479442.html | 77d43f605cb17d8158ba35308ac6cbf7 |
| FW: Invoice #3191541 | PO 34356 MIAALBE06052024-0903.html | 24ef50cd04601fd9e03171a7d19a24b5 |
| Copy of Invoice Payment Receipt | Bank-statement.html | 0c6fa91515249dc0cd10542808ef2962 |
| AWB#******032750 – Information is required. | KR.0330807.944119175.INV.Shtml | c9daa1ee9318a3d1413aae389801f847 |
| Urgent Request For Proforma Invoice | Purchase Order.html | 448f6c672076e8f0ad8e1bc0d0da5ff4 |
| Payment Advice 12.06.24 | EFT_Attachedment.html | acfd243f3cfee1a9af3fee3bc6688d05 |
| FW:_Invoice#3191541_ | PO 34356 MIAALBE06052024-0903.html | 24ef50cd04601fd9e03171a7d19a24b5 |
가짜 페이지(FakePage) C2 주소
hxxps://dev-vanilabid[.]pantheonsite[.]io/fser/dhl
hxxps://abczyx[.]ru[.]com/manfai/dhl
hxxps://nocodeform[.]io/f/6639de959045815fcb17f9c2
hxxps://araucariapeche[.]com/loginx[.]php
hxxps://globalityinvestment[.]com/current/dhl
hxxps://readmemag[.]com/mp/cd/dhl[.]php
hxxps://fil382[.]com/rp/ui[.]php
hxxps://app[.]form2chat[.]io/f/fa425077
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://yourhealingtoday[.]com/niyi/excel[.]php
hxxp://thliyosa[.]mypi[.]co/logs[.]php
hxxps://airtekincheatingandcooling[.]com/abasel/docusign[.]php
hxxps://nocodeform[.]io/f/6664735a05b8909df2b20714
hxxps://www1[.]jacksonville420doctor[.]com/post[.]php
hxxps://smartforms[.]dev/submit/6666f1195df1517d48d8f346
hxxps://submit-form[.]com/1Bh1x20ne
hxxps://app[.]form2chat[.]io/f/5ef8f443
hxxps://smartforms[.]dev/submit/66689dcf5df1517d48d8f3cd
hxxps://data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
hxxps://app[.]form2chat[.]io/f/d4e4d332
hxxps://kanyinicare[.]com[.]au/wp-includes/AMA/Excle[.]php
hxxps://alpro[.]info/x/send[.]php
hxxps://nz576[.]com/Preview/OneDrive-Attach-MMp/result[.]php
