주간 피싱 이메일 유포 사례 (2024/06/16~2024/06/22)
본 포스팅에서는 2024년 06월 16부터 06월 22일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.
가짜 로그인 페이지(FakePage)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| [Sinotrans-DHL]전자 송장(송장 번호: 26223657) | Electronic-Invoice26223657.shtml | 8c5d07b2bbbf847f6d654717470686c2 |
| 페덱스 수입세금 납부마감 안내 – AWB775647250712 | AWB775647250712.html | a9aba112aeac929bb41b80aa6bd2eb93 |
| Award Winning View Attached | YAHOO-AWARD-WINNING-NOTIFICATION-JUNE-2024.doc | 3f8235dae55e6626af1609bc125c067f |
| **********.com EFT Payment Processed on 20th of JUNE | **********.com _Payment875687867578.htm | 53e2bed418f9533c578cc812f508cdc5 |
| DHL: View your delivery status and track shipment | AWB-Ref__310479442.html | e2fedc83b4390ad9b6bcb276b816c757 |
| 페덱스 수입세금 납부마감 안내 – AWB775647250712 | AWB775647250712.html | d41722b6e20be3233e366306c98e3ac4 |
| DHL AWB Arrival Notice #310479442 | AirWaybill_Document.shtml | 3c1ad84cef053c410837b8e6066f1560 |
| Ihr Tracking-Code ID:773873648 | 44bf2f8f-32be-11ef-ac2c-44a842253044.html | bf8e37e00e0f9126b022ff8bd286601d |
| 전자세금계산서(***)->회계법인***) 새창에서 읽기 | NTS_eTaxInvoice.html | 25f64fa6cc809ab026da7b917937304c |
| Completed: Complete with DocuSign: PROFORMA INVOICE.pdf | PROFORMA INVOICE.html | ec5943c0a1dc177c527a70187e08a82c |
| 물품공급계약 | GAC009376551html | d0c0894fb0985b25e1b03ce090a5a593 |
| FedEx – AWB# Arrival Information. | Invoice. AWB#84248_pdf.htm | e4296d23342fa1caf046627bdade1b05 |
| COMMERCIAL INVOICE, BILL OF LADING, ETC DOC | Original BL CI Copies.shtml | dae04b1f9f43d0395a2638646043bb5d |
| Completed: Complete with DocuSign: PROFORMA INVOICE.pdf | PROFORMA INVOICE.html | d113438135f25ec43e118dddbe3ff8b1 |
악성코드(Infostealer, Downloader 등)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| DHL Express SHIPPING NOTIFICATION | Package.zip | d2d166e4d9a0721cc6f71fe4ecd723e6 |
| Re: OrderNbr.: 192229 | 4550002932.lzh | ef67e0b6cba9f9b75ebb34c4d97fd51d |
| URGENT RFQ | LIRB QUOTE.exe.img | 57b637ca5a8645e76494a2708c5ffcf5 |
| Payment Advice – Advice Ref:[A295z1TViHMc] / ACH credits / CustomerRef:[C0112062024] / Second Party Ref:[] | HSBC Payment Advice_ACH credits_06172024.xls | 49693b0cd19de51de97fd43fe44acd54 |
| Re:_Confirmación_del_pedido | lista de nuevos pedidos.zip | 96f2bb5cdce415a4f2d9a5340aa523f3 |
| DHL Shipment Notification: OH-24010030 | Arrival Notice.rar | 8c77317c671647c8786abf61efc4f12a |
| Ihr Tracking-Code ID:085835825 | 0ebb6840-32bf-11ef-983e-44a842253044.html | 7b60d0d525b81b3b9def69ec327c5d0c |
| Our New Purchase Order | MTS Purchase Order 4400012679.cab | 43cc3cb908ec816d912cbdf73f542e20 |
| RE:_RE:_RE:_RE:_¡UNA_SOLICITUD_DE_FACTURA_PROFORMA_PARA_SU_PAGO_INMEDIATO_DE_HOY!_!!_!!! | 20062024.zip | d059974d24e26b0e544fb7712716901b |
| Details of an Urgent June Inquiry | New_June_Inquiry_PTIE.zip | 1ab0bb7424e10b22ce7e1ce4509da216 |
| FW: PO # 0005TP/2024 | 4550002902.lzh | d866fccd84eb3dbea08a8d9a28051c91 |
| RE: Nuevo orden | Nueva lista de pedidos adjunta.zip | 7883702935e54b98bc4c4de461ccd977 |
| Legal warning | Legal warning.img | 7ecb8c36ebdd62d1cf42ee6181b80706 |
| DHL Express SHIPPING NOTIFICATION | Package.zip | d2d166e4d9a0721cc6f71fe4ecd723e6 |
| Re: OrderNbr.: 192229 | 4550002932.lzh | ef67e0b6cba9f9b75ebb34c4d97fd51d |
| URGENT RFQ | LIRB QUOTE.exe.img | 57b637ca5a8645e76494a2708c5ffcf5 |
| Payment Advice – Advice Ref:[A295z1TViHMc] / ACH credits / CustomerRef:[C0112062024] / Second Party Ref:[] | HSBC Payment Advice_ACH credits_06172024.xls | 49693b0cd19de51de97fd43fe44acd54 |
| Re:_Confirmación_del_pedido | lista de nuevos pedidos.zip | 96f2bb5cdce415a4f2d9a5340aa523f3 |
| DHL Shipment Notification: OH-24010030 | Arrival Notice.rar | 8c77317c671647c8786abf61efc4f12a |
| Ihr Tracking-Code ID:085835825 | 0ebb6840-32bf-11ef-983e-44a842253044.html | 7b60d0d525b81b3b9def69ec327c5d0c |
| Our New Purchase Order | MTS Purchase Order 4400012679.cab | 43cc3cb908ec816d912cbdf73f542e20 |
가짜 페이지(FakePage) C2 주소
hxxps://nocodeform[.]io/f/664647f6d6fccf1037154aa5
hxxps://app[.]form2chat[.]io/f/1cbb2c31
hxxps://smartforms[.]dev/submit/6666f1195df1517d48d8f346
hxxps://fastomod[.]sa[.]com/aer/dhl
hxxps://fastomod[.]sa[.]com/dsert/dhl
hxxps://araucariapeche[.]com/loginx[.]php
hxxps://airtekincheatingandcooling[.]com/abasel/docusign[.]php
hxxps://app[.]form2chat[.]io/f/8c0d4f6
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
hxxps://smartforms[.]dev/submit/666f80c45df1517d48d901a9
02139e7772c3a7dc0655677201b3b075
0681b19e23c8a63249fe77b6c071c042
1ab0bb7424e10b22ce7e1ce4509da216
25f64fa6cc809ab026da7b917937304c
2b1b90fff92ae9681d2c9201d829afe1
https[:]//airtekincheatingandcooling[.]com/abasel/docusign[.]php
https[:]//app[.]form2chat[.]io/f/1cbb2c31
https[:]//app[.]form2chat[.]io/f/8c0d4f6
https[:]//araucariapeche[.]com/loginx[.]php
https[:]//data[.]endpoint[.]space/clxa9q4jn004308jr7ln69d9r
