피싱/스캠

주간 피싱 이메일 유포 사례 (2024/05/26~2024/06/01)

  • 6월 11 2024
주간 피싱 이메일 유포 사례 (2024/05/26~2024/06/01)

본 포스팅에서는 2024년 05월 26일부터 06월 01일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.

 

가짜 로그인 페이지(FakePage)

이메일 제목

첨부파일

MD5(첨부파일)
화물도착안내 DHL ORIGINAL DOCUMENT.html d4c01c806a34b826ed75fd657f13f9ef
중요 메일메일 제목RE: 답글: 답글: 답글: RE: 답글BALANCE PAYMENT Bank Transfer_Slip (HSBC)#12122023.htm 47d0de90c29e9e45ea886a45278dc17d
앞으로:[KR]: FedEx Invoice청구서 (Customer Account -XXXXX5534-07020447578346) KR-Invoice-945829815-XXXXX5534-07020447578346.html d890e4b873b5eea24b7d10384ba0ac58
You Have new Voicemail ***********@*****.com Voicemail Nedec.html 2402904ea1218ab4acc9cb81fd51386e
You Have new Voicemail Samchully Document.html a0d9adda1af6cb6e4216f360b177f4eb
You have missed a package delivery Track_Your_Shipment_(E)_Invoice.html 1b64d4f00082d2a235108a5ac1c95002
Shipment Document Arrival Notice Original BL CI Copies.shtml 1ec494fd8df426ebaf42327a7068a0eb
Section Event Photography Fees clarify_27-May_390904.html a29efa57724eec56cd1d9bdb894b6a45
Request for quotation of the following items. Specifications,Quotation.HTML 3b2757c5edcdb9d9f5394a53c5f1b112
Re: 回复:回复: 回复New Contract invoice-PO#00997923 Order_List.pdf.shtml cbf9b5bb6382640c3c413cfdb02c488c
Re: Notification of arrival of your shipment with air waybill: #***********3321 DHL-Shipping invoice.shtml b0f38a48ead85ceb815c1e3e959284b2
Re : shipping document doc.html 1c5eb3cb8465273664b9bb388f7bf75e
Re : P.O No: 19E0401 Via Excel P.O No_ 19E0401 Via Excel.html b390ec523ffb7bc0b71ae4d513eb171c
Purchase Order Confirmation Purchase_Order_41782.pdf.html 1346c502d1e02e4566632c5ec3bc0759
Payment Advice – Ref: [HSBC9722047] / RFQ Priority Payment / Customer Ref: [PI083987QT24]  Remittance#19860.html 0649f4097716b2729c997a2773ee0ba7
New Voicemail Received  Samchully Document.html ddd58d3787e8f8ef954fb1b9a63a727c
New Quotation Order From AL Shabiz Trading LLC New Quotation Order.zip 062c80b0a661dd02650d80421a446d06
MJ14407_PO2405230016 SJ Tech M24-181 182 MJ14407_PO2405230016****** M24-180 181_.pdf 6ac36c3d247f30fc6dc445918472b156
Missed Called – 44 Seconds Samchully Document.html e208631b5e784811aa8a06c4463828ee
FWD: 선적 서류 (Original BL, CI & PL) FedEx Cargo Package.shtml 745a8bfd2279afb8d2aeb3a80c8a4e32
FEDEX:화물도착안내 Inv doc.htm 4b724d992808b3354bcba54089778b90
FedEx Import Exemption – 776100838414 inv Packing List.htm 086c2c88e68b2d2be68acc608ba640d2
FedEx – AWB# Arrival Information. Invoice. AWB#84248_pdf.htm e4296d23342fa1caf046627bdade1b05
DHL- Shipping documents & bill of Lading / Invoice B_L Document.html 0f0bca23c5348a490d2e2828aacd4276
Bill of Lading-CARGO ARRIVAL_NOTICE Bill of Lading-CARGO.Html 0777e5bba584f785b2ea5db322ccff5e
7136 Product information Request for Quote.html 635348a61668a79d5a76af8ab1ceb76c
✈️ 시간에 민감한: FedEx 배송 도착 정보 Shipment Pacakge Info.htm a982d470073ea01847c23c90fb368de6
【电子发票】您收到一张新的电子发票[发票号码:29730940] 51-Shipping-Document.XLS.html b2794c66ea92d08367dead0dbaa37d82
[페덱스] 수입세금 납부마감 안내 AWB#989345874598.html a539651c5375d61205651a222267625b
[电子发票]您有新发票,请注意查收 (提醒)【疑似钓鱼邮件,请注意密码安全】 51-Shipping-Document.XLS.html 646d354bd8ec7f38146b080e45444288
Payment Remittance made 5/29/2024 Payment.pdf 1b3d2d40c1ac5d78feb36742c96087a9
[Sf express eInvoice Notice] Invoice Confirm Overdue顺丰月结账单出账通知 invoice 203992011-5-2024.pdf.shtml 5694fc131194a17f6f76ed5ecff02c2c

 

악성코드(Infostealer, Downloader 등)

이메일 제목

첨부파일

MD5(첨부파일)
VESSEL DELAY NOTICE CARGO_DELAY_NOTICE_NEW_SHIPPING_SCHEDULE_AND_ETA.7z e76c16234cf540bc4afe6c92685288b0
USD1,402,995.67,_SWIFT_****은행(주) Remittance_SWlFT#02938**********BANK.svg dde20b65d6668dba949c5497af872f4e
TT SLIP – PO.8880/22, 8881/22, 8927/22, 8928/22 & 8941/22 – PAYMENT TT SLIP – PO.htm a540cd7cf63e47f8f2882099ce9d898a
SOA – OTX Logistics SOA – OTX Logistics.rar ee53766e919ddf1a9fd8ce14671eb09a
SOA SOA REF010085.rar fdf1c7e33aa3b468c5cc0bc6dcc4c4af
Re: Over Due Payment – Urgent Reminder! Final Warning!!! Invoices.xls 314d869bdb8a74185275fc9ec6a37fdc
RE: Orden de compra -44708 Orden de compra.zip f4cce040c4ae16ffdf5b2c42465e1e5a
PURCHASE_ORDER_261531 – Eyevex Safety LLC SHJ BR PURCHASE_ORDER_261531.rar 2cb15a1d330d94bbbfb9fe67e68eb2b6
Pre-production Samples Inventory_lis.img 6ebb80f1c54eee95e9c4f8ab349e1c17
Port agency appointment – M/V RED SEA MV RED SEA.doc 3f664806a50a8b6ca8f8a666a8f3d8bd
New Order Request for Quotation: Treat Urgently Important_document202308.pdf cde49f3cbb5d907a941f060e46d009f6
M/V XH DOLPHIN MV XH DOLPHIN_PDF.arj e3d3d93759a0552c63ec2c3ccbf6c383
Hersheypark-RFQ Order_IMP03042024 Hersheypark-RFQ Order_IMP03042024.html 47b5972be9a95bc7822b0a01df45ffdb
Hersheypark-RFQ Order_IMP03042024 P0_IMP03112024.html 1cea219f72bf4829b81d784220e7f2bb
Hersheypark-RFQ Order_IMP03042024 P0_IMP03112024.html c67231531dd823d45ef6ab3deee37ed3
Hersheypark-RFQ Order_IMP03042024 RFQ Order_IMP03042024.html eb4166b6943c741ddc22dc43ca5cf1a4
Formal Salary Revision Payroll List.arj 34c6bd6d8454b0ad3eeafefe2c138115
Formal Salary Revision Payroll Admin.arj fdd823fe582e2a3f2649f8b906346c03
Factura Factura.rar e728dcaeec40f356bf7fe54a12607b6b
Debit advice and SWIFT message for your account No. under transaction reference no. 06323IBCU009198 Debitadv.r03 fb4d12ea4cc472962cfb5f65027cf54a
CMA CGM CARGO #0009300XR3S –SHIPMENT DELIVERY RECEIPT-.rar b631325fe88e248971bc78e7183f4cfe
certificado de propiedad de en la factura adjunta, DOC.rar 379714dfb84555e121d940817bb21e06
BUNKER INQUIRY BUNKER INQUIRY.rar f0d5bd5d81b74a366ee0ed9cabfcfa84
Account Report 5/27/2024 11:45:08 a.m. account023784cmf##.pdf 47242b297294085baf2515feef7162ea
[악성 주의/Malicious Warning]RE:RE:_KZ_//BALNGB2110136_Запр ос_предложе ния SMKTGTECH634667478874873845985309802Thayne.gz cf28f43ef2773834bf4a17ee4e73f974
[Request Received] Eravant: Purchase Order #PO23045 Purchase.zip cde6e70c06301fe80db385a1cd4fd563
[Request Received] Eravant: Purchase Order #PO23045 Purchase.zip 4d2c731eb8a1ad97a870d4ada7ab8f3b

 

가짜 페이지(FakePage) C2 주소

hxxps://www[.]krabiview[.]com/wp-content/themes/twentythirteen/ice/dhl1[.]php
hxxps://www[.]auspareparts[.]com/fed/fdx[.]php
hxxps://usebasin[.]com/f/39bc7138119c
hxxps://rendmanudinar[.]com/deydyx/slDUCj1[.]php
hxxps://qldgovtv[.]com[.]au/wp-includes/check/roboss/dhlphpoyin[.]php
hxxps://qldgovtv[.]com[.]au/wp-includes/check/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/66564d254754eeaa709919bc
hxxps://nocodeform[.]io/f/664da73d3f4df3a914dfd1eb
hxxps://nocodeform[.]io/f/662e90891940144aa5575a13
hxxps://nocodeform[.]io/f/6624e429315208634a3467f9
hxxps://nocodeform[.]io/f/65eeac6e92c04770bfb334ae
hxxps://nocodeform[.]io/f/65d3a0f1643e6d8f39f20b10
hxxps://nocodeform[.]io/f/65bbc626e4a0f048c71428f7
hxxps://nocodeform[.]io/f/65acc261677f4282f7477b44
hxxps://msunduziz[.]com/xurre/loginx[.]php
hxxps://manuelcasabielle[.]com/wp-includes/bold/dhlphpoyin[.]php
hxxps://khoms222[.]ir/au/js/OG/dhl1[.]php
hxxps://jenata-vchas[.]net/[.]well-known/pki-validation/lognet-[.]php
hxxps://hirukote[.]net/wp-includes/rr/dhlphpoyin[.]php
hxxps://gswaters[.]com/continue/exc[.]php
hxxps://formspree[.]io/f/meqydawz
hxxps://eolica[.]az/FEDEX/phpmailer[.]php
hxxps://coworkingops[.]com/error/Excel
hxxps://app[.]form2chat[.]io/f/f027a975
hxxps://app[.]form2chat[.]io/f/779f2968
hxxps://app[.]form2chat[.]io/f/1cbb2c31
 

MD5

00f1707ba1fc9fb84026dbb0b6d39679
0280df05fd5fad12ffaccce59b1d8f94
02cef8e921ada37408f4a574e3c89ec0
03ca3b2b6c1ee5e2874205707cc0ca17
04e0c216bec14cc8ee692d5479ecaf9f
URL

https[:]//app[.]form2chat[.]io/f/1cbb2c31
https[:]//app[.]form2chat[.]io/f/779f2968
https[:]//app[.]form2chat[.]io/f/f027a975
https[:]//coworkingops[.]com/error/Excel
https[:]//eolica[.]az/FEDEX/phpmailer[.]php
Previous Post

Next Post