주간 피싱 이메일 유포 사례 (2024/06/02~2024/06/08)
본 포스팅에서는 2024년 06월 02일부터 06월 08일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.
가짜 로그인 페이지(FakePage)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| 페덱스 수입세금 납부마감 안내 – | AWB#58579.html | 7aad62c6200d3d1809887a3a9c3e4ec1 |
| 구매 주문 확인 | PO4567.pdf | c2e21f95fb61743a8cdfad9c9f0715c3 |
| 당신은에서 구매 주문을받았습니다 (Al-Shamal Trading Co.,Ltd ) | Excel.xlsx.htm | 69645829afe9dbe27caa6928c9c540e1 |
| ?FedEx 화물도착안내 | AWB.html | 7980506b62ede17635d2e8122aa517b5 |
| FedEx 수입세 납부 기한 정보 – (001) | einvoice.html | 746a94ea174ad4846c06f7e094bbea60 |
| [페덱스] 수입세금 납부마감 안내 | AWB#96020.html | 69c18b3c46b0091fa2b7b7c084efcdeb |
| 【?子?票】?收到一?新的?子?票[?票??:29730940] | 51Invoice-SF-Express.html | 808c476d7e0c8a4f7b5d10ee2fe119ec |
| Shipment Document Arrival Notice URGENT! | Original BL CI Copies.shtml | 46dd20d76ead1dc8b1776475d146f3a9 |
| FW: Fund transfer debit advice Ref: ****.***@***.com | Payment_Receipt.htm | 25995ffbad6f3df558ec9e154f6c7aee |
| ?? URGENT, Please Confirm – Email Restriction | filterspakistan.com.Shtml | c9d9ec72d4665752f81063d26c7331f5 |
| FW: Fund transfer debit advice Ref: *******.***@***.com | Payment_Receipt.htm | 10c1d23c38527ffa3b6b56c7503e86b3 |
| RFQ# FES2303204407 | RFQ#2303204407.HTM | e770fa3117bba0398a43000ab05127c7 |
| Re: Our Best Price AU029953 | Order Specification.pdf | d56064f9cabae348c886731c7ba299d5 |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml | 2cf5af4f239dea4a2ce97298279ac71e |
| RFQ#ORDER-3MT-23-091-27-SUPPLY | 3MT_Order_RFQ_0EBY_PO-2024_pdf.shtml | 8569ae8e5a435e9f6806f452d907cd60 |
| FW: Fund transfer debit advice Ref: *******.***@***.com | Payment_Receipt.htm | 2d23ec6ec1a024c84acef1a0380b299f |
| Important Payment Notice | Nedec Acoount_Record.html | af86b2c467a8818eed0378345d950a84 |
| Aw: New Product Enquiry | doc.html | 0cc6f341280b9c1c2a57fdfa03b86eb1 |
| RFQ# FES2303192144 | RFQ#2303192144.HTM | ee3af6442afa3fe19fa5813f2f9ddee5 |
| FW: Fund transfer debit advice Ref: *****.*****@***.com | Payment_Receipt.htm | 17bfbd4cffac22522fe6614b060dbfc4 |
| Direct ACH Deposit Processed | File_9188329.html | ec05cdbd06e36bf7197437f9b9b8c628 |
| RFQ# FES2303142807 | RFQ#2303142807.HTM | b4449e0d1251c9dd10ef638a21dff800 |
| Your Shipment Just Arrived -SGS- | AWB Shipping Document.shtml | 73fd0240352baea38d6875c781f473b3 |
| Reminder: Renewal Notice Approval- PROFORMA INVOICE.pdf | DOCUMENT.htm | 91262f6f3495e7de25fec6f188c6dfae |
| Lge_Deposits_#r9Co | Payment#0091-31 May, 2024-PDF.xhtml | 70627e4d87f6b9363df6e43cd9020a00 |
| Re: Our Best Price AU029953. | Order Specification.pdf | d56064f9cabae348c886731c7ba299d5 |
| RFQ# FES2303190748 | RFQ#2303190748.HTM | 0ecb777d6b7b4abb44d618f1b13b6ecf |
| RFQ# FES2303161822 | RFQ#2303161822.HTM | e6a8c54e6e80e57e58bfccaf9268445c |
| FW: Fund transfer debit advice Ref: ****.***@***.com | Payment_Receipt.htm | f0ffb8463120641446f1a4104f80ca08 |
| RFQ# FES2303164814 | RFQ#2303164814.HTM | 755a48069befbc8fe152ce3aba0294f6 |
| FW: Fund transfer debit advice Ref: *****.***@***.com | Payment_Receipt.htm | 99051ac90801397accecbf2c04850821 |
| Air waybill INV/PL/BL | DHLPackage-eShipping.htm | 742ace12d3d67727443044813e82a6b3 |
| Wollmuth Maher & Deutsch LLP | Wollmuth Maher & Deutsch LLP.pdf | 0bb13572b8f579f3feb51359560595fa |
| RE: MT103-WIRE PAYMENT 6/7/2024 | EFT-BankSwift24.html | eb9f8a4650a9fe2563e24bf7aabf598b |
악성코드(Infostealer, Downloader 등)
|
이메일 제목 |
첨부파일 |
MD5(첨부파일) |
| 答?: URGENT Request For Quote – Urgent ! | COSCO24013126.IMG | e2864d87e64f567b9474b0913fdd66b7 |
| Pending DHL Shipment Notification REF: 07/6/2024 | DHL Package.zip | 35ad880f5b37f694d5d9fc7d750cad14 |
| Request For New Order -June/July 025629001Xls.- Ulaanbaatar,Mongolia | PO # 025629001.rar | bd819dbdd029540fd5a3f2d50c5703b6 |
| RFQ with Baowu Steel Group | project memo.img | ae823a605a65264000f7d273b55eda12 |
| LEG/C Gas Wave – Agency Appointment for vessel’s call V2024-016 / | LEG-C Gas Wave (Q88)_pdf.lzh | 1347ce21a2d60e8f9bfc4fe95897fe1f |
| REQUEST FOR QUOTATION | SAMPLE _CATALOGUE_EWF_PDF.GZ | fb8d0ae425b4e14bca8fc3eecab23baf |
| Order | Order NO 000399494800.img | ab3bf0c4c3cad7ee0995ec8afab0248a |
| Request for quotation | SAMPLE _CATALOGUE_EWF_PDF.GZ | 60a7e716d4096c5b2d261711efa88189 |
| Re:Statement for month-end May 2024 | Remittance slip.rar | ecdc12be2020c1f7e5717bc672a55037 |
| COSCO SHIPPING LOADS DELIVERY DOCUMENT / EXPRESS – 021NLALI/ SOCAR /COEX2918012160 / COEU90039820 / ACCEPTANCE / | COSCO-BL-Ref09293390455555.pdf | 475b6f5a723c66d8c43107d1d3b289e7 |
| PO # 4500078517 | PO # 4500078517 1.rar | bd819dbdd029540fd5a3f2d50c5703b6 |
| QUOTATION – RFQ ON THE 05/6 B4 3PM | QT_20240605GOODSAMS.html | c5842e4676fa9e2f7e6fac390e58da09 |
| Purchase Order DOC_MDR0307_024 | Purchase_Order_DR0307_024.Tar | b9c3113bc5b603809dac2515dd03e9fa |
| RE.Re.Re. Re. purchase order 2635# | RE.Re.Re. Re. purchase order 2635#.zip | 590b5eb75c4572a426d2b6a58951eeb9 |
| Order Inquiry | Order Inquiry.pdf | 23e23eb10bbe361630008c5eb718645a |
| New Order DOC_MDR0307_024 | Purchase_Order_DR0307_024.Tar | b9c3113bc5b603809dac2515dd03e9fa |
| Re: Our Best Price AU029953 | Order Specification.pdf | 74c16c1da0c0cfa0a419381c1e9117a2 |
| 7/6 Shipping documents | Shipping.zip | 594c88f0815435836775f4af6fd465d4 |
| 回?: TN60768 7 | Doc_478568368373643783648373483833643836434.zip | 366a38d0096dc0a968b00bad3a26bec6 |
| Borrador de contrato: 023571961541 | doc023571961541.img | fc40ced35443bb1e6e7c04f982707aec |
| Aw:Aw: Aw:New order – Revised Invoice/Advanced payment | invoice30%deposit.doc | c3cfeff7862471924d524a2d861b2647 |
| SUPPLY OF DI PIPE AND FITTINGS FOR ASWEA WATER WORK – PROJECT | PO 6789023#.rar | 7482d0d37f5db0c286ea1772613d41b2 |
| ADVANCE TT SLIP//APRIL 2024 PAYMENT | TTSlipa.arj | bc943e23667a6e0e5a4dc8863c79902e |
| ENQ.NO: 6-59512/CLOSING DATE: 10/06/2024 | RFQ- 6-59512.rar | 7482d0d37f5db0c286ea1772613d41b2 |
| ricevuta di pagamento | 642024_37643.iso | fdcf6f5fcb9c38b56da45f617a48c209 |
| Re: KUBOTA KASUI VN: KOSPO24-007 | 02062024.lzh | 2a49346caf02d3f5499eff979daa2803 |
| DHL Express Courier Pickup Cancel CBJ520818836689 Confirmation | DHL-CBJ5.rar | 5428e7342ed28bc1989c65d75fa57fc0 |
가짜 페이지(FakePage) C2 주소
hxxps://nocodeform[.]io/f/665e585c34c71e7ee947b8b1
hxxps://hnsljl[.]ru[.]com/check/rob/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/665e611e6bddf4bca4970e00
hxxps://nocodeform[.]io/f/664e4b0662e2398933efe010
hxxps://formspree[.]io/f/xzbnykvp
hxxps://nocodeform[.]io/f/6660482806a92ddebb185fd6
hxxps://hnsljl[.]ru[.]com/check/dhlphpoyin[.]php
hxxps://nocodeform[.]io/f/66564d254754eeaa709919bc
hxxps://fil382[.]com/rp/ui[.]php
hxxps://bangladesh16[.]com/xx/Excel22[.]php
hxxps://hochtief-group[.]za[.]com/light/bl/dhlphpoyin[.]php
hxxps://readmemag[.]com/mp/cd/dhl[.]php
hxxps://fondosdecomercioram[.]com[.]ar/docusign[.]php
hxxps://auditx7[.]com/ebbb/loginx[.]php
hxxps://app[.]form2chat[.]io/f/f027a975
hxxps://nocodeform[.]io/f/665e694f651cc54219d92e26
hxxps://liamoraghsoundtherapy[.]com/flexxy/config[.]php
hxxps://submit-form[.]com/bjDyLJJyE
0bb13572b8f579f3feb51359560595fa
0cc6f341280b9c1c2a57fdfa03b86eb1
0ecb777d6b7b4abb44d618f1b13b6ecf
10c1d23c38527ffa3b6b56c7503e86b3
1347ce21a2d60e8f9bfc4fe95897fe1f
https[:]//app[.]form2chat[.]io/f/f027a975
https[:]//auditx7[.]com/ebbb/loginx[.]php
https[:]//bangladesh16[.]com/xx/Excel22[.]php
https[:]//fil382[.]com/rp/ui[.]php
https[:]//fondosdecomercioram[.]com[.]ar/docusign[.]php
