주간 피싱 이메일 유포 사례 (2024/07/28~2024/08/04)
본 포스팅에서는 2024년 07월 28일부터 08월 04일까지 한 주간 확인된 피싱 이메일 공격의 유포 사례 정보(이메일 제목, 첨부파일, URL) 를 제공한다. 가짜 로그인 페이지 유형(FakePage)과 악성코드 유형(정보유출, 다운로더, 취약점, 백도어등)을 구분하여 소개 한다. 유포 사례에서 다루는 피싱 이메일은 첨부파일이 있는 이메일만을 대상으로 한다. 이메일 제목과 첨부파일 명에 등장하는 숫자는 일반적으로 고유 ID 값으로서, 이메일 수신자에 따라 다를 수 있다.
가짜 로그인 페이지(FakePage)
|
이메일 제목 |
첨부 파일명 |
| 한국** ***그룹 (한국** ***그룹->**) | NTS_eTaxInvoice.html |
| 전자세금계산서(***)->회계법인***) 새창에서 읽기 | NTS_eTaxInvoice.html |
| 당발송금 수취인 안내 ( ADVICE OF REMITTANCE ) | REMITTANCE 영수증 확인증 02.08.2024.htm |
| You Have new Voicemail | New Voicemail 7_26_2024 2_29_19 a.m..html |
| You Have A Delivery Notification. To: *****@*****.com | *****@*****.com-EMS.shtml |
| Urgent Action Required, Update Your Details. | Update Your Details.Html |
| shipping documents (Original BL, CI & PL) | inv doc.htm |
| Shipment Document Arrival Notice | Original BL CI Copies.shtml |
| sale Missed call | New Voicemail 7_25_2024 10_05_23 p.m..html |
| Reciba su Facturacion .Pendiente de pago | Factura_635837.pdf |
| Re:回复:Payment Advise_Confirmation8756 #secure# | Payment_Remittance-copy.html |
| Re:RFQ Price Items- Quotation request | Purchase Order Excel file price items .html |
| Re:Re:Re:Summary for orders VP16-31 | orders VP16-31.htm |
| Re:Re:Purchase order | Purchase Order items .html |
| Re:RE: RE: RE: RE: RE: RE: Cosmax USA PO# 4500926140 | Invoice-TM20221128-DONGGUAN DAYSUN ELECTRIC CO.,LTD.shtml |
| Re:New Order | PO Nx-LI-15-0001 EXCEL file .html |
| Re: Your App Purchase Receipt – Invoice – App Purchase Will Be Processed on Thursday, August 1, 2024 #8JS8J1823 | APPS #8JS8J1823.pdf |
| Re: Request for Proforma Invoice for Purchase Order and Delivery Date | Purchase+Order+Excel+Document.pdf |
| RE: Refreshing Week in London | a2d02d40-5317-11ef-a74a-44a842253044.html |
| RE: Refreshing November in London | dcb43d00-530b-11ef-b99c-44a842253044.html |
| Re: Re: Re: Re: PO#00873993 – PI & PL & BL | PO#00873993.html |
| Re: Purchase Order 1400126265 | PO#08383022.html |
| Re: Purchase order | Purchase order check EXCEL file .html |
| purchasing Missed call | New Voicemail 7_26_2024 1_34_26 a.m..html |
| PO 0221-1 payment-1 | PO1-09-7-24.pdf.html |
| Pending Shipping Documents DHL | Shipping Documents DHL.html |
| Payment Confirmation | 346780-ATF JET-SWIFT.pdf ..htm |
| PayApp Transcript-July 27, 2024 | LgePAYAPP329.html |
| Parcel Delivery Information #FedEx_Shipment | FedEx_Document.html |
| order Missed call | New Voicemail 7_26_2024 12_27_59 a.m..html |
| ops Missed call | New Voicemail 7_26_2024 6_26_59 a.m..html |
| NEW PURCHASE ORDER_68932024 | PO#68932024_INVOICE DOC.shtml |
| Invoice Payment Receipt | Payment Receipt check EXCEL file .html |
| Invoice NRHC07-24 | Inv_NRHC0624_23376_PDF.htm |
| invoice Missed call | New Voicemail 7_25_2024 9_32_37 p.m..html |
| Invoice for Your Recent Purchase – Order #4508825. | Order_4508825 (1).pdf |
| Invoice 9867 from Think Design Architectural Studio – F2338 – Grove Street | Inv_9867_from_Think_Design_Architectural_Studio_15636.html |
| INVOICE 3045623 SAMPLE DELIVERED BY FEDEX. | Attachments.zip |
| FW: New Company Guidelines added to Lge Employee Handbook Ref: VDBGD | Complete with Docusign jasmine2.pdf |
| FORM | busan Form.htm |
| Fedex: 확인요청 ✈ (INV and AWB) | Inv doc.shtml |
| FedEx 관세 지불 기한 정보 – AWB#77600748349 | FedEx_Document.html |
| ETF Swift from **** Tuesday, July 23, 2024 | Invoice 201476.html |
| DHL- Shipping documents & bill of Lading / Invoice | DHL Shipping Invoice.html |
| DHL Shipment Details – Parcel Tracking Confirmation | DHL SCANNED DOCUMENTS.Shtm |
| Delivery Notice- Ref: [Doc-29321] / RFQ Priority Shpping Documents Ref: [PI-29321] | Manikas_packing_list_AIR_SHIPMENT_13NOV2023-PDF.htm |
| Confirmation: INVOICE #8371582 | INV8371582_PDF.htm |
| Cargo arrival information | Tax inv.htm |
| Aw:Aw: New Order -BE21080377 | New Order.html |
| ap Missed call | New Voicemail 7_26_2024 2_28_53 a.m..html |
| admin Missed call | New Voicemail 7_26_2024 7_33_47 a.m..html |
| accounts Missed call | New Voicemail 7_26_2024 4_35_12 a.m..html |
| accounting Missed call | New Voicemail 7_26_2024 5_27_59 a.m..html |
| 4 Missed Called | New Voicemail 7_25_2024 11_34_51 p.m..html |
| 09:15:35 ORDEN DE PAGO CEP1970 ENVIADA,31/07/2024 VERIFICAR CON LA INSTITUCION RECEPTORA | PAGO.COMPROB.LNHbfyXFvS.pdf |
| [페덱스] 수입세금 납부마감 안내 | AWB#989345874598.html |
| [HR Announcement] 2024 Mid- Year Compensation Letter Ticket#:2141 | Bonus Letter for Jinghua Han_DocuSign_2757.pdf |
| *****SPAM*****#[Confirmación_Compra_6887]_2024-07-14_P | #TU PEDIDO-20240714-8862.html |
| (ADVICE OF REMITTANCE)_2024년 07월 정산 안내 | *** Remittance Copy.htm |
악성코드(Infostealer, Downloader 등)
|
이메일 제목 |
첨부 파일명 |
| [DHL] 수입신고수리내역서 (특송사후납부-징수 18) + 납부고지서 – 7349661815 | Import_Declaration_7349661815_1235624955546M.z |
| ARABITEC GLOBAL ENGINEERING FZE-DUBAI UAE ORDER REQUEST | ARABITEC GLOBAL Request PDF.7Z |
| DHL AWB Documents NO: 8124420 | DHL AWB 8124420.zip |
| DHL AWB: Second Delivery attempt fail | 0070302024_000729.PDF.z |
| DHL Shipment Notification : 41603793540 | DHL-Shipment-Notification-4160379354.cab |
| DHL Shipment Notification : 490104998009 | DHL Receipt_490104998009.xls |
| Draft BL | Draft BL.js |
| FW: new Order | po-494DA.gz |
| FW: Noodle packing machine – Shipping | Noodle packing machine – Shipping.rar |
| FW; REQUEST SOA JULY 2024 | FW Request SOA July 2024.docx |
| Inquiry for ********.com | Inquiry.pdf |
| July Shipping Documents (CI,PI,PL,BL) | Shipping documents PL PI BL.zip |
| Lukem Me DMCC – Quotation Required | Purchase Order – P010856.rar |
| M/V SHANDONG FU EN/COMERGE -APPOINTMENT v1 | MV SHANDONG FU EN – PARTICULARS.xls.lzh |
| MV SEA XPRESS II | MV SEA XPRESS II.arj |
| Payment Swift Advice – Advice Ref:[****] / Priority payment / Customer Ref:[**********] | Payment Swift Advice 0037007975 PDF.7Z |
| PO 3 sets single-pack machine and 6 sets dispenser | BOC-SP24-171 $69390.06.gz |
| PROFORMA FATURA | PROFORMA FATURA.gz |
| Proof Of Payment | Bank Payment Copy.html |
| purchase order HL51L05 | purchase order HL51L05.rar |
| Re Itinerary Booking | Booking_No1162808.rar |
| Re: [URGENT]: invoice & packing list 2024052204 | Invoice & Packing list 2024052204.wim.001 |
| RE: 1x40HC// booking #241431217// CONATINER #MRKU4488284// INV NO: 270// Matadi,congo // Maresk Line | SFS-00158-24 JOB# OE-198-24 MATADI.zip |
| RE: New order Acetogen / OP5640/ PI duly signed | FPL7557903-HFX865680-QFG967909-DFU8979909.R12 |
| RE: Quotation Fired heaters Steel Detailing (Fabrication drawings) & steel design project | Product & Drawings.xlsx.gz |
| Re: Re: Nuevo orden | Nueva lista adjunta.zip |
| RE: RE: Order confirmation | Bank payment copy.zip |
| RE: Réservation 4 day | Booking_0031.rar |
| Re: การชำระเงิน | IMG46375758375835Slangebiddenes213.7z |
| Re:Reservation Payment | Booking_No063 (1).rar |
| Remmitance request executed. | Payment Receipt 30724.zip |
| RFP-000000041441 – PCASB (RFQ-010922-0725-ZA) | Scanned from Bumi Wangsa TMS Sdn Bhd_.rar |
| RFQ/2024/51281 CO Request Job Ref# AOLAI230501111 | RFQ#51281AOLAI.xls |
| RFQ: PO and Delivery Date for Air Outlets Order | 30072024.7z |
| RV: Nuevo orden | Comprobante de pago bancario.zip |
| Statement of Accounts – Due Date: 26/07 – Unico Logistics | Scan file.doc |
| دوبارہ:_نواں_آرڈر | IMG88957937579577593957937593756295Jimpy.7z |
| 需要采取的行动 – Please Confirm Your Shipment Address | Dhl Docs 90221.docx |
하기 IOC상 MD5는 이메일에 첨부된 피싱 페이지 및 악성코드의 MD5 해쉬이며, URL은 피싱 페이지를 통해 사용자 계정 정보가 유출되는 C2 정보이다.
02ce1b6ae21525c4b59be6826067a34b
02e64fdc84ab0bd5c6de17a684b4c535
02f867339e0af79dcc7947125fccd80a
05c9811ad47168429e090997d6380383
09f00bdc199fe9f6e25e93b74dcb38fc
https[:]//approvedcred[.]com/[.]well-known/pki-validation/lognet-[.]php
https[:]//butegbayachops[.]com/mcky37xlz/xhz[.]php
https[:]//controlvisualch[.]com/wp-mm/kl/ado[.]php
https[:]//csslis[.]com/wipe/nove/dapapp[.]php
https[:]//cubecenter[.]ro/po/exc[.]php
AhnLab TIP를 구독하시면 연관 IOC 및 상세 분석 정보를 추가적으로 확인하실 수 있습니다. 자세한 내용은 아래 배너를 클릭하여 확인해보세요.
