2016-08-17 - BOLETO MALSPAM

ASSOCIATED FILES:

  • 2016-08-17-boleto-malspam-infection-traffic.pcap   (1,898,762 bytes)
  • 2016-08-17-boleto-malspam-artifacts-information.csv   (1,893 bytes)
  • 2016-08-17-boleto-malspam-emails.csv   (1,404 bytes)
  • 2016-08-17-0021-UTC-boleto-malspam.eml   (1,799 bytes)
  • 2016-08-17-0550-UTC-boleto-malspam.eml   (1,807 bytes)
  • 2016-08-17-0552-UTC-boleto-malspam.eml   (1,826 bytes)
  • 2016-08-17-0701-UTC-boleto-malspam.eml   (1,799 bytes)
  • 2016-08-17-0720-UTC-boleto-malspam.eml   (1,807 bytes)
  • 2016-08-17-0925-UTC-boleto-malspam.eml   (1,841 bytes)
  • 2016-08-17-1506-UTC-boleto-malspam.eml   (1,800 bytes)
  • 16082016vecO7OkL3yLPICleozibKEHa861Hzh9GF.vbs   (1,088 bytes)
  • GO-GO-GADGET-PC.aes   (16 bytes)
  • GO-GO-GADGET-PC.zip   (1,079,303 bytes)
  • Ionic.Zip.Reduced.dll   (253,440 bytes)
  • aaaaaaaaaaaa.xml   (3,394 bytes)
  • burdg5bw.2su.vbs   (350 bytes)
  • dll.dll.exe   (396,480 bytes)
  • tmp3F42.tmp   (11,548 bytes)
  • tmp7C.tmp   (11,548 bytes)
  • tmpCB2C.tmpps1   (3,482 bytes)
  • ydygpwq0.k3c.vbs   (7,775 bytes)

 

EMAILS


Shown above:  Data from the spreadsheet (1 of 2).

 


Shown above:  Data from the spreadsheet (2 of 2).

 


Shown above:  Example of the emails.

 

EMAIL DETAILS

EXAMPLES OF SENDING EMAIL ADDRESSES:

 

EXAMPLES OF SUBJECT LINES:

 

DOMAINS FROM LINKS IN THE EMAILS:

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.