2016-08-18 - BOLETO MALSPAM

ASSOCIATED FILES:

  • 2016-08-18-boleto-malspam-infection-traffic.pcap   (1,913,618 bytes)
  • 2016-08-18-boleto-malspam-artifacts-information.csv   (1,764 bytes)
  • 2016-08-18-boleto-malspam-emails.csv   (3,454 bytes)
  • 2016-08-18-0056-UTC-boleto-malspam.eml   (1,847 bytes)
  • 2016-08-18-0108-UTC-boleto-malspam.eml   (1,798 bytes)
  • 2016-08-18-0114-UTC-boleto-malspam.eml   (1,826 bytes)
  • 2016-08-18-0209-UTC-boleto-malspam.eml   (1,841 bytes)
  • 2016-08-18-0245-UTC-boleto-malspam.eml   (1,834 bytes)
  • 2016-08-18-0326-UTC-boleto-malspam.eml   (1,830 bytes)
  • 2016-08-18-0416-UTC-boleto-malspam.eml   (1,830 bytes)
  • 2016-08-18-0422-UTC-boleto-malspam.eml   (1,843 bytes)
  • 2016-08-18-0508-UTC-boleto-malspam.eml   (1,807 bytes)
  • 2016-08-18-0510-UTC-boleto-malspam.eml   (1,838 bytes)
  • 2016-08-18-0759-UTC-boleto-malspam.eml   (1,807 bytes)
  • 2016-08-18-0805-UTC-boleto-malspam.eml   (1,796 bytes)
  • 2016-08-18-0853-UTC-boleto-malspam.eml   (1,806 bytes)
  • 2016-08-18-1005-UTC-boleto-malspam.eml   (1,834 bytes)
  • 2016-08-18-1625-UTC-boleto-malspam.eml   (1,807 bytes)
  • 2016-08-18-1705-UTC-boleto-malspam.eml   (1,842 bytes)
  • 2016-08-18-1828-UTC-boleto-malspam.eml   (1,854 bytes)
  • 17082016Ra7vwUMc2fXGHNJHgJHKymv120Y2yjk2s.vbs   (1,088 bytes)
  • Ionic.Zip.Reduced.dll   (253,440 bytes)
  • RABBIT-PC.aes   (16 bytes)
  • RABBIT-PC.zip   (1,079,291 bytes)
  • aaaaaaaaaaaa.xml   (3,370 bytes)
  • dll.dll.exe   (396,480 bytes)
  • kxqkvvlq.0ud.vbs   (7,775 bytes)
  • tmp315F.tmp   (0 bytes)
  • tmp315F.tmpps1   (3,440 bytes)
  • tmp756E.tmp   (11,548 bytes)
  • tmpAF34.tmp   (11,548 bytes)
  • vt2itszs.jm3.vbs   (338 bytes)

 

EMAILS


Shown above:  Data from the spreadsheet (1 of 2).

 


Shown above:  Data from the spreadsheet (2 of 2).

 


Shown above:  Example of the emails.

 

EMAIL DETAILS

EXAMPLES OF SENDING EMAIL ADDRESSES:

 

EXAMPLES OF SUBJECT LINES:

 

DOMAINS FROM LINKS IN THE EMAILS:

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.