2016-08-22 - BOLETO CAMPAIGN

NOTICE:

ASSOCIATED FILES:

  • 2016-08-22-Boleto-campaign-infection-traffic.pcap   (1,814,956 bytes)
  • 2016-08-22-Boleto-campaign-email-tracker.csv   (2,374 bytes)
  • 2016-08-22-Boleto-campaign-malware-and-artifacts-info.csv   (1,873 bytes)
  • 2016-08-22-Boleto-campaign-email-1205-UTC.eml   (1,776 bytes)
  • 2016-08-22-Boleto-campaign-email-1212-UTC.eml   (1,811 bytes)
  • 2016-08-22-Boleto-campaign-email-1213-UTC.eml   (1,815 bytes)
  • 2016-08-22-Boleto-campaign-email-1217-UTC.eml   (1,835 bytes)
  • 2016-08-22-Boleto-campaign-email-1226-UTC.eml   (1,803 bytes)
  • 2016-08-22-Boleto-campaign-email-1227-UTC.eml   (1,838 bytes)
  • 2016-08-22-Boleto-campaign-email-1236-UTC.eml   (1,815 bytes)
  • 2016-08-22-Boleto-campaign-email-1243-UTC.eml   (1,834 bytes)
  • 2016-08-22-Boleto-campaign-email-1248-UTC.eml   (1,811 bytes)
  • 2016-08-22-Boleto-campaign-email-1249-UTC.eml   (1,851 bytes)
  • 2016-08-22-Boleto-campaign-email-1318-UTC.eml   (1,850 bytes)
  • 2016-08-22-Boleto-campaign-email-1326-UTC.eml   (1,799 bytes)
  • Ionic.Zip.Reduced.dll   (253,440 bytes)
  • PSEXESVC.exe   (189,792 bytes)
  • VADER-PC.aes   (16 bytes)
  • VADER-PC.zip   (1,079,289 bytes)
  • VENC22082016yCXo92TVz0mndzIWH2SIwHAgsJZ1gncM.vbs   (1,098 bytes)
  • aaaaaaaaaaaa.xml   (3,380 bytes)
  • dll.dll.exe   (396,480 bytes)
  • gybxhaao.32w.vbs   (343 bytes)
  • hk4wmvwo.5bs.vbs   (7,775 bytes)
  • tmp51F8.tmpps1   (3,475 bytes)
  • tmpAC55.tmp   (11,548 bytes)
  • tmpF103.tmp   (11,548 bytes)

 

MY PREVIOUS DOCUMENTATION ON THIS CAMPAIGN:

 

EMAILS


Shown above:  Data from the spreadsheet (1 of 2).

 


Shown above:  Data from the spreadsheet (2 of 2).

 


Shown above:  Example of the emails.

 

EMAIL DETAILS

EXAMPLES OF SENDING EMAIL ADDRESSES:

 

EXAMPLES OF SUBJECT LINES:

 

DOMAINS FROM LINKS IN THE EMAILS:

 

TRAFFIC


Shown above:  Traffic from the pcap filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

Click here to return to the main page.