Email analysis :
NOTE : frn6mercy.brautigam@gmail.com
NOTE : fran6mercy3@gmail.com
NOTE : mail-vk0-x242.google.com
Monday, August 28, 2017
Mercy Francis Brautigam
Good morning and how are you doing?... I am SGT. Mercy Francis. B.
Email analysis :
NOTE : frn6mercy.brautigam@gmail.com
NOTE : fran6mercy3@gmail.com
NOTE : mail-vk0-x242.google.com
Email analysis :
NOTE : frn6mercy.brautigam@gmail.com
NOTE : fran6mercy3@gmail.com
NOTE : mail-vk0-x242.google.com
Thursday, August 24, 2017
About Payment 23-08-2017
Good day,
We have been instructed by your customer to make this transfer to you. Please we are very sorry for the delay in the payment, it was due to the Holidays. Attached is the Payment remittance copy for your reference.Please confirm for errors and get back to us through email.
Best Regards,
DANIEL MURRAY
Sharaf Exchange LLC.
Address:Sharaf Exchange Shop No. G15,
Union Co-Op Society,
Al Aweer,Near Fruit and Vegetable Market, Ras Al Khor, Dubai - UAE
Phone No:04-3200698
Website: http://www.sharafexchange.com
IMG-051220378052.DOC
Email analysis :
NOTE : danielmurray@mail.ru
NOTE : Received : from [104.243.26.4] (port=51917 helo=User)
NOTE : by shared.buxar-host.in
NOTE : bylinkove-zdravi@seznam.cz
Virus analysis :
Ad-Aware W97m.Downloader.GCK
AhnLab-V3 W97M/Downloader
BitDefender W97m.Downloader.GCK
DrWeb W97M.DownLoader.1802
eScan W97m.Downloader.GCK
F-Secure W97m.Downloader.GCK
GData W97m.Downloader.GCK
Ikarus Trojan-Downloader.VBA.Agent
MAX malware (ai score=81)
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
We have been instructed by your customer to make this transfer to you. Please we are very sorry for the delay in the payment, it was due to the Holidays. Attached is the Payment remittance copy for your reference.Please confirm for errors and get back to us through email.
Best Regards,
DANIEL MURRAY
Sharaf Exchange LLC.
Address:Sharaf Exchange Shop No. G15,
Union Co-Op Society,
Al Aweer,Near Fruit and Vegetable Market, Ras Al Khor, Dubai - UAE
Phone No:04-3200698
Website: http://www.sharafexchange.com
IMG-051220378052.DOC
Email analysis :
NOTE : danielmurray@mail.ru
NOTE : Received : from [104.243.26.4] (port=51917 helo=User)
NOTE : by shared.buxar-host.in
NOTE : bylinkove-zdravi@seznam.cz
Virus analysis :
Ad-Aware W97m.Downloader.GCK
AhnLab-V3 W97M/Downloader
BitDefender W97m.Downloader.GCK
DrWeb W97M.DownLoader.1802
eScan W97m.Downloader.GCK
F-Secure W97m.Downloader.GCK
GData W97m.Downloader.GCK
Ikarus Trojan-Downloader.VBA.Agent
MAX malware (ai score=81)
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi
ZoneAlarm HEUR:Trojan-Downloader.Script.Generic
Verify your account™ (Phishing)
Hi *@*,
Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.
Please click here for confimation to avoid mail malfunction.
Regards
Mail sent to: *@*
© 2017 Online Office. All rights reserved. NMLSR ID 399801
Email analysis :
NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;
Phishing analysis :
CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :
Password confirmation is required to authenticate *@* ownership on our server and retrieve pending incoming mails and save your new configuration settings.
Please click here for confimation to avoid mail malfunction.
Regards
Mail sent to: *@*
© 2017 Online Office. All rights reserved. NMLSR ID 399801
Email analysis :
NOTE : mbalok@hotmail.com
NOTE : client-ip=40.92.0.22;
Phishing analysis :
CLICK :
OPEN : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/en.php?
SCREENSHOT :
VALIDATE : FORM
REDIRECT : https://artinfonews.ro/wp-content/themes/twentythirteen/css/ENC/cmd-login=*/sxc.php?
SCREENSHOT :
317061979269082.doc (Virus)
317061979269082.doc
Email analysis :
NOTE : Return-Path: < noreply@xo.net >
NOTE : identity=mailfrom; client-ip=208.36.229.61;
NOTE : helo=xo.net; envelope-from=noreply@xo.net;
NOTE : Received: from xo.net (208.36.229.61.ptr.us.xo.net [208.36.229.61])
NOTE : Content-Type: application/msword; name="317061979269082.doc"
NOTE : From: < noreply@ulegv.com >
NOTE : 208.36.229.61.ptr.us.xo.net)
Virus analysis :
Ad-Aware W97M.Downloader.GDB
AegisLab Troj.Script.Agent!c
AhnLab-V3 W97M/Downloader
ALYac Trojan.Downloader.W97M.Gen
Arcabit HEUR.VBA.Trojan.e
Avast Other:Malware-gen [Trj]
AVG Other:Malware-gen [Trj]
Avira W97M/Dldr.Agent.mgjui
Baidu VBA.Trojan-Downloader.Agent.bup
BitDefender W97M.Downloader.GDB
Comodo UnclassifiedMalware
Cyren PP97M/Downldr
DrWeb W97M.DownLoader.1961
Emsisoft Trojan-Downloader.Agent (A)
eScan W97M.Downloader.GDB
ESET-NOD32 VBA/TrojanDownloader.Agent.DYZ
F-Prot New or modified PP97M/Downldr
F-Secure W97M.Downloader.GDB
Fortinet WM/Agent.Q!tr.dldr
GData W97M.Downloader.GDB
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky HEUR:Trojan.Script.Agent.gen
MAX malware (ai score=99)
McAfee W97M/Downloader.cfm
McAfee-GW-Edition W97M/Downloader.cfm
Microsoft TrojanDownloader:O97M/Donoff
Panda O97M/Downloader
Sophos AV Troj/DocDl-KBA
Symantec W97M.Downloader
Tencent Win32.Trojan-downloader.Agent.Sxyr
TrendMicro W2KM_DLOADR.YYTCY
TrendMicro-HouseCall W2KM_DLOADR.YYTCY
ViRobot W97M.S.Agent.76249
ZoneAlarm HEUR:Trojan.Script.Agent.gen
Email analysis :
NOTE : Return-Path: < noreply@xo.net >
NOTE : identity=mailfrom; client-ip=208.36.229.61;
NOTE : helo=xo.net; envelope-from=noreply@xo.net;
NOTE : Received: from xo.net (208.36.229.61.ptr.us.xo.net [208.36.229.61])
NOTE : Content-Type: application/msword; name="317061979269082.doc"
NOTE : From: < noreply@ulegv.com >
NOTE : 208.36.229.61.ptr.us.xo.net)
Virus analysis :
Ad-Aware W97M.Downloader.GDB
AegisLab Troj.Script.Agent!c
AhnLab-V3 W97M/Downloader
ALYac Trojan.Downloader.W97M.Gen
Arcabit HEUR.VBA.Trojan.e
Avast Other:Malware-gen [Trj]
AVG Other:Malware-gen [Trj]
Avira W97M/Dldr.Agent.mgjui
Baidu VBA.Trojan-Downloader.Agent.bup
BitDefender W97M.Downloader.GDB
Comodo UnclassifiedMalware
Cyren PP97M/Downldr
DrWeb W97M.DownLoader.1961
Emsisoft Trojan-Downloader.Agent (A)
eScan W97M.Downloader.GDB
ESET-NOD32 VBA/TrojanDownloader.Agent.DYZ
F-Prot New or modified PP97M/Downldr
F-Secure W97M.Downloader.GDB
Fortinet WM/Agent.Q!tr.dldr
GData W97M.Downloader.GDB
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky HEUR:Trojan.Script.Agent.gen
MAX malware (ai score=99)
McAfee W97M/Downloader.cfm
McAfee-GW-Edition W97M/Downloader.cfm
Microsoft TrojanDownloader:O97M/Donoff
Panda O97M/Downloader
Sophos AV Troj/DocDl-KBA
Symantec W97M.Downloader
Tencent Win32.Trojan-downloader.Agent.Sxyr
TrendMicro W2KM_DLOADR.YYTCY
TrendMicro-HouseCall W2KM_DLOADR.YYTCY
ViRobot W97M.S.Agent.76249
ZoneAlarm HEUR:Trojan.Script.Agent.gen
reply (Inheritance scam)
Based on our investigation of your payment, we want to find out if you're still alive or did you sign any deed of assignment with (Ms Grace Smith) to receive your contract /Inheritance payment worth of US$7.5M, reply to us with the following details, Your Name: ,Your Address ,Your Age/Sex,Your Mobile No: to email: imforangisation@gmail.com OR CALL +91-886 059 1944
Yours Sincerely,
Mr. Adrian Tobias
IMF Resident Representative
Tel:+91-886 059 1944
Email analysis :
NOTE : imforangisation@gmail.com
NOTE : albanizaluciano@agespisa.com.br
NOTE : Received : from mail.agespisa.com.br ([127.0.0.1])
NOTE : by localhost (mail.agespisa.com.br [127.0.0.1])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br [172.20.1.72])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br. [200.217.241.123])
Yours Sincerely,
Mr. Adrian Tobias
IMF Resident Representative
Tel:+91-886 059 1944
Email analysis :
NOTE : imforangisation@gmail.com
NOTE : albanizaluciano@agespisa.com.br
NOTE : Received : from mail.agespisa.com.br ([127.0.0.1])
NOTE : by localhost (mail.agespisa.com.br [127.0.0.1])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br [172.20.1.72])
NOTE : Received : from mail.agespisa.com.br
NOTE : (mail.agespisa.com.br. [200.217.241.123])
Subscribe to:
Posts (Atom)