<https://www.spamhaus.org/sbl/query/SBL338958 <https://www.spamhaus.org/sbl/query/SBL338958>>
52.85.245.136/32 is listed on the Spamhaus Block List - SBL 2017-04-03 05:11:52 GMT | amazon.com Malware distribution @52.85.245.136 A website at this IP address is currently being (ab)used by cybercriminals to spread malicious software (malware). Host: gallery.mailchimp.com URL: http://gallery.mailchimp.com/907970247e4b173c3d98f70d0/files/22295f1e-32a3-4206-9266-3363a9b1c932/PO_MA0402.zip <http://gallery.mailchimp.com/907970247e4b173c3d98f70d0/files/22295f1e-32a3-4206-9266-3363a9b1c932/PO_MA0402.zip> > On 3 Apr 2017, at 13:59, Joao Gouveia <joao.gouv...@anubisnetworks.com> wrote: > > Hoping there's someone here from Mailchimp or that can reach them. > > Copy / pasta from another mailing list follows: > > HTML link in email body to > hxxps://gallery.mailchimp[.]com/907970247e4b173c3d98f70d0/files/22295f1e-32a3-4206-9266-3363a9b1c932/PO_MA0402.zip > > Zipfile "PO_MA0402.zip" (MD5: 587c2a1b674a4db221414ec35feba9d4) > VT 8/59 > https://virustotal.com/en/file/bef5083028f3ed4f3274639efb967c91df9f148e3ebe8aa37187a6aacf4d7761/analysis/ > > <https://virustotal.com/en/file/bef5083028f3ed4f3274639efb967c91df9f148e3ebe8aa37187a6aacf4d7761/analysis/> > > Contains PE32 executable "PO-MA0402.exe" (MD5: > 1d05d44d34834c6426328dd66f1bad60) > VT 9/61 > https://virustotal.com/en/file/32f25b3373b16d6ecbd28ee9ae4401d6e3ff2383a5615c9d117639763bde07d7/analysis/ > > <https://virustotal.com/en/file/32f25b3373b16d6ecbd28ee9ae4401d6e3ff2383a5615c9d117639763bde07d7/analysis/> > Hybrid > https://www.hybrid-analysis.com/sample/32f25b3373b16d6ecbd28ee9ae4401d6e3ff2383a5615c9d117639763bde07d7 > > <https://www.hybrid-analysis.com/sample/32f25b3373b16d6ecbd28ee9ae4401d6e3ff2383a5615c9d117639763bde07d7> > Triggered Sandbox signatures for Nanocore > Network traffic to sroom77.ddns[.]net:6060 (213.183.58.10 / AnMaXX RU) > Network traffic to sroom0.ddns[.]net:1414 (154.16.220.26 / AnMaXX RU) > > Malspam also beacons to wwl1526.daum[.]net:4280 (114.108.152.142, ibi.net > <http://ibi.net/> / KIDC KR) with sender, recipient, & Message-ID. > > > Relevant Headers: > Received: from mail-smail-vm30.hanmail.net > <http://mail-smail-vm30.hanmail.net/> (HELO mail-smail-vm30.hanmail.net > <http://mail-smail-vm30.hanmail.net/>) (203.133.180.214); 2 Apr 2017 23:06:50 > -0000 > Received: from mail-hmail-was8.s2.krane.9rum.cc > <http://mail-hmail-was8.s2.krane.9rum.cc/> ([10.197.10.50]) by > mail-smail-vm30.hanmail.net > <http://mail-smail-vm30.hanmail.net/>(8.13.8/8.9.1) with SMTP id > v32N6Tnj016338; Mon, 3 Apr 2017 08:06:29 +0900 > Date: Mon, 3 Apr 2017 08:06:35 +0900 (KST) > From: AL SUOMA TRADING <ringbell6180 @ hanmail.net > <http://hanmail.net/>> > To: alsoumatrading <alsoumatrading @ yahoo.com <http://yahoo.com/>> > Subject: PURCHASE ORDER > Message-ID: <20170403080635.2lPyQhCZTAeMfh0UBMgECw @ > ringbell6180.hanmail.net <http://ringbell6180.hanmail.net/>> > > > Body: > --- > Please find attached a purchase order. > > Kindly send us your best price, as per the below specifications. > We look forward to receiving your confirmation. > > Also appreciate if you could reply to the following : > Technical Drawings and Data Sheets > Confirm the weight & dimension of the shipment box > Delivery > Payment Terms > Warrantee Term > Kindly confirm receipt of the PO by return email. > > Best Regards, > > Samir > Procurement Officer > <hxxps://gallery.mailchimp[.]com/907970247e4b173c3d98f70d0/files/22295f1e-32a3-4206-9266-3363a9b1c932/PO_MA0402.zip>PURCHASE > ORDER pdf 1411 KB > <hxxps://gallery.mailchimp[.]com/907970247e4b173c3d98f70d0/files/22295f1e-32a3-4206-9266-3363a9b1c932/PO_MA0402.zip>www.alsmoumatrading[.]com > > <img > id="confirmMailBeacon"><hxxp://wwl1526.daum[.]net:4280/@from=ringbell6180%40hanmail.net > <http://40hanmail.net/>&rcpt=redacted%40site.com > <http://40site.com/>&msgid=%3C20170403080635.2lPyQhCZTAeMfh0UBMgECw%40ringbell6180.hanmail.net > <http://40ringbell6180.hanmail.net/>%3E"> > --- > TLP:Green > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
