I’ve passed this along to our Compliance team so that they can shut down the account and revoke gallery access so that file will no longer be available.
For future reference – and the other members on this list – if you come across other cases like this, or any other cases of spam/abuse relating to MailChimp, you can send your messages to ab...@mailchimp.com. That mailbox is monitored and is the best method to use for these types of cases. Thanks, Matt Gilbert - Deliverability Engineer - MailChimp - delivery.mailchimp.com > On Apr 7, 2017, at 7:06 AM, Joao Gouveia <joao.gouv...@anubisnetworks.com> > wrote: > > Similar to the previous one. Still live. > > HTML link in email body to > hxxps://gallery.mailchimp[.]com/ccf92d32abc1af93aa16af680/files/097dcd19-24d9-4298-bb76-0779b4b2bb35/SR_PO_07042017.zip > > Zipfile "SR_PO_07042017.zip" (MD5: c4a118fdac98c9b6f3886a755033ac52) > VT 3/59 > https://virustotal.com/en/file/92aa249b1721e721e47d9fca3da7ce1547c18c18bad3b7e73bfa66afe7a3e369/analysis/ > > <https://virustotal.com/en/file/92aa249b1721e721e47d9fca3da7ce1547c18c18bad3b7e73bfa66afe7a3e369/analysis/> > > Contains PE32 executable "SR-PO-07042017.exe" (MD5: > 8214e7b73f9eee15e1732fda35a7e1fc) > VT 7/62 > https://virustotal.com/en/file/73bb429b7132018d2f30acc494671e8046e1c2187dd7748903053bdbdb2c34e5/analysis/ > > <https://virustotal.com/en/file/73bb429b7132018d2f30acc494671e8046e1c2187dd7748903053bdbdb2c34e5/analysis/> > Hybrid > https://www.hybrid-analysis.com/sample/73bb429b7132018d2f30acc494671e8046e1c2187dd7748903053bdbdb2c34e5 > > <https://www.hybrid-analysis.com/sample/73bb429b7132018d2f30acc494671e8046e1c2187dd7748903053bdbdb2c34e5> > Triggered Sandbox signatures for Nanocore > Network traffic to sroombobo.ddns[.]net:5050 (Not resolving) > Network traffic to troomc.ddns[.]net:5050 (213.183.58.10 / AnMaXX RU) > Network traffic to sroom0.ddns[.]net (154.16.220.26 / AnMaXX RU) > > Malspam also beacons to wwl1733.daum[.]net:4280 (117.52.3.173, ibi.net > <http://ibi.net/> / KIDC KR) with sender, recipient, & Message-ID. > > > Relevant Headers: > Received: from mail-smail-216.hanmail.net > <http://mail-smail-216.hanmail.net/> (HELO mail-smail-216.hanmail.net > <http://mail-smail-216.hanmail.net/>) (211.43.197.73) with DHE-RSA-AES256-SHA > encrypted SMTP; 7 Apr 2017 08:46:44 -0000 > Received: from mail-hmail-was9.s2.krane.9rum.cc > <http://mail-hmail-was9.s2.krane.9rum.cc/> ([10.197.10.51]) by > mail-smail-216.hanmail.net <http://mail-smail-216.hanmail.net/> > (8.13.8/8.9.1) with SMTP id v378kRek025992; Fri, 7 Apr 2017 17:46:27 +0900 > Date: Fri, 7 Apr 2017 17:46:17 +0900 (KST) > From: FSA || Procurement Office <jibankor @ hanmail.net > <http://hanmail.net/>> > To: rajeshkelly1156 <rajeshkelly1156 @ yahoo.com <http://yahoo.com/>> > Subject: PO RT01 07/04/17 > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
