silence-is-best

## gist:720a513ff366780662870bc0dd080ce3
Date,Summary ,Details,Email Payload Type,Users Targeted
12/1/2025,Malicious email campaign; morning,Wire Payment Invoice; link -> msi -> screenconnect,Link,23
12/1/2025,Malicious email campaign; evening,Request for Quotation (RFQ)  Attached Requisitions; zip -> xloader,Attachment,3
12/2/2025,Malicious email campaign; morning,Booking.com Invoice 1658768288; pdf -> link -> xworm -> asyncrat,Attachment,3
12/3/2025,Malicious email campaign; morning,December New Order; docx -> rtf -> xloader,Attachment,2
12/3/2025,Malicious email campaign; morning,Payment_Receipt_12/03/2025; link -> msi  -> screenconnect,Link,2
12/5/2025,Malicious email campaign; evening,Payment Receipt; link -> screenconnect,Link,26
12/10/2025,Malicious email campaign; evening,MV ASL ILEANA/AGENCY FIXTURE NOTICE; rar -> snakekeylogger,Attachment,2
12/11/2025,Malicious email campaign; evening,Payment copy..; link -> msi -> screenconnect,Link,2
12/16/2025,Malicious email campaign; morning,Attachment name is 16202512...OC__dintec____________________

## gist:b0eed8c8a6d6f6381a30d17047603726
Date, Details,Email Payload Type,Users Targeted
11/3/2025,Wire Invoice Payment; link -> msi -> logmeinrescue continued to 11/7,Link,55
11/3/2025,Completed via Docusign: GSWQ5279.pdf; link -> zip -> xworm,Link,5
11/3/2025,REQUEST FOR QUOTATION #PO - No° 20251103//WTS EXP & IMP PJ400; zip -> darkcloud,Attachment,2
11/4/2025,Invoice Payment Received; link -> msi -> logmeinrescue,Link,36
11/4/2025,PROFORMA REQUEST _ LATEST PRICE LIST (NOV 2025); z -> remcos,Attachment,2
11/5/2025,Re: Booking Request - Job 3386 / FLC7932025 /; zip -> originlogger,Attachment,3
11/5/2025,RE: PAYMENT DUE & SHIPMENT STATUS|FW: URGENT ORDER_NO.238275-ENQUIRY; r15 -> xloader,Attachment,4
11/6/2025,ORDER - PO_1306; z -> bat -> remcos,Attachment,40
11/6/2025,RE:RE: DHL - Shipment Doc-/ Arrival Notice - AWB# 13700658****ME85E1306221; z -> vbs -> remcos,Attachment,35

## gist:65c9fe419f8b0551b5f1ce9356e9d13f
Src

100.2.103.51
103.226.207.80
103.248.24.75
103.249.34.94
104.228.44.71
104.60.57.226
106.201.234.19
108.178.116.133

## gist:681395a8bf5b082a27e0e427561f7e99
0845186340ec28a2042a62cbf7d9cafd49630a3d1859c4899fd85ad7aff64aa6  ./Downloads/1/5e269a21-42d8-48b7-862f-29da90bb114c/mpclient.dll
0ce283c575ae8e287d143a2a7760f232137f66014f94ffb5a5d2a92e341acbb4  ./Downloads/1/bdcfd54f-379b-4e6d-a36c-66f8b603e847/mpclient.dll
0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1  ./Downloads/1/961e1ea2-082e-4457-97ca-8e009bc03583/mpclient.dll
0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1  ./Downloads/1/b1c79652-1669-4b54-b53d-9924fcf6e60a/mpclient.dll
29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989  ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/CiscoSparkLauncher.dll
446ee928d892a4b8a06a64b86fc1abd9658371239f303edd8819bb2f08a18a4b  ./Downloads/1/e5612297-5ac2-48fa-8063-bb8f2b223d26/mpclient.dll
4684643ed7d51902ef8e3d06c821ca5179a3c1e5d50f8ed52d9323bb3f70cf1a  ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/VERSION.dll
4aec77017152f275d3342f52a0f28deabf1edbd9e1d849967b7729af4b1ae948  ./Downloads/1/1c51a401-2a80-4ad1-aef5-8

## gist:5ac67205cb12c0244d0c591b95dde1c9
Date,Details,Email Payload Type,Users Targeted
10/5/2025,RFQ 6000187979 from 3060; z -> xloader,Attachment,22
10/7/2025,Re: Purchase order Items- Quotation request; zip -> redline,Attachment,2
10/7/2025,MV TBN CALL PORT FOR LOADING COAL; rar -> phantomstealer,Attachment,2
10/8/2025,RFQ - VRF/BT/2025/ENG/037; z -> vipkeylogger,Attachment,4
10/9/2025,FOLLOW UP ON REVISED CONTRACT PROPOSAL;pdf -> link -> screenconnect,Attachment,2
10/10/2025,Attachment name is swift copy for USD 67,825.00.zip; zip -> vipkeylogger,Attachment,2
10/12/2025,RFQ-SPE-2025010-WA001310; tar -> remcos,Attachment,2
10/13/2025,RE: KABRU 25006 14 X 20 DV; xlam -> darkcloud,Attachment,3
10/13/2025,RE: Purchase Order - HOM-OS-20-25-813; r15 -> vipkeylogger continued to 10/14,Attachment,6

## gist:d88941f83dc233ae953fd62daa34ab88
Date,Details,Email Payload Type,Users Targeted
9/4/2025,RE: Shipment Docs; js -> txt -> xloader,Attachment,3
9/4/2025,Zoom Meeting Invitation; link -> msi -> ateraagent,Attachment,4
9/9/2025,P.O; gz -> xloader,Attachment,2
9/10/2025,UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-08-839; rar -> xloader,Attachment,9
9/16/2025,RE: Shipment Docs; r11 -> xloader,Attachment,6
9/17/2025,Re: Shipping Documents and Invoice; zip -> originlogger,Attachment,7
9/19/2025,Re: Quotation; gz -> remcos,Attachment,5
9/27/2025,Nota fiscal referente ao pedido 1947; r15 -> phantomstealer,Attachment,2

## gist:6978dc15a547467324faecf746e3c19e
10.200.169.204
104.198.155.173
104.200.151.35
109.145.173.169
109.226.37.172
109.74.154.90
109.74.154.91
109.74.154.92
140.228.21.36
149.88.111.79

## gist:fe83da37dd3067acd817b21b85eb2692
Date,Details,Email Payload Type,Users Targeted
8/3/2025,Re: SmartTec : PO Payment; tar -> dbatloader-remcos,Attachment,6
8/3/2025,PFI: SHIPMENT FROM INCEPTA // 56 CTNS; zip -> snakekeylogger,Attachment,3
8/4/2025,New Order PO#86637 01/08/2025; vbs -> originlogger,Attachment,3
8/6/2025,INVOICE CONFIRMATION; 7z -> xloader,Attachment,2
8/6/2025,Inquiry; zip -> darkvision,Attachment,2
8/6/2025,Attachment name is quotation.gz; -> xloader,Attachment,2
8/6/2025,RE: New Order - PO/2025; gz -> snakekeylogger,Attachment,2
8/7/2025,Attachment name is Past Due Invoice.zip; zip -> vipkeylogger,Attachment,8
8/9/2025,PAGO; uue -> darkvision,Attachment,2

## gist:a2b497e7cf1d6998045ed00f35ac43ac
Date	Details	Email Payload Type	Users Targeted
7/2/2025	New Order Inquiry; zip ->	Attachment	23
7/2/2025	kindly quote your best price for the; zip -> xloader 	Attachment	4
7/3/2025	Payment Invoice Receipt; rar -> js -> xworm	Attachment	2
7/3/2025	NEW ORDER--GO23B005XXXX025; 7z -> purecryptor	Attachment	2
7/8/2025	Elite shipment; z -> xloader	Attachment	8
7/9/2025	Verify your bank details for our payment; rar -> xloader	Attachment	9
7/10/2025	Evergreen Invoice No. : 25205986 Ref-no: <<A7_FR787BSY.CNT>>; z -> vipkeylogger	Attachment	4
7/10/2025	RE: Final Shipping Documents; zip -> snakekeylogger continued to 7/11	Attachment	5
7/11/2025	UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-06-839; rar -> xloader continued to 7/22	Attachment	18

## gist:44d48000436c26511a31b6ff331212b0
Date,Details,Email Payload Type,Users Targeted
6/4/2025,Attachment name is Pago a partir del 04-06-2025 por monto USD 114,800.pdf.z; z -> vipkeylogger,Attachment,4
6/4/2025,[ORDER] POSPHL0002653 Projector Pro2 Refurbished Order# 49763; iso -> vbs -> remcos,Attachment,6
6/4/2025,Attachment name is Invoice for payment.pdf.z; z -> vipkeylogger,Attachment,4
6/5/2025,Attachment name is inv. 324.20374.pdf.z; z -> vipkeylogger,Attachment,4
6/5/2025,RE: PRODUCT ENQUIRY; zip -> xloader,Attachment,7
6/5/2025,FW: Order; 7z -> vbe -> guloader -> xloader,Attachment,2
6/6/2025,RFQ 6000169715 from 3340; rar -> xloader continued to 06/25,Attachment,42
6/8/2025,OUR REF: RET-402-1438; xlsx -> remcos,Attachment,3
6/9/2025,Attachment name is soa_longsail intl cargo services_feb_march 2025_from longsail.pdf.z; z -> snakekeylogger,Attachment,4
	Date,Summary ,Details,Email Payload Type,Users Targeted
	12/1/2025,Malicious email campaign; morning,Wire Payment Invoice; link -> msi -> screenconnect,Link,23
	12/1/2025,Malicious email campaign; evening,Request for Quotation (RFQ) Attached Requisitions; zip -> xloader,Attachment,3
	12/2/2025,Malicious email campaign; morning,Booking.com Invoice 1658768288; pdf -> link -> xworm -> asyncrat,Attachment,3
	12/3/2025,Malicious email campaign; morning,December New Order; docx -> rtf -> xloader,Attachment,2
	12/3/2025,Malicious email campaign; morning,Payment_Receipt_12/03/2025; link -> msi -> screenconnect,Link,2
	12/5/2025,Malicious email campaign; evening,Payment Receipt; link -> screenconnect,Link,26
	12/10/2025,Malicious email campaign; evening,MV ASL ILEANA/AGENCY FIXTURE NOTICE; rar -> snakekeylogger,Attachment,2
	12/11/2025,Malicious email campaign; evening,Payment copy..; link -> msi -> screenconnect,Link,2
	12/16/2025,Malicious email campaign; morning,Attachment name is 16202512...OC__dintec____________________
	Date, Details,Email Payload Type,Users Targeted
	11/3/2025,Wire Invoice Payment; link -> msi -> logmeinrescue continued to 11/7,Link,55
	11/3/2025,Completed via Docusign: GSWQ5279.pdf; link -> zip -> xworm,Link,5
	11/3/2025,REQUEST FOR QUOTATION #PO - No° 20251103//WTS EXP & IMP PJ400; zip -> darkcloud,Attachment,2
	11/4/2025,Invoice Payment Received; link -> msi -> logmeinrescue,Link,36
	11/4/2025,PROFORMA REQUEST _ LATEST PRICE LIST (NOV 2025); z -> remcos,Attachment,2
	11/5/2025,Re: Booking Request - Job 3386 / FLC7932025 /; zip -> originlogger,Attachment,3
	11/5/2025,RE: PAYMENT DUE & SHIPMENT STATUS\|FW: URGENT ORDER_NO.238275-ENQUIRY; r15 -> xloader,Attachment,4
	11/6/2025,ORDER - PO_1306; z -> bat -> remcos,Attachment,40
	11/6/2025,RE:RE: DHL - Shipment Doc-/ Arrival Notice - AWB# 13700658****ME85E1306221; z -> vbs -> remcos,Attachment,35
	Src

	100.2.103.51
	103.226.207.80
	103.248.24.75
	103.249.34.94
	104.228.44.71
	104.60.57.226
	106.201.234.19
	108.178.116.133
	0845186340ec28a2042a62cbf7d9cafd49630a3d1859c4899fd85ad7aff64aa6 ./Downloads/1/5e269a21-42d8-48b7-862f-29da90bb114c/mpclient.dll
	0ce283c575ae8e287d143a2a7760f232137f66014f94ffb5a5d2a92e341acbb4 ./Downloads/1/bdcfd54f-379b-4e6d-a36c-66f8b603e847/mpclient.dll
	0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1 ./Downloads/1/961e1ea2-082e-4457-97ca-8e009bc03583/mpclient.dll
	0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1 ./Downloads/1/b1c79652-1669-4b54-b53d-9924fcf6e60a/mpclient.dll
	29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989 ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/CiscoSparkLauncher.dll
	446ee928d892a4b8a06a64b86fc1abd9658371239f303edd8819bb2f08a18a4b ./Downloads/1/e5612297-5ac2-48fa-8063-bb8f2b223d26/mpclient.dll
	4684643ed7d51902ef8e3d06c821ca5179a3c1e5d50f8ed52d9323bb3f70cf1a ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/VERSION.dll
	4aec77017152f275d3342f52a0f28deabf1edbd9e1d849967b7729af4b1ae948 ./Downloads/1/1c51a401-2a80-4ad1-aef5-8
	Date,Details,Email Payload Type,Users Targeted
	10/5/2025,RFQ 6000187979 from 3060; z -> xloader,Attachment,22
	10/7/2025,Re: Purchase order Items- Quotation request; zip -> redline,Attachment,2
	10/7/2025,MV TBN CALL PORT FOR LOADING COAL; rar -> phantomstealer,Attachment,2
	10/8/2025,RFQ - VRF/BT/2025/ENG/037; z -> vipkeylogger,Attachment,4
	10/9/2025,FOLLOW UP ON REVISED CONTRACT PROPOSAL;pdf -> link -> screenconnect,Attachment,2
	10/10/2025,Attachment name is swift copy for USD 67,825.00.zip; zip -> vipkeylogger,Attachment,2
	10/12/2025,RFQ-SPE-2025010-WA001310; tar -> remcos,Attachment,2
	10/13/2025,RE: KABRU 25006 14 X 20 DV; xlam -> darkcloud,Attachment,3
	10/13/2025,RE: Purchase Order - HOM-OS-20-25-813; r15 -> vipkeylogger continued to 10/14,Attachment,6
	Date,Details,Email Payload Type,Users Targeted
	9/4/2025,RE: Shipment Docs; js -> txt -> xloader,Attachment,3
	9/4/2025,Zoom Meeting Invitation; link -> msi -> ateraagent,Attachment,4
	9/9/2025,P.O; gz -> xloader,Attachment,2
	9/10/2025,UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-08-839; rar -> xloader,Attachment,9
	9/16/2025,RE: Shipment Docs; r11 -> xloader,Attachment,6
	9/17/2025,Re: Shipping Documents and Invoice; zip -> originlogger,Attachment,7
	9/19/2025,Re: Quotation; gz -> remcos,Attachment,5
	9/27/2025,Nota fiscal referente ao pedido 1947; r15 -> phantomstealer,Attachment,2
	10.200.169.204
	104.198.155.173
	104.200.151.35
	109.145.173.169
	109.226.37.172
	109.74.154.90
	109.74.154.91
	109.74.154.92
	140.228.21.36
	149.88.111.79
	Date,Details,Email Payload Type,Users Targeted
	8/3/2025,Re: SmartTec : PO Payment; tar -> dbatloader-remcos,Attachment,6
	8/3/2025,PFI: SHIPMENT FROM INCEPTA // 56 CTNS; zip -> snakekeylogger,Attachment,3
	8/4/2025,New Order PO#86637 01/08/2025; vbs -> originlogger,Attachment,3
	8/6/2025,INVOICE CONFIRMATION; 7z -> xloader,Attachment,2
	8/6/2025,Inquiry; zip -> darkvision,Attachment,2
	8/6/2025,Attachment name is quotation.gz; -> xloader,Attachment,2
	8/6/2025,RE: New Order - PO/2025; gz -> snakekeylogger,Attachment,2
	8/7/2025,Attachment name is Past Due Invoice.zip; zip -> vipkeylogger,Attachment,8
	8/9/2025,PAGO; uue -> darkvision,Attachment,2
	Date Details Email Payload Type Users Targeted
	7/2/2025 New Order Inquiry; zip -> Attachment 23
	7/2/2025 kindly quote your best price for the; zip -> xloader Attachment 4
	7/3/2025 Payment Invoice Receipt; rar -> js -> xworm Attachment 2
	7/3/2025 NEW ORDER--GO23B005XXXX025; 7z -> purecryptor Attachment 2
	7/8/2025 Elite shipment; z -> xloader Attachment 8
	7/9/2025 Verify your bank details for our payment; rar -> xloader Attachment 9
	7/10/2025 Evergreen Invoice No. : 25205986 Ref-no: <<A7_FR787BSY.CNT>>; z -> vipkeylogger Attachment 4
	7/10/2025 RE: Final Shipping Documents; zip -> snakekeylogger continued to 7/11 Attachment 5
	7/11/2025 UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-06-839; rar -> xloader continued to 7/22 Attachment 18
	Date,Details,Email Payload Type,Users Targeted
	6/4/2025,Attachment name is Pago a partir del 04-06-2025 por monto USD 114,800.pdf.z; z -> vipkeylogger,Attachment,4
	6/4/2025,[ORDER] POSPHL0002653 Projector Pro2 Refurbished Order# 49763; iso -> vbs -> remcos,Attachment,6
	6/4/2025,Attachment name is Invoice for payment.pdf.z; z -> vipkeylogger,Attachment,4
	6/5/2025,Attachment name is inv. 324.20374.pdf.z; z -> vipkeylogger,Attachment,4
	6/5/2025,RE: PRODUCT ENQUIRY; zip -> xloader,Attachment,7
	6/5/2025,FW: Order; 7z -> vbe -> guloader -> xloader,Attachment,2
	6/6/2025,RFQ 6000169715 from 3340; rar -> xloader continued to 06/25,Attachment,42
	6/8/2025,OUR REF: RET-402-1438; xlsx -> remcos,Attachment,3
	6/9/2025,Attachment name is soa_longsail intl cargo services_feb_march 2025_from longsail.pdf.z; z -> snakekeylogger,Attachment,4