silence-is-best’s gists

silence-is-best / gist:b0eed8c8a6d6f6381a30d17047603726

Created December 1, 2025 18:16

November Malspam Campaigns

	Date, Details,Email Payload Type,Users Targeted
	11/3/2025,Wire Invoice Payment; link -> msi -> logmeinrescue continued to 11/7,Link,55
	11/3/2025,Completed via Docusign: GSWQ5279.pdf; link -> zip -> xworm,Link,5
	11/3/2025,REQUEST FOR QUOTATION #PO - No° 20251103//WTS EXP & IMP PJ400; zip -> darkcloud,Attachment,2
	11/4/2025,Invoice Payment Received; link -> msi -> logmeinrescue,Link,36
	11/4/2025,PROFORMA REQUEST _ LATEST PRICE LIST (NOV 2025); z -> remcos,Attachment,2
	11/5/2025,Re: Booking Request - Job 3386 / FLC7932025 /; zip -> originlogger,Attachment,3
	11/5/2025,RE: PAYMENT DUE & SHIPMENT STATUS\|FW: URGENT ORDER_NO.238275-ENQUIRY; r15 -> xloader,Attachment,4
	11/6/2025,ORDER - PO_1306; z -> bat -> remcos,Attachment,40
	11/6/2025,RE:RE: DHL - Shipment Doc-/ Arrival Notice - AWB# 13700658****ME85E1306221; z -> vbs -> remcos,Attachment,35

silence-is-best / gist:65c9fe419f8b0551b5f1ce9356e9d13f

Created November 28, 2025 13:59

19000 source botnet scan

silence-is-best / gist:681395a8bf5b082a27e0e427561f7e99

Created November 4, 2025 18:02

Bad dlls

	0845186340ec28a2042a62cbf7d9cafd49630a3d1859c4899fd85ad7aff64aa6 ./Downloads/1/5e269a21-42d8-48b7-862f-29da90bb114c/mpclient.dll
	0ce283c575ae8e287d143a2a7760f232137f66014f94ffb5a5d2a92e341acbb4 ./Downloads/1/bdcfd54f-379b-4e6d-a36c-66f8b603e847/mpclient.dll
	0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1 ./Downloads/1/961e1ea2-082e-4457-97ca-8e009bc03583/mpclient.dll
	0d14240f3f3fefdf4ea4f220c0282bbda14407b74f163a5c7fd1cfb17b5261a1 ./Downloads/1/b1c79652-1669-4b54-b53d-9924fcf6e60a/mpclient.dll
	29c3c48f4dc84e7179881bc3767546878b2db89d418372f687edbd4a72ef0989 ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/CiscoSparkLauncher.dll
	446ee928d892a4b8a06a64b86fc1abd9658371239f303edd8819bb2f08a18a4b ./Downloads/1/e5612297-5ac2-48fa-8063-bb8f2b223d26/mpclient.dll
	4684643ed7d51902ef8e3d06c821ca5179a3c1e5d50f8ed52d9323bb3f70cf1a ./Downloads/1/09f2318c-8896-466a-a1f2-874a6682f807/VERSION.dll
	4aec77017152f275d3342f52a0f28deabf1edbd9e1d849967b7729af4b1ae948 ./Downloads/1/1c51a401-2a80-4ad1-aef5-8

silence-is-best / gist:5ac67205cb12c0244d0c591b95dde1c9

Created November 3, 2025 16:44

October Malspam Campaigns

	Date,Details,Email Payload Type,Users Targeted
	10/5/2025,RFQ 6000187979 from 3060; z -> xloader,Attachment,22
	10/7/2025,Re: Purchase order Items- Quotation request; zip -> redline,Attachment,2
	10/7/2025,MV TBN CALL PORT FOR LOADING COAL; rar -> phantomstealer,Attachment,2
	10/8/2025,RFQ - VRF/BT/2025/ENG/037; z -> vipkeylogger,Attachment,4
	10/9/2025,FOLLOW UP ON REVISED CONTRACT PROPOSAL;pdf -> link -> screenconnect,Attachment,2
	10/10/2025,Attachment name is swift copy for USD 67,825.00.zip; zip -> vipkeylogger,Attachment,2
	10/12/2025,RFQ-SPE-2025010-WA001310; tar -> remcos,Attachment,2
	10/13/2025,RE: KABRU 25006 14 X 20 DV; xlam -> darkcloud,Attachment,3
	10/13/2025,RE: Purchase Order - HOM-OS-20-25-813; r15 -> vipkeylogger continued to 10/14,Attachment,6

silence-is-best / gist:d88941f83dc233ae953fd62daa34ab88

Created October 2, 2025 18:49

September Malspam Campaigns

	Date,Details,Email Payload Type,Users Targeted
	9/4/2025,RE: Shipment Docs; js -> txt -> xloader,Attachment,3
	9/4/2025,Zoom Meeting Invitation; link -> msi -> ateraagent,Attachment,4
	9/9/2025,P.O; gz -> xloader,Attachment,2
	9/10/2025,UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-08-839; rar -> xloader,Attachment,9
	9/16/2025,RE: Shipment Docs; r11 -> xloader,Attachment,6
	9/17/2025,Re: Shipping Documents and Invoice; zip -> originlogger,Attachment,7
	9/19/2025,Re: Quotation; gz -> remcos,Attachment,5
	9/27/2025,Nota fiscal referente ao pedido 1947; r15 -> phantomstealer,Attachment,2

silence-is-best / gist:6978dc15a547467324faecf746e3c19e

Created September 4, 2025 17:09

Phantom stealer hardcoded IP's

silence-is-best / gist:fe83da37dd3067acd817b21b85eb2692

Created September 3, 2025 13:55

August Malspam Campaigns

	Date,Details,Email Payload Type,Users Targeted
	8/3/2025,Re: SmartTec : PO Payment; tar -> dbatloader-remcos,Attachment,6
	8/3/2025,PFI: SHIPMENT FROM INCEPTA // 56 CTNS; zip -> snakekeylogger,Attachment,3
	8/4/2025,New Order PO#86637 01/08/2025; vbs -> originlogger,Attachment,3
	8/6/2025,INVOICE CONFIRMATION; 7z -> xloader,Attachment,2
	8/6/2025,Inquiry; zip -> darkvision,Attachment,2
	8/6/2025,Attachment name is quotation.gz; -> xloader,Attachment,2
	8/6/2025,RE: New Order - PO/2025; gz -> snakekeylogger,Attachment,2
	8/7/2025,Attachment name is Past Due Invoice.zip; zip -> vipkeylogger,Attachment,8
	8/9/2025,PAGO; uue -> darkvision,Attachment,2

silence-is-best / gist:a2b497e7cf1d6998045ed00f35ac43ac

Created August 4, 2025 17:06

July Malspam Campaigns

	Date Details Email Payload Type Users Targeted
	7/2/2025 New Order Inquiry; zip -> Attachment 23
	7/2/2025 kindly quote your best price for the; zip -> xloader Attachment 4
	7/3/2025 Payment Invoice Receipt; rar -> js -> xworm Attachment 2
	7/3/2025 NEW ORDER--GO23B005XXXX025; 7z -> purecryptor Attachment 2
	7/8/2025 Elite shipment; z -> xloader Attachment 8
	7/9/2025 Verify your bank details for our payment; rar -> xloader Attachment 9
	7/10/2025 Evergreen Invoice No. : 25205986 Ref-no: <<A7_FR787BSY.CNT>>; z -> vipkeylogger Attachment 4
	7/10/2025 RE: Final Shipping Documents; zip -> snakekeylogger continued to 7/11 Attachment 5
	7/11/2025 UNPAID INVOICE REMINDER - LionsHome GmbH - Invoice No. 2025-06-839; rar -> xloader continued to 7/22 Attachment 18

silence-is-best / gist:44d48000436c26511a31b6ff331212b0

Created July 2, 2025 17:53

June Malspam Campaigns

	Date,Details,Email Payload Type,Users Targeted
	6/4/2025,Attachment name is Pago a partir del 04-06-2025 por monto USD 114,800.pdf.z; z -> vipkeylogger,Attachment,4
	6/4/2025,[ORDER] POSPHL0002653 Projector Pro2 Refurbished Order# 49763; iso -> vbs -> remcos,Attachment,6
	6/4/2025,Attachment name is Invoice for payment.pdf.z; z -> vipkeylogger,Attachment,4
	6/5/2025,Attachment name is inv. 324.20374.pdf.z; z -> vipkeylogger,Attachment,4
	6/5/2025,RE: PRODUCT ENQUIRY; zip -> xloader,Attachment,7
	6/5/2025,FW: Order; 7z -> vbe -> guloader -> xloader,Attachment,2
	6/6/2025,RFQ 6000169715 from 3340; rar -> xloader continued to 06/25,Attachment,42
	6/8/2025,OUR REF: RET-402-1438; xlsx -> remcos,Attachment,3
	6/9/2025,Attachment name is soa_longsail intl cargo services_feb_march 2025_from longsail.pdf.z; z -> snakekeylogger,Attachment,4

silence-is-best / gist:ede4c444ba406003642a99017274413d

Created June 2, 2025 15:25

	Date,Details,Email Payload Type,Users Targeted
	5/2/2025,Purchase Order No.13648045\|Purchase Order.; zip -> xloader,Attachment,5
	5/5/2025,Purchase Order (PO); exe -> xloader,Attachment,7
	5/6/2025,OUR REF: RET-402-1438; zip -> js -> snakekeylogger,Attachment,3
	5/7/2025,RE:NEW ORDER\|RE: NEW ORDER ENQUIRY; 7z\|zip -> xloader,Attachment,12
	5/7/2025,shipping documents for Cable quilt; rar -> snakekeylogger,Attachment,2
	5/14/2025,"Shipment Document BL,INV and packing; ace -> remcos continued to 5/16",Attachment,6
	5/21/2025,Statement of Account Dated 21th May\|PO2212020001 Suzhou Huijun Technology; ace -> remcos,Attachment,8
	5/21/2025,RE: FINAL SHIPPING DOCS; r15 -> masslogger,Attachment,2
	5/27/2025,Shipping Documents; 7z -> xloader,Attachment,21