mt gaocheng - Transportation - Red Sky Alliance2024-03-28T12:05:36Zhttps://redskyalliance.org/transportation/feed/tag/mt+gaochengVessel Impersonation 09 20 2019https://redskyalliance.org/transportation/vessel-impersonation-09-20-20192019-09-20T20:23:51.000Z2019-09-20T20:23:51.000ZAustin Talbothttps://redskyalliance.org/members/AustinTalbot<div><p><strong><a href="{{#staticFileLink}}3582005726,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3582005726,RESIZE_710x{{/staticFileLink}}" width="335" height="213" alt="3582005726?profile=RESIZE_710x" /></a></strong><strong>Weekly 2019 Motor Vessel (MV) & Motor Tanker (MT) Impersonation </strong></p><p>Wapack Labs performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Wapack Labs is providing this weekly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver them. Users should never click on or download any attachments or links in suspicious emails.</p><p><strong>Significant Vessel Keys Words:</strong></p><table width="378"><tbody><tr><td width="84"><p>MT, M/T</p></td><td width="294"><p>merchant tanker</p></td></tr><tr><td width="84"><p>MV, M/V</p></td><td width="294"><p>merchant vessel</p></td></tr><tr><td width="84"><p>MY, M/Y</p></td><td width="294"><p>motor yacht</p></td></tr><tr><td width="84"><p>VLCC</p></td><td width="294"><p>very large crude carrier</p></td></tr><tr><td width="84"><p>ULCC</p></td><td width="294"><p>ultra large crude carrier</p></td></tr><tr><td width="84"><p>RV, R/V</p></td><td width="294"><p>research vessel</p></td></tr><tr><td width="84"><p>FPSO</p></td><td width="294"><p>floating production storage & offloading</p></td></tr></tbody></table><p><strong><a href="{{#staticFileLink}}3581954946,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3581954946,RESIZE_710x{{/staticFileLink}}" width="710" alt="3581954946?profile=RESIZE_710x" /></a></strong>Figure 1.Geo-location of receiving IPs of the malicious emails. Location is not exact and is approximate location of the receiving IP gathered from Wapack Lab’s malicious email collection.</p><p><a href="{{#staticFileLink}}3581957054,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3581957054,RESIZE_710x{{/staticFileLink}}" width="710" alt="3581957054?profile=RESIZE_710x" /></a>Figure 2. Geo-location of sender IPs of the malicious emails. Location is not exact and is approximate location of the sender IP gathered from Wapack Lab’s malicious email collection.</p><p><em>Table 1: List of subject lines, motor vessel, type of malware sent and sender data that was seen in Wapack Lab’s malicious email collection from September 8, 2019 to September 20, 2019.</em></p><table width="726"><tbody><tr><td width="66"><p><strong> </strong></p><p><strong>First Seen</strong></p></td><td width="90"><p><strong> </strong></p><p><strong>Subject Line Used</strong></p></td><td width="210"><p><strong> </strong></p><p><strong>Malware Detections</strong></p></td><td width="204"><p><strong> </strong></p><p><strong>Sending Email</strong></p></td><td width="156"><p><strong> </strong></p><p><strong>Targets</strong></p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>Port agency appointment for M/V \"Star Elegance</p></td><td width="210"><p>GData - Gen:Variant.Symmi.83189</p><p> </p><p>BitDefender - Gen:Variant.Symmi.83189</p><p> </p><p>McAfee - Fareit-FPW!6F18D700F615</p><p> </p><p>Panda - Generic Suspicious,MAX - malware (ai score=83)</p><p> </p><p>Emsisoft - Gen:Variant.Symmi.83189 (B),FireEye - Gen:Variant.Symmi.83189,Arcabit - Trojan.Symmi.</p></td><td width="204"><p>Yang Ming Shipping</p><p><885d3b5fa9@3b0fe7eabbb.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>MV CEBU ISLAND / VESSEL\'S SCHEDULE AT DONGHAE</p></td><td width="210"><p>Emsisoft - Gen:Variant.Symmi.83189 (B)</p><p> </p><p>McAfee - Fareit-FPW!6F18D700F615</p><p> </p><p>FireEye - Gen:Variant.Symmi.83189</p><p> </p><p>MAX - malware (ai score=87)</p><p> </p><p>Panda - Trj/GdSda.A,BitDefender - Gen:Variant.Symmi.83189</p><p> </p><p>Rising - Trojan.Injector!1.B459 (CLASSIC)</p><p> </p><p>GData - Gen:Variant.</p></td><td width="204"><p>tokotramp <bd336241a@2857bc54121e1ea49.jp></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>Inqiury of mt gaocheng 3 loading at pasir gudang</p></td><td width="210"><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>Rising - Trojan.Injector!1.B459 (CLASSIC)</p><p> </p><p>Panda - Trj/GdSda.A,MAX - malware (ai score=88)</p><p> </p><p>BitDefender - Gen:Variant.Symmi.83189</p><p> </p><p>FireEye - Gen:Variant.Symmi.83189</p><p> </p><p>Arcabit - Trojan.Symmi.D144F5</p><p> </p><p>McAfee - Fareit-FPW!6F18</p></td><td width="204"><p>leaf <3e5cd82f5@1c7c9.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>=?utf-8?q?MV=2E_EASTERN_BEGONIA_=28Voy=2E005=29_=E2=80=93_PALANGGA_//_FDA?=</p></td><td width="210"><p>MAX - malware (ai score=89)</p><p> </p><p>Panda - Trj/GdSda.A,BitDefender - Gen:Variant.Symmi.83189</p><p> </p><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>Arcabit - Trojan.Symmi.D144F5</p><p> </p><p>Rising - Trojan.Injector!1.B459 (CLASSIC)</p><p> </p><p>Emsisoft - Gen:Variant.Symmi.83189 (B)</p><p> </p><p>McAfee - Fareit-FPW</p></td><td width="204"><p>Sigma Shipping</p><p><caf9@bc783ef46e69.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>Mv. DREAM STAR //CTM REQUEST; ETA 20th SEPT 2019</p></td><td width="210"><p>GData - Gen:Variant.Razy.194620</p><p> </p><p>Cyren - W32/VBKrypt.MF.gen!Eldorado</p><p> </p><p>Arcabit - Trojan.Razy.D2F83C</p><p> </p><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>MAX - malware (ai score=85)</p><p> </p><p>BitDefender - Gen:Variant.Razy.194620</p><p> </p><p>Emsisoft - Gen:Variant.Razy.194620 (B)</p><p> </p></td><td width="204"><p>NMT China Co., Ltd.</p><p><ac743ab0f05@16cc0a95753.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>Port agency appointment for M/V \"Star Elegance\"</p></td><td width="210"><p>FireEye - Gen:Variant.Razy.194620</p><p> </p><p>GData - Gen:Variant.Razy.194620</p><p> </p><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>BitDefender - Gen:Variant.Razy.194620</p><p> </p><p>Emsisoft - Gen:Variant.Razy.194620 (B)</p><p> </p><p>Arcabit - Trojan.Razy.D2F83C</p><p> </p><p>Cyren - W32/VBKrypt.MF.gen!Eldorado</p></td><td width="204"><p>Yang Ming Shipping <e84@3b0fe7eabbb.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>September 13th 2019</p></td><td width="90"><p>M/V XIN HAN-ARRIVAL NOTICE</p></td><td width="210"><p>Rising - Trojan.Injector/Autoit!1.BB82</p><p> </p><p>Kaspersky - HEUR:Trojan.Win32.Generic</p><p> </p><p>FireEye - Trojan.GenericKD.32444902</p><p> </p><p>MicroWorld-eScan - Trojan.GenericKD.32444902</p><p> </p><p>NANO-Antivirus - Trojan.Win32.Mlw.fzazsv</p><p> </p><p>Arcabit - Trojan.Generic.D1EF11E6</p></td><td width="204"><p>\"RMS MARINE & OFFSHORE SERVICE (SINGAPORE) PTE LTD.\"</p></td><td width="156"><p>zimmoah.com</p><p> </p><p>rmsmarineservice.sg</p><p> </p><p>cloud.zimmoah.com</p></td></tr></tbody></table><p><strong> </strong></p><p><strong>About Wapack Labs </strong></p><p>Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.</p></div>Vessel Impersonation 07 17 2019https://redskyalliance.org/transportation/vessel-impersonation-07-17-20192019-07-17T15:48:29.000Z2019-07-17T15:48:29.000ZAustin Talbothttps://redskyalliance.org/members/AustinTalbot<div><p><strong><a href="{{#staticFileLink}}3321733175,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3321733175,RESIZE_710x{{/staticFileLink}}" width="368" height="206" alt="3321733175?profile=RESIZE_710x" /></a></strong><strong>Weekly 2019 Motor Vessel (MV) & Motor Tanker (MT) Impersonation </strong></p><p>Wapack Labs performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Wapack Labs is providing this weekly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver them. Users should never click on or download any attachments or links in suspicious emails.</p><p><strong>Significant Vessel Keys Words:</strong></p><table width="378"><tbody><tr><td width="84"><p>MT, M/T</p></td><td width="294"><p>merchant tanker</p></td></tr><tr><td width="84"><p>MV, M/V</p></td><td width="294"><p>merchant vessel</p></td></tr><tr><td width="84"><p>MY, M/Y</p></td><td width="294"><p>motor yacht</p></td></tr><tr><td width="84"><p>VLCC</p></td><td width="294"><p>very large crude carrier</p></td></tr><tr><td width="84"><p>ULCC</p></td><td width="294"><p>ultra large crude carrier</p></td></tr><tr><td width="84"><p>RV, R/V</p></td><td width="294"><p>research vessel</p></td></tr><tr><td width="84"><p>FPSO</p></td><td width="294"><p>floating production storage & offloading</p></td></tr></tbody></table><p><strong><a href="{{#staticFileLink}}3321724846,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3321724846,RESIZE_710x{{/staticFileLink}}" width="710" alt="3321724846?profile=RESIZE_710x" /></a></strong>Figure 1.Geo-location of receiving IPs of the malicious emails. Location is not exact and is approximate location of the receiving IP gathered from Wapack Lab’s malicious email collection.</p><p><a href="{{#staticFileLink}}3321726187,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3321726187,RESIZE_710x{{/staticFileLink}}" width="710" alt="3321726187?profile=RESIZE_710x" /></a></p><p>Figure 2. Geo-location of sender IPs of the malicious emails. Location is not exact and is approximate location of the sender IP gathered from Wapack Lab’s malicious email collection.</p><p><em>Table 1: List of subject lines, motor vessel, type of malware sent and sender data that was seen in Wapack Lab’s malicious email collection from July 10, 2019 to July 17, 2019.</em></p><table width="726"><tbody><tr><td width="66"><p><strong> </strong></p><p><strong>First Seen</strong></p></td><td width="90"><p><strong> </strong></p><p><strong>Subject Line Used</strong></p></td><td width="216"><p><strong> </strong></p><p><strong>Malware Detections</strong></p></td><td width="192"><p><strong> </strong></p><p><strong>Sending Email</strong></p></td><td width="162"><p><strong> </strong></p><p><strong>Targets</strong></p></td></tr><tr><td width="66"><p>July 11th 2019</p></td><td width="90"><p>MV. RI HONG//CARGO NOTICE-P.LIST (2/2)</p></td><td width="216"><p>TrendMicro - Trojan.Win32.WACATAC.USXVPG819</p><p> </p><p>Avast - Win32:Malware-gen</p><p> </p><p>Kaspersky - Backdoor.Win32.Androm.stfm</p><p> </p><p>Emsisoft - Trojan.GenericKD.32127689 (B)</p><p> </p><p>Fortinet - W32/GenKryptik.DMSO!tr</p><p> </p><p>GData - Trojan.GenericKD.32127689</p><p> </p><p>NANO-Antivirus - Trojan.Win32.Androm</p></td><td width="192"><p>\"Son, Min Jung / Taesung marine\" <bk321@wsf.co.kr></p></td><td width="162"><p>cmx2401ex1603.avnet.com</p><p> </p><p>taesungmarine.com</p><p> </p><p>avnet.com</p><p> </p><p>wsf.co.kr</p><p> </p><p>stop-mos.com</p></td></tr><tr><td width="66"><p>July 11th 2019</p></td><td width="90"><p>MV ORIENT GLORY</p></td><td width="216"><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>MAX - malware (ai score=84)</p><p> </p><p>FireEye - Trojan.Zmutzy.802</p><p> </p><p>ClamAV - Email.Phishing.VOF1-6436271-0</p><p> </p><p>Fortinet - W32/Injector.EGKJ!tr</p><p> </p><p>McAfee - Artemis!B785725BB82F</p><p> </p><p>TrendMicro - TrojanSpy.Win32.LOKI.SMDD.hp</p></td><td width="192"><p>\"SEWHA Shipping Co., Ltd.\" <3d3a7@f926693804066cbdd.kr></p></td><td width="162"><p>No reported targets</p></td></tr><tr><td width="66"><p>July 11th 2019</p></td><td width="90"><p>Inqiury of mt gaocheng 3 loading at pasir gudang</p></td><td width="216"><p>MicroWorld-eScan - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>MAX - malware (ai score=88)</p><p> </p><p>FireEye - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>Arcabit - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>ESET-NOD32 - a variant of Win32/GenKryptik.DNAF</p><p> </p><p>Avast - Win32:CrypterX-gen [Trj]</p></td><td width="192"><p>\"leaf\" <shaoyijia@herun.com></p><p> </p></td><td width="162"><p>herun.com</p><p> </p><p>hiworks.co.kr</p><p> </p><p>sewhashipping.co.kr</p><p> </p><p>prodep.ru</p><p> </p></td></tr><tr><td width="66"><p>July 11th 2019</p></td><td width="90"><p>[ENQUIRY] MT DH CONCORD / TANJUNG LANGSAT</p></td><td width="216"><p>Microsoft - Trojan:Win32/Fuerboos.C!cl</p><p> </p><p>GData - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>BitDefender - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>Emsisoft - Exploit.SpamMalware-RAR.Gen (B)</p><p> </p><p>Arcabit - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>ESET-NOD32 - a variant of Win32/GenKryptik.DNAF</p><p> </p></td><td width="192"><p>1d1d57@57005ee0ecc1998.com</p><p> </p></td><td width="162"><p>No reported targets</p></td></tr><tr><td width="66"><p>July 11th 2019</p></td><td width="90"><p>MT Celsius Macau V4240 201905 - Onsan,</p></td><td width="216"><p>Arcabit - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>Fortinet - W32/GenKryptik.DNAF!tr</p><p> </p><p>ESET-NOD32 - a variant of Win32/Injector.EGOF</p><p> </p><p>Emsisoft - Exploit.SpamMalware-RAR.Gen (B)</p><p> </p><p>AVG - Win32:CrypterX-gen [Trj]</p><p> </p><p>FireEye - Exploit.SpamMalware-RAR.Gen</p><p> </p><p>McAfee - Artemis!FD792C5</p></td><td width="192"><p>\"Max Chan\" <040@e261ff1564.com></p><p> </p></td><td width="162"><p>No reported targets</p></td></tr></tbody></table><p><strong>About Wapack Labs </strong></p><p>Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.</p></div>