mv thalassini voy - Transportation - Red Sky Alliance
2024-03-28T23:50:33Z
https://redskyalliance.org/transportation/feed/tag/mv+thalassini+voy
Vessel Impersonation 09 07 2019
https://redskyalliance.org/transportation/vessel-impersonation-09-07-2019
2019-09-07T21:07:04.000Z
2019-09-07T21:07:04.000Z
Austin Talbot
https://redskyalliance.org/members/AustinTalbot
<div><p><strong><a href="{{#staticFileLink}}3545460281,RESIZE_930x{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3545460281,RESIZE_710x{{/staticFileLink}}" width="363" height="195" alt="3545460281?profile=RESIZE_710x" /></a></strong><strong>Weekly 2019 Motor Vessel (MV) & Motor Tanker (MT) Impersonation </strong></p><p>Wapack Labs performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Wapack Labs is providing this weekly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver them. Users should never click on or download any attachments or links in suspicious emails.</p><p><strong>Significant Vessel Keys Words:</strong></p><table width="378"><tbody><tr><td width="84"><p>MT, M/T</p></td><td width="294"><p>merchant tanker</p></td></tr><tr><td width="84"><p>MV, M/V</p></td><td width="294"><p>merchant vessel</p></td></tr><tr><td width="84"><p>MY, M/Y</p></td><td width="294"><p>motor yacht</p></td></tr><tr><td width="84"><p>VLCC</p></td><td width="294"><p>very large crude carrier</p></td></tr><tr><td width="84"><p>ULCC</p></td><td width="294"><p>ultra large crude carrier</p></td></tr><tr><td width="84"><p>RV, R/V</p></td><td width="294"><p>research vessel</p></td></tr><tr><td width="84"><p>FPSO</p></td><td width="294"><p>floating production storage & offloading</p></td></tr></tbody></table><p><strong><a href="{{#staticFileLink}}3545454415,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3545454415,RESIZE_710x{{/staticFileLink}}" width="710" alt="3545454415?profile=RESIZE_710x" /></a></strong>Figure 1.Geo-location of receiving IPs of the malicious emails. Location is not exact and is approximate location of the receiving IP gathered from Wapack Lab’s malicious email collection.</p><p><a href="{{#staticFileLink}}3545454891,original{{/staticFileLink}}"><img class="align-full" src="{{#staticFileLink}}3545454891,RESIZE_710x{{/staticFileLink}}" width="710" alt="3545454891?profile=RESIZE_710x" /></a>Figure 2. Geo-location of sender IPs of the malicious emails. Location is not exact and is approximate location of the sender IP gathered from Wapack Lab’s malicious email collection.</p><p><em>Table 1: List of subject lines, motor vessel, type of malware sent and sender data that was seen in Wapack Lab’s malicious email collection from August 18, 2019 to September 7, 2019.</em></p><table width="726"><tbody><tr><td width="66"><p><strong> </strong></p><p><strong>First Seen</strong></p></td><td width="90"><p><strong> </strong></p><p><strong>Subject Line Used</strong></p></td><td width="210"><p><strong> </strong></p><p><strong>Malware Detections</strong></p></td><td width="204"><p><strong> </strong></p><p><strong>Sending Email</strong></p></td><td width="156"><p><strong> </strong></p><p><strong>Targets</strong></p></td></tr><tr><td width="66"><p>August 19<sup>th</sup>, 2019</p></td><td width="90"><p>RE: PRE-ARRIVAL DOCS AT YOSU(MT. BOW ASIA)</p></td><td width="210"><p>Kaspersky - HEUR:Exploit.MSOffice.Generic</p><p> </p><p>Qihoo-360 - heur.rtf.obfuscated.1</p><p> </p><p>MicroWorldeScan - Exploit.CVE-2017-11882.Y</p><p> </p><p>CAT-QuickHeal - Exp.RTF.Obfus.Gen</p><p> </p><p>TrendMicro -Trojan.W97M.CVE201711882.SM6</p><p> </p><p>Ikarus - Exploit.CVE-2017-11882</p><p> </p></td><td width="204"><p>Bow Asia <Bow.Asia@thomefleet.net></p></td><td width="156"><p>spin.electroputere.ro</p><p> </p><p>electroputere.ro</p><p> </p><p>thomefleet.net</p></td></tr><tr><td width="66"><p>August 20<sup>th</sup>, 2019</p></td><td width="90"><p>FW: MV. CMA CGM Verdi V-250E DT:19/08/2019.</p></td><td width="210"><p>BitDefender - Trojan.SpamMalware-RAR.Gen</p><p> </p><p>Arcabit - Trojan.SpamMalware-RAR.Gen </p><p> </p><p>McAfee - Artemis!1928B73AF9CC</p><p> </p><p>FireEye - Trojan.SpamMalware-RAR.Gen</p><p> </p><p>Cyren - W32/Autoit.G.gen!Eldorado</p><p> </p></td><td width="204"><p>"Ms.Julie Tsukahara-LOGISTICS MATES CORP."</p><p><info@esanat.com></p></td><td width="156"><p>localhost.redcondor.net</p><p> </p><p>redcondor.net</p><p> </p><p>swva.net</p><p> </p><p>sys.redcondor.net</p><p> </p><p>sys.redcondor.com</p><p> </p><p>esanat.com</p></td></tr><tr><td width="66"><p>August 20<sup>th</sup>, 2019</p></td><td width="90"><p>Urgent quotation needed /M.T. Navion Britannia - PDA</p></td><td width="210"><p>McAfee - Suspect-DH!8C5B06028463</p><p> </p><p>Sophos - Mal/Fareit-V</p><p> </p><p>Rising - Trojan.Injector!1.AFE3</p><p> </p><p>TrendMicro-HouseCall - TrojanSpy.Win32.LOKI.SMAD.hp</p><p> </p><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>BitDefender - Trojan.Zmutzy.802</p></td><td width="204"><p>VELESTO DRILLING SDN BHD <caf9@448cb87.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>August 20<sup>th</sup>, 2019</p></td><td width="90"><p>BUNKER ESTIMATE - MV SINGMAR 20th AUG.2019</p></td><td width="210"><p>VBA32 - CIL.StupidCryptor.Heur -</p><p> </p><p>Ikarus - Win32.Outbreak</p><p> </p><p>MicroWorld-eScan -Trojan.Zmutzy.802</p><p> </p><p>BitDefender - Trojan.Zmutzy.802</p><p> </p><p>FireEye - Trojan.Zmutzy.802</p><p> </p><p>MAX - malware (ai score=89)</p><p> </p><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p></td><td width="204"><p>Singmar Marine and Offshore Pte Ltd <technical@singmarmarine.com></p></td><td width="156"><p>spin.electroputere.ro</p><p> </p><p>electroputere.ro</p><p> </p><p>megabytetravels.com</p><p> </p><p>singmarmarine.com</p></td></tr><tr><td width="66"><p>August 20<sup>th</sup>, 2019</p></td><td width="90"><p>mv ANL GIPPSLAND epDA- vessel - AGENCY APPOINTMENT</p></td><td width="210"><p>Cyren -</p><p>W32/Heuristic-200!Eldorado</p><p> </p><p>MicroWorld-eScan - Trojan.Zmutzy.804</p><p> </p><p>F-Secure -</p><p>Heuristic.HEUR/AGEN.1022332</p><p> </p><p>GData –</p><p>Trojan.SpamMalware-ZIP.Gen</p><p> </p><p>Sophos - Mal/Generic-S</p><p> </p><p>Arcabit - Trojan.Zmutzy.804</p><p> </p></td><td width="204"><p>No reported sender</p></td><td width="156"><p>webmail.sunraywall.com</p><p> </p><p>panasiancorp.net</p><p> </p><p>natori.com</p><p> </p><p>smtp426.redcondor.net</p><p> </p><p>vps8327.youcloud.hk</p><p> </p><p>vps8327.webhosthk.net</p><p> </p><p>socmail.redcondor.net</p></td></tr><tr><td width="66"><p>August 20<sup>th</sup>, 2019</p></td><td width="90"><p>VSL: MV Huanghai Pioneer, ORDER: TK-812B</p></td><td width="210"><p>NANO-Antivirus - Trojan.Win32.Androm.fvdkaa</p><p> </p><p>DrWeb - Trojan.PWS.Banker1.34264</p><p> </p><p>Avira - Trojan.VB.Crypt</p><p> </p><p>MicroWorld-eScan -</p><p>Trojan.GenericKD.41536489</p><p> </p><p>Sophos - Troj/VB-KJM</p><p> </p><p>Emsisoft - Trojan.GenericKD.41536489 (B)</p><p> </p></td><td width="204"><p>Hyuk Kim <operation@mabong.co.kr></p></td><td width="156"><p>cable.net.co</p><p> </p><p>jame.com</p><p> </p><p>mabong.co.kr</p></td></tr><tr><td width="66"><p>August 26<sup>th</sup>, 2019</p></td><td width="90"><p>Mt. Yue You 901 V1911// SIME// CP 28TH AUG 2019 // Loading 10,000mt</p></td><td width="210"><p>Emsisoft - Trojan.GenericKD.32306233 (B)</p><p> </p><p>BitDefender - Trojan.GenericKD.32306233</p><p> </p><p>Arcabit - Trojan.Generic.D1ECF439</p><p> </p><p>Kaspersky - HEUR:Backdoor.Win32.Androm.gen</p><p> </p></td><td width="204"><p>Ms.Zhu Qin</p><p><operation@waibert.com></p></td><td width="156"><p>mail1.tandler.de</p><p> </p><p>royalsingi.com</p><p> </p><p>secure.myportalhost.com</p><p> </p><p>waibert.com</p></td></tr><tr><td width="66"><p>August 26<sup>th</sup>, 2019</p></td><td width="90"><p>RE: PRE-ARRIVAL DOCS AT YOSU(MT. BOW ASIA)</p></td><td width="210"><p>Cyren –</p><p>CVE-2017-11882.E.gen!Camelot</p><p> </p><p>Ad-Aware - Exploit.CVE-2017-11882.Y</p><p> </p><p>DrWeb - Exploit.ShellCode.69</p><p> </p><p>Avast - Other:Malware-gen [Trj]</p><p> </p><p>NANO-Antivirus -Exploit.Ole2.ShellCode.fpfqba -</p><p> </p><p>TrendMicro -</p><p>Trojan.W97M.CVE201711882.SM6</p><p> </p></td><td width="204"><p>Bow Asia <Bow.Asia@thomefleet.net></p></td><td width="156"><p>spin.electroputere.ro</p><p> </p><p>thomefleet.net</p><p> </p><p>electroputere.ro</p></td></tr><tr><td width="66"><p>August 27<sup>th</sup>, 2019</p></td><td width="90"><p>Quotation Request // MV Southern Sunset V.100392-Home</p></td><td width="210"><p>GData - Trojan.SpamMalware-RAR.Gen</p><p> </p><p>Arcabit - Trojan.SpamMalware-RAR.Gen</p><p> </p><p>BitDefender - Trojan.SpamMalware-RAR.Gen</p><p> </p><p>Rising - Trojan.Injector!1.B459 (CLASSIC)</p><p> </p><p>FireEye - Trojan.SpamMalware-RAR.Gen</p></td><td width="204"><p>ba19a09a68@8aaafd712c3abb9d.jp</p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>August 29<sup>th</sup>, 2019</p></td><td width="90"><p>Port agency appointment for M/V COSCO</p></td><td width="210"><p>GData - Trojan.GenericKD.41650797 </p><p> </p><p>FireEye - Trojan.GenericKD.41650797</p><p> </p><p>BitDefender - Trojan.GenericKD.41650797</p><p> </p><p>AVG - Win32:Trojan-gen</p><p> </p><p>Avast - Win32:Trojan-gen</p><p> </p><p>Microsoft - Trojan:Win32/Fuerboos.C!cl</p><p> </p><p>Fortinet - W32/Injector.EHKV!tr </p><p> </p><p>Sophos - Mal/Generic-S</p><p> </p></td><td width="204"><p>SMTECH Ship Management Co., Ltd</p><p><9daaa@9f2b4579b.com></p></td><td width="156"><p>No reported targets</p></td></tr><tr><td width="66"><p>August 29<sup>th</sup>, 2019</p></td><td width="90"><p>MV Thalassini Voy. 09 // DA Request</p></td><td width="210"><p>Microsoft - Trojan:Win32/Wacatac.B!ml</p><p> </p><p>BitDefender - Gen:Heur.PonyStealer.dn2@gm8qLSci</p><p> </p><p>FireEye - Gen:Heur.PonyStealer.dn2@gm8qLSci</p><p> </p></td><td width="204"><p>Operation <caf9@062d2f8402b314d.net></p></td><td width="156"><p>No reported targets</p></td></tr></tbody></table><p><strong> </strong></p><p><strong>About Wapack Labs </strong></p><p>Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.</p></div>