Wapack Labs performs weekly queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Wapack Labs is providing this weekly list of Motor Vessels in which Wapack Labs directly observed the vessel being impersonated, with associated malicious emails. The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver them. Users should never click on or download any attachments or links in suspicious emails.
Significant Vessel Keys Words:
very large crude carrier
ultra large crude carrier
floating production storage & offloading
Figure 1.Geo-location of receiving IPs of the malicious emails. Location is not exact and is approximate location of the receiving IP gathered from Wapack Lab’s malicious email collection (No reported receiving IPs).
Table 1: List of subject lines, motor vessel, type of malware sent and sender data that was seen in Wapack Lab’s malicious email collection from June 5, 2019 to June 14, 2019.
Subject Line Used
June 8th, 2019
VSL - MV Sea Vita, ORDER: TKH-A060419B
Cyren - CVE-2017-11882.C.gen!Camelot
DrWeb - Exploit.Rtf.CVE2012-0158
Kaspersky - HEUR:Exploit.RTF.Oleink.gen
ZoneAlarm - HEUR:Exploit.RTF.Oleink.gen
CAT-QuickHeal - Exp.RTF.Obfus.Gen
AhnLab-V3 - RTF/Malform-C.Gen
A-Sonic Logistics Sdn Bhd <email@example.com>
No reported targets
About Wapack Labs
Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or firstname.lastname@example.org.