Sample details: 31479563c5b87ca7d29af560cc4d8574 --

Hashes
MD5: 31479563c5b87ca7d29af560cc4d8574
SHA1: 299e5ac1a38ddbffa1f5d947536f4fd84a2e8b66
SHA256: 62ca3e50f4b2fe9599e3a8209350249c65f47e8709777febeb5280c55b0d6ad6
SSDEEP: 1536:2oi8LriOT207mZsc0Ma9z63SailyFNFy2u2OrqZr6J:2j89WdQeQYBq
Details
File Type: XML
Added: 2019-07-03 08:47:39
Yara Hits
YRP/with_images | YRP/without_attachments | YRP/with_urls | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/Misc_Suspicious_Strings | YRP/spyeye |
Strings
		<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blogger.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2005/Atom' xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/' xmlns:blogger='http://schemas.google.com/blogger/2008' xmlns:georss='http://www.georss.org/georss' xmlns:gd="http://schemas.google.com/g/2005" xmlns:thr='http://purl.org/syndication/thread/1.0'><id>tag:blogger.com,1999:blog-804714437673009003</id><updated>2019-07-03T08:52:04.162+01:00</updated><category term="Spam"/><category term="Viruses"/><category term="Malware"/><category term="Russia"/><category term="DOC"/><category term="Dridex"/><category term="Scams"/><category term="EXE-in-ZIP"/><category term="Amerika"/><category term="RU:8080"/><category term="Ukraine"/><category term="OVH"/><category term="Locky"/><category term="Ransomware"/><category term="Evil Network"/><category term="Germany"/><category term="Job Offer Scams"/><category term="Money Mule"/><category term="Stupidity"/><category term="France"/><category term="Linode"/><category term="Hetzner"/><category term="SQL Injection"/><category term="Lapatasker"/><category term="Netherlands"/><category term="Turkey"/><category term="China"/><category term="Injection Attacks"/><category term="Latvia"/><category term="GoDaddy"/><category term="Canada"/><category term="Dyre"/><category term="Romania"/><category term="Upatre"/><category term="Asprox"/><category term="Phishing"/><category term="NACHA"/><category term="BBB"/><category term="Printer Spam"/><category term="India"/><category term="LinkedIn"/><category term="Facebook"/><category term="Mongolia"/><category term="ThreeScripts"/><category term="Domains"/><category term="INTUIT"/><category term="DINETHOSTING"/><category term="Banking"/><category term="Amazon"/><category term="Bulgaria"/><category term="ADP"/><category term="Fake Pharma"/><category term="Fax Spam"/><category term="Korea"/><category term="Microsoft"/><category term="1&amp;1"/><category term="Scam"/><category term="Spain"/><category term="Nigeria"/><category term="Endurance International Group"/><category term="Redret"/><category term="Thailand"/><category term=".SU"/><category term="Brazil"/><category term="IRS"/><category term="Poland"/><category term="TheFirst-RU"/><category term="Trojans"/><category term="Italy"/><category term="Lithuania"/><category term="Moldova"/><category term="Pump and Dump"/><category term="Fail"/><category term="SMS"/><category term="Nuclear Fallout Enterprises"/><category term="Malvertising"/><category term="UPS"/><category term="USPS"/><category term="Google"/><category term="PayPal"/><category term="eFax"/><category term="Joe Job"/><category term="Leaseweb"/><category term="Sweden"/><category term="Vietnam"/><category term="Blackhole"/><category term="Teslacrypt"/><category term="Australia"/><category term="HMRC"/><category term="Slicehost"/><category term="Taiwan"/><category term="Advanced Fee Fraud"/><category term="Angler EK"/><category term="Dating Scams"/><category term="Gandi"/><category term="Hungary"/><category term="Phones"/><category term="Serverius"/><category term="Zbot"/><category term="Czech Republic"/><category term="PDFs"/><category term="Serbia"/><category term="AICPA"/><category term="False Positive"/><category term="PPI"/><category term="Pakistan"/><category term="R5X.org"/><category term="Somnath Bharti"/><category term="South Africa"/><category term="Adware"/><category term="GHOSTnet"/><category term="Greece"/><category term="Jolly Works Hosting"/><category term="NAPPPA"/><category term="US Airways"/><category term="BizSummits"/><category term="CA"/><category term="Colombia"/><category term="Estonia"/><category term="F3Y"/><category term="FedEx"/><category term="Intergenia"/><category term="Israel"/><category term="Singapore"/><category term="Specialist ISP"/><category term="Transnistria"/><category term="inferno.name"/><category term="security"/><category term="419"/><category term="Apple"/><category term="CNN"/><category term="Cryptowall"/><category term="Porn"/><category term="Switzerland"/><category term="UAE"/><category term="eTrust"/><category term="Android"/><category term="CyberBunker"/><category term="Japan"/><category term="Patches"/><category term="Politics"/><category term="Simply Transit"/><category term="Solar VPS"/><category term="Zerigo"/><category term="Anti-Virus Software"/><category term="Argentina"/><category term="Black Hat"/><category term="Chile"/><category term="Dropbox"/><category term="Dynamic DNS"/><category term="Egypt"/><category term="Fake Anti-Virus"/><category term="Fiji"/><category term="Kenya"/><category term="Montenegro"/><category term="Sagade Ltd"/><category term="Saudi Arabia"/><category term="UK2.NET"/><category term="Voice Mail"/><category term="Adobe"/><category term="Advertising"/><category term="Appraisals"/><category term="IPMA"/><category term="Institute of Project Management America"/><category term="Ireland"/><category term="Kazakhstan"/><category term="Mystery Shopper"/><category term="Netserv Consult SRL"/><category term="Philippines"/><category term="Piradius.net"/><category term="Sky"/><category term="UkrStar ISP"/><category term="Webazilla"/><category term="Austria"/><category term="Bogus Ads"/><category term="Bosnia"/><category term="Crime"/><category term="DHL"/><category term="Elstow"/><category term="Google Maps"/><category term="Hacked sites"/><category term="Hosting"/><category term="Iran"/><category term="Mexico"/><category term="NetTemps Inc"/><category term="PestPatrol"/><category term="Postini"/><category term="Privacy"/><category term="Senegal"/><category term="Sidharth Shah"/><category term="Twitter"/><category term="Xeex"/><category term="logol.ru"/><category term="BBC"/><category term="Blogger"/><category term="Bredolab"/><category term="Bundespolizei"/><category term="Cerber"/><category term="Data Breach"/><category term="Fake Retailers"/><category term="Finance Scams"/><category term="Finland"/><category term="Gary McNeish"/><category term="Hoax"/><category term="Indonesia"/><category term="Lithunia"/><category term="LizaMoon"/><category term="Nokia"/><category term="Norway"/><category term="Pony"/><category term="Portugal"/><category term="Seychelles"/><category term="Shifu"/><category term="Spamcop"/><category term="Tetrus Telecoms"/><category term="TrickBot"/><category term="VBScript"/><category term="Weather"/><category term="Zeus"/><category term=".htaccess"/><category term="BLNX.L"/><category term="Blogging"/><category term="Botnet"/><category term="Dubai"/><category term="Emailmovers Ltd"/><category term="Etisalat"/><category term="F-Secure"/><category term="Firefox"/><category term="Google Streetview"/><category term="HostForWeb"/><category term="Humour"/><category term="Java"/><category term="Lottery Scam"/><category term="MLM"/><category term="Nymaim"/><category term="Passwords"/><category term="Phishtank"/><category term="Pizza"/><category term="Police"/><category term="Project Management International"/><category term="SEO"/><category term="Smart Roadster"/><category term="Sweet Orange"/><category term="Telepests"/><category term="Uzbekistan"/><category term="Vawtrak"/><category term="Video"/><category term="Virgin Media"/><category term="Voxility"/><category term="Waledac"/><category term="Windows"/><category term="World of Warcraft"/><category term="Yahoo"/><category term="Yohost.org"/><category term="eBay"/><category term="snow"/><category term="Acid Free Coffee"/><category term="AdWords"/><category term="Bitcoin"/><category term="Blinkx"/><category term="Bob Gatchel"/><category term="Botswana"/><category term="CareerBuilder"/><category term="Censorship"/><category term="Classmates.com"/><category term="Clickbank"/><category term="Cloudflare"/><category term="Craigslist"/><category term="DDOS"/><category term="DreamHost"/><category term="Edis"/><category term="Exchange"/><category term="Fake Postcard"/><category term="Hostfresh"/><category term="Hostinger"/><category term="IIS"/><category term="Iframe attacks"/><category term="Internet Explorer"/><category term="Law"/><category term="MarketBay"/><category term="Maxhosting"/><category term="Mobiquant"/><category term="NA3PA"/><category term="Nadine Dorries"/><category term="Netdirekt"/><category term="Neutrino"/><category term="New Zealand"/><category term="Nuclear EK"/><category term="OpenX"/><category term="PHP"/><category term="Palestine"/><category term="Panama"/><category term="Phorm"/><category term="Pinball Corporation"/><category term="Pinterest"/><category term="Qhoster"/><category term="Retro"/><category term="Samsung"/><category term="Sapphire Town Real Estate"/><category term="Sinowal"/><category term="Slovakia"/><category term="Spin"/><category term="TDS"/><category term="The Funding Institute"/><category term="Tor"/><category term="Vet"/><category term="Wikipedia"/><category term="uadomen.com"/><category term="AOL"/><category term="Andromeda"/><category term="Art Scam"/><category term="Aruba"/><category term="Bedford"/><category term="Bedfordshire"/><category term="Belarus"/><category term="Belize"/><category term="Bing"/><category term="Blink"/><category term="Brexit"/><category term="Bulgari"/><category term="Computer Misuse Act"/><category term="Conficker"/><category term="CookieBomb"/><category term="Cryptocurrency"/><category term="DNS"/><category term="Data Protection"/><category term="Elections"/><category term="Electronics"/><category term="Email"/><category term="Epsilon"/><category term="Escrow"/><category term="Etiquette"/><category term="Extortion"/><category term="Fast Serv"/><category term="Fiesta EK"/><category term="FirefoxOS"/><category term="Friendster"/><category term="Funny"/><category term="Gawker"/><category term="Ghana"/><category term="Gogax"/><category term="Gold Scam"/><category term="Google Drive"/><category term="Google Voice"/><category term="Gumblar"/><category term="HYIP"/><category term="Hancitor"/><category term="Hetzer"/><category term="Hong Kong"/><category term="Hotbar"/><category term="Iceland"/><category term="Infographic"/><category term="Kelihos"/><category term="Kidnap"/><category term="LBM"/><category term="LNK"/><category term="Latnet"/><category term="LinkShare"/><category term="Luxembourg. GoDaddy"/><category term="Macedonia"/><category term="Macintosh"/><category term="Magnitude"/><category term="Malaysia"/><category term="Malware Viruses"/><category term="Maware"/><category term="Mea Culpa"/><category term="Motorola"/><category term="Mozilla"/><category term="Music"/><category term="NATO"/><category term="Najada Ltd"/><category term="Nemucod"/><category term="Network Operations Center"/><category term="Networking4Africa.com"/><category term="New Zealing"/><category term="Paragon Software Group"/><category term="Parcel Mule"/><category term="Paul Aunger"/><category term="Qatar"/><category term="Relikts BVK"/><category term="Robert G Allen"/><category term="Rootkits"/><category term="SMTP"/><category term="SOCA"/><category term="SOPA"/><category term="Santrex"/><category term="Serverconnect.se"/><category term="Servia"/><category term="Shifu. Malware"/><category term="Skype"/><category term="Slimeware"/><category term="SoftLayer"/><category term="Spam Scams"/><category term="Spam. Malware"/><category term="Spoofing"/><category term="SpyEye"/><category term="Symantec"/><category term="Syria"/><category term="Sysprep"/><category term="T-Mobile"/><category term="TopSites"/><category term="Tunisia"/><category term="Tylers Coffees"/><category term="Upatre. Dyre"/><category term="Vietname"/><category term="Viruse"/><category term="Viruses. DOC"/><category term="Viruses. Dyre"/><category term="Vline Ltd"/><category term="WTF"/><category term="Worm"/><category term="XSS"/><category term="YouTube"/><category term="Zero Day"/><category term="Zombies"/><category term="ZoneAlarm"/><category term="gambling"/><category term="hardware"/><category term="microlines.lv"/><category term="pddomains.com"/><category term="review"/><category term="theciosummits.org"/><title type='text'>Dynamoo&#39;s Blog</title><subtitle type='html'>Malware, spam, scams and random stuff, by Conrad Longmore.</subtitle><link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/posts/default'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/'/><link rel='hub' href='http://pubsubhubbub.appspot.com/'/><link rel='next' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default?start-index=26&amp;max-results=25'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><generator version='7.00' uri='http://www.blogger.com'>Blogger</generator><openSearch:totalResults>2931</openSearch:totalResults><openSearch:startIndex>1</openSearch:startIndex><openSearch:itemsPerPage>25</openSearch:itemsPerPage><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-2344699557420072392</id><published>2019-03-18T15:57:00.001+00:00</published><updated>2019-03-18T15:59:16.345+00:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Bitcoin"/><category scheme="http://www.blogger.com/atom/ns#" term="Extortion"/><category scheme="http://www.blogger.com/atom/ns#" term="Scams"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>&quot;Central Intelligence Agency - Case #79238516&quot; extortion spam</title><summary type="text">
I&#39;ve seen various extortion spams over the past 12 months or so, but this one has a particularly vicious twist.
If you haven&#39;t seen one of these before - it&#39;s just a spam, randomly sent to your email address. You can safely ignore it.
 Liza Guest [liza-guest@eosj.cia-gov-it.tk]
Reply-To:
 liza-guest@eosj.cia-gov-it.tk
 [redacted]
 18 Mar 2019, 06:33
Subject:
 </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/2344699557420072392/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=2344699557420072392' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2344699557420072392'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2344699557420072392'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2019/03/central-intelligence-agency-case.html' title='&quot;Central Intelligence Agency - Case #79238516&quot; extortion spam'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-mHjQoczTI9M/TfsKa5zqTtI/AAAAAAAADVU/OUWksKZdXNswJzT1RBLKM4T3Xm2lLRB2ACPcBGAYYCw/s72-c/fake.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-9173040803543166987</id><published>2018-05-22T11:01:00.004+01:00</published><updated>2018-05-22T11:01:53.342+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Nigeria"/><category scheme="http://www.blogger.com/atom/ns#" term="Qhoster"/><category scheme="http://www.blogger.com/atom/ns#" term="Scams"/><title type='text'>Phishing and fraudulent sites hosted on 188.241.58.60 (Qhoster)</title><summary type="text">
Nigerian registrants. Dodgy Eastern European
 host offering bulletproof and anonymous hosting. Yup, I very much doubt there is anything legitimate at all hosted on 188.241.58.60.. or indeed any part of Qhoster&#39;s network.
237buzz.com255page.ga702mine.com779999977.</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/9173040803543166987/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=9173040803543166987' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9173040803543166987'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9173040803543166987'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/05/phishing-and-fraudulent-sites-hosted-on.html' title='Phishing and fraudulent sites hosted on 188.241.58.60 (Qhoster)'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-TcTayzpueLA/TfypQFAsdwI/AAAAAAAAAQc/OUpyA5HoQtwT-ZR3iWxTiEbs9I_orzKKgCPcBGAYYCw/s72-c/scam.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-2312636515381358965</id><published>2018-05-10T15:10:00.001+01:00</published><updated>2018-05-10T15:10:03.378+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Cloudflare"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;New documents available for download&quot; / service@barclaysdownloads.co.uk / barclaysdownloads.com</title><summary type="text">
This fake Barclays spam seems to lead to the Trickbot banking trojan.
 Barclays [service@barclaysdownloads.co.uk]Date:
 10 May 2018, 13:16Subject:
 New documents available for downloadSigned by:
 barclaysdownloads.co.ukSecurity:
 Standard encryption (TLS) Learn moreBarclays Bank PLC Has Sent You Important Account Documents to SignYou can view the document in your Barclays </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/2312636515381358965/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=2312636515381358965' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2312636515381358965'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2312636515381358965'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/05/malware-spam-new-documents-available.html' title='Malware spam: &quot;New documents available for download&quot; / service@barclaysdownloads.co.uk / barclaysdownloads.com'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://3.bp.blogspot.com/-hywvkVkbMcQ/TgB7d64nvuI/AAAAAAAANcE/KzLOZVYzoN4zr9jAxxV5c7LSM3fwv-5uwCPcBGAYYCw/s72-c/bomb.png" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-7150687213234777968</id><published>2018-05-04T12:14:00.000+01:00</published><updated>2018-05-04T12:14:25.689+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="inferno.name"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>&quot;Best porno ever&quot; Necurs spam</title><summary type="text">
This spam (apparently from the Necurs botnet) promises much, but seems not to deliver.
 Susanne@victimdomain.tld [Susanne@victimdomain.tld]Date:
 4 May 2018, 10:22Subject:
 Best porno everHi [redacted],Best gay,teen,animal porno everPlease click the following link to activate your account.hxxp:||46.161.40.145:3314Regards,Susanne
The sender&#39;s name varies, but is always in the same </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/7150687213234777968/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=7150687213234777968' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7150687213234777968'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7150687213234777968'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/05/best-porno-ever-necurs-spam.html' title='&quot;Best porno ever&quot; Necurs spam'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-ChBb1SZ4dOY/TfymeL0skfI/AAAAAAAAAQY/-_xrPaL0Yocmu15KWAkRLZTYxPkBn90LACPcBGAYYCw/s72-c/spam.jpg" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-6226043716779711551</id><published>2018-04-01T00:10:00.000+01:00</published><updated>2018-04-01T10:35:23.934+01:00</updated><title type='text'>New Traffic Light Protocol (TLP) levels for 2018</title><summary type="text">The Traffic Light Protocol should be familiar to anyone working with sensitive data, with levels RED, AMBER, GREEN and WHITE being used to specify how far information can be shared. In recent years it has become clear that these four levels are not enough, so the United Nations International Committee on Responsible Naming (UN/ICoRN) has introduced nine new TLP levels for implementation from the </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/6226043716779711551/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=6226043716779711551' title='3 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/6226043716779711551'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/6226043716779711551'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/04/new-traffic-light-protocol-tlp-levels.html' title='New Traffic Light Protocol (TLP) levels for 2018'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><thr:total>3</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-9204676978494070958</id><published>2018-03-08T23:03:00.000+00:00</published><updated>2018-03-13T11:37:47.295+00:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Scams"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>&quot;Faster payment&quot; scam is not quite what it seems</title><summary type="text">
I see a lot of &quot;fake boss&quot; fraud emails in my day job, but it&#39;s rare that I see them sent to my personal email address. These four emails all look like fake boss fraud emails, but there&#39;s something more going on here.
 Ravi [Redacted] &lt;ravi@victimdomain.com&gt;
Reply-To:
 Ravi [Redacted] &lt;ravi@victimdomain.com-3.eu&gt;
 accounts@victimdomain.com
 23 February 2018 at 12:02
</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/9204676978494070958/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=9204676978494070958' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9204676978494070958'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9204676978494070958'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/03/faster-payment-scam-is-not-quite-what.html' title='&quot;Faster payment&quot; scam is not quite what it seems'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-TcTayzpueLA/TfypQFAsdwI/AAAAAAAAAQc/OUpyA5HoQtwT-ZR3iWxTiEbs9I_orzKKgCPcBGAYYCw/s72-c/scam.png" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-7886856772928594109</id><published>2018-01-15T11:14:00.001+00:00</published><updated>2018-01-17T08:29:12.464+00:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Cryptocurrency"/><category scheme="http://www.blogger.com/atom/ns#" term="Pump and Dump"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>Swisscoin [SIC] cryptocurrency spam</title><summary type="text">
Swisscoin is a fairly low-volume self-styled cryptocurrency that has been the target of a Necurs-based spam run starting on Saturday 13th January, and increasing in volume to huge levels on Monday.
 Florine Fray [Fray.419@redacted.tld]
 15 January 2018 at 10:51
Subject:
 Could this digital currency actually make you a millionaire?
Every once in a while, an opportunity comes</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/7886856772928594109/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=7886856772928594109' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7886856772928594109'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7886856772928594109'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2018/01/swisscoin-sic-cryptocurrency-spam.html' title='Swisscoin [SIC] cryptocurrency spam'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-ChBb1SZ4dOY/TfymeL0skfI/AAAAAAAAAQY/-_xrPaL0Yocmu15KWAkRLZTYxPkBn90LACPcBGAYYCw/s72-c/spam.jpg" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-1860881061487133128</id><published>2017-12-04T19:04:00.000+00:00</published><updated>2017-12-04T19:04:00.724+00:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Politics"/><category scheme="http://www.blogger.com/atom/ns#" term="Porn"/><title type='text'>Some random thoughts on Damian Green and those porn allegations</title><summary type="text">
If you live in the UK then you might have noticed the somewhat bizarre furore over Damian Green MP and his alleged viewing of pornography on house his Parliament computer. Now, I don&#39;t know for certain if he did or didn&#39;t, but to put it in context his private email address also allegedly turned up in the Ashley Madison leak and on top of that there are sexual harassment allegations too. But </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/1860881061487133128/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=1860881061487133128' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1860881061487133128'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1860881061487133128'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/12/some-random-thoughts-on-damian-green.html' title='Some random thoughts on Damian Green and those porn allegations'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-R9jgGuNCI-8/WiWYG-ay3fI/AAAAAAAAMlw/Z2tNMFIHbhYYipIqmQD-CO7rA2e4i9epACLcBGAs/s72-c/d-green.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-8149710501456814140</id><published>2017-10-31T15:47:00.000+00:00</published><updated>2017-10-31T15:52:07.886+00:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Porn"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Scams"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>Bogus porn blackmail attempt from adulthehappytimes.com</title><summary type="text">
This blackmail attempt is completely bogus, sent from a server belonging to the adulthehappytimes.com domain.
 Hannah Taylor [bill@adulthehappytimes.com]
Reply-To:
 bill@adulthehappytimes.com
 contact@victimdomail.tld
 31 October 2017 at 15:06
Subject:
t ID: DMS-883-97867 [contact@victimdomail.tld] 31/10/2017 03:35:54 Maybe this will change your life
Signed </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/8149710501456814140/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=8149710501456814140' title='3 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/8149710501456814140'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/8149710501456814140'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/10/bogus-porn-blackmail-attempt-from.html' title='Bogus porn blackmail attempt from adulthehappytimes.com'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-TcTayzpueLA/TfypQFAsdwI/AAAAAAAAAQc/OUpyA5HoQtwT-ZR3iWxTiEbs9I_orzKKgCPcBGAYYCw/s72-c/scam.png" height="72" width="72"/><thr:total>3</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-1486398441285337065</id><published>2017-10-25T10:13:00.000+01:00</published><updated>2017-10-25T10:13:16.520+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Evil Network"/><category scheme="http://www.blogger.com/atom/ns#" term="inferno.name"/><category scheme="http://www.blogger.com/atom/ns#" term="Serbia"/><title type='text'>Updated 3NT Solutions LLP / inferno.name / V3Servers.net IP ranges</title><summary type="text">
When I was investigating IOCs for the recent outbreak of BadRabbit ransomware I discovered that it downloaded from a domain 1dnscontrol.com hosted on 5.61.37.209. This IP belongs to a company called 3NT Solutions LLP that I have blogged about before.
It had been three-and-a-half years since I looked at their IP address ranges so I thought I would give them a refresh. My personal recommendation</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/1486398441285337065/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=1486398441285337065' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1486398441285337065'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1486398441285337065'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/10/updated-3nt-solutions-llp-infernoname.html' title='Updated 3NT Solutions LLP / inferno.name / V3Servers.net IP ranges'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-eppr5B3iNHE/VNSq53Al_7I/AAAAAAAAGN4/une1JD3bEcg7VMcA8N-xKP9smV922bJNQCPcBGAYYCw/s72-c/evil-network.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-5842135572983101890</id><published>2017-10-24T09:43:00.000+01:00</published><updated>2017-10-24T09:43:07.205+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Iran"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="OVH"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Order acknowledgement for BEPO/N1/380006006(2)&quot;</title><summary type="text">
A change to the usual Necurs rubbish, this fake order has a malformed .z archive file which contains a malicious executable with an icon to make it look like an Office document.
Reply-To:
 purchase@animalagriculture.orgTo:
 Recipients [DY]Date:
 24 October 2017 at 06:48Subject:
 FW: Order acknowledgement for BEPO/N1/380006006(2)Dear All,Kindly find the attached Purchase order# IT/</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/5842135572983101890/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=5842135572983101890' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5842135572983101890'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5842135572983101890'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/10/malware-spam-order-acknowledgement-for.html' title='Malware spam: &quot;Order acknowledgement for BEPO/N1/380006006(2)&quot;'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-hywvkVkbMcQ/TgB7d64nvuI/AAAAAAAAAQg/cvESXHGsXRcV1Sj4gkChWDnEvdhCzZskACPcBGAYYCw/s72-c/bomb.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-432661943672584230</id><published>2017-10-17T13:31:00.003+01:00</published><updated>2017-10-17T13:31:55.924+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Bulgaria"/><category scheme="http://www.blogger.com/atom/ns#" term="Evil Network"/><category scheme="http://www.blogger.com/atom/ns#" term="Fast Serv"/><category scheme="http://www.blogger.com/atom/ns#" term="Qhoster"/><title type='text'>Evil network: Fast Serv Inc / Qhoster.com</title><summary type="text">
Checking these IOCs for this latest Flash 0-day came up with an interesting IP address of 89.45.67.107 which belongs to Fast Serv Inc aka Qhoster, probably of Bulgaria but masquerading themselves as a Belize outfit.
I came across Fast Serv / Qhoster a lot last year during the Angler EK epidemic, where they had entire ranges full of badness, often with no discernable legitimate sites at all. It</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/432661943672584230/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=432661943672584230' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/432661943672584230'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/432661943672584230'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/10/evil-network-fast-serv-inc-qhostercom.html' title='Evil network: Fast Serv Inc / Qhoster.com'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-eppr5B3iNHE/VNSq53Al_7I/AAAAAAAAGN4/une1JD3bEcg7VMcA8N-xKP9smV922bJNQCPcBGAYYCw/s72-c/evil-network.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-5514990907153859901</id><published>2017-10-08T14:03:00.000+01:00</published><updated>2017-10-08T14:03:26.326+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Scams"/><category scheme="http://www.blogger.com/atom/ns#" term="South Africa"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Vietnam"/><title type='text'>Scam: &quot;Help Your Child To Be A Professional Footballer.&quot; / info@champ-footballacademyagency.co.uk</title><summary type="text">
This spam email is a scam:
Subject:
 Help Your Child To Be A Professional Footballer.From:
 &quot;FC Academy&quot; [csa@sargas-tm.eu]Date:
 Sun, October 8, 2017 10:30 amTo:
 &quot;Recipients&quot; [fcsa@sargas-tm.eu]Priority:
 NormalHello,Does your child desire to become a professional footballer?Our football academy are currently scouting for young football player to participate in 3-6 </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/5514990907153859901/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=5514990907153859901' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5514990907153859901'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5514990907153859901'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/10/scam-help-your-child-to-be-professional.html' title='Scam: &quot;Help Your Child To Be A Professional Footballer.&quot; / info@champ-footballacademyagency.co.uk'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-TcTayzpueLA/TfypQFAsdwI/AAAAAAAAAQc/OUpyA5HoQtwT-ZR3iWxTiEbs9I_orzKKgCPcBGAYYCw/s72-c/scam.png" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-5911094451453827361</id><published>2017-09-28T11:20:00.001+01:00</published><updated>2017-09-28T13:53:55.181+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="TrickBot"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Emailing: Scan0xxx&quot; from &quot;Sales&quot; delivers Locky or Trickbot</title><summary type="text">
This fake document scan delivers different malware depending on the victim&#39;s location:
Subject:
 Emailing: Scan0963
 &quot;Sales&quot; [sales@victimdomain.tld]
 Thu, September 28, 2017 10:31 am
Your message is ready to be sent with the following file or link
attachments:
Scan0963
Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/5911094451453827361/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=5911094451453827361' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5911094451453827361'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5911094451453827361'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/malware-spam-emailing-scan0xxx-from.html' title='Malware spam: &quot;Emailing: Scan0xxx&quot; from &quot;Sales&quot; delivers Locky or Trickbot'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://1.bp.blogspot.com/-bty17WvmvUo/VMak5TdSJbI/AAAAAAAAGLc/JMbyGJdeOtov6nkNmUXpQAR0wtIF3gSiACPcBGAYYCw/s72-c/scan.png" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-9057220024897295625</id><published>2017-09-26T18:46:00.001+01:00</published><updated>2017-09-26T18:46:21.156+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;AutoPosted PI Notifier&quot; </title><summary type="text">
This spam has a .7z file leading to Locky ransomware.
 &quot;AutoPosted PI Notifier&quot; [NoReplyMailbox@redacted.tld]
Subject:
 Invoice PIS9344608
 Tue, September 26, 2017 5:29 pm
Please find Invoice PIS9344608 attached.
The number referenced in the spam varies, but attached is a .7z archive file with a matching filename. In turn, this contains one of a number of malicious VBS</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/9057220024897295625/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=9057220024897295625' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9057220024897295625'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/9057220024897295625'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/malware-spam-autoposted-pi-notifier.html' title='Malware spam: &quot;AutoPosted PI Notifier&quot; '/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-4541613722127924774</id><published>2017-09-21T09:51:00.000+01:00</published><updated>2017-09-21T10:16:10.677+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Amazon"/><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Invoice RE-2017-09-21-00xxx&quot; from &quot;Amazon Marketplace&quot;</title><summary type="text">
This fake Amazon spam comes with a malicious attachment:
Subject:
 Invoice RE-2017-09-21-00794
 &quot;Amazon Marketplace&quot; [yAhbPDAoufvZE@marketplace.amazon.co.uk]
 Thu, September 21, 2017 9:21 am
Priority:
 Normal
------------- Begin message -------------
Dear customer,
We want to use this opportunity to first say &quot;Thank you very much for your purchase!&quot;
</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/4541613722127924774/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=4541613722127924774' title='4 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4541613722127924774'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4541613722127924774'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/malware-spam-invoice-re-2017-09-21.html' title='Malware spam: &quot;Invoice RE-2017-09-21-00xxx&quot; from &quot;Amazon Marketplace&quot;'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>4</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-230352866795216887</id><published>2017-09-18T10:11:00.001+01:00</published><updated>2017-09-18T10:24:38.552+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Bulgaria"/><category scheme="http://www.blogger.com/atom/ns#" term="Estonia"/><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Status of invoice&quot; with .7z attachment</title><summary type="text">
This spam leads to Locky ransomware:
Subject:
 Status of invoice
 &quot;Rosella Setter&quot; ordering@[redacted]
 Mon, September 18, 2017 9:30 am
Hello,
Could you please let me know the status of the attached invoice? I
appreciate your help!
Best regards,
Rosella Setter
Tel: 206-575-8068 x 100
Fax: 206-575-8094
 Ordering@[redacted].com
* Kindly note we will be </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/230352866795216887/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=230352866795216887' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/230352866795216887'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/230352866795216887'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/malware-spam-status-of-invoice-with-7z.html' title='Malware spam: &quot;Status of invoice&quot; with .7z attachment'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://1.bp.blogspot.com/-Ny5VWOYmFzY/VFfHZVb3KFI/AAAAAAAAF54/esl8RS0lLMEigFZYWAf1edgsKtriXTWdwCPcBGAYYCw/s72-c/invoice.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-2408421481850129937</id><published>2017-09-06T07:39:00.001+01:00</published><updated>2017-09-06T07:39:54.910+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Joe Job"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><title type='text'>QTUM Cryptocurrency spam</title><summary type="text">
This spam email appears to be sent by the Necurs botnet, advertising a new Bitcoin-like cryptocurrency called QTUM. Necurs is often used to pump malware, pharma and data spam and sometimes stock pump and dump.
There is no guarantee that this is actually being sent by the people running QTUM, it could simply be a Joe Job to disrupt operations. Given some of the wording alluding to illegal </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/2408421481850129937/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=2408421481850129937' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2408421481850129937'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2408421481850129937'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/qtum-cryptocurrency-spam.html' title='QTUM Cryptocurrency spam'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://2.bp.blogspot.com/-ChBb1SZ4dOY/TfymeL0skfI/AAAAAAAAAQY/-_xrPaL0Yocmu15KWAkRLZTYxPkBn90LACPcBGAYYCw/s72-c/spam.jpg" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-5371526221784205894</id><published>2017-09-05T11:21:00.001+01:00</published><updated>2017-09-05T11:21:56.932+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Ukraine"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><category scheme="http://www.blogger.com/atom/ns#" term="Webazilla"/><title type='text'>Malware spam: &quot;Scanning&quot; pretending to be from tayloredgroup.co.uk</title><summary type="text">
This spam email pretends to be from tayloredgroup.co.uk but it is just a simple forgery leading to Locky ransomware. There is both a malicious attachment and link in the body text. The name of the sender varies.
Subject:
 ScanningFrom:
 &quot;Jeanette Randels&quot; [Jeanette.Randels@tayloredgroup.co.uk]Date:
 Thu, May 18, 2017 8:26 pmhttps://dropbox.com/file/9A30AA-- Jeanette Randels </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/5371526221784205894/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=5371526221784205894' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5371526221784205894'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/5371526221784205894'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/09/malware-spam-scanning-pretending-to-be.html' title='Malware spam: &quot;Scanning&quot; pretending to be from tayloredgroup.co.uk'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-7119977116868014435</id><published>2017-08-25T13:44:00.000+01:00</published><updated>2017-08-25T13:44:39.190+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Voicemail Service&quot; / &quot;New voice message..&quot;</title><summary type="text">
The jumble of numbers in this spam is a bit confusing. Attached is a malicious RAR file that leads to Locky ransomware.
Subject:
 New voice message 18538124076 in mailbox 185381240761 from &quot;18538124076&quot; &lt;6641063681&gt;From:
 &quot;Voicemail Service&quot; [vmservice@victimdomain.tdl]Date:
 Fri, August 25, 2017 12:36 pmDear user:just wanted to let you know you were just left a 0:13 long </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/7119977116868014435/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=7119977116868014435' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7119977116868014435'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/7119977116868014435'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/malware-spam-voicemail-service-new.html' title='Malware spam: &quot;Voicemail Service&quot; / &quot;New voice message..&quot;'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-1491402286460414569</id><published>2017-08-25T09:53:00.003+01:00</published><updated>2017-08-25T09:53:53.288+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Your Sage subscription invoice is ready&quot; / noreply@sagetop.com</title><summary type="text">
This fake Sage invoice leads to Locky ransomware. Quite why Sage are picked on so much by the bad guys is a bit of a mystery.
Subject:
 Your Sage subscription invoice is readyFrom:
 &quot;noreply@sagetop.com&quot; [noreply@sagetop.com]Date:
 Thu, August 24, 2017 8:49 pmDear CustomerYour Sage subscription invoice is now ready to view.Sage subscriptions To view your Sage subscription </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/1491402286460414569/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=1491402286460414569' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1491402286460414569'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/1491402286460414569'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/malware-spam-your-sage-subscription.html' title='Malware spam: &quot;Your Sage subscription invoice is ready&quot; / noreply@sagetop.com'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-2434939103343710987</id><published>2017-08-24T19:21:00.003+01:00</published><updated>2017-08-24T19:21:52.641+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="China"/><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Multiple badness on metoristrontgui.info / 119.28.100.249</title><summary type="text">
Two massive fake &quot;Bill&quot; spam runs seem to be under way, one claiming to be from BT and the other being more generic.
Subject:
 New BT BillFrom:
 &quot;BT Business&quot; [btbusiness@bttconnect.com]Date:
 Thu, August 24, 2017 6:08 pmPriority:
 NormalFrom BTNew BT BillYour bill amount is: $106.84This doesn&#39;t include any amounts brought forward from any other bills.We&#39;ve put your latest</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/2434939103343710987/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=2434939103343710987' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2434939103343710987'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/2434939103343710987'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/multiple-badness-on-metoristrontguiinfo.html' title='Multiple badness on metoristrontgui.info / 119.28.100.249'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://1.bp.blogspot.com/-Ny5VWOYmFzY/VFfHZVb3KFI/AAAAAAAAF54/esl8RS0lLMEigFZYWAf1edgsKtriXTWdwCPcBGAYYCw/s72-c/invoice.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-4960057798950897488</id><published>2017-08-23T22:01:00.001+01:00</published><updated>2017-08-23T22:01:36.778+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Customer Service&quot; / &quot;Copy of Invoice xxxx&quot;</title><summary type="text">
This fairly generic spam leads to the Locky ransomware:
Subject:
 Copy of Invoice 3206From:
 &quot;Customer Service&quot; Date:
 Wed, August 23, 2017 9:12 pmPlease download file containing your order information.If you have any further questions regarding your invoice, please call Customer Service.Please do not reply directly to this automatically generated e-mail message.Thank </summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/4960057798950897488/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=4960057798950897488' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4960057798950897488'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4960057798950897488'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/malware-spam-customer-service-copy-of.html' title='Malware spam: &quot;Customer Service&quot; / &quot;Copy of Invoice xxxx&quot;'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://4.bp.blogspot.com/-rX5wVZgK130/VuAZI-8br7I/AAAAAAAAHuI/G8YT40A_in0ZXt-vBJW1kPQe3uboaI4GwCPcBGAYYCw/s72-c/ransomware.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-4766135751228938941</id><published>2017-08-23T11:23:00.000+01:00</published><updated>2017-08-23T12:09:37.866+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="China"/><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="Ransomware"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam: &quot;Voice Message Attached from 0xxxxxxxxxxx - name unavailable&quot;</title><summary type="text">
This fake voice mail message leads to malware. It comes in two slightly different versions, one with a RAR file download and the other with a ZIP.
Subject:
 Voice Message Attached from 001396445685 - name unavailable
 &quot;Voice Message&quot; &lt;vmservice@victimdomain.tld&gt;
 Wed, August 23, 2017 10:22 am
Time: Wed, 23 Aug 2017 14:52:12 +0530
Download &lt;http://</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/4766135751228938941/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=4766135751228938941' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4766135751228938941'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/4766135751228938941'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/malware-spam-voice-message-attached.html' title='Malware spam: &quot;Voice Message Attached from 0xxxxxxxxxxx - name unavailable&quot;'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://1.bp.blogspot.com/-n9p0tXYqybQ/VElLzCsukwI/AAAAAAAAF3w/4C7I12oFWxoFERbjFXcKawgaFa3rilGBwCPcBGAYYCw/s72-c/voicemail2.png" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-804714437673009003.post-288595609668045344</id><published>2017-08-22T10:55:00.001+01:00</published><updated>2017-08-22T10:55:50.404+01:00</updated><category scheme="http://www.blogger.com/atom/ns#" term="Locky"/><category scheme="http://www.blogger.com/atom/ns#" term="Malware"/><category scheme="http://www.blogger.com/atom/ns#" term="OVH"/><category scheme="http://www.blogger.com/atom/ns#" term="Russia"/><category scheme="http://www.blogger.com/atom/ns#" term="Spam"/><category scheme="http://www.blogger.com/atom/ns#" term="Viruses"/><title type='text'>Malware spam from &quot;Voicemail Service&quot; [pbx@local]</title><summary type="text">
This fake voicemail leads to malware:
Subject:
 [PBX]: New message 46 in mailbox 461 from &quot;460GOFEDEX&quot; &lt;8476446077&gt;
 &quot;Voicemail Service&quot; [pbx@local]
 Tue, August 22, 2017 10:37 am
 &quot;Evelyn Medina&quot; 
Priority:
 Normal
Dear user:
 just wanted to let you know you were just left a 0:53 long message (number 46)
in mailbox 461 from &quot;460GOFEDEX&quot; &lt;</summary><link rel='replies' type='application/atom+xml' href='https://blog.dynamoo.com/feeds/288595609668045344/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=804714437673009003&amp;postID=288595609668045344' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/288595609668045344'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/804714437673009003/posts/default/288595609668045344'/><link rel='alternate' type='text/html' href='https://blog.dynamoo.com/2017/08/malware-spam-from-voicemail-service.html' title='Malware spam from &quot;Voicemail Service&quot; [pbx@local]'/><author><name>Unknown</name><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://1.bp.blogspot.com/-n9p0tXYqybQ/VElLzCsukwI/AAAAAAAAF3w/4C7I12oFWxoFERbjFXcKawgaFa3rilGBwCPcBGAYYCw/s72-c/voicemail2.png" height="72" width="72"/><thr:total>1</thr:total></entry></feed>