{ "attachments": [ { "files": [ { "sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", "virustotal": { "response_code": 200, "results": { "scan_id": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01-1487943477", "sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01", "resource": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", "response_code": 1, "scan_date": "2017-02-24 13:37:57", "permalink": "https://www.virustotal.com/file/d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01/analysis/1487943477/", "verbose_msg": "Scan finished, information embedded", "sha1": "03cbac8c13035fa930a51fffcd6666cf4cd9dfdb", "positives": 44, "total": 58, "md5": "c106f9bc7174402b582cffc1d6399b46", "scans": [ { "version": "12.0.250.0", "result": "Trojan.GenericKD.3479134", "antivirus": "MicroWorld-eScan", "update": "20170224" }, { "version": "14.00", "result": "Trojan.Dynamer", "antivirus": "CAT-QuickHeal", "update": "20170223" }, { "version": "6.0.6.653", "result": "RDN/Generic PWS.y", "antivirus": "McAfee", "update": "20170224" }, { "version": "2.1.1.1115", "result": "Trojan.Zbot", "antivirus": "Malwarebytes", "update": "20170224" }, { "version": "56208", "result": "Trojan.Win32.Generic.pak!cobra", "antivirus": "VIPRE", "update": "20170224" }, { "version": "10.2.22532", "result": "Trojan ( 004f66491 )", "antivirus": "K7GW", "update": "20170224" }, { "version": "10.2.22530", "result": "Trojan ( 004f66491 )", "antivirus": "K7AntiVirus", "update": "20170224" }, { "version": "9.740.0.1012", "result": "TROJ_FRS.0NA003HL16", "antivirus": "TrendMicro", "update": "20170224" }, { "version": "4.7.1.166", "result": "W32/Trojan3.WXC", "antivirus": "F-Prot", "update": "20170224" }, { "version": "1.2.1.0", "result": "Infostealer.Limitail", "antivirus": "Symantec", "update": "20170224" }, { "version": "9.900.0.1004", "result": "TROJ_FRS.0NA003HL16", "antivirus": "TrendMicro-HouseCall", "update": "20170224" }, { "version": "8.0.1489.320", "result": "Win32:Malware-gen", "antivirus": "Avast", "update": "20170224" }, { "version": "15.0.1.13", "result": "UDS:DangerousObject.Multi.Generic", "antivirus": "Kaspersky", "update": "20170224" }, { "version": "7.2", "result": "Trojan.GenericKD.3479134", "antivirus": "BitDefender", "update": "20170224" }, { "version": "1.0.70.15190", "result": "Trojan.Win32.Stealer.eloogm", "antivirus": "NANO-Antivirus", "update": "20170224" }, { "version": "4.2", "result": "Uds.Dangerousobject.Multi!c", "antivirus": "AegisLab", "update": "20170224" }, { "version": "1.0.0.1", "result": "Win32.Trojan.Inject.Auto", "antivirus": "Tencent", "update": "20170224" }, { "version": "3.0.3.794", "result": "Trojan.GenericKD.3479134", "antivirus": "Ad-Aware", "update": "20170224" }, { "version": "4.98.0", "result": "Troj/Fareit-BCY", "antivirus": "Sophos", "update": "20170224" }, { "version": "11.0.19100.45", "result": "Trojan.GenericKD.3479134", "antivirus": "F-Secure", "update": "20170224" }, { "version": "7.0.27.12160", "result": "Trojan.PWS.Stealer.17779", "antivirus": "DrWeb", "update": "20170224" }, { "version": "6.2.2.24419", "result": "virtool.win32.injector.fq", "antivirus": "Invincea", "update": "20170203" }, { "version": "v2015", "result": "BehavesLike.Win32.PWSZbot.gc", "antivirus": "McAfee-GW-Edition", "update": "20170224" }, { "version": "4.0.0.834", "result": "Trojan.GenericKD.3479134 (B)", "antivirus": "Emsisoft", "update": "20170224" }, { "version": "5.4.16.7", "result": "W32/Trojan.MLZK-1378", "antivirus": "Cyren", "update": "20170224" }, { "version": "1.0.0.207", "result": "W32.Trojan.Gen", "antivirus": "Webroot", "update": "20170224" }, { "version": "8.3.3.4", "result": "TR/Dropper.VB.iunj", "antivirus": "Avira", "update": "20170224" }, { "version": "5.4.233.0", "result": "W32/Injector.DEKC!tr", "antivirus": "Fortinet", "update": "20170224" }, { "version": "1.0.0.1", "result": "Trojan/Win32.TSGeneric", "antivirus": "Antiy-AVL", "update": "20170224" }, { "version": "0.1.1", "result": "malicious (high confidence)", "antivirus": "Endgame", "update": "20170222" }, { "version": "1.0.0.795", "result": "Trojan.Generic.D35165E", "antivirus": "Arcabit", "update": "20170224" }, { "version": "5.6.0.1032", "result": "Trojan.Agent/Gen-VB", "antivirus": "SUPERAntiSpyware", "update": "20170224" }, { "version": "1.1.13504.0", "result": "Trojan:Win32/Dynamer!ac", "antivirus": "Microsoft", "update": "20170224" }, { "version": "3.8.3.16811", "result": "Trojan/Win32.ZBot.C1530633", "antivirus": "AhnLab-V3", "update": "20170224" }, { "version": "1.0.1.9", "result": "Trojan.GenericKD.3479134", "antivirus": "ALYac", "update": "20170224" }, { "version": "1.5.0.42", "result": "Trojan.Win32.Generic.pak!cobra", "antivirus": "AVware", "update": "20170224" }, { "version": "14989", "result": "a variant of Win32/Injector.DDZN", "antivirus": "ESET-NOD32", "update": "20170224" }, { "version": "28.0.0.1", "result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ", "antivirus": "Rising", "update": "20170224" }, { "version": "5.5.1.3", "result": "Trojan.Injector!RxvLSVNo9PA", "antivirus": "Yandex", "update": "20170222" }, { "version": "0.1.5.2", "result": "Trojan.VB.Inject", "antivirus": "Ikarus", "update": "20170224" }, { "version": "25", "result": "Trojan.GenericKD.3479134", "antivirus": "GData", "update": "20170224" }, { "version": "16.0.0.4756", "result": "Inject3.BBKO", "antivirus": "AVG", "update": "20170224" }, { "version": "4.6.4.2", "result": "Trj/GdSda.A", "antivirus": "Panda", "update": "20170224" }, { "version": "1.0", "result": "malicious_confidence_100% (D)", "antivirus": "CrowdStrike", "update": "20170130" } ] } }, "extension": ".exe", "Content-Type": "application/x-dosexec", "analisys_date": "2017-08-13T14:41:03.804051", "filename": "IMG-PO-492384BA_outputB93880.exe", "is_filtered": [ false ], "ssdeep": "6144:UB0Qyhp5axJdq3PHo0Tq54BoSoUNRGui+YvEc8xoQAe6J+z/I93xgH38IN8I:UHIp5UqvdK4BoaREhEO5e6Jg/I93iXr", "sha256": "d07fe1e95fb686c9f74774586d80dde0bec257382a6fbf667f08e2d316b7dd01", "sha512": "59af8a425dee54609707079ac04b3645753f6101f794cb3738cdab575f0d5805d073bf0b10224a77e44fd28d687ff677a199df42eefe98879852351b3d5dca68", "payload": "TVqQAAMAAA...", "md5": "c106f9bc7174402b582cffc1d6399b46", "size": 449368 } ], "Content-Type": "application/zip", "sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", "virustotal": { "response_code": 200, "results": { "scan_id": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44-1487945645", "sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44", "resource": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", "response_code": 1, "scan_date": "2017-02-24 14:14:05", "permalink": "https://www.virustotal.com/file/122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44/analysis/1487945645/", "verbose_msg": "Scan finished, information embedded", "sha1": "3ca2c7a41536fd89a172ba948ea4f741e4ef9fd6", "positives": 41, "total": 59, "md5": "2723dd2e5ce2b21b7df8e8f43121032c", "scans": [ { "version": "1.3.0.8871", "result": "HW32.Packed.8CC2", "antivirus": "Bkav", "update": "20170224" }, { "version": "12.0.250.0", "result": "Trojan.GenericKD.3479134", "antivirus": "MicroWorld-eScan", "update": "20170224" }, { "version": "14.00", "result": "Trojan.Dynamer", "antivirus": "CAT-QuickHeal", "update": "20170223" }, { "version": "6.0.6.653", "result": "RDN/Generic PWS.y", "antivirus": "McAfee", "update": "20170224" }, { "version": "2.1.1.1115", "result": "Trojan.Zbot", "antivirus": "Malwarebytes", "update": "20170224" }, { "version": "56208", "result": "Trojan.Win32.Generic.pak!cobra", "antivirus": "VIPRE", "update": "20170224" }, { "version": "7.2", "result": "Trojan.GenericKD.3479134", "antivirus": "BitDefender", "update": "20170224" }, { "version": "10.2.22532", "result": "Trojan ( 004f66491 )", "antivirus": "K7GW", "update": "20170224" }, { "version": "10.2.22530", "result": "Trojan ( 004f66491 )", "antivirus": "K7AntiVirus", "update": "20170224" }, { "version": "9.740.0.1012", "result": "TROJ_FR.0DA9DC19", "antivirus": "TrendMicro", "update": "20170224" }, { "version": "4.7.1.166", "result": "W32/Trojan3.WXC", "antivirus": "F-Prot", "update": "20170224" }, { "version": "1.2.1.0", "result": "SecurityRisk.gen1", "antivirus": "Symantec", "update": "20170224" }, { "version": "9.900.0.1004", "result": "TROJ_FRS.0NA003HL16", "antivirus": "TrendMicro-HouseCall", "update": "20170224" }, { "version": "8.0.1489.320", "result": "Win32:Malware-gen", "antivirus": "Avast", "update": "20170224" }, { "version": "1.0.70.15190", "result": "Trojan.Win32.Stealer.eloogm", "antivirus": "NANO-Antivirus", "update": "20170224" }, { "version": "28.0.0.1", "result": "Malware.Generic.5!tfe (thunder:5:0vn3AnCxW2S) ", "antivirus": "Rising", "update": "20170224" }, { "version": "3.0.3.794", "result": "Trojan.GenericKD.3479134", "antivirus": "Ad-Aware", "update": "20170224" }, { "version": "4.98.0", "result": "Troj/Fareit-BCY", "antivirus": "Sophos", "update": "20170224" }, { "version": "11.0.19100.45", "result": "Trojan.GenericKD.3479134", "antivirus": "F-Secure", "update": "20170224" }, { "version": "7.0.27.12160", "result": "Trojan.PWS.Stealer.17779", "antivirus": "DrWeb", "update": "20170224" }, { "version": "6.2.2.24419", "result": "virtool.win32.injector.fq", "antivirus": "Invincea", "update": "20170203" }, { "version": "v2015", "result": "BehavesLike.Trojan.fc", "antivirus": "McAfee-GW-Edition", "update": "20170224" }, { "version": "4.0.0.834", "result": "Trojan.GenericKD.3479134 (B)", "antivirus": "Emsisoft", "update": "20170224" }, { "version": "5.4.16.7", "result": "W32/Trojan.MLZK-1378", "antivirus": "Cyren", "update": "20170224" }, { "version": "1.0.0.207", "result": "W32.Trojan.Gen", "antivirus": "Webroot", "update": "20170224" }, { "version": "8.3.3.4", "result": "TR/Dropper.VB.iunj", "antivirus": "Avira", "update": "20170224" }, { "version": "5.4.233.0", "result": "W32/Injector.DEKC!tr", "antivirus": "Fortinet", "update": "20170224" }, { "version": "1.0.0.1", "result": "Trojan/Win32.TSGeneric", "antivirus": "Antiy-AVL", "update": "20170224" }, { "version": "1.0.0.795", "result": "Trojan.Generic.D35165E", "antivirus": "Arcabit", "update": "20170224" }, { "version": "4.2", "result": "Troj.Generickd!c", "antivirus": "AegisLab", "update": "20170224" }, { "version": "1.1.13504.0", "result": "Trojan:Win32/Dynamer!ac", "antivirus": "Microsoft", "update": "20170224" }, { "version": "3.8.3.16811", "result": "Trojan/Win32.ZBot.C1530633", "antivirus": "AhnLab-V3", "update": "20170224" }, { "version": "1.0.1.9", "result": "Trojan.GenericKD.3479134", "antivirus": "ALYac", "update": "20170224" }, { "version": "1.5.0.42", "result": "Trojan.Win32.Generic.pak!cobra", "antivirus": "AVware", "update": "20170224" }, { "version": "14990", "result": "a variant of Win32/Injector.DDZN", "antivirus": "ESET-NOD32", "update": "20170224" }, { "version": "1.0.0.1", "result": "Win32.Trojan.Inject.Auto", "antivirus": "Tencent", "update": "20170224" }, { "version": "5.5.1.3", "result": "Trojan.Injector!RxvLSVNo9PA", "antivirus": "Yandex", "update": "20170222" }, { "version": "0.1.5.2", "result": "Trojan.VB.Inject", "antivirus": "Ikarus", "update": "20170224" }, { "version": "25", "result": "Trojan.GenericKD.3479134", "antivirus": "GData", "update": "20170224" }, { "version": "16.0.0.4756", "result": "Inject3.BBKO", "antivirus": "AVG", "update": "20170224" }, { "version": "4.6.4.2", "result": "Trj/GdSda.A", "antivirus": "Panda", "update": "20170224" } ] } }, "extension": ".zip", "is_archive": true, "sha512": "37e93b79707b56afeb91a4a3ee8c2180e5137b6a3912db46b5e58bd412d9295f3c14e123271ac0fb6b8db22572e6d67c054efda90ee4618fbf94faaeff1bc08b", "analisys_date": "2017-08-13T14:41:03.741653", "filename": "Payment Invoice.zip", "mail_content_type": "application/x-zip-compressed", "tika": [ { "Content-Length": "350899", "X-TIKA:content": "\n\n\n\n\n\n\n\n\n\nIMG-PO-492384BA_outputB93880.exe\n\n", "X-TIKA:parse_time_millis": "103", "resourceName": "tmpbbXZWU", "Content-Type": "application/zip", "X-Parsed-By": [ "org.apache.tika.parser.DefaultParser", "org.apache.tika.parser.pkg.PackageParser" ] }, { "machine:endian": "Little", "machine:machineType": "x86-32", "Content-Length": "449368", "embeddedRelationshipId": "IMG-PO-492384BA_outputB93880.exe", "modified": "2016-08-18T14:42:54Z", "X-TIKA:embedded_resource_path": "/IMG-PO-492384BA_outputB93880.exe", "meta:save-date": "2016-08-18T14:42:54Z", "machine:architectureBits": "32", "Last-Modified": "2016-08-18T14:42:54Z", "Creation-Date": "2016-08-18T21:42:53Z", "X-TIKA:parse_time_millis": "23", "date": "2016-08-18T14:42:54Z", "resourceName": "IMG-PO-492384BA_outputB93880.exe", "machine:platform": "Windows", "dcterms:modified": "2016-08-18T14:42:54Z", "Content-Type": "application/x-msdownload", "Last-Save-Date": "2016-08-18T14:42:54Z", "X-Parsed-By": [ "org.apache.tika.parser.DefaultParser", "org.apache.tika.parser.executable.ExecutableParser" ] } ], "is_filtered": false, "ssdeep": "6144:KbMHo7O8JQbO4sMZ8EJqhLTKE1hNRGui+YvEsRqoh84Ll7Jy:KIHmKDs8Nq1TDREhEyqALZM", "sha256": "122ee2a3c58dd0145107c132a1dbcba569318d9d7a6c1b976d8bd94aad7b9f44", "content_transfer_encoding": "base64", "payload": "UEsDBBQAAA...", "md5": "2723dd2e5ce2b21b7df8e8f43121032c", "size": 350899 } ], "analisys_date": "2017-08-13T14:41:03.490180", "date": "2016-08-19T14:33:29", "anomalies": [ "mail_without_message-id" ], "has_defects": false, "subject": "PI", "from": "\"Anabel Gonzalo\"", "network": { "is_filtered": false, "virustotal": "{\"response_code\": 200, \"results\": {\"response_code\": 0, \"verbose_msg\": \"Missing IP address\"}}" }, "path_mail": "/mnt/mails/untroubled.org/1471832668.1377_3.ivanova.orig", "with_attachments": true, "priority": 1, "to": "bruce@untroubled.org", "sha256": "948455f40fe7bb6cd7ecb573ba98ad5ec5537fc5bbab12661a947ef21b29e7f7", "sha512": "28a38068ce78e116939a2027d2aedc4ac382f481a1b03c3022bb0e35384ab58059abbd263808b700d31feb0c6ca888242ab375ae8bcd5b8a3ddaa67eefb1ebb8", "message_id": null, "body": "\n\n\n\n
\n 
\n
\n 
\n
\n 
\n
\n 
\n
\nDear All,
\n
\n
\n
\n 
\n
\nWe have made the payment of USD 103,349,35. TT copy attached for full payment details.
\n
\n 
\n
\n
\n
\n 
\n
\nDocument         N.           AMOUNT DIV.
\n
\n 
\n
\nINVOICE              5328  103548,25 USD
\n
\n 
\n
\nCREDIT NOTE ECS/CN/06               -198,9 USD
\n
\n 
\n
\nTOTAL AMOUNT           103349,35 USD
\n
\n 
\n
\n
\n
\n 
\n
\nI am forwarding you the e-mail that the brokering company has sent us. You will receive the money into your account in a couple of days.
\n
\n 
\n
\n
\n
\n 
\n
\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
\n\n
\n 
\n
\nBooked Date
\n\n 		\n\n
\n 
\n
\nForeign Currency Payment Amount
\n\n 		\n\n
\n 
\n
\nRate Booked
\n\n 		\n\n
\n 
\n
\nBase Currency Amount
\n\n 		\n\n
\n 
\n
\n    Fees
\n\n 		\n\n
\n 
\n
\nSettlement Amount
\n\n
\n\n
\n19/08/2016 08:11:28
\n\n 		\n\n
\n103349.35 (USD )
\n\n 		\n\n
\n1.11127
\n\n 		\n\n
\n103314.37 (EUR )
\n\n 		\n\n
\n5 (EUR )
\n\n 		\n\n
\n103319.37 (EUR )
\n\n
\n
\n
\n 
\n
\n 
\n
\n
\n
\n 
\n
\nNominated Account:
\n
\n 
\n
\n
\n
\n 
\n
\nBank Account Name: Interpay Limited
\n
\nBank: CAIXABANK, S.A.
\n
\nBank Country: Spain
\n
\nIBAN: ES67 2100 3467 1007 0001 6539
\n
\nAccount Number: 0700016539
\n
\nCurrency: EUR
\n
\nSWIFT/BIC Code: CAIXESBBXXX
\n
\nNational Bank Code: 21003467
\n
\n 
\n
\n
\n
\n 
\n
\n
\n
\n 
\n
\nPlease ensure to use the Booking Reference Number quoted below:
\n
\n 
\n
\n
\n
\n 
\n
\nBooking Reference Number: B210154
\n
\n 
\n
\n
\n
\n 
\n
\nPlease Complete TT details attached.
\n
\n 
\n
\n
\n
\n 
\n
\nBest regards
\n
\n 
\n
\n
\n
\n 
\n
\n
\n
\n 
\n
\nAnabel Gonzalo
\n
\n 
\n
\nResponsable de Compras / Purchasing Manager
\n
\n 
\n
\n 
\n
\n 
\n
\n
\n
\n 
\n
\n 
\n
\n 
\n
\nFabricante especialista en ProtecciГіn & Control / Manufacturer specialized in Protection & Control
\n
\n 
\n
\nCertified ISO 9001:2008
\n
\n 
\n
\nFANOX ELECTRONIC, S.L.
\n
\n 
\n
\nParque TecnolГіgico de Bizkaia
\n
\n 
\n
\nAstondo bidea, Edificio 604
\n
\n48160 Derio - Spain
\n
\nT. +34 944 711 411
\n
\nF. +34 944 710 431
\n
\n 
\n
\nwww.fanox.com
\n\n", "mailbox": "untroubled", "sender_ip": "69.5.6.174", "raw_mail": { "is_filtered": false, "spamassassin": { "X-Spam-Level": "****************", "X-Spam-Checker-Version": "SpamAssassin 3.4.1 (2015-04-28) on 75d9f2ebf044", "score": 16.1, "X-Spam-Status": "Yes, score=16.1 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,\n\tAXB_XMAILER_MIMEOLE_OL_024C2,FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_HTML,\n\tFORGED_OUTLOOK_TAGS,FROM_MISSPACED,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,\n\tFROM_MISSP_XPRIO,FSL_NEW_HELO_USER,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,\n\tMISSING_HEADERS,MISSING_MID,MONEY_FROM_MISSP,NSL_RCVD_HELO_USER,\n\tREPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,TO_NO_BRKTS_MSFT,URIBL_BLOCKED\n\tautolearn=no autolearn_force=no version=3.4.1", "details": [ { "rule name": "NSL_RCVD_HELO_USER", "pts": 2.5, "description": "Received from HELO User" }, { "rule name": "MISSING_HEADERS", "pts": 1.2, "description": "Missing To: header" }, { "rule name": "URIBL_BLOCKED", "pts": 0.0, "description": "ADMINISTRATOR NOTICE: The query to URIBL was block See http://wiki.apache.org/spamassassin/DnsBlocklists# for more information. [URIs: fanox.com]" }, { "rule name": "HTML_MESSAGE", "pts": 0.0, "description": "BODY: HTML included in message" }, { "rule name": "MIME_HTML_ONLY", "pts": 1.1, "description": "BODY: Message only has text/html MIME parts" }, { "rule name": "MISSING_MID", "pts": 0.1, "description": "Missing Message-Id: header" }, { "rule name": "LOTS_OF_MONEY", "pts": 0.0, "description": "Huge... sums of money" }, { "rule name": "FROM_MISSP_XPRIO", "pts": 0.0, "description": "Misspaced FROM + X-Priority" }, { "rule name": "FROM_MISSP_MSFT", "pts": 0.0, "description": "From misspaced + supposed Microsoft tool" }, { "rule name": "AXB_XMAILER_MIMEOLE_OL", "pts": 0.0, "description": "024C2 Yet another X header trait" }, { "rule name": "FORGED_OUTLOOK_TAGS", "pts": 0.6, "description": "Outlook can't send HTML in this format" }, { "rule name": "FSL_NEW_HELO_USER", "pts": 0.6, "description": "Spam's using Helo and User" }, { "rule name": "FORGED_OUTLOOK_HTML", "pts": 0.0, "description": "Outlook can't send HTML message only" }, { "rule name": "REPLYTO_WITHOUT_TO_CC", "pts": 1.9, "description": "No description available." }, { "rule name": "MONEY_FROM_MISSP", "pts": 0.0, "description": "Lots of money and misspaced From" }, { "rule name": "FROM_MISSPACED", "pts": 0.0, "description": "From: missing whitespace" }, { "rule name": "FROM_MISSP_REPLYTO", "pts": 0.0, "description": "From misspaced, has Reply-To" }, { "rule name": "TO_NO_BRKTS_FROM_MSSP", "pts": 0.7, "description": "Multiple formatting errors" }, { "rule name": "FORGED_MUA_OUTLOOK", "pts": 2.8, "description": "Forged mail pretending to be from MS Outlook" }, { "rule name": "TO_NO_BRKTS_MSFT", "pts": 2.5, "description": "To: misformatted and supposed Microsoft tool" }, { "rule name": "ADVANCE_FEE_2_NEW_MONE", "pts": 2.0, "description": "Advance Fee fraud and lots of money" } ], "X-Spam-Flag": "YES" } }, "ssdeep": "96:+LhGNddddddNddddddddWdddddddddddqddddddddddddZddddddddYP2QmCdSg9:+LFeQZHwd8brQEwwn", "has_anomalies": true, "md5": "46baea921a4efebea85895d7a0bf2764", "sha1": "0931a46eb80784978689ca7371352d2851953c7d", "phishing": { "score": 1, "score_expanded": [ "mail_body" ], "targets": [ "Booking" ], "with_phishing": false }, "headers": "Delivered-To bruce@untroubled.org\nReceived (fqmail 26559 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from mx03.futurequest.net (mx03.futurequest.net [69.5.6.174])\n by pt02.futurequest.net ([69.5.6.173])\n with FQDP via TCP; 21 Aug 2016 10:49:40 -0000\nReceived (qmail 19675 invoked from network); 21 Aug 2016 10:49:40 -0000\nReceived from localhost.localdomain.com (mail.revesoft.com [208.74.72.248])\n by mx03.futurequest.net ([69.5.6.174])\n with ESMTP via TCP; 21 Aug 2016 10:49:39 -0000\nReceived from host86-187-174-57.range86-187.btcentralplus.com ([86.187.174.57]:45321 helo=User)\n\tby localhost.localdomain.com with esmtpa (Exim 4.87)\n\t(envelope-from )\n\tid 1bakrE-000291-LF; Fri, 19 Aug 2016 20:34:52 +0600\nReply-To \nFrom \"Anabel Gonzalo\"\nSubject PI\nDate Fri, 19 Aug 2016 15:33:29 +0100\nMIME-Version 1.0\nContent-Type multipart/mixed;\n\tboundary=\"----=_NextPart_000_0121_01C2A9A6.50D724E0\"\nX-Priority 3\nX-MSMail-Priority Normal\nX-Mailer Microsoft Outlook Express 6.00.2600.0000\nX-MimeOLE Produced By Microsoft MimeOLE V6.00.2600.0000\nX-AntiAbuse This header was added to track abuse, please include it with any abuse report\nX-AntiAbuse Primary Hostname - localhost.localdomain.com\nX-AntiAbuse Original Domain - untroubled.org\nX-AntiAbuse Originator/Caller UID/GID - [47 12] / [47 12]\nX-AntiAbuse Sender Address Domain - fanox.com\nX-Get-Message-Sender-Via localhost.localdomain.com: authenticated_id: quazi.limon@revesoft.com\nX-Authenticated-Sender localhost.localdomain.com: quazi.limon@revesoft.com\n", "is_filtered": false, "mail_server": "untroubled.org" }