Re:: 9D character used in words to avoid detection

Mark London Sat, 17 Nov 2018 16:11:31 -0800

-------- Forwarded Message --------
Subject:        [OFF-list] 9D character used in words to avoid detection
Date:   Sat, 17 Nov 2018 15:42:08 -0600
From:   Chip M. <sa_c...@iowahoneypot.com>
To:     Mark London <m...@psfc.mit.edu>



Mark, could you post a full spample to the SA list?
Thanks in advance!
"Chip" M.

---------------------------------------

Received: from NAM03-DM3-obe.outbound.protection.outlook.com 
(mail-oln040092008054.outbound.protection.outlook.com [40.92.8.54])
        by PSFCMAIL.MIT.EDU (8.14.7/8.14.7) with ESMTP id wAGJEjso151029
        (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=NOT)
        for <m...@psfc.mit.edu>; Fri, 16 Nov 2018 14:14:45 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Kceh3OoQuqn81EZa8vu4iMVNv3cq+/11xZqOTWGejmA=;
 
b=SmqjOWOZhH0WPpxl0tW8hR8y/iinBa5jpTYudap6390QzWXLc4TU0iPuaChiq3kivXtpxSBJAnVrDi1HCJm1ifFGvmIqITyB4am/vUuwDDtm+e8hLy1ONvsEa8O9tLdmzs10x6T/6nsWadsB9QCiJ39ugpj4V5sBvb5vGaaRNjQCwqO+GcqYmnZbMzR2Sp1U2Ah63P9bHiK2jiBf/g1T5aOsrLpfypPTdltzTbYLs3E76Nt4swZwDlMond9FJITY574G/HBghrql3nZEKlGGPGI2J8qUiiVPn5/cMCyOLrR0qqd217oU82Cuner5kPWE9iEcprvXxJIAt6gOYPKzDg==
Received: from BY2NAM03FT047.eop-NAM03.prod.protection.outlook.com
 (10.152.84.58) by BY2NAM03HT089.eop-NAM03.prod.protection.outlook.com
 (10.152.84.169) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1339.10; Fri, 16 Nov
 2018 19:14:44 +0000
Received: from MWHPR14MB1327.namprd14.prod.outlook.com (10.152.84.53) by
 BY2NAM03FT047.mail.protection.outlook.com (10.152.85.103) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
 15.20.1339.10 via Frontend Transport; Fri, 16 Nov 2018 19:14:44 +0000
Received: from MWHPR14MB1327.namprd14.prod.outlook.com
 ([fe80::f4ae:395a:3f6b:67a3]) by MWHPR14MB1327.namprd14.prod.outlook.com
 ([fe80::f4ae:395a:3f6b:67a3%8]) with mapi id 15.20.1339.021; Fri, 16 Nov 2018
 19:14:44 +0000
From: Kenton Chmura <hylcordeli...@outlook.com>
To: "m...@psfc.mit.edu" <m...@psfc.mit.edu>
Subject: mrl
Date: Fri, 16 Nov 2018 19:14:44 +0000
Message-ID: 
<mwhpr14mb13279093501a88b114707ee3b0...@mwhpr14mb1327.namprd14.prod.outlook.com>

--_000_MWHPR14MB13279093501A88B114707EE3B0DD0MWHPR14MB1327namp_
Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable

Hi=9D the=9Dre

I'm the=9D ha=9Dcke=9Dr who=9D bro=9Dke=9D yo=9Du=9Dr ema=9Di=9Dl a=9Dddre=
=9Dss a=9Dnd de=9Dvi=9Dce=9D a=9D se=9Dve=9Dra=9Dl we=9De=9Dks ba=9Dck.

Yo=9Du=9D type=9Dd i=9Dn yo=9Du=9Dr pwd o=9Dn one of the si=9Dte=9Ds yo=9Du=
=9D vi=9Dsite=9Dd, a=9Dnd I inte=9Drce=9Dpted it.

He=9Dre=9D i=9Ds the=9D se=9Dcu=9Dri=9Dty pa=9Dsswo=9Drd o=9Df m...@psfc.mit=
.edu upo=9Dn mo=9Dme=9Dnt of ha=9Dck: xxxxxxx

Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr a=9Dlready c=
hange=9Dd it.

The=9Dn again thi=9Ds wo=9Dn't really ma=9Dke a=9D di=9Dffe=9Drence=9D, my =
ma=9Dli=9Dcio=9Du=9Ds so=9Dftwa=9Dre=9D u=9Dpda=9Dte=9Dd i=9Dt e=9Da=9Dch a=
=9Dnd e=9Dvery ti=9Dme.

Do=9D no=9Dt co=9Dnsi=9Dder to=9D ma=9Dke=9D co=9Dntact with me=9D pe=9Drso=
nally o=9Dr fi=9Dnd me=9D.

Via=9D yo=9Du=9Dr e=9D-ma=9Di=9Dl, I uplo=9Da=9Dde=9Dd malwa=9Dre=9D co=9Dm=
pute=9Dr co=9Dde to yo=9Dur Ope=9Dra=9Dtion Syste=9Dm.

I sa=9Dved all yo=9Du=9Dr co=9Dnta=9Dcts wi=9Dth bu=9Dddie=9Ds, fello=9Dw w=
o=9Drke=9Drs, fa=9Dmi=9Dly me=9Dmbers and a fu=9Dll hi=9Dsto=9Dry of vi=9Ds=
i=9Dts to the=9D Online re=9Dso=9Du=9Drce=9Ds.

As well I i=9Dnsta=9Dlle=9Dd a=9D Vi=9Dru=9Ds o=9Dn yo=9Du=9Dr de=9Dvi=9Dce=
=9D.

You=9D aren't my only victim, I typi=9Dca=9Dlly lo=9Dck pcs and a=9Dsk fo=
=9Dr the=9D ra=9Dnso=9Dm.

No=9Dne=9Dthe=9Dle=9Dss I wa=9Ds stru=9Dck thro=9Du=9Dgh the=9D si=9Dtes o=
=9Df pa=9Dssi=9Do=9Dna=9Dte co=9Dnte=9Dnt ma=9Dte=9Dri=9Da=9Dl tha=9Dt you=
=9D o=9Dften ta=9Dke a lo=9Dok at.

I am i=9Dn i=9Dmpa=9Dct of you=9Dr cu=9Drre=9Dnt fantasi=9De=9Ds! I've neve=
r seen a=9Dnythi=9Dng li=9Dke=9D this!

The=9Drefore=9D, whe=9Dn yo=9Du=9D ha=9Dd e=9Dnjo=9Dyme=9Dnt o=9Dn piquant =
websi=9Dtes (yo=9Du know wha=9Dt I a=9Dm talki=9Dng abo=9Du=9Dt!) I ma=9Dde=
 scre=9De=9Dnsho=9Dt wi=9Dth u=9Dsi=9Dng my pro=9Dgra=9Dm via=9D yo=9Dur ca=
me=9Dra=9D o=9Df yo=9Du=9Drs de=9Dvi=9Dce=9D.

And the=9Dn, I pu=9Dt toge=9Dthe=9Dr the=9Dm to=9D the=9D conte=9Dnt of the=
=9D cu=9Drre=9Dntly se=9De=9Dn we=9Dbsi=9Dte.

No=9Dw there=9D is go=9Di=9Dng to=9D be=9D giggli=9Dng whe=9Dn I se=9Dnd th=
e=9Dse=9D pi=9Dctu=9Dres to yo=9Du=9Dr co=9Dnnecti=9Do=9Dns!

Ho=9Dweve=9Dr I am su=9Dre yo=9Du do=9Dn't ne=9De=9Dd i=9Dt.

Thus, I e=9Dxpe=9Dct pa=9Dyme=9Dnt fro=9Dm yo=9Du=9D wi=9Dth re=9Dga=9Drd t=
o=9D my qu=9Di=9De=9Dt.

I co=9Dnside=9Dr $40=9D0=9D0=9D (fou=9Dr tho=9Du=9Dsa=9Dnd dolla=9Drs) i=9D=
s a=9Dn a=9Dppro=9Dpri=9Da=9Dte=9D co=9Dst fo=9Dr it!

Pay wi=9Dth Bi=9Dtcoi=9Dn.

My BT=9DC wallet i=9Ds 1GJJ5fsfLVMJiSqTh6nWAd5riDg8xmizB2

In ca=9Dse=9D you=9D do=9D no=9Dt know ho=9Dw to do=9D thi=9Ds - e=9Dnte=9D=
r in to Goo=9Dgle=9D 'ho=9Dw to=9D tra=9Dnsfe=9Dr mo=9Dne=9Dy to=9D the bi=
=9Dtco=9Di=9Dn wa=9Dlle=9Dt'. It i=9Ds si=9Dmple=9D.

After re=9Dceiving the=9D gi=9Dven a=9Dmo=9Du=9Dnt, a=9Dll yo=9Du=9Dr fi=9D=
le=9Ds wi=9Dll be=9D ri=9Dght a=9Dwa=9Dy de=9Dstroyed a=9Du=9Dtoma=9Dti=9Dc=
a=9Dlly. My co=9Dmpu=9Dter viru=9Ds wi=9Dll addi=9Dti=9Do=9Dna=9Dlly re=9Dm=
o=9Dve=9D i=9Dtse=9Dlf fro=9Dm you=9Dr o=9Dpe=9Drati=9Dng syste=9Dm.

My Viru=9Ds ha=9Dve a=9Du=9Dto a=9Dlert, so=9D I kno=9Dw whe=9Dn thi=9Ds pa=
=9Drticula=9Dr email is o=9Dpene=9Dd.

I gi=9Dve yo=9Du=9D two=9D da=9Dys (Fo=9Drty e=9Di=9Dght ho=9Du=9Drs) fo=9D=
r yo=9Du=9D to ma=9Dke=9D the pa=9Dyme=9Dnt.

If thi=9Ds do=9Des no=9Dt ha=9Dppe=9Dn - a=9Dll o=9Df your co=9Dnne=9Dcti=
=9Do=9Dns wi=9Dll ge=9Dt nu=9Dts pictu=9Dre=9Ds fro=9Dm yo=9Du=9Dr da=9Drki=
=9Dsh se=9Dcre=9Dt li=9Dfe a=9Dnd yo=9Du=9Dr de=9Dvi=9Dce=9D wi=9Dll be blo=
cke=9Dd a=9Ds we=9Dll a=9Dfte=9Dr two=9D da=9Dys.

Do=9D no=9Dt e=9Dnd u=9Dp be=9Di=9Dng stu=9Dpi=9Dd!

Po=9Dli=9Dce o=9Dr fri=9Dends won't suppo=9Drt yo=9Du=9D for certain ...

P.S I can provi=9Dde you=9D with re=9Dco=9Dmmenda=9Dtio=9Dn fo=9Dr the fu=
=9Dtu=9Dre=9D. Neve=9Dr ke=9Dy in yo=9Du=9Dr pa=9Dsswords o=9Dn ri=9Dsky i=
=9Dnte=9Drne=9Dt site=9Ds.

I ho=9Dpe=9D fo=9Dr yo=9Du=9Dr wi=9Dsdo=9Dm.

Adi=9Do=9Ds.

--_000_MWHPR14MB13279093501A88B114707EE3B0DD0MWHPR14MB1327namp_
Content-Type: text/html; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindows-1=
256">
</head>
<body>
Hi=9D the=9Dre <br>
<br>
I'm the=9D ha=9Dcke=9Dr who=9D bro=9Dke=9D yo=9Du=9Dr ema=9Di=9Dl a=9Dddre=
=9Dss a=9Dnd de=9Dvi=9Dce=9D a=9D se=9Dve=9Dra=9Dl we=9De=9Dks ba=9Dck.
<br>
<br>
Yo=9Du=9D type=9Dd i=9Dn yo=9Du=9Dr pwd o=9Dn one of the si=9Dte=9Ds yo=9Du=
=9D vi=9Dsite=9Dd, a=9Dnd I inte=9Drce=9Dpted it.
<br>
<br>
He=9Dre=9D i=9Ds the=9D se=9Dcu=9Dri=9Dty pa=9Dsswo=9Drd o=9Df m...@psfc.mit=
.edu upo=9Dn mo=9Dme=9Dnt of ha=9Dck: mrlmrl11
<br>
<br>
Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt, o=9Dr a=9Dlready c=
hange=9Dd it. <br>
<br>
The=9Dn again thi=9Ds wo=9Dn't really ma=9Dke a=9D di=9Dffe=9Drence=9D, my =
ma=9Dli=9Dcio=9Du=9Ds so=9Dftwa=9Dre=9D u=9Dpda=9Dte=9Dd i=9Dt e=9Da=9Dch a=
=9Dnd e=9Dvery ti=9Dme.
<br>
<br>
Do=9D no=9Dt co=9Dnsi=9Dder to=9D ma=9Dke=9D co=9Dntact with me=9D pe=9Drso=
nally o=9Dr fi=9Dnd me=9D. <br>
<br>
Via=9D yo=9Du=9Dr e=9D-ma=9Di=9Dl, I uplo=9Da=9Dde=9Dd malwa=9Dre=9D co=9Dm=
pute=9Dr co=9Dde to yo=9Dur Ope=9Dra=9Dtion Syste=9Dm.
<br>
<br>
I sa=9Dved all yo=9Du=9Dr co=9Dnta=9Dcts wi=9Dth bu=9Dddie=9Ds, fello=9Dw w=
o=9Drke=9Drs, fa=9Dmi=9Dly me=9Dmbers and a fu=9Dll hi=9Dsto=9Dry of vi=9Ds=
i=9Dts to the=9D Online re=9Dso=9Du=9Drce=9Ds.
<br>
<br>
As well I i=9Dnsta=9Dlle=9Dd a=9D Vi=9Dru=9Ds o=9Dn yo=9Du=9Dr de=9Dvi=9Dce=
=9D. <br>
<br>
You=9D aren't my only victim, I typi=9Dca=9Dlly lo=9Dck pcs and a=9Dsk fo=
=9Dr the=9D ra=9Dnso=9Dm. <br>
<br>
No=9Dne=9Dthe=9Dle=9Dss I wa=9Ds stru=9Dck thro=9Du=9Dgh the=9D si=9Dtes o=
=9Df pa=9Dssi=9Do=9Dna=9Dte co=9Dnte=9Dnt ma=9Dte=9Dri=9Da=9Dl tha=9Dt you=
=9D o=9Dften ta=9Dke a lo=9Dok at.
<br>
<br>
I am i=9Dn i=9Dmpa=9Dct of you=9Dr cu=9Drre=9Dnt fantasi=9De=9Ds! I've neve=
r seen a=9Dnythi=9Dng li=9Dke=9D this!
<br>
<br>
The=9Drefore=9D, whe=9Dn yo=9Du=9D ha=9Dd e=9Dnjo=9Dyme=9Dnt o=9Dn piquant =
websi=9Dtes (yo=9Du know wha=9Dt I a=9Dm talki=9Dng abo=9Du=9Dt!) I ma=9Dde=
 scre=9De=9Dnsho=9Dt wi=9Dth u=9Dsi=9Dng my pro=9Dgra=9Dm via=9D yo=9Dur ca=
me=9Dra=9D o=9Df yo=9Du=9Drs de=9Dvi=9Dce=9D.
<br>
<br>
And the=9Dn, I pu=9Dt toge=9Dthe=9Dr the=9Dm to=9D the=9D conte=9Dnt of the=
=9D cu=9Drre=9Dntly se=9De=9Dn we=9Dbsi=9Dte.
<br>
<br>
No=9Dw there=9D is go=9Di=9Dng to=9D be=9D giggli=9Dng whe=9Dn I se=9Dnd th=
e=9Dse=9D pi=9Dctu=9Dres to yo=9Du=9Dr co=9Dnnecti=9Do=9Dns!
<br>
<br>
Ho=9Dweve=9Dr I am su=9Dre yo=9Du do=9Dn't ne=9De=9Dd i=9Dt. <br>
<br>
Thus, I e=9Dxpe=9Dct pa=9Dyme=9Dnt fro=9Dm yo=9Du=9D wi=9Dth re=9Dga=9Drd t=
o=9D my qu=9Di=9De=9Dt. <br>
<br>
I co=9Dnside=9Dr $40=9D0=9D0=9D (fou=9Dr tho=9Du=9Dsa=9Dnd dolla=9Drs) i=9D=
s a=9Dn a=9Dppro=9Dpri=9Da=9Dte=9D co=9Dst fo=9Dr it!
<br>
<br>
Pay wi=9Dth Bi=9Dtcoi=9Dn. <br>
<br>
My BT=9DC wallet i=9Ds 1GJJ5fsfLVMJiSqTh6nWAd5riDg8xmizB2 <br>
<br>
In ca=9Dse=9D you=9D do=9D no=9Dt know ho=9Dw to do=9D thi=9Ds - e=9Dnte=9D=
r in to Goo=9Dgle=9D 'ho=9Dw to=9D tra=9Dnsfe=9Dr mo=9Dne=9Dy to=9D the bi=
=9Dtco=9Di=9Dn wa=9Dlle=9Dt'. It i=9Ds si=9Dmple=9D.
<br>
<br>
After re=9Dceiving the=9D gi=9Dven a=9Dmo=9Du=9Dnt, a=9Dll yo=9Du=9Dr fi=9D=
le=9Ds wi=9Dll be=9D ri=9Dght a=9Dwa=9Dy de=9Dstroyed a=9Du=9Dtoma=9Dti=9Dc=
a=9Dlly. My co=9Dmpu=9Dter viru=9Ds wi=9Dll addi=9Dti=9Do=9Dna=9Dlly re=9Dm=
o=9Dve=9D i=9Dtse=9Dlf fro=9Dm you=9Dr o=9Dpe=9Drati=9Dng syste=9Dm.
<br>
<br>
My Viru=9Ds ha=9Dve a=9Du=9Dto a=9Dlert, so=9D I kno=9Dw whe=9Dn thi=9Ds pa=
=9Drticula=9Dr email is o=9Dpene=9Dd.
<br>
<br>
I gi=9Dve yo=9Du=9D two=9D da=9Dys (Fo=9Drty e=9Di=9Dght ho=9Du=9Drs) fo=9D=
r yo=9Du=9D to ma=9Dke=9D the pa=9Dyme=9Dnt.
<br>
<br>
If thi=9Ds do=9Des no=9Dt ha=9Dppe=9Dn - a=9Dll o=9Df your co=9Dnne=9Dcti=
=9Do=9Dns wi=9Dll ge=9Dt nu=9Dts pictu=9Dre=9Ds fro=9Dm yo=9Du=9Dr da=9Drki=
=9Dsh se=9Dcre=9Dt li=9Dfe a=9Dnd yo=9Du=9Dr de=9Dvi=9Dce=9D wi=9Dll be blo=
cke=9Dd a=9Ds we=9Dll a=9Dfte=9Dr two=9D da=9Dys.
<br>
<br>
Do=9D no=9Dt e=9Dnd u=9Dp be=9Di=9Dng stu=9Dpi=9Dd! <br>
<br>
Po=9Dli=9Dce o=9Dr fri=9Dends won't suppo=9Drt yo=9Du=9D for certain ... <b=
r>
<br>
P.S I can provi=9Dde you=9D with re=9Dco=9Dmmenda=9Dtio=9Dn fo=9Dr the fu=
=9Dtu=9Dre=9D. Neve=9Dr ke=9Dy in yo=9Du=9Dr pa=9Dsswords o=9Dn ri=9Dsky i=
=9Dnte=9Drne=9Dt site=9Ds.
<br>
<br>
I ho=9Dpe=9D fo=9Dr yo=9Du=9Dr wi=9Dsdo=9Dm. <br>
<br>
Adi=9Do=9Ds.
</body>
</html>

--_000_MWHPR14MB13279093501A88B114707EE3B0DD0MWHPR14MB1327namp_--

Re:: 9D character used in words to avoid detection

Reply via email to