2013 September 18 16:04 GMT
2014 June 19 12:33 GMT
Email messages that are related to this threat (RuleID7122, RuleID2970KVR, and RuleID2970_1KVR) may contain the following files:
Order history page.zip
Order history page.pdf.exe
calendario con le nuove tariffe abbassate.pdf.zip
calendario con le nuove tariffe abbassate.pdf.scr
Bank Pre Advice...PDF.zip
Dettaglio dei costi.pdf.zip
Dettaglio dei costi.pdf.exe
The Statement_pdf.exe file has a file size of 283,349 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x7143EDF15E0F7AE07E1EA75FEE1FE784
The Order history page.pdf.exe file in the Order history page.zip attachment has a file size of 127,488 bytes. The MD5 checksum is the following string: 0xCC3A40B3AA83C1681D3124BBDD95F0B2
The report.pdf.exe file in the report.zip attachment has a file size of 134,144 bytes. The MD5 checksum is the following string: 0xB412AA2B1A6F2BF31D702DF378759514
The MNTHCOMRPT1.DOC.exe file in the MOwFGcj.zip attachment has a file size of 366,592 bytes. The MD5 checksum is the following string: 0x2F7A417799FC445E82F801B105057772
The_ calendario con le nuove tariffe abbassate.pdf.scr_ file in the calendario con le nuove tariffe abbassate.pdf.zip attachment has a file size of 1,084,416 bytes. The MD5 checksum is the following string: 0xA3F81087C4E6B79C2B5B47F8DB6412D4
The 2Via-Boleto.pdf.cpl file in the_ 2Via-Boleto.pdf.zip_ attachment has a file size of 1,000,448 bytes. The MD5 checksum is the following string: 0xFAACB4A68F7B0F4E669DAC23BAD5E159
The Fines_Report.pdf.exe file in the_ Fines_Report.zip _a file size of 306,176 bytes. The MD5 checksum is the following string: 0x41F10FEFD5D5EDE1E51DEF6B299A67CD
The Payment_Scan_Copy_pdf.scr file in the Payment_Scan_Copy_pdf.zip attachment has a file size of 261,785 bytes. The MD5 checksum is the following string: 0x1FD5BDC9BF04269526514563F33A95C7
The payment detail.pdf.exe file in the PDF.zip attachment has a file size of 825,319 bytes. The MD5 checksum is the following string: 0x0510918C6076A9180D566BD15D703369
The Duty_report.pdf.scr file in the Duty_report.zip attachment has a file size of 280,576 bytes. The MD5 checksum is the following string: 0x000602368EF4F0BEF6603D7DC9B8F2CB
The Transfer doc.exe file in the Transfer doc.zip attachment has a file size of 1,036,103 bytes. The MD5 checksum is the following string: 0x5316AD8C0254E23BFA00E647B78AA08A
The soft2.exe file in the Bank Pre Advice...PDF.zip attachment has an approximate file size of 260,096 bytes. The MD5 checksum is not available.
The Modello Disdetta_CPS_000569948331.PDF.exe file in the Modello Disdetta_CPS_000382941873.PDF.zip attachment has a file size of 259,072 bytes. The MD5 checksum is the following string: 0x0D8D7A8074EE36A626D086F02490AAAB
The Report.xls.scr _file in the _Report.zip attachment has a file size of 75,776 bytes. The MD5 checksum is the following string: 0xBAF43D52864F118871EF90B552926F4F
The Invoice.jpg.scr file in the Invoice.zip attachment has a file size of 163,840 bytes. The MD5 checksum is the following string: 0xEB3EF1E106BA96D44372ACAAB8757AE2
The Lottery_coupon.pdf.scr file in the Lottery_coupon.pdf.zip attachment has a file size of 93,184 bytes. The MD5 checksum is the following string: 0xE92D5DD0D040D9D93A40EC760DA7874B
The PaymentSlip.jpg.exe file in the PaymentSlip.zip attachment has a file size of 945,728 bytes. The MD5 checksum is the following string: 0x1CE3048228EA43008BAB497A83DA4389
The Boleto92379783201032055025.pdf.cpl file in the Boleto92379783201032055025.pdf.zip attachment has a file size of 379,904 bytes. The MD5 checksum is the following string: 0x3C54D4FE1853295F00BEB605853D407E
The Rechnung 6495329850.pdf.exe file in the Rechnung 4754891443.pdf.zip attachment has a file size of 172,032 bytes. The MD5 checksum is not available.
The Dettaglio dei costi.pdf.exe file in the Dettaglio dei costi.pdf.zip attachment has a file size of 288,768 bytes. The MD5 checksum is the following string: 0x2271219D9B4B38F335FC4E27BB0CBBD9
The following text is a sample of the email message that is associated with this threat outbreak:
> Subject: Your Bank Statement
Account Security Update
Your Standard Bank account statement is ready. Download the attachment to view your account statement. Our consultants are available between 8am and 9pm on weekdays, and 8am and 4pm on weekends and public holidays.
The Internet banking Team
Copyright Standard Bank. All rights reserved.
Standard Bank of South Africa Limited (Reg. No. 1962/000738/06). Authorised financial services provider. Registered credit provider (NCRCP15).
Disclaimer and confidentiality note:
Everything in this email and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group.
It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content.
The person addressed in the email is the sole authorised recipient.
Please notify the sender immediately if it has unintentionally reached you and do not read disclose or use the content in any way.
Standard Bank cannot assume that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference.
Standard Bank email disclaimer and confidentiality note
Please go to hxxp://www.standardbank.co.za/site/homepage/emaildisclaimer.html to read our email disclaimer and confidentiality note. Kindly email email@example.com (no content or subject line necessary) if you cannot view that page and we will email our email disclaimer and confidentiality note to you.
> Subject: Wells Fargo Advisors
Please review attached documents.
Wells Fargo Advisors
817-358-9011817-358-9011 cell Michael_Burns@wellsfargo.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC.
1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
> Message Body:
Salve Siamo lieti di informarvi le nuove tariffe per il transferimento di denaro in alquni paesi
..e non solo
MAGGIORI gudagni per le Agenzie !!!
Entrera in vigore dal 05/03/2014
in allegato il calendario con le nuove tariffe abbassate !
Moneytrans Spa Milano
> Subject: Unpaid surcharges #7463746
You have the fine for traffic violations.
The statement is in the attached ZIP-file.
You have to verify it before April 27th 2014. Your account: FSR/23870.
Else you'll obtain additional punishment.
Yours faithfully, head of Police department #138.
> Subject: Payment details
Dear Sir/ Madam,
Please kindly view payment transfer confirmation attached below. The payment was
made to your account through one of your customers.
> Subject: fee certificate of your salary N 64946529
I send you the statement of your contribution on our enterprise for July 2013 in the attached ZIP.
You must fill attached form before April 8033206930743514129446287286th, 2014.
> Message Body:
We have just transferred payment to your account. See attached transfer doc.
> Subject: f909b7db64185d0cb5ba055a8caefa48
N. Prot. C57981835 del 12/05/2014
Oggetto: Invio modulo: Cessazione Carrier PreSelection
a seguito della Sua richiesta al Servizio 191, Le inviamo in allegato la documentazione relativa alla
richiesta in oggetto, che La preghiamo di restituire, debitamente sottoscritta, esclusivamente al fax
nr 800 000 577.
Le ricordiamo che sul sito www.impresasemplice.it potrà conoscere ed acquistare on-line le novità e le offerte riservate ai Clienti Business, consultare e pagare le fatture, scaricare duplicati fattura, interagire con il nostro servizio Customer Care 191 inviando una semplice e-mail.
Telecom Italia S.p.A.
Servizio Clienti Business
Attenzione: ti invitiamo a non rispondere a questo messaggio; questa casella di posta elettronica non è abilitata alla ricezione.
> Subject: Your personal account was blocked
Your personal account was blocked due spam messages.
Your funds: 138.66$, have been blocked for 30 days.
The summary is in the attached archive.
Always sincerely yours, Michigan Cashback Team
To unsubscribe this email - please change your account notifications settings.
> Subject: Your personal account was banned
Your personal account was banned due suspicious activity.
Your funds: 326.87$, have been blocked for 30 days.
The summary is in the attachment.
Yours sincerely, Mississippi NetCash Team
To unsubscribe our announcement - please change your account settings.
> Subject: Memorial Day - charitable lottery
The 37th annual philanthropic Memorial Day lottery will be held on Sa, 17:50.
Review your coupon in the attached file.
Very truly yours
> Subject: Re: Payment Slip
Kindly find attached swift copy for $31,000.00 paid into your account today.
Balance will be remitted in coming week. Advice when money has been received.
> Message Body:
Gentile cliente, le inviamo il conto dell'impianto numero
Distinti saluti Telecom Italia S.p.A.
> > > > > Cisco Security analysts examine real-world email traffic data that is collected from over 100,000 contributing organizations worldwide. This data helps provide a range of information about and analysis of global email security threats and trends. Cisco will continue to monitor this threat and automatically adapt systems to protect customers. This report will be updated if there are significant changes or if the risk to end users increases.
Cisco security appliances protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Email that is managed by Cisco and end users who are protected by Cisco Web Security Appliances will not be impacted by these attacks. Cisco security appliances are automatically updated to prevent both spam email and hostile web URLs from being passed to the end user.
Add to Skype
You'll need Skype CreditFree via Skype
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products