2014 June 24 18:09 GMT
2014 September 17 15:09 GMT
Email messages that are related to this threat (RuleID10429 and RuleID4626KVR) may contain the following files:
Name | Size in Bytes | MD5 Checksum
Invoice.zip / Invoice.scr | 909,824 | 0x6CD8ACC59B7F352A3A25DF890B7E0CAA
DeltaTicket_ET-RM-0HJ08546868.zip / DeltaTicket_ET-RM-0HJ08546868.exe | 144,384 | 0x98AD9E61F4578CC658E860935B8BEDBA
Invoice_Advice 768171-pdf.zip / DOC0001116784759839736768171-pdf.exe | 878,080 | 0x59DC9390926A914CC854572480009286
Invoice_1904871.pdf.zip / Invoice_1904871.exe | 20,480 | 0x211D408B7282A59F06B95CE011D40C6A
The following text is a sample of the email message that is associated with this threat outbreak:
> Message Body:
Please find attached TT payment made to your account today, quickly confirm our client receipt who ordered us to make the payment. Download attached invoice and reply now.
> Subject: Please download your ticket #00829179
E-TICKET / ET-RM-0HJ08546868
SEAT / 24A/ZONE 2
DATE / TIME 4 OCTOBER, 2014, 09:35 AM
ARRIVING / Shreveport
FORM OF PAYMENT / CC
TOTAL PRICE / 219.77 USD
REF / EF.6378 ST / OK
BAG / 2PC
Your bought ticket is attached.
You can print your ticket.
> Message Body:
We are pleased to attach your bank beneficiary advice with this email, based on the payment instruction from our customer to you.
Should you have any enquiry or require assistance, please contact your payor (our customer) at the contact number stated in the attached advice invoice.
Please note that you will need Adobe Acrobat Reader Version 5.0 or above to view your advice. If you do not have the required software, you can download it from the Adobe website at www.adobe.com
This is a system generated e-mail. Please do not reply to the sender of this e-mail.
Customer Service Manager
> Cisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products